c9
c9 / m3 - Meaning-Layer Dashboard (Hi-Fi v3) / Inventory·meaning-layer-dashboard-v1/inventory·draft
Qpoint
Meaning Layer · m3
QS

Meaning-Layer Inventory

Inventory should show which entities weaken trust, widen blast radius, and cross company boundaries before it shows the full catalog.

Reframed around the questions above the raw lists: who is unresolved, what sensitive context matters most, where activity can leave the company, and which shared lanes amplify impact.

Operator Brief

Inventory needs review

3 trust anchors unresolved, 2 exposure paths matter now, and 1 shared execution lane is widening scope.

Unresolved trust

3 entities

1 key, 1 endpoint, and 1 identity chain are changing attribution confidence.

Sensitive context

5 touchpoints

A small set of repos, files, credentials, and capabilities carry most of the company consequence.

External boundaries

2 paths

One plain HTTP edge and one unlabeled destination deserve review.

Shared blast radius

1 lane

A shared automation path is beginning to span more endpoints and sensitive paths.

Where inventory matters most

Start with the few entity stories that change response

These lanes explain why an entity type matters before the user opens its focused meaning page.

trust changed

Credential Trust

One unknown API key is now a company-wide question, not just a row in inventory.

Why it matters

Shared credentials can span users, endpoints, and downstream systems. Security needs to know quickly whether this is approved activity or a real unknown.

Scope

1 unknown key, shared AI credential lane, active session against auth-related code.

Open the raw API key list, verify owner, then decide whether to suspend immediately.

Open API key story
ownership weak

Endpoint Ownership

The environment cannot be secured confidently if active hosts are not bound to owners.

Why it matters

When endpoint inventory is incomplete, every live session on that host becomes harder to verify, contain, or dismiss.

Scope

1 unresolved endpoint, 1 live session, unclear team ownership.

Bind the unresolved host to a person, team, or environment.

Open endpoint story
consequence high

Sensitive Company Context

Files and repos matter most when they reveal which services, configs, or secrets could widen exposure.

Why it matters

Security should spot the small set of sensitive paths that carry most consequence without paging through every row.

Scope

auth-service, customer-web, auth.ts, .env, deploy configs, and related sessions.

Open repo inventory first, then confirm which files sit nearest highest-consequence codebases.

Open repo story
boundary crossed

Outbound Boundaries

Secondary calls and external tool paths show where AI activity can leave the company.

Why it matters

The dangerous moment is the connection between company context and a destination outside the expected trust boundary.

Scope

1 HTTP destination, 1 unlabeled host, one session window crossing from file access to network.

Classify the destination and verify whether the path is expected internal traffic.

Open boundary story

Surfaced patterns

What makes this feel like detection, not taxonomy

13 patterns
identityusers

Known user on a new machine

A familiar developer from an uninventoried endpoint.

credentialapi keys

Unknown key touching shared credentials

A first-seen credential against company-critical code.

boundarysecondary calls

Sensitive file access + rare destination

Session touched important code then called an unfamiliar host.

spreadagents

Shared automation path expanding

One automation identity across more endpoints and sensitive paths.

ownershipendpoints

Live host without owner binding

Active endpoint without person or team attached.

consequencefiles

Unknown agent inside sensitive file cluster

Session reaches .env and auth-related code.

toolingcapabilities

High-consequence tool path newly active

Filesystem or outbound capabilities in unexpected sessions.

reporepos

One credential lane spans two critical repos

Shared key touches auth-service and customer-web.

concentrationsessions

One active session dominates risk

Single live session ties key, host, files, and destination.

servicemcp servers

First-seen server with unclear purpose

New MCP server, business function unknown.

modelmodels

Premium model lane taking sensitive work

Higher-cost traffic clustering around important code.

mismatchcross-entity

Identity and environment mismatch

CI-like pattern from a developer endpoint, or vice versa.

noveltycross-entity

New combination of familiar things

Nothing individually unknown, but never together before.

