Documentation · macOS

Complete Guide · macOS

This page explains every core macOS workflow: tabs and features, Policy Pack v1.2.2 rules and POL-X extensions, CLI operations, local sidecar files, troubleshooting, and practical audit procedures.

1) Install BeProof on macOS

macOS app (recommended)

Download the signed and notarized DMG from the latest GitHub release, open it, and drag BeProofApp.app to Applications.

All releases

Trust artifacts: SHA256, provenance, SBOM. Verify with beproof verify-install --app /Applications/BeProofApp.app after CLI install.

IT admins: see the macOS Admin Guide for support matrix and permissions, and Managed deployment (MDM) for PKG, PPPC, org-policy overlay, and platform runbooks.

CLI (Homebrew, Apple Silicon)

Install the production beproof command for headless scans, policy evaluation, and export without building from source. The public Homebrew tap tracks https://github.com/oxy9en/AgAudit-releases.

brew tap oxy9en/beproof https://github.com/oxy9en/AgAudit-releases
brew install beproof
beproof scan --root .

To update later, run brew update && brew upgrade beproof.

2) Core workflow

  1. Run Audit from the Overview toolbar (or execute scan commands via CLI).
  2. When coverage gaps remain after the first scan, BeProof opens Evidence Checklist once to show the next local and cloud collection steps.
  3. Start with Audit Readiness: check evidence completeness, last run time, and scan scope.
  4. Resolve coverage gaps first — without this, the audit remains incomplete.
  5. Review Active policy violations and open findings by severity from Overview or the detail tabs.
  6. Record approved exceptions through allowlist (approved issues remain visible).
  7. Review pending first-seen MCP servers and add to mcpServers after review (POL-X09).
  8. In managed mode, confirm provider account classification on Local vs Cloud and resolve POL-X05 items in Review Queue when personal or unclassified cloud usage is detected.
  9. In managed mode, publish approvedGrantScopes in the org-policy overlay and resolve POL-X04 / Cloud Grants Review Queue items when grant edges exceed approved templates.
  10. Export evidence in JSON/Markdown format, then verify with the appropriate CLI command (see section 13).

Default inventory scope is known agent locations plus the current project root. BeProof does not crawl the entire user home directory or / by default; unreadable or missing scope is reported as a scan_scope coverage gap.

3) Evidence Checklist

Evidence Checklist is a guided status sheet — not an in-app settings panel. It tells you which evidence layers are complete, which operations to run next, and whether cloud connectors are optional or required for the current audit mode. BeProof does not store provider admin keys in the UI; cloud setup happens through shell environment variables followed by restart, then grant, declaration, and usage collection from the checklist or Coverage tab.

Personal-mode success state: local evidence complete, cloud optional

Two-step checklist

  • Step 1 · Local evidence — declared configuration scan and local usage import from automation and IDE history.
  • Step 2 · Cloud evidence — admin tokens, cloud grant enumeration, cloud agent declarations, and cloud usage fetch. Step labels show whether cloud is optional, required by org policy, or already complete.

Dual-mode posture

ModeWhen it appliesCloud layerPolicy evaluability
Personal defaultNo org-policy overlay, or requiredCloudConnectors is empty, and no provider admin keys are in the app environmentOptional — local scan + local usage can complete the auditPOL-G03, POL-O03, and POL-X03 stay not applicable until cloud tokens are configured
Org-managedorg-policy-overlay.json lists requiredCloudConnectors (for example openai, github)Required — cloud token setup and enumeration steps must finish before sign-offPOL-G03, POL-O03, POL-X03, POL-X04, and POL-X05 become waitingForSetup until cloud evidence, grant edges, scope templates, and provider account classification are loaded

Managed orgs deploy .beproof/org-policy-overlay.json with requiredCloudConnectors and, when grant evidence is required, approvedGrantScopes. See Managed deployment for overlay delivery, scope templates, and connector expectations.

When the checklist appears

  • Auto-opens once after the first scan or audit that leaves coverage gaps
  • Overview hero button when local or cloud checklist steps are still incomplete
  • Toolbar Evidence Checklist button when checklist steps are incomplete or Local vs Cloud reconciliation is waiting for cloud declarations
  • Local vs Cloud warning banner when cloud checking is not configured

When local evidence is already complete and cloud is optional, the checklist is informational. Use Copy cloud setup instructions to copy export commands for provider admin keys. Expand Provider details and Policy evaluability when cloud setup is active to see connector readiness and whether POL-G03, POL-O03, POL-X03, POL-X04, and POL-X05 can evaluate.

For provider account classification after cloud declarations load, see section 4. For org-approved grant scope templates and Cloud Grants review, see section 4b. For row-level reconciliation, continue on the Local vs Cloud tab. For category-level missing checks, use Coverage.

4) Provider account attribution (POL-X05)

BeProof classifies cloud provider connectors as Personal, Organization, or Unknown during cloud declaration enumeration. Classification flows into cloud connector surfaces, cloud usage events, managed policy evaluation (POL-X05), and Review Queue items with kind personal_account_usage. Inconclusive probes create a provider_attribution coverage gap instead of silently passing.

