AccessGraph
Maps agent surfaces, actions, business-critical asset classes, and required controls in one structured record.
cg-accessgraph-1.0.0
CapitalGuard AccessGraph connects each agent surface to what it can read, change, execute, or transfer, the business asset at risk, and the control that should stand between them.
CapitalGuard AccessGraph
Read. Change. Execute. Transfer.
One ownable security record
The durable value is not a colorful score alone. It is the linked record of exposure, policy, change, and evidence that becomes more useful after every authorized review.
Maps agent surfaces, actions, business-critical asset classes, and required controls in one structured record.
Fingerprints aggregate exposure state so a later scan can identify change without publishing repository contents.
Turns the map into blocked paths, approval gates, redaction rules, and untrusted-instruction boundaries.
Keeps score, graph version, policy version, delivery state, and approved verification attached to the review.
Control language
CapitalGuard turns exposure into an explicit boundary instead of pretending every risk can be fixed automatically.
Block
Deny access to material that should never enter agent context.
Human approval
Pause high-impact changes and execution until an owner reviews them.
Redact
Keep sensitive values out of prompts, logs, reports, and transfers.
Treat as untrusted
Prevent repository text from silently becoming operating instruction.
Privacy boundary
The licensed local scanner generates aggregate category counts and a reproducible Guardprint. Source contents, raw secret values, customer identity, and repository name are not required in the AccessGraph output.
Privacy-safe by default
Start the baseline