opena2a detect

Shadow AI Discovery. Find unmanaged AI agents and MCP servers running in your environment.

Usage

opena2a detect [options]

The Shadow AI Problem

Shadow AI is the use of AI agents, MCP servers, and coding assistants without organizational visibility or governance. Developers adopt these tools faster than security teams can track them. The result: unmanaged agents with access to source code, credentials, and infrastructure -- operating outside identity management, access controls, and audit logging.

opena2a detect scans the local machine for running AI agents and MCP server configurations, then reports their identity and governance status. It answers the question every security team needs answered: what AI tools are active, and are they governed?

What It Detects

Running AI Agents

Scans the process list for known AI coding tools:

AgentDetection Method
Claude CodeProcess name matching (claude, @anthropic-ai/claude-code)
CursorProcess name matching (cursor, Cursor.app)
GitHub CopilotProcess name matching (copilot)
WindsurfProcess name matching (windsurf, Windsurf)
AiderProcess name matching (aider)
ContinueProcess name matching (continue)
ClineProcess name matching (cline)

MCP Server Configurations

Discovers MCP server configs from standard locations:

  • ~/.claude/mcp_servers.json (Claude Code)
  • ~/.cursor/mcp.json (Cursor)
  • ~/.config/windsurf/mcp.json (Windsurf)
  • ~/.vscode/extensions/*/mcp.json (VSCode extensions)
  • mcp.json / .mcp.json (project-local)

Identity Status

Checks for AIM governance artifacts in the target directory:

  • AIM project initialization (.opena2a/ directory)
  • MCP server identities (.opena2a/mcp-identities/)
  • SOUL.md governance files
  • Capability policy files (policy.yml, policy.yaml, policy.json)

Options

FlagDescription
--dir <path>Target directory to scan. Default: current working directory.
--format <text|json>Output format.
--ciCI mode. Non-interactive output.
--verboseShow detection methods and target directory.

Examples

# Scan current directory
opena2a detect
# Scan a specific project
opena2a detect --dir ./my-agent-project
# JSON output for CI pipelines
opena2a detect --ci --format json

Next Steps

The detect command shows suggested next steps based on your findings:

# Create an agent identity
opena2a identity create --name my-agent
# Initialize security posture
opena2a init
# Sign MCP server identities
opena2a mcp sign my-server

Related

mcpinitshield