Classification signals

ProviderProbeTypical resultNotes
OpenAIGET /v1/organization returns 200OrganizationOrganization id from API response
OpenAIOrganization denied; /v1/models succeedsPersonalUser or project API key
AnthropicAdmin token vs user API key probesOrganization or PersonalDepends on which token resolves
CursorEnterprise daily-usage API returns 200OrganizationTeam or workspace context
GitHubPAT with resolved user subjectPersonalGitHub username stored as workspaceId
GoogleAttribution not implemented yetUnknown + coverage gapExpect provider_attribution gap until supported

Verify in the app

  • Local vs Cloud inspector → Account field on cloud connector surfaces (Personal / Organization / Unknown)
  • Policy tab → POL-X05 violated in managed mode when personal or unclassified cloud usage is detected
  • Review Queue → Provider Accounts category (kind personal_account_usage)
  • Coverage tab → provider_attribution gap when classification probes are inconclusive

Review Queue categories

Use the Categories filter to focus on one item kind. Provider Accounts is the POL-X05 decision lane for managed orgs:

  • MCP Servers
  • Local Commands
  • Credentials
  • Duplicate Credentials
  • Cloud Grants
  • Provider Accounts
  • Usage Context
  • Paused Automations
  • Coverage Gaps

Verify with CLI

Run from a project with .beproof/beproof.db after exporting provider admin keys in the shell (see section 14):

# 1) Classify connector surfaces
beproof enumerate-cloud-declarations --providers openai,anthropic,cursor,github,google
beproof list-cloud-surfaces | jq '.cloudAgentSurfaces[] | {id, provider, accountType, workspaceId}'

# 2) Confirm cloud usage carries account fields
beproof fetch-cloud-usage --providers openai,cursor --lookback-days 7
beproof list-usage | jq '.usageEvents[] | select(.source=="cloud") | {provider, accountType, workspaceId}'

# 3) Evaluate POL-X05 in managed mode
beproof evaluate-policy \
  --audit-mode managed \
  --org-policy-overlay .beproof/org-policy-overlay.json \
  --format json | jq '.violations[] | select(.ruleId=="POL-X05")'

# 4) List review items for provider account decisions
beproof review list --kind personal_account_usage --format json

For managed pilots, copy packages/contracts/examples/org-policy-overlay-managed.json to .beproof/org-policy-overlay.json or deliver it through MDM. See Managed deployment for overlay delivery and acceptance checks.

4b) Grant scope templates (POL-X04)

BeProof compares enumerated cloud grant edges against org-approved scope templates in approvedGrantScopes. Templates resolve through GrantScopeTemplateSettings: managed audits use the org-policy overlay only; personal audits prefer the local policy allowlist and fall back to the overlay. When managed mode requires the granted evidence layer but templates are empty, POL-X04 fails closed with a grant_scope_templates coverage gap instead of silently passing. Individual grant scopes outside the template surface as POL-X04 violations and Review Queue items with kind cloud_grant_over_approved_scope.

Template precedence

Audit modePrimary sourceFallbackNotes
Managedorg-policy overlay onlypolicy-allowlist ignoredMDM-delivered approvedGrantScopes is authoritative for POL-X04
Personalpolicy-allowlist firstorg-policy overlay fallbackLocal allowlist for exceptions; overlay used when allowlist has no templates

Example overlay templates

{
  "version": "1.0",
  "orgPolicyId": "org-default-managed-policy",
  "requiredSources": ["declared", "granted", "observed"],
  "requiredCloudConnectors": ["github", "openai"],
  "approvedGrantScopes": {
    "github": ["repo:read", "pull_requests:write"]
  }
}

Verify in the app

  • Policy tab → Grant scope templates caption under rule groups (source, provider count, scope count; "required by org policy" in managed mode)
  • Policy tab → POL-X04 violated when grant edges exceed templates or when managed overlay omits required approvedGrantScopes
  • Review Queue → Cloud Grants category (kind cloud_grant_over_approved_scope)
  • Coverage tab → grant_scope_templates gap when managed requiredSources includes granted but templates are empty

Review Queue: Cloud Grants

Use the Cloud Grants category to review grant edges that exceed approved templates or managed configuration gaps when approvedGrantScopes is missing from the MDM overlay. Decisions include approving an expected grant, marking scope reduced after remediation, or accepting risk temporarily while templates are updated.

Verify with CLI

Run from a project with grant edges loaded after cloud enumeration:

# 1) List enumerated grant edges
beproof list-grant-edges | jq '.grantEdges[] | {provider, scope, grantType}'

# 2) Inspect effective grant scope policy summary (JSON export)
beproof export-report --format json | jq '.policyEvaluation.grantScopePolicy'

# 3) Evaluate POL-X04 violations
beproof evaluate-policy \
  --audit-mode managed \
  --org-policy-overlay .beproof/org-policy-overlay.json \
  --format json | jq '.violations[] | select(.ruleId=="POL-X04")'

# 4) List Cloud Grants review items
beproof review list --kind cloud_grant_over_approved_scope --format json

For managed pilots, deliver approvedGrantScopes through the org-policy overlay at the MDM system path. See Managed deployment for overlay delivery and POL-X04 acceptance checks.

5) Application tabs

Each tab below maps to one operational view in the macOS app. Screenshots are shown inline where the tab has a dedicated capture. Selecting a row in most tabs opens the matching inspector panel documented in section 6.

Overview

Readiness-first audit home: evidence completeness, last run freshness, scan scope, risks by severity, detected agents, and collected evidence.

  • Run Audit from the toolbar or follow the primary hero CTA
  • Open Evidence Checklist from Overview or the toolbar when evidence collection is incomplete or cloud reconciliation is pendingSee Evidence Checklist
  • Confirm evidence readiness, last audit time, and scan scope before trusting results
  • Review policy and findings rows by severity; each row opens the detailed tab
  • Use Agents Detected and Evidence Collected cards as shortcuts to inspect supporting data
Overview tab

Agents

User-friendly inventory of detected AI tools: which tools are configured, whether automations are active or paused, recent local activity, and items that need attention.

