The organization knows what infrastructure it owns, what systems it runs on, who controls every layer of the technical stack, and what condition its data assets are in. Domains, hosting, servers, credentials, API keys, and all data holdings are mapped, owned organizationally, and accessible to the right people without asking.
Most organizations discover their infrastructure gaps at the worst possible moment: when someone leaves and takes access with them, when a vendor needs a domain they cannot find, when an AI system asks for data that technically exists but nobody can locate. The Infrastructure Index does not move or consolidate anything. It creates the structured record of what the organization owns, where it lives, who controls it, and what condition it is in. For AI, this is the information and access layer. An agent cannot reason about data it cannot find, and it cannot act on systems it does not have governed access to.
The Infrastructure Index is a core dimension of the Awareness phase in the Ragsdale Framework for Autonomization, developed by Marc Ragsdale. Prospus implements it as part of structured AI transformation engagements. Kaamfu operationalizes it as a native layer inside the Autonomous Operating Environment, giving AI agents governed access to organizational systems and a structured map of available information.
Nobody has a complete picture of what the organization owns or controls. Credentials live in personal accounts. Domain renewals get missed. Data sits in personal drives that leave with people. When someone needs access to a system, the answer is to ask whoever set it up and hope they remember. AI systems can only work with whatever happens to be connected to them.
Every domain, server, credential, API key, and data asset has a structured record. Ownership is organizational, not individual. When someone joins, the index defines what gets provisioned. When someone leaves, the index defines what gets revoked. AI agents have a complete map of available information and governed access to retrieve it.
| Metric | Before | After |
|---|---|---|
| Access Continuity | A key person leaves and takes credentials, domain access, or institutional knowledge about a system with them. A developer leaves. Three months later the team discovers an API key they were managing expired and a critical integration has been silently failing. |
Every credential and access point is organizationally owned. Offboarding triggers a structured revocation process. Nothing leaves with a person. |
| Credential Governance | API keys are embedded in codebases, shared via Slack, and stored in personal password managers. Nobody knows which are active. An exposed API key in a public repo goes unnoticed for six months. The credential was created by a contractor who has since left. |
Every credential has a registry entry with an owner, a rotation schedule, and a defined revocation process. Exposed keys are identified and rotated before they cause damage. |
| Data Findability | Finding a file requires knowing who to ask and hoping they remember where they put it. AI systems can only access what happens to be connected. A new team member needs the contract template. They ask three people. Two send the wrong version. One sends the right version from their personal drive. |
Every data asset has a record. Retrieval is structural. AI agents have a complete map of what exists and where to find it. |
| Domain and Infrastructure Control | Domains renew on someone's personal card. Hosting accounts are owned by whoever set them up. The organization does not fully control its own infrastructure. A domain expires because the renewal reminder went to a former employee's personal email. The site goes down before anyone realizes what happened. |
Every domain, hosting account, and infrastructure layer is organizationally owned, documented, and governed. Renewals are tracked. Access is controlled. |
| AI Access Layer | AI agents have no structured map of organizational systems. They work only with data that happens to be directly connected to them. | The Infrastructure Index gives AI agents a governed map of every system and data asset. Agents can retrieve information structurally rather than guessing at what exists. |
A score of 10 on the Infrastructure Index means this dimension is fully resolved and no longer a constraint on the phases that follow. Here is what that requires in practice.
Run a discovery pass across every place organizational infrastructure exists: domains, hosting accounts, cloud providers, databases, SaaS platforms, credential stores, and any system where an individual rather than the organization holds the account.
Classify each asset: what it is, who owns it organizationally, who has access, when credentials were last rotated, and what breaks if it disappears. This assessment reveals the actual infrastructure footprint — which is almost always larger and more fragile than leadership believes.
Establish organizational ownership for every asset. Ownership is assigned to a role or team, not an individual. Every personal account holding organizational infrastructure gets migrated to an organizational account with governed access.
