Vision Alignment Synthesis — Cross-Perspective Recommendations
Date: 2026-02-17 Input: 4 perspective analyses (CISO, Product Owner, Developer, Architect) evaluating docs 06/07 against Sergey's W1 vision and UX.
Executive Summary
All four perspectives converge on a clear conclusion: docs 06/07's 4-concept separation is architecturally correct, but W1's product vision requires a fundamentally different user-facing approach — authority governance language, cluster-first navigation, and simplified deterministic paths instead of topology/chain concepts.
The naming questions in doc 07 (Q1-Q5) are largely deprioritized by W1 because W1's UX doesn't expose execution chains to users at all. The urgent work is building the W1-specific views, not renaming existing ones.
1. Consensus Naming Decisions (Q1-Q5)
Q1: What to call Concept 2 ("Execution Chains")?
| Perspective | Recommendation |
|---|---|
| CISO | Authority Chains — anchors governance narrative |
| Product Owner | Keep internally; don't surface in W1 — chains page not in W1 flow |
| Developer | Keep "Execution Chains" internally; don't prioritize rename — zero W1 user impact |
| Architect | Authority Chains — survives beyond W1, aligns with 9-entity model |
Decision: "Authority Chains" as the canonical internal/documentation name. Not surfaced in W1 UX at all.
- Rename in docs and glossary now (low effort)
- Keep
execution_chainsas the collection name in code (no storage rename) - Do not add Authority Chains to W1 navigation
Q2: Column header for execution count?
| Perspective | Recommendation |
|---|---|
| CISO | Executions (30d) — matches W1 UX, communicates magnitude |
| Product Owner | Executions (30d) — W1 UX already decided this |
| Developer | Executions (30d) — aligns AutomationsPage with W1 vocabulary |
| Architect | Observed Runs (30d) — more precise, survives into W2 |
Decision: "Executions (30d)" — 3-of-4 consensus, matches W1 UX spec exactly. The precision benefit of "Observed Runs" doesn't outweigh consistency with the W1 vocabulary the CISO will see.
Q3: Timestamp label on chain detail pages?
| Perspective | Recommendation |
|---|---|
| CISO | Last Computed — prevents "chain ran at T" misreading |
| Product Owner | Last Refreshed — W1 vocabulary consistency |
| Developer | Last Computed — most accurate for chain assembly |
| Architect | Last Computed — unambiguous about sync-time derivation |
Decision: "Last Computed" — 3-of-4 consensus. Chain detail is not a W1 page, so W1 vocabulary consistency matters less than semantic accuracy. W1 pages use "Last Refreshed" for their own global timestamp.
Q4: Glossary 3-concept vs 4-concept model?
| Perspective | Recommendation |
|---|---|
| All four | (B) Add 4th concept now as "planned/W2" |
Decision: Unanimous. Add AutomationRun to glossary as "planned — W2".
Q5: Nav item for chains page?
| Perspective | Recommendation |
|---|---|
| CISO | "Authority Chains" + Shield icon, secondary to W1 flow |
| Product Owner | Don't include in W1 navigation at all |
| Developer | Keep "Chains" but move to a collapsed developer/debug section |
| Architect | "Authority Chains" + Shield, W1 excludes it from primary nav |
Decision: Remove from W1 primary navigation. If retained for debug/power-user mode, label "Authority Chains" with Shield icon in a collapsed section.
2. Critical Gaps All Perspectives Identified
These are things Sergey's W1 vision demands that neither docs 06/07 nor the current platform address:
2.1 Risk Clusters (unanimous — highest priority gap)
All four analysts identified "Autonomous Authority Risk Clusters" as the biggest missing concept. W1 UX makes these the primary homepage navigation surface.
What's needed:
- A deterministic aggregation pattern over active W1 findings
- Compound condition definitions (e.g., "Sensitive + LLM + Active + Invalid Owner")
- Fixed priority ordering
- Server-side API endpoint (
GET /api/v1/w1/risk-clusters) - New ADR documenting the concept (Architect recommendation)
Architecture: Computed view, not persisted collection. Aggregation over findings.
2.2 Standing Authority (CISO + Product Owner identified)
W1 UX features "Standing Authority" as a visually dominant section in every finding detail:
Execution Model: Autonomous
Authentication Type: Client Credentials
Human Session Required: No
Docs 06/07 never name or define this concept. It needs to be added as a named concept in the W1 model.
2.3 Execution Magnitude (CISO + Developer identified)
Doc 06 defines execution_status as binary (proven | unproven). W1 requires quantitative Executions (30d) alongside the binary status. The ExposureUnit shape needs execution_count_30d added.
2.4 New W1 Evaluator Rules (Architect + Developer identified)
Current evaluator has 4 rules. W1 requires at least 4 additional:
unknown_identity_binding— no deterministic RUNS_AS bindingreachable_sensitive_domain— identity can reach confidential/restricted datallm_egress— connection path terminates at LLM endpointexternal_egress— connection path terminates at external endpoint
Plus refinements to existing rules for W1 scope.
2.5 Since Last Refresh Delta (CISO + Product Owner identified)
W1 UX requires "+X new autonomous identities, +Y ownership invalidations, -Z removed" delta display. No sync-to-sync comparison logic exists.
