c16
c16 / wf5.m1 - Agent Control Plane — hi-fi (wf5.m1) / Agent Identity·control-plane-v1/agent-identity·draft

Security · Agent Identity & Access

3 of 7 agents hold a credential outside the standard

Every agent gets its credential from somewhere — and 3 of 7 don't meet the org credential standard. 2 carry a weak credential on a dangerous agent (Codex CLI, marketing-gpt), 2 static keys have never been rotated, and only 71% bind to an org principal. Observed from the wire — not issued or verified by qcontrol.

Credential standard

4 of 7 meet the standard · 3 exceptions

Credentials must be obtained via

  • Org-backed OAuth through your IdP (SSO) — revocable, scoped, deprovisionable
  • Short-lived JIT tokens minted per run (roadmap)
  • Vault-issued, auto-rotated secrets for service agents (roadmap)

Not permitted

  • Static API keys stored in config or .env files
  • Consumer / self-serve provider accounts and unverified aliases
  • Any credential with no IdP-backed, deprovisionable principal

Meet the standard

4/7

3 exceptions · org-backed OAuth

Compound risk

2

weak cred + dangerous

Static API keys

3

4 on OAuth

Never rotated

2

static keys, no rotation

Org-binding coverage

71%

29% static / alias

Machine credentials — exceptions first

7 instrumented agents · observed, not IdP-verified · row → profile

rotation window 90d
Agent
Bound identity
Credential source
Credential risk
Rotation
Conforms
Codex CLIv1.4.0

cli · dev@dev-box-7

compound

dev-7f3@duck.com unverified alias

consumer — no org binding

Self-serve provider console

API key · in …/.codex/config.toml

High

static key on an unbacked consumer identity

never rotated

no rotation on record

in active use — rotate w/ coordination

exception
marketing-gptv0.3.0

service · root@mktg-runner

compound

— no telemetry identity

consumer — no org binding

Static key · plaintext .env

API key · in …/marketing-gpt/.env

store read into context
High

static key on an unbacked consumer identity

never rotated

no rotation on record

in active use — rotate w/ coordination

exception
support-copilotv0.9.2

service · root@svc-support-1

svc-support@qpoint.io

org_qpoint · acct_551aa9c0ff31

provider org — not your IdP

Static key · service config

API key · in …/support-copilot/agent.yaml

Elevated

long-lived static key

150d ago

stale · over 90d

in active use — rotate w/ coordination

exception
Claude Codev2.1.161

cli · mark@mp-mbp

mark@qpoint.io

org_qpoint · acct_7f3a91c4e0b2

provider org — not your IdP

Org IdP · enterprise OAuth

OAuth (JWT) · in …/.claude/settings.json

Lower

revocable OAuth, enterprise-backed

8d ago

auto-refreshed (OAuth)

in active use — rotate w/ coordination

meets
Cursorv3.5.17

ide · jane@jane-mbp

jane@qpoint.io

org_qpoint · acct_22b8de01aa54

provider org — not your IdP

Org IdP · enterprise OAuth

OAuth (opaque) · in …/Cursor/settings.json

Lower

revocable OAuth, enterprise-backed

11d ago

auto-refreshed (OAuth)

in active use — rotate w/ coordination

meets
data-pipeline-agentv1.2.4

service · svc-data@etl-worker-2

svc-data@qpoint.io

org_qpoint · acct_99fa201bcd77

provider org — not your IdP

Org IdP · enterprise OAuth

OAuth (JWT) · in …/etl/agent.yaml

Lower

revocable OAuth, enterprise-backed

22d ago

auto-refreshed (OAuth)

in active use — rotate w/ coordination

meets
Claude Desktopv1.9255.2

desktop · mark@mp-mbp

mark@qpoint.io

org_qpoint · acct_7f3a91c4e0b2

provider org — not your IdP

Org IdP · enterprise OAuth

OAuth (JWT) · in …/Claude/config.json

Lower

revocable OAuth, enterprise-backed

15d ago

auto-refreshed (OAuth)

in active use — rotate w/ coordination

meets

Exceptions lead — non-conforming rows (highlighted) draw from provider_console, config_file, plaintext_file, or unclassified sources. Governed ≠ trusted credential: an agent can be policy-bound and still carry a long-lived static key — see the compound flags. Rotation age & activity derived live from cred_last_rotated / last_api_call.

3 credentials outside the standard — fix queue

Codex CLI

Static · console

static key on an unbacked consumer identity. Rotate the key, move to org-backed OAuth, and join the alias to your IdP.

marketing-gpt

Static · .env

static key on an unbacked consumer identity. Rotate immediately and remove the key from its file — that file is itself read into model context.

support-copilot

Static · config

long-lived static key. Rotate the static key and move it to a vault; bind the service to an org principal.

Projected — controls that would close the gap to the standard

roadmap

Just-in-time credentials

Mint short-lived, scoped tokens per run instead of long-lived static keys — no standing secret to leak or rotate.

roadmap

SSO / SCIM join

Bind machine identities to your IdP so each agent maps to a real, deprovisionable principal — retire duck.com aliases.

roadmap

Credential rotation

Detect long-lived keys, schedule rotation, and revoke on anomaly — closing the standing-credential gap automatically.

Observed, not verified — two distinctions this page keeps separate

  • Governed ≠ trusted credential. An agent can be policy-bound (governed) and still carry a weak static key — see the compound flags above.
  • Provider org ≠ your IdP. org_qpoint is the model provider's org, not a deprovisionable principal in your IdP. A duck.com address is a vendor alias, not an authenticated human.

Do next

Fields: cred_source · cred_risk · cred_why · cred_last_rotated · auth_method · org_id · account_uuid · config_source · sensitive_files · last_api_call — from app/data/c16-fleet.ts (instrumented agents only). Rotation age & activity derived live via new Date(); conformance via credConforms / CRED_SOURCE_META; compound via isCompoundRisk.