← c16c16 / wf3 - Agent Control Plane — seat-lensed (wf3) / Agent Identity·control-plane-v1-v1 · 2026-06-03 · draft
Qpoint
QP
Agent Identity & Accessagent-as-actor · machine-credential governance (NHI)

Security · Agent Identity

How every agent gets its credential — and whether it meets the standard.

Govern machine identities (NHI): where each agent's credential came from, how trustworthy it is, and which agents fall outside the org credential standard. Observed from the wire — not issued or verified by qcontrol.

Bottom line

3 of 7 agents fail the credential standard — Codex CLI, marketing-gpt, support-copilot. 2 carry a weak credential on a dangerous agent, and 2 static keys have never been rotated. Move them to org-backed OAuth and rotate the static keys. Observed, not IdP-verified.

Do nextFix 3 non-conforming credentialsRotate 2 never-rotated keysPlan SSO/SCIM join

Credential standard

4 of 7 meet the standard · 3 exceptions

Credentials must be obtained via

  • Org-backed OAuth through your IdP (SSO) — revocable, scoped, deprovisionable
  • Short-lived JIT tokens minted per run (roadmap)
  • Vault-issued, auto-rotated secrets for service agents (roadmap)

Not permitted

  • Static API keys stored in config or .env files
  • Consumer / self-serve provider accounts and unverified aliases
  • Any credential with no IdP-backed, deprovisionable principal

4/7

meet the standard

3 exceptions

2

compound risk

weak cred + dangerous

3

static API keys

4 on OAuth

2

never rotated

static keys, no rotation

71%

org-binding coverage

29% static/alias

Machine credentials — exceptions first

7 instrumented agents
AgentBound identityCredential sourceCredential riskRotationConforms
Codex CLI v1.4.0⚠ compoundcli · dev@dev-box-7dev-7f3@duck.com unverified aliasconsumer — no org bindingSelf-serve provider consoleAPI key · in …/.codex/config.tomlHighstatic key on an unbacked consumer identitynever rotatedno rotation on recordin active use — rotate w/ coordination✗ exception
marketing-gpt v0.3.0⚠ compoundservice · root@mktg-runner— no telemetry identity consumer — no org bindingStatic key · plaintext .envAPI key · in …/marketing-gpt/.env⚠ store read into contextHighstatic key on an unbacked consumer identitynever rotatedno rotation on recordin active use — rotate w/ coordination✗ exception
support-copilot v0.9.2service · root@svc-support-1svc-support@qpoint.io org_qpoint · acct_551aa9c0ff31provider org — not your IdPStatic key · service configAPI key · in …/support-copilot/agent.yamlElevatedlong-lived static key150d agostale · over 90din active use — rotate w/ coordination✗ exception
Claude Code v2.1.161cli · mark@mp-mbpmark@qpoint.io org_qpoint · acct_7f3a91c4e0b2provider org — not your IdPOrg IdP · enterprise OAuthOAuth (JWT) · in …/.claude/settings.jsonLowerrevocable OAuth, enterprise-backed8d agoauto-refreshed (OAuth)in active use — rotate w/ coordination✓ meets
Cursor v3.5.17ide · jane@jane-mbpjane@qpoint.io org_qpoint · acct_22b8de01aa54provider org — not your IdPOrg IdP · enterprise OAuthOAuth (opaque) · in …/Cursor/settings.jsonLowerrevocable OAuth, enterprise-backed11d agoauto-refreshed (OAuth)in active use — rotate w/ coordination✓ meets
data-pipeline-agent v1.2.4service · svc-data@etl-worker-2svc-data@qpoint.io org_qpoint · acct_99fa201bcd77provider org — not your IdPOrg IdP · enterprise OAuthOAuth (JWT) · in …/etl/agent.yamlLowerrevocable OAuth, enterprise-backed22d agoauto-refreshed (OAuth)in active use — rotate w/ coordination✓ meets
Claude Desktop v1.9255.2desktop · mark@mp-mbpmark@qpoint.io org_qpoint · acct_7f3a91c4e0b2provider org — not your IdPOrg IdP · enterprise OAuthOAuth (JWT) · in …/Claude/config.jsonLowerrevocable OAuth, enterprise-backed15d agoauto-refreshed (OAuth)in active use — rotate w/ coordination✓ meets

3 credentials outside the standard — fix queue

Codex CLI Static · consolestatic key on an unbacked consumer identity. Rotate the key, move to org-backed OAuth, and join the alias to your IdP.
marketing-gpt Static · .envstatic key on an unbacked consumer identity. Rotate immediately and remove the key from its file — that file is itself read into model context.
support-copilot Static · configlong-lived static key. Rotate the static key and move it to a vault; bind the service to an org principal.

Observed, not verified — and two distinctions this page keeps separate

  • Governed ≠ trusted credential. An agent can be policy-bound (governed) and still carry a weak static key — see the “compound” flags above.
  • Provider org ≠ your IdP. org_qpoint is the model provider's org, not a principal in your IdP you can deprovision. A duck.com address is a vendor alias, not an authenticated human.

Projected — controls that would close the gap to the standard

Just-in-time credentials

roadmap

Mint short-lived, scoped tokens per run instead of long-lived static keys — no standing secret to leak or rotate.

SSO / SCIM join

roadmap

Bind machine identities to your IdP so each agent maps to a real, deprovisionable principal — retire duck.com aliases.

Credential rotation

roadmap

Detect long-lived keys, schedule rotation, and revoke on anomaly — closing the standing-credential gap automatically.

Fields: cred_source · cred_risk · cred_why · cred_last_rotated · auth_method · org_id · account_uuid · config_source · sensitive_files · last_api_call — from app/data/c16-fleet.ts (instrumented agents only). Rotation age & activity derived live via new Date(); conformance from CRED_SOURCE_META.