  • Start with Agent Status cards such as Active, Paused, Used Recently, Needs Attention, or No Usage Found
  • Use Agent Tools chips to focus on providers such as Codex, Cursor, Claude, MCP, or instruction files
  • Select an agent row to review tool details, where it applies, recent activity, and policy flagsSee Agents inspector
  • Open Configuration Details when you need the underlying source file and deeper evidence mapSee Inspector Actions

Agents inspector →

Agents tab

Findings

Review-first findings workflow that separates security risks from lightweight usage-context confirmations.

  • Start with Risks to Review, Context to Confirm, Critical / High, or intent-specific metric cards
  • Inspect why an item matters, affected surfaces, observed activity examples, and technical evidence refsSee Findings inspector
  • Record decisions such as resolved, accepted risk, false positive, reviewed context, or not relevantSee Review Decision
  • Bulk mark usage-context groups reviewed when local activity is expected and no per-item note is needed

Findings inspector →

Findings tab

Policy

AI Governance Rules view for Policy Pack v1.2.2: clickable outcome metrics, rule groups, focus filters, and an inspector with evidence links.

  • Click Active, Approved, Exception, Passed, or N/A cards to jump to the matching rules
  • Open rule pills such as POL-O05 or POL-X06 to inspect source instances and evidenceSee Policy inspector
  • Expand “What are these rules?” for a plain-language explanation of the policy categories
  • Read the Correlation policy and Grant scope templates captions under the rule groups when POL-O04 or POL-X04 applySee Grant scope templates
  • Use the Policy Pack v1.2.2 link for the full rule catalog, signals, and outcome meanings

Policy inspector →

Policy tab

Review Queue

Review-first decision workflow that separates risks, usage-context confirmations, accepted risks, and completed decisions across MCP, credentials, grants, provider accounts, observed usage, and coverage gaps.

  • Start with Risks to Review or Context to Confirm, then narrow by status, item kind, severity, or search
  • Use Categories to focus on MCP Servers, Local Commands, Credentials, Cloud Grants, Provider Accounts, Usage Context, or Coverage GapsSee Cloud Grants
  • Record a clear decision in the inspector: approve as expected, mark fixed/resolved, or accept risk temporarilySee Review Queue inspector
  • Use evidence, history, remediation, and utility actions to validate the decision before rechecking the queueSee Evidence · History

Review Queue inspector →

Review Queue tab

Surfaces

Actionable evidence map of discovered agent configuration and instruction files, showing how each file connects to observed usage, findings, policy rule matches, and linked evidence.

  • Start with Configured, Used Recently, No Matching Usage, Related Risks, or Rule Matches cards to focus the map
  • Use Scope, Kind, and search filters to review configuration files by project, file type, path, or usage state
  • Select a configuration row to inspect where it was found, what it means, observed usage, related risks, and rule matchesSee Surfaces inspector
  • Use Linked Evidence for traceability and Actions to reveal the file, copy its path, scan local usage, or open the related risk/ruleSee Linked Evidence · Actions

Surfaces inspector →

Surfaces tab

Local vs Cloud

Plain-language reconciliation view that explains whether local AI tools can be confirmed against cloud declarations, and whether the next step is setup, cloud checking, or review.

  • Start with Matched and Waiting for Cloud Setup / Cloud Check cards to understand the main reconciliation state
  • Use the warning banner to open Evidence Checklist when cloud checking is not configured, or run Cloud Check when the connector is ready but declarations are not loaded yet
  • Select a tool row to compare the Local Side, Cloud Side, Account classification, Cloud Check Status, and recommended next stepSee Local vs Cloud inspector
  • Copy setup instructions from Evidence Checklist or the inspector when a provider admin key is missing, or run Cloud Check once the connector is configuredSee Inspector Actions

Local vs Cloud inspector →

Local vs Cloud tab

Access

Plain-language access references: stored references on this Mac, cloud grants, grant scopes, and installed AI tools — metadata only.

  • Start with Stored References, Cloud Grants, Needs Review, Grant Scopes, or Installed Tools cards
  • Use compact Focus, Provider, and Search controls instead of scanning long provider chip lists
  • Treat Unmapped References as stored references that need provider mapping before cloud access can confirm them
  • Select a stored reference to review provider status, where it is stored, linked evidence, and the recommended next stepSee Access inspector

Access inspector →

Access tab

Usage

Review-first map of observed AI activity, runtime evidence, and usage coverage gaps across local and cloud sources.

  • Start with Observed Groups, Needs Context, Not Matched, No Recent Use, Cloud Only, or Low Confidence cards
  • Use Focus, Provider, Source, and search filters to narrow usage by project, tool, evidence source, or status
  • Select a grouped project row to inspect the human summary, matching configuration state, and raw session/evidence countsSee Usage inspector
  • Use inspector actions to rescan local usage, fetch cloud usage, or correlate local and cloud evidenceSee Inspector Actions
  • Treat usage as metadata-only context unless Findings or Review Queue turns it into a decision item

Usage inspector →

Usage tab

Correlations

Review-first map of cross-layer links between local sessions and cloud API activity, plus unlinked usage rows that still need correlation.

  • Start with Cross-Layer Links, Qualifying, Below Threshold, High Confidence, No Cloud Link, or No Local Link cards once both sides are loaded
  • When cloud or local usage is missing, use the coverage banner first instead of treating every session as a correlation failureSee Coverage Gap State
  • Use Focus, Provider, and search filters to narrow grouped links by provider, project, session, or match signal
  • Select a grouped row to inspect local and cloud sessions, match signals, policy threshold, and next stepsSee Correlations inspector
  • Run Recompute Correlations after refreshing local usage or cloud usage dataSee Inspector Actions

Correlations inspector →

Correlations tab

Coverage

Review-first audit completeness map across settings, access, usage, and audit-trail categories with missing checks surfaced first.

