Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.safedep.io/llms.txt

Use this file to discover all available pages before exploring further.

vet ai discover is an alias for vet endpoint scan --kind ai-tool --kind agent-skill. It scans the local system and project directory to build an inventory of AI tool usage signals: coding agents, MCP servers, CLI tools, IDE extensions, project configuration files, and agent skills. When SafeDep credentials are configured, discovered items are synced to SafeDep Cloud’s Endpoint Hub automatically. See Inventory.

Prerequisites

Usage

Discover all AI tool usage signals on the current system and project: 
vet ai discover

Scope Filtering

Limit discovery to system-level or project-level signals: 
# Only system-level signals (global configs, CLI binaries, IDE extensions)
vet ai discover --scope system

# Only project-level signals for a specific repository
vet ai discover --scope project -D /path/to/repo

JSON Output

Write a structured JSON inventory for downstream processing: 
vet ai discover --report-json inventory.json

# JSON only, suppress table output
vet ai discover --report-json inventory.json --silent

What Gets Discovered

vet ai discover reports usage signals, not unique tools. The same tool may appear multiple times because it can be configured at different scopes. Each row represents a distinct configuration entry. For example, Claude Code might produce:
TypeNameScopeWhy
coding_agentClaude Codesystem~/.claude/settings.json exists
project_configClaude CodeprojectProject has a CLAUDE.md
mcp_servermy-serversystemConfigured in ~/.claude/settings.json
mcp_servermy-serverprojectAlso configured in .mcp.json

Signal Types

The --kind flag on vet endpoint scan controls which signal types are collected. vet ai discover always collects all of them.
TypeKindDescription
coding_agentai-toolAI coding assistant installed on the system, detected via system-level config directories
mcp_serverai-toolModel Context Protocol server configured for an application
cli_toolai-toolStandalone AI CLI binary found on $PATH, verified by executing with a version flag
ai_extensionai-toolAI-related IDE extension detected from installed extension manifests
project_configai-toolAI tool configuration or instruction file found in a project repository
agent_skillagent-skillAgent skill directory discovered in a supported agent’s skill path (e.g. .claude/skills/, .agents/skills/)

Scope

  • system refers to user-global config (e.g. ~/.claude/settings.json, ~/.cursor/mcp.json)
  • project refers to repo-scoped config (e.g. .mcp.json, .cursorrules, CLAUDE.md)

What Gets Scanned

App configuration is read from well-known system and project-level config paths for each supported application. System-level configs indicate the tool is installed. Project-level configs indicate the project is set up for a tool. CLI binaries are discovered by searching $PATH for known binary names. Each candidate is executed with a version flag and the output is verified against known patterns. IDE extensions are discovered by reading extension manifests from supported IDE distributions and matching against a curated list of known AI extension identifiers. Agent skill directories are discovered by scanning known per-agent skill paths at both system and project scope.

Security

During discovery, no network calls are made. All scanning is based on local filesystem and $PATH inspection. The discovery process never captures environment variable or header values; only key names are recorded. CLI arguments matching secret patterns (--token=, --api-key=, --password=, etc.) are redacted. Sync to SafeDep Cloud is a separate step that only runs when credentials are configured.

Inventory

Sync discovered AI tools and skills to SafeDep Cloud’s Endpoint Hub

Shadow AI in Code

Detect AI SDK usage in source code and generate AI-enriched SBOMs

xBOM Concepts

Learn about extended Bill of Materials and signature-based detection