01 / SIGNAL
Local agent artifacts and prompt files
The output is designed for security, governance, and engineering reviewers who need to understand what is real before they approve more access.
Find what is running before it becomes risk.
Vettd CLI scans local machines, repositories, CI runners, servers, and MCP gateways for AI execution artifacts. It produces reviewable evidence that can stand alone or move into Vettd.
$ vettd scan --org acme --depth full
→ scanning 14 hosts, 2 mcp servers, 3 model providers ...
[ OK ] 42 agents inventoried
[ OK ] 11 MCP tools mapped to capabilities
[ WARN ] 7 agents with over-broad credentials
↳ shopify_admin · stripe_full · github_admin
[ WARN ] 3 agents calling unallowlisted egress
[ FAIL ] 1 agent writing PII to public bucket
↳ s3://acme-public-assets/transcripts/*
→ generating evidence bundle ...
→ signed: vettd-acme-2026-04-30.json (sha256:9f2c...e1)
✓ ready for review at vettd.agentichighway.ai/upload
$
→ scanning 14 hosts, 2 mcp servers, 3 model providers ...
[ OK ] 42 agents inventoried
[ OK ] 11 MCP tools mapped to capabilities
[ WARN ] 7 agents with over-broad credentials
↳ shopify_admin · stripe_full · github_admin
[ WARN ] 3 agents calling unallowlisted egress
[ FAIL ] 1 agent writing PII to public bucket
↳ s3://acme-public-assets/transcripts/*
→ generating evidence bundle ...
→ signed: vettd-acme-2026-04-30.json (sha256:9f2c...e1)
✓ ready for review at vettd.agentichighway.ai/upload
$
Vettd CLI · The scanner
From “we think we have agents” to a signed bundle in 12 minutes.
Vettd CLI runs where your agents already live — laptops, CI runners, server hosts, MCP gateways. It catalogues what's real, flags what's risky, and emits a tamper-evident bundle your auditor will recognize.
- No agents talked to OpenAI by mistake. Egress and credential map, by host.
- MCP-aware. Walks tools, scopes, and prompt configs — not just process lists.
- Signed evidence bundles. SHA-256, optional org key, no PII leaves the host.
What Vettd CLI sees
A current-state assessment without a platform rollout first.
Use Vettd CLI at the start of a pilot, during vendor review, or before an audit. The scanner keeps raw evidence local and emits a compact bundle for review.
02 / SIGNAL
MCP server registrations and tool scopes
The output is designed for security, governance, and engineering reviewers who need to understand what is real before they approve more access.
03 / SIGNAL
Over-broad credentials and risky egress
The output is designed for security, governance, and engineering reviewers who need to understand what is real before they approve more access.
04 / SIGNAL
Signed evidence bundles for Vettd review
The output is designed for security, governance, and engineering reviewers who need to understand what is real before they approve more access.
Downloads
Single binary, no service dependency.
Vettd CLI runs standalone on macOS, Linux, and Windows. Get the binary for your platform and start collecting evidence immediately.
macOS
Apple silicon and Intel builds
View downloads →Linux
amd64 and arm64 server builds
View downloads →Windows
x86_64 desktop build
View downloads →