← c9c9 / wf1 - Meaning-Layer Dashboard / Inventory·meaning-layer-dashboard-v1-v1 · 2026-04-20 · draft
Qpoint
QS

Meaning-Layer Inventory

Inventory should show which entities weaken trust, widen blast radius, and cross company boundaries before it shows the full catalog.

This page reframes inventory around the security questions above the raw lists: who is unresolved, what sensitive company context matters most, where activity can leave the company, and which shared lanes could amplify impact.

Operator Brief

Inventory needs review

3 trust anchors unresolved · 2 exposure paths matter now · 1 shared execution lane is widening scope

Unresolved Trust

3 entities

1 key, 1 endpoint, 1 identity chain are changing attribution confidence.

Sensitive Context

5 touchpoints

A small set of repos, files, credentials, and capabilities carry most of the company consequence.

External Boundaries

2 paths

One plain HTTP edge and one unlabeled destination deserve review.

Shared Blast Radius

1 lane

A shared automation path is beginning to span more endpoints and sensitive paths.

Where Inventory Matters Most

These lanes explain why an entity type matters before the user opens its focused meaning page.

urgenttrust changed

Credential Trust

One unknown API key is now a company-wide question, not just a row in inventory.

Why It Matters

Shared credentials can span users, endpoints, and downstream systems. Security needs to know quickly whether this is approved activity or a real unknown.

Affected Scope

1 unknown key, shared AI credential lane, active session against auth-related code.

Fastest Drill

Open the raw API key list, verify owner, then decide whether to suspend immediately.

Open Meaning Page

Open API key story
warningownership weak

Endpoint Ownership

The environment cannot be secured confidently if active hosts are not bound to owners and expected environments.

Why It Matters

When endpoint inventory is incomplete, every live session on that host becomes harder to verify, contain, or dismiss.

Affected Scope

1 unresolved endpoint, 1 live session, unclear team ownership.

Fastest Drill

Open the endpoint list and bind the unresolved host to a person, team, or environment.

Open Meaning Page

Open endpoint story
warningconsequence high

Sensitive Company Context

Files and repos matter most when they reveal which services, configs, or secrets could widen company exposure.

Why It Matters

Security should be able to spot the small set of sensitive paths and codebases that carry most of the consequence without paging through every row.

Affected Scope

auth-service, customer-web, auth.ts, .env, deploy configs, and related active sessions.

Fastest Drill

Open repo inventory first, then confirm which files, capabilities, and sessions sit nearest the highest-consequence codebases.

Open Meaning Page

Open repo story
urgentboundary crossed

Outbound Boundaries

Secondary calls and external tool paths matter because they show where AI activity can leave the company.

Why It Matters

The dangerous moment is rarely the existence of a file or key alone. It is the connection between company context and a destination outside the expected trust boundary.

Affected Scope

1 HTTP destination, 1 unlabeled host, one session window crossing from file access to network.

Fastest Drill

Open secondary calls, classify the destination, and verify whether the path is expected internal traffic.

Open Meaning Page

Open secondary-call story

Thirteen Things Inventory Can Surface

Varied patterns make the meaning layer feel like detection and interpretation, not just taxonomy.

identityusers

Known user on a new machine

A familiar developer account starts showing up from an endpoint that is not yet in inventory.

Why Surface It

This can signal benign onboarding drift or an account being reused outside expected boundaries.

credentialapi keys

Unknown key touching shared credentials and files

A first-seen credential now appears in sessions against company-critical code paths.

Why Surface It

A credential can quietly carry more blast radius than any one session row suggests.

boundarysecondary calls

Sensitive file access followed by a rare destination

A session that touched important code then made an outbound call to an unfamiliar host.

Why Surface It

The connection between company context and a new destination is often the real security story.

spreadagents

Shared automation path expanding

One automation identity is beginning to appear across more endpoints and sensitive paths than before.

Why Surface It

Growth in reuse can turn a local trust decision into a company-wide blast-radius problem.

ownershipendpoints

Live host without owner binding

An active endpoint participates in AI usage, but no current person or team is attached to it.

Why Surface It

Security cannot confidently contain or dismiss activity that has no clear owner.

consequencefiles + sessions

Unknown agent inside a sensitive file cluster

A session reaches `.env` and auth-related code, which makes the raw file evidence immediately more important.

Why Surface It

Sensitive file clusters turn otherwise ordinary tool activity into a company-consequence question.

toolingcapabilities

High-consequence tool path newly active

Filesystem read or outbound-call capabilities appear in sessions where they were not expected before.

Why Surface It

A tool becoming newly available or newly used can change what an agent is capable of doing.

reporepos

One credential lane now spans two critical repos

A shared key or automation path now touches both auth-service and customer-web within the same recent workstream.

Why Surface It

Repo context reveals when blast radius crosses from isolated file access into shared product or platform consequence.

concentrationsessions

One active session now dominates risk

A single live session ties together the key, host, files, and destination behind the top concern.

Why Surface It

Sometimes the most useful inventory story is that many signals collapse into one urgent session.

servicemcp servers

First-seen server path with unclear purpose

A new MCP server appears, but its business function and expected callers are still unknown.

Why Surface It

New service reach should be understandable before it becomes normal background infrastructure.

model lanemodels

Premium model lane taking on new sensitive work

Higher-cost model traffic starts clustering around sessions touching important code or secrets.

