Security · Agent Inventory
Every agent in the org — and the ones with no owner, no policy, or no telemetry.
Security can only govern what it can see, and only hold accountable what has an owner and a policy binding. This inventory's real job is to surface the gaps — ungoverned, unowned, or unmonitored agents operating outside your control — so nothing runs unaccounted for.
Bottom line
8 agents (7 instrumented). 3 are ungoverned and 1 is shadow (installed but unmonitored) — start there; 1 is Critical posture.
Start here — the ungoverned & unseen
3
ungoverned
Codex CLI, marketing-gpt, Zed Agent
1
shadow (installed, unmonitored)
Zed Agent
1
critical posture
marketing-gpt
8
agents in registry
7 instrumented
4
hardened
score ≥ 80
3
at risk
score 50–79
1
critical
score < 50
Fields: name · vendor · kind · email · runtime_model · sessions · tokens · cost · danger_level · governed · instrumented · last_active — from app/data/c16-fleet.ts (qcontrol /api shape).