Documentation Index
Fetch the complete documentation index at: https://docs.neuraltrust.ai/llms.txt
Use this file to discover all available pages before exploring further.
The Inventory is the single source of truth for everything TrustLens has discovered. Every record is typed, deduplicated across integrations, and tagged with the integration that produced it so you can always trace a finding back to its source.
This page explains each inventory category, what gets stored, and which integrations populate it.
Browsing the inventory
In the console, Inventory in the left sidebar lists every category. Each row supports:
- Filter by Resource Type, Provider, or Integration (top-right of the Overview)
- Sort by risk level, last sync, name, or item count
- Drill into a single resource to see its full configuration, findings, telemetry, and source integration
The Overview page aggregates the inventory into Risk Distribution, Attack Surface by Type, and Posture Risk Trend charts.
Categories
Agents
| Field | Description |
|---|
| Name, description, status | Agent identity |
| Model | Foundation model the agent is bound to |
| Instructions / system prompt | The agent’s behavioral spec |
| Tools | Code interpreter, file search, web search, image generation, custom functions, MCP tools |
| Knowledge bases | Vector stores, document libraries, RAG corpora attached to the agent |
| Guardrails | RAI policies, Model Armor templates, Mistral moderation policies |
| Authentication | Auth mode and access control policy |
| Usage | Runs, conversations, tool-call breakdown, latency, errors (where exposed) |
Models
| Field | Description |
|---|
| Name, family | Foundation model identity |
| Capabilities | Chat, function calling, vision, fine-tuning |
| Lifecycle status | Stable, deprecated, legacy |
| Context window | Maximum tokens per request |
| Deployments | Region, throughput tier, owning project |
SaaS
AI-enabled SaaS applications observed across the organization (e.g. ChatGPT, Claude.ai, Gemini, Copilot, Perplexity). Each record includes the application, the browser that reached it, the device, and the user.
Populated by: The Runtime browser extension deployed to managed browsers. The extension reports the AI SaaS domains users visit back to TrustLens — no prompt or response content is captured, only the tenant-level visit. See Runtime enforcement surfaces → Browser.
IDEs
AI-assisted IDEs running on managed endpoints, including version, install path, and any AI extensions installed inside them.
Populated by: Endpoint Discovery (MDM)
Examples: Cursor, Windsurf, JetBrains AI Assistant, VS Code with Copilot / Continue / Cline / Cody, Zed.
Extensions
Browser extensions that interact with AI services, captured per-browser per-device.
Populated by: Endpoint Discovery (MDM)
Examples: ChatGPT, Claude, Gemini, Copilot, Perplexity, Monica, Merlin, Sider, MaxAI, ChatHub.
Agent CLIs
Command-line agent tools installed on managed devices.
Populated by: Endpoint Discovery (MDM)
Examples: Claude Code, OpenAI Codex CLI, GitHub Copilot CLI, Aider, Goose, Open Interpreter.
Browsers
Browsers present on managed endpoints that are configured to reach AI services. Reported with name, version, and the AI extensions installed in each.
Populated by: Endpoint Discovery (MDM)
MCP Servers
Model Context Protocol server declarations from local config files and remote registry entries.
| Field | Description |
|---|
| Server name | Identifier from the config |
| Transport | stdio, HTTP, or SSE |
| Command / URL | Invocation target — secret env var values are stripped client-side |
| Tools declared | The names of tools the server exposes |
| Source | Which file (and on which device or repo) declared the server |
Agent configs
Instruction and persona files used by AI coding assistants and orchestration frameworks.
| File | Used by |
|---|
AGENTS.md, CLAUDE.md, SKILLS.md | Codex, Claude Code, Cursor agents |
.cursorrules | Cursor |
crewai.yaml, agents.yaml | CrewAI |
| AutoGen YAML configs | AutoGen |
Hooks (hooks.json) | Cursor hook automation |
Endpoint Hosts
Managed devices running AI-related software. Each host is keyed by hardware UUID and tagged with the MDM-supplied device ID and assigned user.
| Field | Description |
|---|
| Hostname, OS, OS version | Device identity |
| Hardware UUID | Stable cross-sync identifier |
| MDM device ID, assigned user | From the MDM payload |
| Discovered software | All IDEs, browsers, extensions, CLIs, MCP servers, configs found by the script |
| Last seen | Timestamp of the most recent successful script run |
Deduplication and provenance
TrustLens deduplicates resources across integrations using stable identifiers wherever possible:
- Agents — provider-issued ID (e.g. Azure agent ID, Mistral agent ID); Dataverse + Graph Agent Registry duplicates collapsed to the Dataverse record
- Models — provider name + version
- Endpoint Hosts — hardware UUID
- MCP Servers — fully-qualified server name + transport + invocation target hash
- Agent configs — repo path + commit SHA, or device + filesystem path
Every record carries a source_integration field so a finding traced back to a deduplicated record points to the integration that populated it.
Inventory and posture
Inventory feeds directly into posture scoring — see Risk & findings for how each category is assessed and which finding types apply to which resource type.