  • Read the headline to see how many checks still need data
  • Start with Missing, Incomplete, or Complete filters
  • Review What's missing in the summary for plain-language reasons
  • Expand Scanned folder if you need the full project path
  • Select a check to see what BeProof could not find and tap the recommended actionSee Coverage inspector
  • Use More actions only when the primary button is not enoughSee Recommended Fix
  • Use the Keychain gate when keychain metadata is missing and policy allows consent-based scanning

Coverage inspector →

Coverage tab

Privacy

Live consent and data-boundary review: filterable sensitive sources, POL-G02/POL-X14 policy checks, metadata-only counts, scan scope disclosure, and export-ready Consent preview in the inspector.

  • Read the headline and Consent Review metrics (Needs Attention, Consented, Planned)
  • Use focus filters for sensitive sources only — data boundaries always stay visible
  • Review Metadata Stored (metadata only) tiles; open Access, Usage, or Surfaces for drill-down
  • Expand Scanned folder to confirm the project path and full audit scope
  • Open Policy Checks tiles (Keychain consent, Verifiable ledger) for POL-G02 and POL-X14
  • For consent gaps, follow inspector Actions to Coverage; for consented keychain, use Export Preview to copy the JSON or Markdown Consent snippet before GRC handoffSee Inspector Actions · Export Preview

Privacy inspector →

Privacy tab

6) Inspector panels

The redesigned screens use inspector panels to keep the main list focused while still exposing decision criteria, evidence, history, and navigation links. Each panel below links back to its tab in section 5. Agents uses the inspector for tool status, recent activity, and configuration drill-down; Findings, Policy, and Review Queue inspectors support review decisions; Surfaces uses the inspector as an evidence map for configuration files, linked usage, related risks, rule matches, and navigation actions; Access explains stored references, cloud grants, grant scopes, and installed tools without storing secret values; Usage explains grouped observed activity, matching configuration state, evidence counts, and next utility actions without turning usage context into a security finding by itself; Correlations explains cross-layer links, match signals, policy threshold status, grouped missing-link rows, and coverage-gap guidance when local or cloud usage is not loaded yet; Coverage explains missing, incomplete, and complete checks by category, plain-language reasons, recommended scan actions, and More actions for follow-up scans; Privacy explains filterable sensitive-source consent (Needs Attention, Consented, Planned), live metadata-only storage counts, scan scope disclosure, policy check tiles with deep links to POL-G02 and POL-X14, separate consent approval vs keychain scan status, Export Preview with JSON/Markdown Consent snippet copy for GRC handoff, and deep links to Coverage, Access, and Policy without duplicating the Keychain gate toggle.

Agents inspector

Back to Agents tab

Turns detected AI tools into a readable operational view: status, recent activity, items needing attention, and configuration drill-down.

Tool Details

Identifies the selected agent tool in plain language: name, tool provider, type, status, and a short explanation of what BeProof found.

Where It Applies

Shows the project and source file that define the tool or automation. The full path remains available for traceability, but the main screen keeps the focus on the tool rather than the file.

Recent Activity

Summarizes recent local activity for the selected agent. Active runs indicate recent use; paused or no usage found should be treated as context, not automatic proof that the tool is unused.

Needs Attention

Shows related risks and policy flags when the selected agent needs follow-up. Decisions still happen in Findings, Policy, or Review Queue; Agents is a navigation and inventory view.

Actions

Provides practical next steps: open configuration details, show the source file in Finder, copy the path, or scan local activity when activity data has not been loaded.

Review Queue inspector

Back to Review Queue tab

Turns newly found queue items into auditable decisions across credentials, MCP servers, local commands, cloud grants, provider accounts, usage context, and coverage gaps.

Review State

Shows the current status, severity, item kind, policy rule, subject identifier, and last-seen timestamp. Use it to confirm that the selected queue item is the one you intend to decide.

Decision Criteria

Explains how to decide the selected item in user language. Credential items explain when to approve an expected reference, when to mark a storage issue fixed, and when a temporary risk acceptance is appropriate. Cloud Grants items compare enumerated grant scopes against approved templates — in managed mode templates come from the org-policy overlay, not the local allowlist. Provider Accounts items explain when personal cloud usage is acceptable versus when org-owned accounts are required in managed mode. Usage Context items use “What This Means” instead because observed local activity is not automatically a security risk.

Decision note (optional)

Adds audit-trail context to the decision. Notes are useful when approving an expected credential, documenting a fix, or explaining why a risk is accepted temporarily. The actor is recorded automatically and can be changed from “Change actor”.

Approve as Expected

Records that the item is expected and acceptable for the current audit context. For credential references this means the reference is intentional and stored in an approved place. Other item kinds use equivalent approve labels, such as Approve Server, Approve Command, or Confirm Context.

Mark Fixed / Mark Resolved

Use this after remediation has happened. For credentials, Mark Fixed means the unsafe or unexpected reference has been removed, migrated, or otherwise corrected. For other item kinds the label adapts to the item, such as Mark Context Added or Mark Evidence Restored.

Accept Risk Temporarily

An advanced option for risk-like items only. Use it when the issue is intentionally tolerated for a limited scope, such as “This project only”, and should be reviewed again later. Usage Context items do not show this option because they need context confirmation, not risk acceptance.

Evidence

Shows supporting source paths and evidence references. This section is for validation: confirm the app/path/storage source before approving, fixing, or accepting risk. Raw evidence remains visible for traceability.

History

Lists recorded decisions with action, timestamp, actor, and note. Use it to understand why an item is already approved, accepted, expected, resolved, or rechecked.

Utilities

Provides helper actions when data is available: open the source file, copy a remediation command, or rerun the scan after remediation.

Findings inspector

Back to Findings tab

Explains risks and usage-context confirmations, then records dispositions with history and evidence.

Review State

Shows whether the selected finding is open, resolved, accepted, ignored, or context-only. Usage Context items are labeled as context confirmations instead of security risks.

