Privacy
Names, not values. Manifests, not contents.
Sekeye inventories what's installed on an endpoint. It does not read secrets, browsing history, keystrokes, or file contents. The ingest schema enforces this. Records that carry banned fields are rejected.
Data flow
What leaves the endpoint.
Endpoint Backend
─────── ───────
Sekeye agent (read-only)
│
│ Scan filesystem manifests
│ (package-lock.json, .mcp.json, ~/.vscode/extensions, ...)
│
▼
NDJSON snapshot
• artifact IDs, versions, digests
• paths (not contents)
• env var NAMES (never values)
• permission strings
• host: hostname, OS, agent version
│
│ mTLS + per-endpoint enrolment token
▼
Ingest service
│
│ Schema validation
│ (rejects records
│ with env values,
│ file contents,
│ credentials)
▼
Delta store · Matcher · FindingsNever collected
Permanent commitments.
- ×File contents beyond manifests and configs
- ×Secret or env var values — MCP configs give us names, never values
- ×Browser history
- ×Credentials
- ×Keystrokes
Collected
What Sekeye does inventory.
For each surface, one line. Full detail on the inventory page.
- Language packagesInstalled + lockfile-declared.
- Browser extensionsID, version, permissions, update URL, install source, sideload flag.
- IDE extensionsID, version, publisher.
- MCP serversServer name, command / URL, args, env var names — never values — transport.
- AI agents & runtimesInstalled CLI agents, skills / plugins dirs, versions.
- Local modelsRuntime, model names, sizes, digests.
- ApplicationsName + version, no deep analysis.
- OS package managersHomebrew, winget, Chocolatey — names, versions, taps, buckets, sources.
- Machine profileHostname, OS + version, logged-in user, Drig version, uptime.