Build the Credential Registry. Document every API key, service account, and access token with an owner, a rotation schedule, and a revocation process. Define what triggers an emergency rotation.
Make the index queryable. Inside Kaamfu for organizations on the platform, or as a standalone natural language interface for those that are not.
The file index and tool registry get built. Credentials never get documented. The Infrastructure Index becomes a map of what the organization creates and stores but not what it controls. Credentials, API keys, and access governance are the hardest part and the most important part. Without them, the organization still loses infrastructure when people leave.
The Autonomy Diagnostic scores the Infrastructure Index on a 0 to 10 scale. Each point reflects a specific observable state in your organization.
No structured record of organizational infrastructure exists. Access and ownership are informal and individual.
A list of tools exists but credentials, domains, and data assets are undocumented. Ownership is individual throughout.
Major systems are known but not documented. Credentials exist in personal accounts. Data ownership is informal.
A tool registry exists. Domain and hosting ownership is partially documented. Credentials are not systematically tracked.
Most systems are documented with location and ownership. Credential governance is absent. Data quality has not been assessed.
The index covers most systems with location, ownership, and basic credential notes. AI access governance is partially defined.
The Infrastructure Index covers all major systems with organizational ownership, credential registry, and data quality assessment.
The index is complete and current. Organizational ownership is enforced throughout. Credentials are governed with rotation schedules.
The Infrastructure Index is queryable and referenced by AI agents. Onboarding and offboarding are governed by the index.
Every domain, system, credential, and data asset is documented, organizationally owned, and queryable. AI agents have governed access to the full infrastructure layer. Nothing leaves with a person.
A structured record of everything the organization owns, runs on, or depends on at the infrastructure layer: domains, hosting, servers, credentials, API keys, data assets, tools, and the organizational ownership of every layer. It is the map that tells the organization what it controls and what controls it.
The Data Index covered files and data assets. The Infrastructure Index expands that scope to include the full governance layer underneath it: domains, hosting, server control, credential custody, and API key management. Data is a component of Infrastructure, not a separate category. The organization cannot govern its data without first governing the systems that hold it.
AI agents need governed access to organizational systems to operate reliably. Without a structured map of what exists and who controls it, agents work only with whatever data happens to be directly connected to them. The Infrastructure Index is the access and information layer that makes autonomous AI operation possible.
Organizational ownership means a role or team owns the asset, not an individual. When the person in that role leaves, the asset stays and transfers to whoever fills the role next. Individual accounts holding organizational infrastructure are a governance risk the Infrastructure Index surfaces and resolves.
The Credential Registry documents every API key, service account, and access token with an organizational owner, a rotation schedule, and a defined revocation process. The goal is that no credential exists outside the registry and no credential leaves with a person.
No. The Infrastructure Index documents what exists and where. Data and systems stay in their current locations. Migration or consolidation decisions come later, informed by the complete picture the index reveals rather than made before it exists.
Shadow infrastructure is organizational systems, accounts, and data that exist outside officially recognized governance: personal accounts holding domain access, API keys shared via Slack, databases created by contractors who have since left. The Infrastructure Index surfaces shadow infrastructure so it can be brought under governance or retired.
The index should update whenever a new system is adopted, a credential is created or rotated, an asset changes ownership, or a team member joins or leaves. A quarterly audit ensures the index reflects current reality rather than the state of the organization at the time of the initial discovery pass.
One person or role is responsible for maintaining the index, running audits, and resolving ownership conflicts. In most organizations this sits with the founder, a technical lead, or an operations function. Without a defined owner, the index reflects a point in time rather than current reality.
A score of 7 or above means infrastructure ownership is governed well enough that it is not a meaningful constraint on the phases that follow. The Autonomy Diagnostic will tell you which dimensions need the most attention first.
The Autonomy Diagnostic scores every dimension of the Ragsdale Framework and tells you exactly where to focus first.
Take the Diagnostic