AGENTIC INFRASTRUCTURE

An agent in every department. Each with its own scoped credential.

The problem

Every department wants its own finance agent — scoped to its own data, account sensitivity, tools, and budget. Accounting systems can't do that. They were built for people and reports, not for issuing governed, per-agent credentials. Without that layer, every agent is either over-permissioned or never deployed.

How it works

One ledger, many habitats, one policy engine

person agentscope keys: department · business · project · functional

C-Suite

privileged · cross-business

General Counsel CEO office Legal Agent Board Reporting Agent Group Consolidation Agent

Legal Agent reads finance under General Counsel · delivery scoped to C-Suite

Project Alpha — matrix

elevated · spans Finance · Sales · Engineering

Project Director Alpha Margin Agent Alpha Forecast Agent

Director sees Alpha rows across departments via the project key — not each department's whole ledger

FinanceAlpha

CFO Group Controller Tax Agent Business Review Agent

department · functional

SalesAlpha

Revenue Lead Sales Pipeline Agent Billing & ARR Agent

department · business · functional

Support

Support Lead Refund Agent Dispute Agent

functional only · least-privilege, customer-facing

EngineeringAlpha

Eng Lead Procurement Agent Spending Agent

department · project · functional

INFRASTRUCTURE AS CODE

pl credential create — scriptable in CI/CD pipelines

PER-QUERY FINGERPRINT

shape · scope · snapshot · result — every query traceable

QUERY BUDGET

Metered in FIQ — revocable instantly, rate-limited per credential