← back to docs

AI Inventory

Where is AI actually running in your company?

Every enterprise with more than 200 engineers has lost track of how many AI integrations it's running. Prova's AI Inventory rebuilds that map from first principles: by watching the receipts, and by letting integrations declare themselves before they ever fire.

How discovery works

When a receipt arrives at /api/v1/audit/ingest or /api/v1/gateway/check, Prova reads five fields and treats the combination as one integration:

integration_id = sha256(
  source.app_id          // "fraud-classifier"
  source.environment     // "production"
  source.framework       // "langgraph"
  model.provider         // "anthropic"
  model.name             // "claude-opus-4-7"
).slice(0, 16)

A new integration appears the moment its first receipt is signed. Missing fields fall back to the literal string unknown (which makes it obvious where your instrumentation has gaps). If you see a row with app_id: unknown something is calling Prova without telling us where it lives.

Per-integration metrics

For each integration, the dashboard shows:

  • Total invocations in the rolling 30-day window
  • First seen / last seen timestamps
  • Finding count, broken down by severity (info / low / medium / high / critical)
  • Five most recent receipt IDs, deep-linkable to the audit detail page

Sort by recency, invocation volume, or finding count. Filter by environment and provider via URL params.

Programmatic access

curl https://prova.cobound.dev/api/v1/inventory?days=30 \
  -H "Authorization: Bearer prv_..."

# Response:
{
  "org_id": "...",
  "window": { "from": "...", "to": "..." },
  "computed_at": "...",
  "totals": {
    "integrations": 47,
    "apps": 18,
    "providers": 4,
    "environments": 3,
    "invocations": 31402,
    "registered": 12,
    "dark": 5
  },
  "integrations": [
    {
      "id": "9f4a2e71d03bcafe",
      "app_id": "fraud-classifier",
      "environment": "production",
      "provider": "anthropic",
      "model_name": "claude-opus-4-7",
      "invocations": 8214,
      "first_seen": "...",
      "last_seen": "...",
      "discovery": "both",       // observed | registered | both
      "exercised": true,         // false => dark
      "registered_at": "...",
      "finding_counts": { ... },
      "recent_event_ids": [ ... ]
    },
    ...
  ]
}

Hook this into your alert pipeline: fire a Slack notification any time the inventory snapshot adds a new integration row. That's the standard pattern for catching shadow-AI integrations before they're in front of customers.

Active registration

Passive discovery can only see an integration after it has fired at least once. The integration that was wired up, shipped, and has never actually executed in prod is invisible to it by construction, and that is exactly the one a CISO wants to know about. Register an integration explicitly and it appears immediately, flagged dark until its first receipt confirms it is live.

curl -X POST https://prova.cobound.dev/api/v1/inventory/register \
  -H "Authorization: Bearer prv_..." \
  -H "Content-Type: application/json" \
  -d '{
    "app_id": "fraud-classifier",
    "environment": "production",
    "framework": "langgraph",
    "provider": "anthropic",
    "model_name": "claude-opus-4-7",
    "metadata": { "owner": "risk-eng", "repo": "github.com/acme/fraud" }
  }'

# 201 Created
{ "registered": 1, "integrations": [ { "id": "9f4a2e71d03bcafe", ... } ] }

Same auth and the same write permission as event ingestion (audit.ingest). The body is one registration or an array (max 1000). The call is idempotent on the integration tuple, so re-registering refreshes metadata and the last-registered timestamp without disturbing the original registration time. Drop it into your deploy pipeline so every service that links the AI SDK announces itself the first time it boots.

A registration is a declaration, not an AI decision. It is deliberately not a signed receipt. The signed audit trail is still only the receipts. The registration just tells the inventory the integration is supposed to exist, so the gap between supposed-to and actually-running becomes measurable.

What the inventory doesn't do (yet)

  • Network-layer discovery. Catching uninstrumented AI calls (where the customer has not wired Prova at all, via receipts or registration) would require a Cloudflare / Datadog log integration. That is the one class of shadow AI neither passive nor active discovery can see. Roadmap.
Open the inventory →How the underlying receipts work