What This Means / Why This Matters

Explains the selected item in user language. Security findings describe the risk and why it matters. Usage Context findings explain that observed local activity is normal by itself, but BeProof needs project or configuration context to explain it.

Review Decision

Records the finding disposition. Risk findings offer Mark Resolved, Accept Risk, and Mark False Positive. Usage Context items offer Mark Reviewed and Mark Not Relevant so users do not have to treat expected local activity as a security exception.

Decision note

Adds audit-trail context to the disposition. Notes are recommended for security-risk decisions. For Usage Context review, notes can be lightweight because bulk-reviewed context items record a default system note.

Affected Surface

Shows the app, file, project, server, command, credential, or usage surface that the finding refers to. Use this before deciding whether a finding is expected, fixed, or not relevant.

Evidence

Shows supporting references and source metadata without exposing raw secrets. Evidence is used to validate why the finding exists and whether the affected surface matches the user's expectation.

Observed Activity

Appears for Usage Context findings. It summarizes observed local activity and shows a small number of examples so users can confirm the project/tool context without reviewing every individual Cursor or Codex activity row.

Decision History

Lists previous dispositions, actor, timestamp, and note. Use it to see when a risk was accepted, resolved, marked false positive, reviewed, or reopened.

Technical Details

Keeps lower-level identifiers, evidence references, and policy linkage available for audit traceability while the main inspector text remains user-friendly.

Policy inspector

Back to Policy tab

Explains policy violations and rule outcomes, links them to findings or surfaces, and points to the relevant Policy Pack guidance.

Violation

Appears when a policy violation is selected. It shows the rule ID, category, title, severity, current status, allowlist reference when present, and evaluation time.

Summary

Explains the policy violation and includes the remediation hint when available. Use it to understand what must be fixed, approved, or documented before sign-off.

Evidence

Lists policy evidence references, such as source paths, finding IDs, or supporting records. This connects the policy outcome back to auditable local data.

Linked Finding

Appears when the policy violation is connected to a finding. The Open in Findings action switches to the Findings screen and selects the related item for disposition.

Linked Surface

Appears when the policy violation references a known surface path. The Open in Surfaces action switches to the Surfaces screen and selects the related file or configuration surface.

Rule

Appears when a policy rule rather than a violation is selected. It shows the rule ID, category, title, severity, and evaluated status such as passed or not applicable.

Meaning

Explains the selected rule status. Passed means the rule evaluated successfully for the current dataset; not applicable means the rule does not apply to the current audit mode or evidence set.

What To Check

Shows the rule's remediation or verification guidance and links to the full Policy Pack documentation for deeper control definitions and expected evidence.

Surfaces inspector

Back to Surfaces tab

Turns discovered agent configuration files into an evidence map: what the file is, where it lives, whether it has matching usage, and which risks, rules, and evidence links reference it.

What This Is

Explains the selected configuration type in user language, such as Codex Automation, instruction file, or MCP/server-related configuration. Generated, vendor, cache, or dependency paths are called out as noisy evidence unless they are intentionally in audit scope.

Where It Was Found

Shows project, file name, full path, last modified time, and position within the filtered project list. Use this to confirm whether the configuration belongs to the expected repository or scan root before following linked findings or rules.

Observed Usage

Summarizes whether local activity was observed for this configuration. Active runs indicate recent usage; paused or no matching usage means the file can still matter for inventory and policy, but should not be treated as active usage without matching events.

Rule Matches

Appears when Policy rules reference this file. Rule matches are policy checks involving the configuration; use View in Policy or View Rule Match to inspect the rule outcome and decide from the Policy workflow.

Linked Evidence

Groups traceability links into related risks, observed usage events, and credential references. Counts are labeled as risks, events, or refs so large evidence totals do not look like large numbers of problems.

Actions

Provides navigation and utility actions only: reveal the file in Finder, copy the path, scan local usage when usage data is missing, open the first related risk, or jump to the related policy rule match. Approve, accept-risk, and resolve decisions stay on Findings, Policy, or Review Queue.

Local vs Cloud inspector

Back to Local vs Cloud tab

Explains local/cloud reconciliation and provider account classification without treating missing connector setup as a confirmed mismatch.

What This Means

Explains the selected reconciliation row in user language: status, provider, whether the cloud side has been checked, and why the row needs setup, confirmation, or review.

Local Side

Shows the local configuration file and tool type that BeProof found on this Mac. The path remains available for traceability, but the row title focuses on the tool or automation name.

Cloud Side

Shows the matching cloud declaration when one is loaded. If cloud checking is not configured, the section says so directly instead of implying that the tool is definitely local-only.

Account

Shows provider account classification for cloud connector surfaces: Personal, Organization, or Unknown. This comes from ProviderAccountAttributor during cloud declaration enumeration. In managed mode, personal or unknown accounts can trigger POL-X05 and appear in Review Queue under Provider Accounts.

Cloud Check Status

Shows whether the provider connector is configured, missing admin credentials, partially available, or ready to run. Technical environment variable names are kept as setup details rather than the main message.

Actions

Provides state-aware actions. When cloud checking is not configured, the primary action copies setup instructions; when it is ready, the primary action runs the cloud check. Local file actions remain secondary.

Access inspector

Back to Access tab

Turns access references into a readable review flow: what kind of access was found, where it lives, whether it needs admin review, and which surfaces or usage rows link back to it — metadata only.

What This Means

Explains the selected access row in plain language: status, provider or provider status, and whether the item is a stored reference, cloud grant, access scope, or installed tool. Statuses such as Needs review are review prompts, not automatic security findings.

Stored Reference

Appears for credential references. Shows the reference name, where it is stored, secret type, source path, and last seen time. BeProof stores metadata only — it does not read or store secret values.

