Agent Graph
The Agent Graph gives you a visual overview of your agent fleet and lets you explore the governance chain for any individual agent - from the agent itself, through its policies, to the specific API endpoints it can reach.
Fleet view
Fleet view shows all agents grouped by the type of identity they use to connect to KeyRunner (Kubernetes, AWS, GCP, Azure, AI model, API key).
Each group shows how many agents use that identity type, which environments they run in, and the overall risk distribution across the group.
Use fleet view to answer questions at a glance:
- Do we have production agents running without a verified cloud identity?
- How is our agent fleet distributed across cloud providers?
- Which identity group has the highest concentration of high-risk agents?
Tree view
Select any agent from the dropdown to see its full governance chain rendered as an interactive diagram.
The chain reads from left to right:
Agent - the starting point. Shows the agent name and environment.
Policies - the policies attached to this agent. Each policy is a branch.
Tools - the tools within each policy. Active tools appear normally; pending tools are shown in a different style so you can see at a glance if an agent has policy gaps.
API endpoints - the actual API calls each tool makes, color-coded by HTTP method so destructive operations (like DELETE calls) are immediately visible.
Navigating the diagram
- Pan by clicking and dragging the canvas
- Zoom using the scroll wheel
- Click any endpoint to open a detail panel with the full API path, HTTP method, and description
When to use tree view
Before deploying a new agent - verify visually that the governance chain looks correct. Are the right policies attached? Do they cover the right tools? Are any tools pending approval?
After editing a policy - confirm the diagram reflects your intended changes. A newly added tool should appear as a new branch under the relevant policy.
For a security review - produce a visual map of an agent's complete API access for an auditor or security team review.
When investigating an incident - understand exactly which API endpoints an agent had access to at the time of an issue.