3. What Doc 07's Phase 1 Becomes Under W1
Doc 07 proposed 5 UI label changes as Phase 1. Here's the updated status:
| Doc 07 Proposed Change | W1 Status |
|---|---|
| Nav "Chains" rename | Moot — W1 removes chains from primary nav |
| Page title "Execution Chains" rename | Moot — page not in W1 flow |
| "Last Seen" → "Last Computed" | Low priority — chain detail not in W1 flow |
| "Execution" → "Executions (30d)" on AutomationsPage | Yes, do this — good hygiene even if AutomationsPage isn't primary W1 |
| Glossary update to 4-concept | Yes, do this — add W2 placeholder |
Net: 2 of 5 original changes remain relevant. The naming work shifts to building W1-specific surfaces.
4. W1 Implementation Plan (Cross-Perspective Consensus)
Phase W1-A: Foundation (Immediate, Lowest Risk)
| # | Item | Effort | Owner Domain |
|---|---|---|---|
| 1 | Update glossary to 4-concept + W2 placeholder | Small | Docs |
| 2 | Rename "Execution" column to "Executions (30d)" on AutomationsPage | Trivial | UI |
| 3 | Fix stale API doc migration note (04-api-layer.md:140) | Trivial | Docs |
| 4 | Fix chain-role naming mismatch (types.ts vs ADR-008) | Small | Backend |
| 5 | Define "Standing Authority" + "Authority Chain" in glossary and doc 06 | Small | Docs |
| 6 | Restructure UI navigation: W1 primary (Homepage, Findings) + collapsed debug section | Small | UI |
| 7 | Implement computeW1ExposurePath() — bounded graph traversal for W1 | Medium | Backend |
| 8 | Implement posture summary endpoint (Active NHI, Dormant, Operator, Human counts) | Medium | Backend |
Phase W1-B: Risk Clusters + Findings View (Core W1 UX)
| # | Item | Effort | Owner Domain |
|---|---|---|---|
| 9 | Write ADR for Risk Cluster concept | Small | Docs |
| 10 | Implement risk cluster aggregation API endpoint | Medium | Backend |
| 11 | Build W1 Homepage (posture summary + delta + Top 5 risk clusters) | Large | UI |
| 12 | Build W1 Findings View (cluster-grouped, path row format, inline expand) | Large | UI |
| 13 | Finding enrichment endpoint (join finding to entity + path + evidence data) | Medium | Backend |
| 14 | Add new W1 evaluator rules (unknown_identity_binding, reachable_sensitive_domain, llm_egress, external_egress) | Large | Backend |
Phase W1-C: Finding Detail + Polish
| # | Item | Effort | Owner Domain |
|---|---|---|---|
| 15 | Build W1 Finding Detail (standing authority block, 4-section evidence panel, linkage proof card) | Large | UI |
| 16 | Simplify path diagram to W1 format (4-node: Automation → Identity → Destination → Data Domain) | Small | UI |
| 17 | Since Last Refresh delta computation + display | Medium | Backend + UI |
| 18 | Sensitive domain summary display | Small | UI |
| 19 | Remediation placeholder button | Trivial | UI |
| 20 | Static egress classification registry (LLM endpoint patterns) | Small | Backend |
Deferred to W2
- AutomationRun persistence and
automation_runscollection - Topology/run correlation and version tracking
- Chain fingerprint versioning (ADR-008 Phase 2)
- Full blast radius traversal beyond first boundary
- Authority Chains page redesign (not in W1 navigation)
- "Was → is" risk velocity tables (Sergey's full delta vision beyond refresh delta)
5. Two-Axis Execution Status Model (CISO Recommendation)
The CISO analysis identified a critical refinement: W1 needs two distinct axes, not one:
| Axis | Question | Values | Source |
|---|---|---|---|
execution_proven | "Do we have deterministic evidence this executed?" | true / false | Existence of linked execution_evidence records |
authority_status | "Is this authority actively exercised or dormant?" | active / dormant | Recency of execution within 30-day window |
Current doc 06 collapses these into a single binary execution_status: proven | unproven. The W1 UX requires both — the homepage shows "Active Non-Human Execution Identities" (authority_status = active) and "Dormant Authority Identities" (authority_status = dormant), while finding details need to show whether evidence linkage was deterministic (execution_proven).
6. Internal vs External Vocabulary
| Internal (code/architecture) | External (CISO/W1 UX) |
|---|---|
execution_chains collection | Authority Chains (secondary, not in W1 primary flow) |
AutomationTopology (concept) | Not exposed to W1 users |
AutomationRun (W2 concept) | Execution Instance (W2) |
ExecutionEvidenceEvent | Execution Evidence |
ExposureUnit (doc 06 concept) | Finding row / Exposure |
execution_status: proven/unproven | Execution Evidence: Proven / Unproven |
risk_cluster (computed) | Autonomous Authority Risk Cluster |
| (unnamed) | Standing Authority |
The principle: governance language for users, technical language for code.
7. Summary
The 4 analysts converge on these key points:
- Doc 06/07's architecture is sound — keep the 4-concept separation internally
- W1 demands a different surface — risk clusters, not chains; governance language, not architecture terms
- Most of doc 07's naming questions are moot for W1 — the pages they target aren't in W1's flow
- The real work is building W1's new views — Homepage with risk clusters, cluster-grouped findings, simplified finding detail
- The current platform has all the data building blocks — no schema changes, no new collections; new evaluator rules, new API aggregation, new UI pages
- Authority Chains is the consensus internal name (when needed), Executions (30d) is the consensus count label
- Risk Cluster concept needs an ADR — it's a new architectural primitive
- Standing Authority needs to be named and defined — it's the central W1 governance assertion