TL;DR
The agent's answers are only as trustworthy as the graph behind them, and that graph was invisible. I designed a dashboard around the four questions a skeptic asks before delegating:
- What does it know?
- How does it stay current?
- What has it been doing?
- Is it reliable?
Plus a real-time ingestion feed so you can watch the knowledge stay fresh.
The problem
A promise that the graph exists is not trust. Users could not see what the agent knew, whether it was current, or whether ingestion was even working.
Ingestion is a live pipeline: cloud resources change, and every git push should re-ingest code into the graph. If that pipeline stalls silently, the agent quietly answers from stale reality, which is the most dangerous failure of all.
The insight
A dashboard earns trust by answering questions, not by displaying metrics, and freshness has to be a first-class, observable fact rather than an assumption.
Ingestion is a stream of jobs, so I designed it to be watched like one.
The solution
- What it knows: the IaC trinity (Code, State, Runtime) as a scannable grid, big number plus breakdown, so the structure mirrors how infra engineers already think.
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
planstate
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
planstate
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9What it knows: the semantic context dashboard
- How it stays current: a live WebSocket sync view (
context sources sync) plus a sidebar ingestion indicator and feed popover. Jobs stream their status and timing in real time, per source (cloud, code, k8s), with running jobs surfaced and a last new data X ago freshness signal. When you push code, you can watch it re-ingest into the graph.
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
planstate
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
planstate
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
planstate
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9How it stays current: live ingestion across sources
- Is it reliable: reliability stated in plain English (for example
half of replies are faster) instead of p50/p95 jargon.
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
planstate
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
planstate
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9
vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }vpc
deny
state
+ ~
terraform
module
ingest
lock
0 1
apply
drift
graph
{ }
9fa3
plan
iam
helm
=>
b4f
aws_s3
allow
k8s
==
2f9What it has been doing: the activity view
Cross-functional reality
I designed the ingestion UX end to end; our frontend lead implemented the feed, and it plugs into the backend team's ingestion-observability API and git-push ingest stream.
Designing it meant defining the job and event model with the backend so the UI had something honest to render.
Impact
Turned the agent's grounding from a claim into something you can audit at a glance, and turned a silent backend pipeline into a visible, trustworthy one.
Reflection
The four-question framing was the unlock: it turned an admin dashboard into the reason to trust the agent.
Watching ingestion happen live is what makes people believe the graph is real.