Declared
What exists or is configured — AgentSurface, MCP config, install records
BeProof detects surfaces — configs, credential references, usage events, MCP endpoints, cloud declarations, and grant edges — not just vendor logos. When a layer cannot be verified, BeProof records a CoverageGap instead of silently passing the audit.
Status reflects the current macOS release. Cloud and observed columns depend on configured connectors, readable local history, and admin API access. Planned surfaces (e.g. Windows agents) are roadmap items — Separate Windows platform PRD — not in the macOS release or design-partner pilot.
| Agent / Surface | Declared | Granted | Observed | Cloud | Status | Notes |
|---|---|---|---|---|---|---|
| OpenAI Codex (local) | ✅ | ✅ | ✅ | 🟡 | GA | Config, automations, credential metadata; usage via CodexAutomationUsageScanner. Managed: /etc/codex + MDM (POL-X02). Usage gaps when SQLite is locked or history missing. |
| Codex cloud tasks | ✅ | 🟡 | 🟡 | 🟡 | Partial | OpenAI org enumeration and usage require OPENAI_ADMIN_KEY / cloud connector; use Local vs Cloud setup in the macOS app. |
| Claude Code | ✅ | ✅ | ✅ | 🟡 | GA / partial | Local config + ClaudeCodeUsageScanner. Managed: ClaudeCode managed-settings + MDM (POL-X02). Cloud partial without Anthropic admin token. |
| Cursor | ✅ | ✅ | ✅ | 🟡 | GA / partial | Rules/hooks + CursorUsageScanner. Cloud usage and org context need CURSOR_API_KEY (Enterprise Admin API). Managed: Cursor MDM plist (POL-X02). |
| Open Claw | ✅ | — | ✅ | — | GA | Declared ~/.openclaw (+ clawdbot paths) + OpenClawUsageScanner. Managed: /etc/openclaw + MDM ai.openclaw.mac.plist. |
| Windsurf | ✅ | — | ✅ | — | GA | Declared ~/.codeium/windsurf + WindsurfUsageScanner. Managed: /etc/windsurf/policies + MDM com.exafunction.windsurf (POL-X02). |
| Cline | ✅ | — | ✅ | — | GA | VS Code globalStorage + .clinerules + ClineUsageScanner. Enterprise policy via VS Code managed settings when deployed. |
| Aider | ✅ | — | ✅ | — | GA | ~/.aider.conf.yml, project history metadata + AiderUsageScanner. Project-scoped chat history requires project in scan scope. |
| Continue | ✅ | — | ✅ | — | GA | ~/.continue config/rules + ContinueUsageScanner. Session metadata from VS Code globalStorage; contents not parsed. |
| GitHub Copilot | ✅ | — | — | 🟡 | Partial | Copilot instruction files (declared). Cloud grant edges when GH_TOKEN configured. No dedicated Copilot usage scanner. |
| VS Code enterprise (Copilot / MCP policy) | — | — | — | — | GA (managed) | /etc/vscode/policy.json + MDM com.microsoft.VSCode plist. Metadata-only path existence for org MCP/Copilot policy. |
| MCP configs | ✅ | ✅ | ✅ | — | GA | .mcp.json, local commands, network endpoints, env credential refs; MCP risk rules POL-F01–F04. |
| AGENTS.md / instruction files | ✅ | — | 🟡 | — | GA | Repository and workspace instruction surfaces; observed layer is correlation-only (POL-X06). |
| GitHub OAuth / GitHub Apps | — | ✅ | 🟡 | 🟡 | Partial | Grant edges and scopes when GH_TOKEN or org connector configured (provider account attribution). |
| Anthropic cloud declarations | ✅ | 🟡 | 🟡 | 🟡 | Partial | CloudAgentSurface enumeration + account attribution when Anthropic admin/user token configured. |
| Homebrew-installed agents | ✅ | — | — | — | GA | Install inventory (POL-X01); metadata only. |
| npm / pnpm global agents | ✅ | — | — | — | GA | Global npm/pnpm prefix scanner; install_inventory gap when paths unreadable. |
| VS Code / Cursor / Windsurf extensions | ✅ | — | — | — | GA | IDE extension metadata from install inventory; metadata only. |
| Windows agents | 🔴 | 🔴 | 🔴 | 🔴 | Planned | Separate Windows platform PRD — not in the macOS release or design-partner pilot. |
GAPartialPlannedCoverageGap
What exists or is configured — AgentSurface, MCP config, install records
CredentialRef metadata, keychain refs, cloud GrantEdge records
UsageEvent signals and cross-layer correlations where adapters exist
Missing, blocked, partial, stale, or consent-gated sources
Coverage depends on platform, scan scope, user or admin consent, and configured cloud connectors. BeProof never stores raw secrets and does not inspect network payloads.