Back to c15c15 / wf2 - Agent-Native Pass (agent-as-actor) · agent-native-v1 · wf2 · 7 pages

Agent-Native Pass (agent-as-actor)

wf2 reset after the agent-native audit — drops the egress-traffic lens and treats each agent as an actor (its process = the agent, each call = an action, allow/deny = authorization). All views render one model grounded in real app.qpoint.io fields. Spine: Roster, Tool & Model Use, Authorization & Guardrails.

Phase 2 — divergent wireframes exploring fixes to the wf1 agent-governance deficits.

Design Specs

Pages

roster

wf2 spine — Agent Roster: every agent discovered from sourceExe + credential + pod context (enriched with the MCP registry); master-detail with an identity/tools/models/data-exposed/risk profile. Grounded in real telemetry fields.

draft2026-06-03
tool-model-use

wf2 spine — Tool & Model Use: every outbound call reframed as a tool/model invocation, classified (model/MCP/tool/internal/unapproved), by agent or by tool, with authorization + data-exposed per action.

draft2026-06-03
action-authorization

wf2 spine — Action Authorization & Guardrails: default-stance, an agents × action-class matrix (used / unsanctioned / blocked), the @qpoint/* guardrail adapters and their coverage, and an unsanctioned-actions list.

draft2026-06-03
activity

wf2 (replaces audit-trail) — Activity Log: a feed of agent actions/decisions with a per-action detail panel; filter all/flagged/blocked. Each entry is an observed tool/model call.

draft2026-06-03
data-exposure

wf2 (replaces data-flow) — Data Exposure: what sensitive data (qscan sensitiveDataType) agents put into their actions, classified by destination, with the flagged PII-to-unapproved-model case and a data-type breakdown.

draft2026-06-03
spend

wf2 (reframes agent-spend) — Spend: cost estimated from model-call tokens (not egress bytes), by agent and by model provider, flagging the unowned uncharge­able agent and unapproved-provider spend.

draft2026-06-03
risk-posture

wf2 (replaces posture-board + risk-report) — Risk & Posture: an agent-native posture index + five categories (Identity/Authorization/Data/Guardrail/Governed) and a findings register, computed from observed actions.

draft2026-06-03