Browsing the inventory
In the console, Inventory in the left sidebar lists every category. Each row supports:- Filter by Resource Type, Provider, or Integration (top-right of the Overview)
- Sort by risk level, last sync, name, or item count
- Drill into a single resource to see its full configuration, findings, telemetry, and source integration
Categories
Agents
| Field | Description |
|---|---|
| Name, description, status | Agent identity |
| Model | Foundation model the agent is bound to |
| Instructions / system prompt | The agent’s behavioral spec |
| Tools | Code interpreter, file search, web search, image generation, custom functions, MCP tools |
| Knowledge bases | Vector stores, document libraries, RAG corpora attached to the agent |
| Guardrails | RAI policies, Model Armor templates, Mistral moderation policies |
| Authentication | Auth mode and access control policy |
| Usage | Runs, conversations, tool-call breakdown, latency, errors (where exposed) |
Models
| Field | Description |
|---|---|
| Name, family | Foundation model identity |
| Capabilities | Chat, function calling, vision, fine-tuning |
| Lifecycle status | Stable, deprecated, legacy |
| Context window | Maximum tokens per request |
| Deployments | Region, throughput tier, owning project |
SaaS
AI-enabled SaaS applications observed across the organization (e.g. ChatGPT Enterprise, Claude.ai, Copilot for Microsoft 365). Tracked at the tenant level, not per-user. Populated by: Cross-correlation of Endpoint Discovery results with the Microsoft Graph and other SaaS APIs you connect.IDEs
AI-assisted IDEs running on managed endpoints, including version, install path, and any AI extensions installed inside them. Populated by: Endpoint Discovery (MDM) Examples: Cursor, Windsurf, JetBrains AI Assistant, VS Code with Copilot / Continue / Cline / Cody, Zed.Extensions
Browser extensions that interact with AI services, captured per-browser per-device. Populated by: Endpoint Discovery (MDM) Examples: ChatGPT, Claude, Gemini, Copilot, Perplexity, Monica, Merlin, Sider, MaxAI, ChatHub.Agent CLIs
Command-line agent tools installed on managed devices. Populated by: Endpoint Discovery (MDM) Examples: Claude Code, OpenAI Codex CLI, GitHub Copilot CLI, Aider, Goose, Open Interpreter.Browsers
Browsers present on managed endpoints that are configured to reach AI services. Reported with name, version, and the AI extensions installed in each. Populated by: Endpoint Discovery (MDM)MCP Servers
Model Context Protocol server declarations from local config files and remote registry entries.| Field | Description |
|---|---|
| Server name | Identifier from the config |
| Transport | stdio, HTTP, or SSE |
| Command / URL | Invocation target — secret env var values are stripped client-side |
| Tools declared | The names of tools the server exposes |
| Source | Which file (and on which device or repo) declared the server |
Agent configs
Instruction and persona files used by AI coding assistants and orchestration frameworks.| File | Used by |
|---|---|
AGENTS.md, CLAUDE.md, SKILLS.md | Codex, Claude Code, Cursor agents |
.cursorrules | Cursor |
crewai.yaml, agents.yaml | CrewAI |
| AutoGen YAML configs | AutoGen |
Hooks (hooks.json) | Cursor hook automation |
Endpoint Hosts
Managed devices running AI-related software. Each host is keyed by hardware UUID and tagged with the MDM-supplied device ID and assigned user.| Field | Description |
|---|---|
| Hostname, OS, OS version | Device identity |
| Hardware UUID | Stable cross-sync identifier |
| MDM device ID, assigned user | From the MDM payload |
| Discovered software | All IDEs, browsers, extensions, CLIs, MCP servers, configs found by the script |
| Last seen | Timestamp of the most recent successful script run |
Deduplication and provenance
TrustLens deduplicates resources across integrations using stable identifiers wherever possible:- Agents — provider-issued ID (e.g. Azure agent ID, Mistral agent ID); Dataverse + Graph Agent Registry duplicates collapsed to the Dataverse record
- Models — provider name + version
- Endpoint Hosts — hardware UUID
- MCP Servers — fully-qualified server name + transport + invocation target hash
- Agent configs — repo path + commit SHA, or device + filesystem path
source_integration field so a finding traced back to a deduplicated record points to the integration that populated it.