> ## Documentation Index
> Fetch the complete documentation index at: https://docs.safedep.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Endpoint Inventory

> View AI tools, Agent Skills, MCP servers, and coding agents discovered on your endpoints in SafeDep Cloud

Endpoint inventory shows what AI tooling is active across your endpoints (developer machines, CI runners, agent sandboxes). It is powered by `vet endpoint scan`, which runs locally to discover AI tools, Agent Skills, MCP servers, coding agents, and IDE extensions, then delivers them to SafeDep Cloud when credentials are configured.

<iframe width="100%" height="315" src="https://www.youtube.com/embed/d_qsR2RR6eY" title="Endpoint Inventory for AI Tools, Skills & CLI Utilities" frameBorder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; fullscreen" allowFullScreen />

## Prerequisites

* `vet` [installed](/governance/vet/quickstart)
* A SafeDep Cloud account with an API key and tenant domain (see [Cloud quickstart](/governance/cloud/quickstart))

## Enable inventory sync

<Steps>
  <Step title="Configure SafeDep credentials">
    Run the interactive auth setup, passing your tenant domain as a flag:

    ```bash theme={null}
    vet auth configure --tenant <your-tenant-domain>
    ```

    The tenant domain looks like `your-team.your-org.safedep.io` and is shown on your SafeDep Cloud settings page. You will be prompted to enter your **API key** interactively.

    Alternatively, set environment variables:

    ```bash theme={null}
    export SAFEDEP_API_KEY=<your-api-key>
    export SAFEDEP_TENANT_ID=<your-tenant-domain>   # e.g. your-team.your-org.safedep.io
    ```

    Verify credentials are working:

    ```bash theme={null}
    vet auth verify
    ```

    A successful response means Vet can reach SafeDep Cloud. If verification fails, check that your API key and tenant domain are correct.
  </Step>

  <Step title="Run an endpoint scan">
    ```bash theme={null}
    vet endpoint scan
    ```

    ```text Example output theme={null}
    Discovered 6 item(s) across 3 app(s)

    ┌────────────────┬──────────────────┬───────────────┬─────────┬──────────────────────────────────────────────────┐
    │ TYPE           │ NAME             │ APP           │ SCOPE   │ DETAIL                                           │
    ├────────────────┼──────────────────┼───────────────┼─────────┼──────────────────────────────────────────────────┤
    │ Coding Agent   │ Claude Code      │ Claude Code   │ System  │ /home/user/.claude/settings.json                 │
    │ MCP Server     │ my-server        │ Claude Code   │ System  │ stdio: npx my-server                             │
    │ CLI Tool       │ Claude Code      │ Claude Code   │ System  │ /usr/local/bin/claude v2.1.0                     │
    │ Coding Agent   │ Cursor           │ Cursor        │ System  │ /home/user/.cursor                               │
    │ Agent Skill    │ golang-pro       │ claude-code   │ Project │ /home/user/project/.claude/skills/golang-pro     │
    │ Agent Skill    │ security-review  │ Global Skills │ System  │ /home/user/.agents/skills/security-review        │
    └────────────────┴──────────────────┴───────────────┴─────────┴──────────────────────────────────────────────────┘
    ```

    `vet endpoint scan` delivers discovered items to SafeDep Cloud in the background. The command waits up to 30 seconds for delivery; if the timeout is reached, any undelivered items are retried automatically on the next run.

    <Tip>
      Without credentials, `vet endpoint scan` still runs and prints the local table. No data leaves the machine.
    </Tip>
  </Step>

  <Step title="View inventory in SafeDep Cloud">
    Open [app.safedep.io](https://app.safedep.io), select **Endpoint Hub** in the sidebar, and pick your endpoint. Your endpoint appears in the list by your machine's hostname. Open the **Inventory** tab to see discovered items.

    <img src="https://mintcdn.com/safedep/ogk6d7nSNW0qSm9p/images/endpoint-hub/endpoint-hub-inventory.png?fit=max&auto=format&n=ogk6d7nSNW0qSm9p&q=85&s=1f28a91557913fead366c0f6e01f8bf3" alt="SafeDep Cloud Endpoint Hub Inventory tab" width="2495" height="1428" data-path="images/endpoint-hub/endpoint-hub-inventory.png" />

    <Tip>
      If your endpoint is not listed, confirm credentials with `vet auth verify` and re-run the scan.
    </Tip>
  </Step>
</Steps>

## Common scan options

* **Project scope only:** `vet endpoint scan --scope project -D /path/to/repo`: limits discovery to project-level configs (e.g. `.mcp.json`, `CLAUDE.md`).
* **System scope only:** `vet endpoint scan --scope system`: skips project configs; faster on large repositories.
* **AI tools only:** `vet endpoint scan --kind ai-tool`: discovers coding agents, MCP servers, CLI tools, IDE extensions, and project config files; skips skill directories.
* **Agent skills only:** `vet endpoint scan --kind agent-skill`: discovers agent skill directories only.
* **JSON report:** `vet endpoint scan --report-json inventory.json`: writes a local file in addition to syncing.
* **CI/CD:** Set `SAFEDEP_API_KEY` and `SAFEDEP_TENANT_ID` as pipeline secrets. Ephemeral runners (e.g. GitHub-hosted) register as a new endpoint per run; self-hosted runners on a persistent host update the same endpoint.
* **Suppress table output:** `vet endpoint scan --silent`: runs and syncs without printing the local table.

## Next steps

<CardGroup cols={2}>
  <Card title="AI Tools Discovery" icon="magnifying-glass" href="/ai-security/ai-tools-discovery">
    Learn what gets discovered and how scopes work
  </Card>

  <Card title="Package Guard" icon="shield" href="/governance/cloud/endpoint-hub/package-guard">
    Track package installs across your endpoints
  </Card>
</CardGroup>