Agent Control Plane — value-first (wf2)
wf2 revision after the Phase-2 value review: every page now states its PURPOSE, a computed BOTTOM-LINE takeaway, and the recommended NEXT ACTION (via the WirePagePurpose header). Adds five persona seat-landing pages (each seat opens on "your governance at a glance") so value is articulated per persona, not just routed. Same agent-native model (c16-fleet.ts); egress still demoted.
Phase 2 — persona-partitioned agent-native wireframes anchored on the qcontrol control plane.
Design Specs
Pages
Security · CISO seat landing — fleet posture, critical agents, open high findings, ungoverned count, with a bottom-line and do-next actions; cards to the seat's surfaces.
Finance · FinOps seat landing — total/estimated spend, top spender, unverified-identity (chargeback) blocker, with a bottom-line and do-next actions.
Executive seat landing — governance index vs target, governed %, spend-at-risk, open high findings, with a bottom-line and a path to the board.
Engineering · Platform seat landing — worst tail latency, ungoverned + shadow agents, MCP servers; bottom-line names the latency≠task-success gap; do-next actions.
Compliance · Privacy seat landing — frameworks instrumented, high findings mapped to controls, sensitive paths; evidence-only framing with do-next actions.
wf2 — purpose/bottom-line/action header + MoM spend delta on KPIs; keeps the attention strip, posture/spend/activity, top risks, and agents table.
wf2 — promotes the critical few (ungoverned · shadow · critical) into a lead callout + bottom-line; keeps the searchable/sortable roster.
wf2 — opens with a computed risk-summary (why this agent is its danger level) + remediation actions; all wf1 cards + demoted egress card retained.
wf2 — adds budget-vs-actual + month forecast and a single trusted number; bottom-line answers "should I act?"; signposts showback for chargeback.
wf2 — leads with top exposure and surfaces the unverified-identity chargeback blocker as a callout/action; keeps the per-user table.
wf2 — bottom-line lifts the latency≠task-success gap and names Task Outcomes & Quality as the missing dimension; keeps percentile bars/tables.
wf2 — leads with the single most-urgent finding + triage/escalation actions; keeps clickable severity cards and framework chips.
wf2 — adds a one-line board recommendation (score vs target + top drag factor + worst agent) and actions; keeps gauge, factor breakdown, regression, shadow installs.
wf2 — leads with the privacy stake (high-severity credential/secret exposure) and the un-inspected content gap; keeps category/user/path breakdowns.
wf2 — bottom-line leads with total would-intervene blast-radius (ungoverned + root + --yolo + unbounded); keeps audit→assist→enforce + dry-run + secondary egress card.
wf2 — adds a conformance snapshot (frameworks instrumented + high findings mapped) so posture is legible at a glance; keeps expandable framework cards + why-trails.
wf2 — leads with the recommended action per credential-risk tier (rotate static keys, plan SSO/SCIM); observed-not-verified disclaimer kept below the value.
wf2 — ranks the projected connectors (SIEM/Splunk "recommended first" to get high findings into the SOC); keeps the live stream + findings export + local-only note.
wf2 — purpose/bottom-line/action header + a governance-index trend narrative and target line; keeps the hero index, spend-at-risk, risk drivers, and findings.