Identity chain
What makes the user trustworthy?
alice@company.com
org identity
acct_01AbcXyz...
provider account
Users meaning layer
User inventory should answer who can be trusted, who is unresolved, and whose work has the highest company consequence before it behaves like a directory.
Security uses user inventory to anchor attribution, ownership, and accountability around the rest of the entity graph.
2 identities deserve focus
Which people matter most to the current security picture?
High-signal users
2
1 unresolved, 1 high-consequence known user
Known identities
11
Most users are stable and attributable
Sensitive repo owners
3
A small group carries most company consequence
Background identities
9
Useful context, not first-read material
Meaning anchors
Why users matter before the raw catalog
3 anchors
Anchor | Summary | Operator note |
|---|---|---|
Users are trust anchors | A user listing should quickly separate known identity, weak identity, and high-consequence ownership lanes. | That is more useful than a directory sorted by email. |
A known person can still matter a lot | Meaning-first user pages should surface the people whose work explains the current story even when nothing looks obviously wrong. | Significance is not only about anomalies. |
User detail should explain accountability | The page should show what this person anchors and what remains shared around them. | That is how security moves from observation to action. |
Priority queue
Fastest drill paths for this entity type
Significance
Story | Summary | Why it matters |
|---|---|---|
alice@company.com | Stable identity linked to the most consequential recent developer work. | A trusted actor can still anchor the most important story. |
Unknown identity chain | One unattributed lane weakens confidence elsewhere. | This is the fastest user-side trust gap to close. |
CI automation account | High volume but low consequence baseline. | Useful contrast against human-operated sessions. |
c6 reference
Raw User Inventory
12
Users observed
12
Unknown identities
1
Trust gap
Top user
NaN
Primary lane
NaN
User | Role | Sessions | Total cost | Primary agent |
|---|---|---|---|---|
| alice@company.com | engineer | 6 | $2.41 | Claude Code |
| unknown | unmapped | 1 | $0.61 | Claude Code |
| ci-runner-04 | automation | 11 | $0.82 | LangChain |
Representative detail
alice@company.com
Alice should be shown as a stable but high-consequence user story: trusted identity, meaningful access, and influence across shared lanes.
Email :
alice@company.com
Role :
engineer
OS Username :
alice
Account ID :
acct_01AbcXyz...
Organization :
qpoint-dev
Primary Agent :
Claude Code
User trust map
The user story should connect person, endpoint, agent, and company context into one accountability view.
user
A meaning-layer user page is about anchored interpretation, not only account metadata.
Focus
alice@company.com
Stable developer identity tied to the most meaningful recent work.
trusted anchor
Execution lane
How does the user work?
Claude Code
primary lane
alice-mbp.local
stable host
Company context
What does the user touch?
api-refactor
auth repo path
.env + config files
sensitive context
Shared infrastructure
What complicates the story?
shared org key
caveat
provider traffic
expected but relevant
identity strength
high
company consequence
high
shared caveat
1
next drill
session detail