Cloud Access

Appears for cloud grants. Shows the subject, grant type, scope summary, optional resource scope, and when the grant was discovered. Use this to confirm whether provider access matches expected accounts and permissions.

Scope Details

Appears when a cloud grant has multiple scopes. Lists the full scope set so you can compare granted permissions with approved templates without opening the provider console first.

Access Scope

Appears for individual grant scopes. Shows subject, scope, trust boundary, approval mode, and resource. Use these rows to compare one permission edge against approved scope patterns.

Installed Tool

Appears for packages that look related to AI tooling. Shows package name, ecosystem (Homebrew, npm/pnpm global, VS Code/Cursor/Windsurf extension), signal, version, and install path so you can confirm whether the tool is expected on this Mac.

Linked Evidence

Appears for stored references. Links to related Surfaces and Usage rows so you can see where the reference is configured and whether observed activity references it. Empty states mean no linked evidence was found yet.

Actions

Provides traceability actions only: copy reference or grant IDs, reveal source or install paths in Finder, or copy scope text. Review and approval decisions stay on Findings, Policy, or Review Queue.

Usage inspector

Back to Usage tab

Turns grouped observed usage into an explanation: what ran, whether it matched configuration, why context may be missing, and which utility action to run next.

Human Summary

Starts with a plain-language sentence such as “Cursor was observed in BeProof, but BeProof could not match this evidence to a configuration file.” Use this first line to understand the selected row before reading details.

Usage State

Shows the selected row's status, provider, and project. Statuses such as Observed Sessions, Needs Context, Not Matched, and No Recent Use are context states, not automatic security risks.

Evidence Details

Summarizes the source, match confidence, last seen time, and evidence record count. Repeated raw records are grouped so users can review the meaning without reading every session or process observation.

Matching Configuration

Shows whether BeProof matched the observed usage to a known configuration file. When no match exists, the inspector explains why the source may not include enough file or project metadata.

Privacy

Clarifies that usage rows are metadata-only context. BeProof stores evidence records and match metadata, not conversation content, prompts, raw secrets, or AI responses.

Actions

Provides state-aware utility actions such as Rescan Local Usage, Fetch Cloud Usage, or Correlate Usage. Review decisions still happen in Findings or Review Queue.

Correlations inspector

Back to Correlations tab

Explains cross-layer usage review in two modes: a coverage-gap guide when local or cloud data is missing, and a grouped link review flow once both sides are loaded — what was linked, why confidence qualifies or falls below threshold, and which sessions still lack a match.

Coverage Gap State

When local or cloud usage is missing, the inspector explains the blocker instead of showing link details. Fetch Cloud Usage or Scan Local Usage is the primary next step until both sides are loaded.

What This Means

For a selected grouped row, starts with a plain-language summary of the cross-layer link or missing link. Statuses such as Below threshold, No cloud link, and Waiting for cloud data are review prompts for POL-O04, not automatic security findings.

Local Sessions

Shows grouped on-Mac usage for the selected row: session count, source, last seen time, and recent sessions. For a single link, this section focuses on the matched local event.

Cloud Activity

Shows grouped cloud usage for the selected row: session count, source, last seen time, and recent events. For a single link, this section focuses on the matched cloud event.

Match Signals

Appears for cross-layer links. Explains which signals contributed to the link: time window, agent match, provider match, and project match. Use this to understand why confidence is high or below the policy threshold.

Policy Threshold

Appears for cross-layer links. Shows confidence, the configured minimum from correlationMinConfidence, and whether the link qualifies for POL-O04 / POL-X08 sign-off.

Actions

Provides state-aware utility actions. When cloud usage is missing, Fetch Cloud Usage is primary; when local usage is missing, Scan Local Usage is primary; once both sides are loaded, Recompute Correlations becomes the main action. Review decisions still happen in Findings, Policy, or Review Queue.

Coverage inspector

Back to Coverage tab

Turns audit completeness into a checklist review flow: what BeProof looked for, whether data is missing or incomplete, which category the check belongs to, a concrete Tap Run Scan style next step, and optional technical details for exports.

What This Means

Explains whether the selected check is complete, incomplete, or missing data. Complete checks can still note that the overall audit is not finished yet.

Check Details

Shows what BeProof looked for, which category it belongs to, whether it was checked, and the result using plain labels such as Complete, Incomplete, and Missing.

Supporting Files

Appears when BeProof found files or IDs that support the check. Labels are human-readable; the full path or ID stays available for copy and export.

Show technical details

Optional expander with the underlying coverage area and raw reason text for exports, support, and CLI troubleshooting.

Actions

Shows one primary button for missing or incomplete checks. Complete checks offer Copy Reference. Additional scans live under More actions so users are not overwhelmed by similar buttons.

Privacy inspector

Back to Privacy tab

Turns consent posture and data boundaries into a GRC-ready review flow: filterable sensitive sources, live metadata-only counts, policy check deep links, separate consent approval vs keychain scan status, and an Export Preview that matches the audit report Consent section.

What This Means

Plain-language summary of consent posture for the selected row. For consented sources, approver and dates live in Consent Details — not repeated here. For gaps, explains missing ledger, expired consent, or planned future sources.

Boundary Details

For data-boundary rows: local SQLite evidence store path and scan folder label, or credential ref count with a reminder that only fingerprints and locators are stored — never secret values.

Show technical details

Optional expander with consent mode, retention class, source category raw value, POL-G02 rule id, and ledger file path for exports and support.

Export Preview

Shows the Consent block exactly as it appears in JSON and Markdown audit exports. Includes format toggle, expandable snippet, Copy Export Snippet, alternate-format copy, and Copy Ledger Path. Sits above Actions and auto-expands for consented keychain rows. Copy actions live here only.

