Detection coverage · v2026-06-24

Supported AI Agent Surfaces

BeProof detects surfaces — configs, credential references, usage events, MCP endpoints, cloud declarations, and grant edges — not just vendor logos. When a layer cannot be verified, BeProof records a CoverageGap instead of silently passing the audit.

Surface catalog

Status reflects the current macOS release. Cloud and observed columns depend on configured connectors, readable local history, and admin API access. Planned surfaces (e.g. Windows agents) are roadmap items — Separate Windows platform PRD — not in the macOS release or design-partner pilot.

Agent / SurfaceDeclaredGrantedObservedCloudStatusNotes
OpenAI Codex (local)🟡GAConfig, automations, credential metadata; usage via CodexAutomationUsageScanner. Managed: /etc/codex + MDM (POL-X02). Usage gaps when SQLite is locked or history missing.
Codex cloud tasks🟡🟡🟡PartialOpenAI org enumeration and usage require OPENAI_ADMIN_KEY / cloud connector; use Local vs Cloud setup in the macOS app.
Claude Code🟡GA / partialLocal config + ClaudeCodeUsageScanner. Managed: ClaudeCode managed-settings + MDM (POL-X02). Cloud partial without Anthropic admin token.
Cursor🟡GA / partialRules/hooks + CursorUsageScanner. Cloud usage and org context need CURSOR_API_KEY (Enterprise Admin API). Managed: Cursor MDM plist (POL-X02).
Open ClawGADeclared ~/.openclaw (+ clawdbot paths) + OpenClawUsageScanner. Managed: /etc/openclaw + MDM ai.openclaw.mac.plist.
WindsurfGADeclared ~/.codeium/windsurf + WindsurfUsageScanner. Managed: /etc/windsurf/policies + MDM com.exafunction.windsurf (POL-X02).
ClineGAVS Code globalStorage + .clinerules + ClineUsageScanner. Enterprise policy via VS Code managed settings when deployed.
AiderGA~/.aider.conf.yml, project history metadata + AiderUsageScanner. Project-scoped chat history requires project in scan scope.
ContinueGA~/.continue config/rules + ContinueUsageScanner. Session metadata from VS Code globalStorage; contents not parsed.
GitHub Copilot🟡PartialCopilot instruction files (declared). Cloud grant edges when GH_TOKEN configured. No dedicated Copilot usage scanner.
VS Code enterprise (Copilot / MCP policy)GA (managed)/etc/vscode/policy.json + MDM com.microsoft.VSCode plist. Metadata-only path existence for org MCP/Copilot policy.
MCP configsGA.mcp.json, local commands, network endpoints, env credential refs; MCP risk rules POL-F01–F04.
AGENTS.md / instruction files🟡GARepository and workspace instruction surfaces; observed layer is correlation-only (POL-X06).
GitHub OAuth / GitHub Apps🟡🟡PartialGrant edges and scopes when GH_TOKEN or org connector configured (provider account attribution).
Anthropic cloud declarations🟡🟡🟡PartialCloudAgentSurface enumeration + account attribution when Anthropic admin/user token configured.
Homebrew-installed agentsGAInstall inventory (POL-X01); metadata only.
npm / pnpm global agentsGAGlobal npm/pnpm prefix scanner; install_inventory gap when paths unreadable.
VS Code / Cursor / Windsurf extensionsGAIDE extension metadata from install inventory; metadata only.
Windows agents🔴🔴🔴🔴PlannedSeparate Windows platform PRD — not in the macOS release or design-partner pilot.

GAPartialPlannedCoverageGap

Evidence layers

Declared

What exists or is configured — AgentSurface, MCP config, install records

Granted

CredentialRef metadata, keychain refs, cloud GrantEdge records

Observed

UsageEvent signals and cross-layer correlations where adapters exist

CoverageGap

Missing, blocked, partial, stale, or consent-gated sources

Coverage depends on platform, scan scope, user or admin consent, and configured cloud connectors. BeProof never stores raw secrets and does not inspect network payloads.