Agent Control Plane (persona-partitioned)
c16 — re-execution of the agent-dashboard prompt anchored on the agent-native qcontrol control plane (localhost:7878). A persona-partitioned app (5 first-class seats: Security / Finance / Executive / Engineering / Compliance) whose deep pages are agent-native reframes of qcontrol's 12 views plus a net-new Executive Governance & ROI Board. Complete pivot away from egress (demoted to a single profile card). All pages render app/data/c16-fleet.ts.
Phase 2 — persona-partitioned agent-native wireframes anchored on the qcontrol control plane.
Design Specs
Pages
Fleet at-a-glance: KPI cards, deep-linked attention strip, posture/spend/activity breakdowns, top risks, and the agents-in-use table.
Net-new — board-packaged governance index + 6-week trend, spend & spend-at-risk, governed %, coverage, risk drivers, and open high findings; exportable.
Searchable, sortable agent roster with posture filter, governance/shadow tags, and a KPI strip; rows link to agent profiles.
Master-detail profile for one agent: identity, runtime, data access, MCP, tokens/cost, security score, and a demoted egress detail card.
FinOps cost center: spend KPIs, by-agent and daily-trend bars, and by-model/agent/user tables with honest estimated-cost tagging.
Per-user showback: tokens, cost, sensitive-data opens, and agent-derived risk ranked by risk then spend; identity observed-not-verified, chargeback projected.
Agent LLM responsiveness — p95 latency bars, p50/p95/p99 percentile table, slowest responses, and a gap note that latency is not task success.
CISO worklist of behavioral agent findings; clickable severity cards and framework chips filter a table linking to agent profiles.
Fleet posture score gauge, fleet-wide risk-factor breakdown, current-vs-worst regression, critical/at-risk list, and shadow-AI installation coverage.
Agent-native DLP: sensitive-path access by category and user, top paths touched, data-movement volume, and a preview of content inspection.
Audit→Assist→Automate enforcement modes, a data-computed dry-run of behavioral interventions, capability-first policy cards, one secondary egress allow-list, and a roadmap kill switch.
Behavioral findings auto-mapped to control framework families with severity pills and why-trails, plus ghosted projected frameworks and lo-fi evidence export.
Machine-credential (NHI) governance over instrumented agents: bound identity, credential class and risk, alias flags, destination count, projected JIT/SSO/rotation.
Live qcontrol stream and findings export vs ghosted projected SIEM/GRC/identity/alerting connectors, grounded in local event and findings volume; local-only note.