Skip to main content

Foundry Integration — W1

1. Purpose

The Foundry integration supports W1 (Agentic AI Exposure Discovery & Assessment) by providing:

  • Visibility into autonomous execution surfaces within Foundry.
  • Deterministic execution identity context.
  • First-party execution evidence artifacts.
  • First-party configuration metadata relevant to outbound boundaries (if exposed).

The integration provides execution-plane and identity-plane artifacts only.

It does not evaluate exposure, compute reachability, assign risk, classify egress, detect drift, or perform scoring.

2. Execution Constructs in Scope

W1 applies only to autonomous execution.

A Foundry construct qualifies when:

  • It can execute without an active human-initiated session.
  • It produces first-party execution records.
  • Execution records expose deterministic identifiers that reference the specific execution construct.

In scope:

  • AI-connected execution.
  • Agentic execution surfaces.
  • AI agent actions.

Excluded:

  • Human-initiated interactive sessions.
  • Constructs without first-party execution records.
  • Constructs whose execution records cannot be deterministically linked to a unique execution identifier.

If deterministic linkage cannot be established, execution status must be unproven.

3. Identity Context

The integration must surface identity-plane artifacts sufficient to resolve:

Execution construct
→ Authentication configuration
→ Identity object

Identity binding is valid only when:

  • Deterministic identifiers resolve a uniquely identifiable identity object.
  • The identity object is observable via first-party metadata.

Execution identity may be:

  • Human (delegated or run-as authority recorded as a user principal).
  • Non-human (service or application identity).

If deterministic identity resolution is not possible, identity status must be unknown.

No heuristic identity inference is permitted.

4. Execution Evidence Signals

Execution is considered proven only when:

  • A first-party execution record exists.
  • The record exposes a deterministic identifier.
  • That identifier references the specific execution construct without heuristic matching.

The integration must surface:

  • Execution records.
  • Deterministic join keys between execution record and execution construct.

If deterministic linkage cannot be established, execution status must be unproven.

5. Outbound / Integration Signals

If Foundry exposes first-party metadata indicating outbound endpoints, the integration may capture:

  • Configured outbound endpoint host/base URL.
  • Integration endpoint references.

Constraints:

  • Endpoint-level only.
  • No payload or header inspection.
  • No inference beyond deterministically observable configuration.

If outbound configuration artifacts are not exposed by Foundry, no outbound artifacts are defined in W1 scope.

6. Ownership Signals

If exposed by Foundry, the integration may capture:

  • Assigned owner identifiers.
  • Owner principal type.
  • Owner state (e.g., active / disabled), if deterministically observable.
  • Group ownership references.

If ownership metadata cannot be deterministically resolved, ownership must be surfaced as unknown.

No ownership inference is permitted.

7. Determinism Requirements

The Foundry integration must adhere to the following:

  • First-party metadata only.
  • Deterministic joins only.
  • No heuristic or probabilistic correlation.
  • No expansion beyond deterministically observable boundaries.

If deterministic linkage cannot be established at any layer, output must explicitly indicate unknown or unproven.

The integration is a deterministic artifact provider. All exposure evaluation occurs in W1 logic.