Why Surface It

Model usage matters when it concentrates sensitive prompt context or shared execution paths.

mismatchusers + endpoints

Identity and environment no longer line up

A CI-like pattern starts appearing from what looks like a developer endpoint, or vice versa.

Why Surface It

Mismatched operating context can reveal drift, shadow automation, or compromised assumptions.

noveltycross-entity

New combination of familiar things

Nothing is individually unknown, but the user, key, host, and destination have never appeared together before.

Why Surface It

Novel combinations are often where meaningful risk shows up before a rule or policy catches it.

Inventory Relationship Spotlight

The meaning layer should connect inventory types into one readable risk story.

Representative Inventory Story

Inventory becomes useful when it reveals how one trust anchor reaches company context.

This spotlight turns several inventory types into one security story: a shared automation identity, the sensitive files it can touch, the endpoint it runs on, and the outbound path that could carry company context beyond the boundary.

Identity, adjacency, activity, and posture around one representative item.

Trust Anchors

These entities determine whether activity is attributable.

shared automation useridentity lane
sk-ant-...C001credential
10.0.1.44endpoint

Company Context

These are the assets carrying consequence.

/src/auth.tssource path
/infra/deploy.ymldeploy config
/Users/alice/.envsensitive file
filesystem readcapability

Shared Execution Lane

Automation identity spanning sensitive files

One shared automation path now touches auth code, deployment config, and an outbound destination through the same execution lane.

medium confidence · widening blast radius · review now

Boundary Paths

The risk emerges when company context is paired with outbound reach.

10.0.2.15:8080destination
httpunencrypted
MCP bridgetooling lane

Operational Meaning

This is the interpretation layer above the raw entities.

shared blast radiuscross-path lane
owner verificationnext step
contain if unknownfastest action

Shared trust anchor

1 automation identity

Company reach

3 sensitive paths + 2 environments

Boundary edge

1 unlabeled destination

Fastest drill

owners + credentials + destinations

Entity Catalog By Security Meaning

Keep the raw catalog, but group it by the question security is trying to answer.

Who Or What Can We Trust?

Identity and ownership inventory determines whether security can attribute activity confidently.

Users

Known users let security distinguish approved work from unattributed sessions.

12

Signal now: 1 identity chain is still unresolved.

Open user story

Endpoints

Endpoints anchor host ownership, environment type, and containment choices.

19

Signal now: 1 host lacks owner binding and environment classification.

Open endpoint story

API Keys

Credentials often define the real blast radius more than the session row does.

3

Signal now: 1 key is unknown or not yet synced into inventory.

Open API key story

What Carries Company Consequence?

Consequence comes from sensitive content and the tools that can reach or transform it.

Files

The most useful first read is which files are sensitive, shared, or active right now.

31

Signal now: 3 sensitive files account for most of the current company-context concern.

Open file story

Repos

Repos explain which service or team turns a sensitive file or session into a company-impact story.

8

Signal now: auth-service and customer-web currently anchor the most consequential work.

Open repo story

Capabilities

Capabilities explain what the agent could do once it reaches sensitive context.

42

Signal now: Filesystem read and outbound-call paths are the highest-consequence tools.

Open capability story

Sessions

Sessions join actors, credentials, files, and destinations into a single evidence chain.

43

Signal now: 1 live session is currently driving the top trust concern.

Open session story

Where Can Activity Leave The Company?

Boundary-crossing inventory should stay easy to scan because that is where many stories become real risk.

Secondary Calls

Destination inventory shows where company context might flow after the agent acts.

28

Signal now: 1 plain HTTP destination and 1 unlabeled host need classification.

Open boundary story

MCP Servers

MCP servers expand reach by exposing new tools and remote context to agents.

6

Signal now: 1 server path still lacks clear business-purpose labeling.

Open MCP server story

Models

Model lanes matter when sensitive prompts, cached context, or premium paths concentrate there.

4

Signal now: Premium model usage is stable, but one shared execution lane is growing.

Open model story

What Could Amplify Blast Radius?

Shared infrastructure matters because one mistaken trust assumption can spread farther.

Agents

Agent software and automation lanes determine how behavior spreads across the company.

3

Signal now: 1 shared automation path now spans more endpoints and sensitive paths.

Open agent story

Sessions By Lane

Concurrency and active duration change how fast security needs to move.

7 active

Signal now: The most important concern is still live, not just historical.

Open session story

Execution Mix

Shared lanes reveal whether one credential, agent, or environment is carrying too much access.

3 lanes

Signal now: Automation activity is concentrating into one shared path.

Open agent story

Inventory Gaps Blocking Trust

Weak inventory is itself a security problem when it slows attribution.

Endpoint ownership is incomplete

The most important current host still lacks team and environment labeling.

Unblocks: Attribution, host isolation, and whether current AI usage is legitimate company activity.

Credential inventory may be stale

An unknown key could be real drift or delayed sync, and the page should show that distinction clearly.

Unblocks: Faster revoke-or-verify decisions for the shared credential lane.

Destination intent is under-labeled

Some secondary calls still lack business-purpose classification.

Unblocks: Clearer separation between expected internal services and possible exfiltration paths.

Stable Inventory Coverage

Normal inventory should be summarized, not allowed to dominate the page.

Known-good identity coverage

34 / 36 sessions

Most activity still maps cleanly to known users, endpoints, and expected credentials.

Expected outbound traffic

7 / 8 paths

Nearly all destinations remain encrypted and familiar to the organization.

Contained execution footprint

3 agents

The software footprint is still narrow enough for security to reason about quickly.