Inventory relationship spotlight

Connect inventory types into one readable risk story

medium confidence · widening blast radius

Shared Execution Lane

Automation identity spanning sensitive files

One shared automation path touches auth code, deploy config, and an outbound destination through the same lane.

Shared trust anchor

1 automation identity

Company reach

3 sensitive paths + 2 envs

Boundary edge

1 unlabeled destination

Fastest drill

owners + credentials + dests

Trust Anchors

Entities determining attribution.

shared automation useridentity lane
sk-ant-...C001credential
10.0.1.44endpoint

Company Context

Assets carrying consequence.

/src/auth.tssource path
/infra/deploy.ymldeploy config
/Users/alice/.envsensitive
filesystem readcapability

Boundary Paths

Where context meets outbound reach.

10.0.2.15:8080destination
httpunencrypted
MCP bridgetooling lane

Operational Meaning

Interpretation above raw entities.

shared blast radiuscross-path
owner verificationnext step
contain if unknownfastest action

Entity catalog by security meaning

Keep the raw catalog, but group it by the question security is trying to answer

Who or what can we trust?

Identity and ownership inventory determines whether security can attribute activity confidently.

Users

Known users distinguish approved work from unattributed sessions.

12

Signal: 1 identity chain still unresolved.

Open user story

Endpoints

Endpoints anchor host ownership, environment type, containment.

19

Signal: 1 host lacks owner binding.

Open endpoint story

API Keys

Credentials define real blast radius more than session rows.

3

Signal: 1 key unknown or not yet synced.

Open API key story

What carries company consequence?

Consequence comes from sensitive content and the tools that can reach or transform it.

Files

Which files are sensitive, shared, or active right now.

31

Signal: 3 sensitive files account for most concern.

Open file story

Repos

Repos explain which service turns sensitive file into company impact.

8

Signal: auth-service and customer-web anchor most work.

Open repo story

Capabilities

What agent could do once reaching sensitive context.

42

Signal: Filesystem read and outbound paths highest-consequence.

Open capability story

Sessions

Join actors, credentials, files, destinations into evidence chain.

43

Signal: 1 live session driving top trust concern.

Open session story

Where can activity leave the company?

Boundary-crossing inventory shows where many stories become real risk.

Secondary Calls

Where company context might flow after agent acts.

28

Signal: 1 plain HTTP destination needs classification.

Open boundary story

MCP Servers

Expand reach by exposing new tools and remote context.

6

Signal: 1 server path lacks business-purpose labeling.

Open MCP server story

Models

Matter when sensitive prompts or premium paths concentrate.

4

Signal: Premium usage stable, shared execution lane growing.

Open model story

What could amplify blast radius?

Shared infrastructure means one mistaken trust assumption spreads farther.

Agents

Automation lanes determine how behavior spreads.

3

Signal: 1 shared automation path spans more endpoints.

Open agent story

Sessions by Lane

Concurrency changes how fast security needs to move.

7 active

Signal: Most important concern still live, not historical.

Open session story

Execution Mix

Shared lanes reveal if one credential carrying too much.

3 lanes

Signal: Automation concentrating into one shared path.

Open agent story

Inventory gaps blocking trust

Weak inventory is itself a security problem

Needs enrichment

Endpoint ownership is incomplete

The most important current host still lacks team and environment labeling.

Unblocks: Attribution, host isolation, and whether current AI usage is legitimate company activity.

Credential inventory may be stale

An unknown key could be real drift or delayed sync, and the page should show that distinction clearly.

Unblocks: Faster revoke-or-verify decisions for the shared credential lane.

Destination intent is under-labeled

Some secondary calls still lack business-purpose classification.

Unblocks: Clearer separation between expected internal services and possible exfiltration paths.

Stable inventory coverage

Normal inventory should reassure

Compressed

Known-good identity coverage

34 / 36 sessions

Most activity still maps cleanly to known users, endpoints, and expected credentials.

Expected outbound traffic

7 / 8 paths

Nearly all destinations remain encrypted and familiar to the organization.

Contained execution footprint

3 agent lanes

The software footprint is still narrow enough for security to reason about quickly.