Actions

Primary action for consent gaps is Open Coverage (Keychain gate). Consented rows use Export Preview for copy actions. More actions can open Access, Policy, or copy the evidence store path without duplicating the Keychain grant toggle from Coverage.

7) Policy statuses

StatusMeaning
violated (active)Requires action: remediation, policy decision, or documented exception.
approvedRemains visible but is approved via allowlist with an allowlistRef.
exceptionSuppressed by an active time-bounded exception; expiresAt controls reopening.
passedRule evaluated and no violation found.
notApplicableRule does not apply to the current dataset.

8) Policy Pack v1.2.2 rules (macOS)

Baseline 20 rules: ✅ auto-evaluable today · 🟡 partial · 🔴 requires product work. G03/O03 evaluate when org tokens are configured; otherwise N/A or explicit coverage gaps apply.

In the macOS app these rules appear as AI Governance Rules: the top cards filter and scroll to matching outcomes, rule pills open the related rule group, and the inspector explains the selected violation or rule.

For the complete rule catalog, signals, outcome meanings, and version notes, see Policy Pack v1.2.2.

Rule IDPolicySeverityStatus
POL-D01Every endpoint with AI tools must have a declared surface inventory scopeMedium
POL-D02Active Codex automations must appear in inventoryHigh
POL-D03Agent surfaces in vendor/build paths require exceptionMedium
POL-D04MCP config must live under an approved project rootHigh
POL-G01AI provider credentials must be inventory-visibleMedium
POL-G02Keychain scan only with explicit user consentLow
POL-G03Cloud grants enumerated for org AI accountsMedium
POL-G04Duplicate credential refs require justificationLow🟡
POL-O01Declared automations should have observed usageMedium
POL-O02Audit incomplete if usage layer missingHigh
POL-O03Cloud usage should be loaded where expectedMedium
POL-O04Local and cloud usage should be correlatedLow
POL-O05Paused automation with recent runs requires reviewMedium🟡
POL-F01No unapproved MCP local command executionCritical
POL-F02No unapproved MCP network endpointsHigh
POL-F03MCP env credentials require reviewMedium
POL-F04Open MCP finding older than 30 days escalatesMedium
POL-M01No coverage gaps before audit completeHigh
POL-M02Full audit run at least every N daysLow
POL-M03Audit evidence exportable for GRC/sharingLow

9) POL-X extension controls (shipped)

Extension controls are tracked separately from the baseline 20 rules. Several are already evaluable in the macOS app and CLI.

Rule IDControlLayerStatus
POL-X01Installed agent inventory (Homebrew, npm/pnpm, IDE extensions)Declared
POL-X02Managed settings / policy overlays visibleDeclared
POL-X03Cloud declared inventory reconciled with local surfacesDeclared
POL-X04Grant edges vs org-approved scope templates (GrantScopeTemplateSettings)Granted
POL-X05Personal-account usage in managed/work contextGranted/Observed
POL-X06Observed usage without declared surfaceObserved
POL-X07Runtime telemetry minimum in managed modeObserved
POL-X08Correlations below confidence thresholdObserved
POL-X09Unknown MCP server first-seen reviewMCP risk🟡
POL-X10Plaintext / cached auth-state reviewMCP/Access
POL-X11Export integrity manifest (Ed25519, ed25519-v1)Audit trust
POL-X12Tamper-evident evidence journalAudit trust
POL-X13Release provenance + SBOM (CLI + macOS DMG pipeline)Audit trust🟡
POL-X14Machine-verifiable consent ledgerPrivacy

POL-X12: Append-only hash-chain journal with `verify-journal`; journal payloads encrypted at rest (AES-256-GCM, Keychain-bound key). Inventory tables are metadata-only but not encrypted in the current release.

POL-X13 (Partial): Public release pipeline (shipped)Signed/notarized macOS DMG + Apple Silicon CLI on public releases; published checksum (.sha256), SPDX SBOM, and provenance JSON; CI `beproof verify-install` gate before upload; Sparkle appcast metadata (Ed25519-signed, disabled when org overlay present). Enterprise release controls (partial) Fleet-wide verify-install attestation in control plane, tenant-private or air-gapped artifact mirror, org-enforced minimum release version policy, and automated MDM promotion workflow — manual MDM runbooks today.

10) Allowlist and exceptions

Default allowlist path: .beproof/policy-allowlist.json. Approved exceptions are marked as approved and remain visible in UI/exports with allowlistRef.

{
  "version": "1.0",
  "mcpServers": ["XcodeBuildMCP"],
  "mcpDomains": ["mcp.sentry.dev", "*.sentry.dev"],
  "mcpEnvKeys": [],
  "approvedScanRoots": ["~/Developer/BeProof", "~/work/ai-platform"],
  "correlationMinConfidence": 0.65,
  "approvedGrantScopes": {
    "github": ["read:org", "repo"]
  }
}

mcpServers approves MCP findings and clears first-seen baseline pending state (POL-X09). correlationMinConfidence controls POL-O04 / POL-X08. approvedGrantScopes defines scope templates for POL-X04 in personal mode when present. In managed mode, templates come only from the org-policy overlay — the allowlist field is ignored. See section 4b.

11) Local sidecar files

BeProof stores audit state beside the SQLite database under .beproof/.

