Skip to main content
The Inventory is the single source of truth for everything TrustLens has discovered. Every record is typed, deduplicated across integrations, and tagged with the integration that produced it so you can always trace a finding back to its source. This page explains each inventory category, what gets stored, and which integrations populate it.

Browsing the inventory

In the console, Inventory in the left sidebar lists every category. Each row supports:
  • Filter by Resource Type, Provider, or Integration (top-right of the Overview)
  • Sort by risk level, last sync, name, or item count
  • Drill into a single resource to see its full configuration, findings, telemetry, and source integration
The Overview page aggregates the inventory into Risk Distribution, Attack Surface by Type, and Posture Risk Trend charts.

Categories

Agents

FieldDescription
Name, description, statusAgent identity
ModelFoundation model the agent is bound to
Instructions / system promptThe agent’s behavioral spec
ToolsCode interpreter, file search, web search, image generation, custom functions, MCP tools
Knowledge basesVector stores, document libraries, RAG corpora attached to the agent
GuardrailsRAI policies, Model Armor templates, Mistral moderation policies
AuthenticationAuth mode and access control policy
UsageRuns, conversations, tool-call breakdown, latency, errors (where exposed)
Populated by: Azure, GCP Vertex AI, Mistral, M365 Copilot

Models

FieldDescription
Name, familyFoundation model identity
CapabilitiesChat, function calling, vision, fine-tuning
Lifecycle statusStable, deprecated, legacy
Context windowMaximum tokens per request
DeploymentsRegion, throughput tier, owning project
Populated by: Azure (Cognitive Services + ML Workspace), GCP Vertex AI Model Registry, Mistral

SaaS

AI-enabled SaaS applications observed across the organization (e.g. ChatGPT Enterprise, Claude.ai, Copilot for Microsoft 365). Tracked at the tenant level, not per-user. Populated by: Cross-correlation of Endpoint Discovery results with the Microsoft Graph and other SaaS APIs you connect.

IDEs

AI-assisted IDEs running on managed endpoints, including version, install path, and any AI extensions installed inside them. Populated by: Endpoint Discovery (MDM) Examples: Cursor, Windsurf, JetBrains AI Assistant, VS Code with Copilot / Continue / Cline / Cody, Zed.

Extensions

Browser extensions that interact with AI services, captured per-browser per-device. Populated by: Endpoint Discovery (MDM) Examples: ChatGPT, Claude, Gemini, Copilot, Perplexity, Monica, Merlin, Sider, MaxAI, ChatHub.

Agent CLIs

Command-line agent tools installed on managed devices. Populated by: Endpoint Discovery (MDM) Examples: Claude Code, OpenAI Codex CLI, GitHub Copilot CLI, Aider, Goose, Open Interpreter.

Browsers

Browsers present on managed endpoints that are configured to reach AI services. Reported with name, version, and the AI extensions installed in each. Populated by: Endpoint Discovery (MDM)

MCP Servers

Model Context Protocol server declarations from local config files and remote registry entries.
FieldDescription
Server nameIdentifier from the config
Transportstdio, HTTP, or SSE
Command / URLInvocation target — secret env var values are stripped client-side
Tools declaredThe names of tools the server exposes
SourceWhich file (and on which device or repo) declared the server
Populated by: Endpoint Discovery (MDM) for local configs, GitHub for repo configs.

Agent configs

Instruction and persona files used by AI coding assistants and orchestration frameworks.
FileUsed by
AGENTS.md, CLAUDE.md, SKILLS.mdCodex, Claude Code, Cursor agents
.cursorrulesCursor
crewai.yaml, agents.yamlCrewAI
AutoGen YAML configsAutoGen
Hooks (hooks.json)Cursor hook automation
Populated by: GitHub (repo files), Endpoint Discovery (local files).

Endpoint Hosts

Managed devices running AI-related software. Each host is keyed by hardware UUID and tagged with the MDM-supplied device ID and assigned user.
FieldDescription
Hostname, OS, OS versionDevice identity
Hardware UUIDStable cross-sync identifier
MDM device ID, assigned userFrom the MDM payload
Discovered softwareAll IDEs, browsers, extensions, CLIs, MCP servers, configs found by the script
Last seenTimestamp of the most recent successful script run
Populated by: Endpoint Discovery (MDM)

Deduplication and provenance

TrustLens deduplicates resources across integrations using stable identifiers wherever possible:
  • Agents — provider-issued ID (e.g. Azure agent ID, Mistral agent ID); Dataverse + Graph Agent Registry duplicates collapsed to the Dataverse record
  • Models — provider name + version
  • Endpoint Hosts — hardware UUID
  • MCP Servers — fully-qualified server name + transport + invocation target hash
  • Agent configs — repo path + commit SHA, or device + filesystem path
Every record carries a source_integration field so a finding traced back to a deduplicated record points to the integration that populated it.

Inventory and posture

Inventory feeds directly into posture scoring — see Risk & findings for how each category is assessed and which finding types apply to which resource type.