AI Inventory

See every AI integration in your org.

Including the ones you forgot about. The Inventory derives integrations passively from receipts, accepts active registration up-front, and surfaces dark integrations: the ones wired into Prova but never exercised in production. That's the shadow-AI gap nobody else catches.

What it is

One row per distinct AI integration, identified by the tuple of app, environment, framework, provider, and model name:

  • Passive discovery. The Inventory builds itself by walking the Audit Vault.
  • Active registration. POST to /api/v1/inventory/register to declare an integration before its first receipt.
  • Dark integrations. Registered but never exercised in the window. This is the shadow-AI gap.
  • Topology graph. Bipartite layout of apps to models, with edges weighted by invocations and colored by worst finding severity.
  • Drill-down per integration. Last-seen, invocation count, finding breakdown, recent receipts.

What it does for you

Find the AI nobody told you about.

The org chart is wrong about how many AI integrations you have. The Inventory shows what's actually running, derived from signed receipts the runtime emits. Surprise integrations show up the same day they ship.

Catch the dark integrations.

The dangerous gap isn't unknown AI. It's AI that was wired up, declared, and then never actually used. A 'dark' status means the integration registered itself but no receipt has been seen in the window. Either it's idle or it's bypassing instrumentation.

See the dependency shape, not the rows.

The topology graph is a bipartite map of which apps use which models. At a glance you can see which models are sprawling across teams and which apps are gated to one provider. Useful for cost reviews, vendor consolidation, and provider-risk conversations.

Declaration is not a receipt.

Active registration tells Prova 'we plan to run this.' A receipt tells Prova 'we ran this.' Both are first-class. The signed audit trail stays the receipts; the Inventory is a derived view that combines them.

What it doesn't catch yet

Calls that never touch Prova at all. Passive plus active discovery covers every integration that talks to the control plane in either direction. Catching the truly off-grid integrations needs a network-layer log feed (Cloudflare, Datadog).

That's the next sprint, not the current shipped feature. If you need it today, ask on the call. We'll wire your CDN logs in by hand for the first deployment.

SEE YOUR INVENTORY →Read the inventory docs