Security · Agent Inventory
Every agent in the org — and the ones with no owner, no policy, or no telemetry.
Security can only govern what it can see, and only hold accountable what has an owner and a policy binding. This inventory's real job is to surface the gaps — ungoverned, unowned, or unmonitored agents operating outside your control — so nothing runs unaccounted for.
Bottom line
8 agents, control coverage 63% (5 governed & monitored). 3 ungoverned, 1 shadow (installed but unmonitored), 2 compound-risk — start there; 1 is Critical posture.
Start here — the ungoverned & unseen
3
ungoverned
Codex CLI, marketing-gpt, Zed Agent
1
shadow (installed, unmonitored)
Zed Agent
1
critical posture
marketing-gpt
63%
control coverage
5 of 8 agents
3
at risk
score 50–79
1
critical
score < 50
2
compound-risk
dangerous & unaccountable
Lensed by seat via ?seat (security · engineering). Derived: isCompoundRisk · controlCoverage · shadowAgents · factors[0] — from app/data/c16-fleet.ts (qcontrol /api shape).