PathPurpose
.beproof/beproof.dbSQLite inventory, findings, usage events, runtime signals, grants, grant edges, install records, audit runs (Journal payloads are encrypted; inventory tables are metadata-only but not encrypted in the current release.)
.beproof/policy-allowlist.jsonMCP allowlist, scan roots, correlation threshold, grant scope templates
.beproof/org-policy-overlay.jsonManaged-mode org policy requirements and approved connector/scope templates
.beproof/consent-records.jsonConsent ledger for keychain and future sensitive sources
.beproof/mcp-server-baseline.jsonFirst-seen MCP servers pending review (POL-X09)
report.json.manifest.jsonEd25519-signed export manifest sidecar (POL-X11, ed25519-v1)

12) Core CLI commands

After Homebrew installation, run commands directly as beproof. The CLI writes to .beproof/beproof.db by default unless --db is supplied.

  • beproof scan --root .
  • beproof analyze-mcp --root .
  • beproof scan-credentials --root . [--include-keychain] [--consent-approved-by <name>]
  • beproof scan-installs
  • beproof scan-local-usage [--home ~]
  • beproof enumerate-cloud --providers openai,github,cursor [--fetch-usage]
  • beproof enumerate-cloud-declarations --providers openai,anthropic,cursor,github,google
  • beproof list-cloud-surfaces
  • beproof list-cloud-readiness
  • beproof fetch-cloud-usage --providers openai,cursor [--lookback-days 7]
  • beproof correlate-usage [--window-seconds 600]
  • beproof list-grant-edges
  • beproof list-mcp-baseline
  • beproof record-audit-run --mode full --audit-mode personal|managed --scan-scope-source user_selected|org_policy|mdm_profile|inferred --org-policy-id <id> --scan-root .
  • beproof list-audit-runs
  • beproof evaluate-policy --format json|text [--audit-mode personal|managed] [--scan-scope-source user_selected|org_policy|mdm_profile|inferred] [--org-policy-id <id>] [--allowlist .beproof/policy-allowlist.json] [--org-policy-overlay .beproof/org-policy-overlay.json]
  • beproof review list [--status <status>] [--kind personal_account_usage] [--format json|text]
  • beproof review approve --item <id> --by <actor> [--reason <text>]
  • beproof review exception --item <id> --by <actor> --reason <text> --expires-at <iso8601> --scope <scope>
  • beproof review expected --item <id> --by <actor> [--reason <text>]
  • beproof review resolved --item <id> --by <actor> [--reason <text>]
  • beproof review remediation --item <id>
  • beproof review recheck
  • beproof export-report --format markdown --output audit.md
  • beproof verify-journal [--db .beproof/beproof.db]
  • beproof verify-export --artifact ./audit.md [--manifest ./audit.md.manifest.json] [--db .beproof/beproof.db]
  • beproof verify-export-manifest --artifact ./audit.md [--manifest ./audit.md.manifest.json] [--public-key ./export-signing.pub.json]
  • beproof verify-install --app /Applications/BeProofApp.app [--artifact ./BeProofApp-macos.dmg] [--provenance ./BeProofApp-macos.provenance.json] [--format text|json]

13) Verify CLI contract

BeProof exposes four distinct verify commands. They are not interchangeable. Semantics match the Trust Center and Policy Pack verify CLI contract.

CommandValidatesLocal DBStatus
verify-journalAppend-only hash chain: sequence continuity, payload hashes, prev-hash links, chain head, and journal payload encryption status (AES-256-GCM at rest)Yes (`--db`)Shipped
verify-exportManifest hash + journal linkage (`journalStartSeq`, `journalEndSeq`, `journalHeadHash`)Yes (`--db`)Shipped
verify-export-manifestArtifact SHA256, manifest hash, Ed25519 signature; no journal linkageNoShipped
verify-installApp signature, notarization, optional DMG checksum, provenance/SBOMNoShipped (CI gate + public release)
  • Offline recipient / GRC: verify-export-manifest --artifact <path> — artifact + signed manifest integrity.
  • Local auditor trust: verify-export --artifact <path> plus verify-journal — full hash chain and journal payload encryption status on the scanning endpoint.
  • Release trust: verify-install --app /Applications/BeProofApp.app with optional --artifact and --provenance for DMG and SBOM checks.

verify-export-manifest does not check journal linkage. verify-export requires journal fields in the manifest and a local database with matching chain head. Use the command that matches your trust boundary.

14) Required environment variables

VariablePurpose
OPENAI_ADMIN_KEYOpenAI org Admin API (cloud usage, grants, and organization account classification)
ANTHROPIC_ADMIN_KEY / ANTHROPIC_API_KEYAnthropic declaration readiness and account classification probes
CURSOR_API_KEYCursor Enterprise Admin API (daily team usage and org account classification)
GH_TOKENGitHub token for cloud grants enumeration and personal-account attribution

15) Troubleshooting

  • Coverage gap `codex_usage`: rerun Scan Local Usage; if Codex is still holding SQLite state files, close Codex and retry.
  • Many `POL-D03` issues: review scan scope and approved roots, or use the hide artifact paths filter to keep focus. (POL-D03)
  • Many `POL-G04` issues: these are duplicate credential refs; assess expected duplicates (env + keychain + vendor artifacts) and document the decision. (POL-G04)
  • POL-X09 first-seen MCP servers: run analyze-mcp, inspect list-mcp-baseline, then add reviewed server IDs to mcpServers in the allowlist.
  • Keychain consent / POL-G02: grant consent in the app Keychain gate or pass --include-keychain --consent-approved-by <name> on CLI before expecting keychain refs in policy evaluation.
  • Export integrity: after export-report, use verify-export-manifest --artifact <path> for offline/GRC checks, or verify-export --artifact <path> plus verify-journal on the scanning endpoint for full local chain trust (see section 13).
  • Observed Usage shows many Not Matched rows: select Not Matched, read the inspector's matching-configuration explanation, then verify Surfaces/Agents coverage and rerun local usage scans if configuration files were missing from the scan.
  • No usage data: run scan-local-usage, then optionally fetch-cloud-usage and correlate-usage.