firmis discover — Discover AI Platforms and Components
You can’t secure what you don’t know exists. Before scanning, firmis discover maps every AI component in your project — platforms, tool definitions, dependencies, and model references.
Run this first on any new project. The output tells you exactly what scan is about to look at.
When to use this
Section titled “When to use this”- Starting fresh: Run
discoveron an unfamiliar codebase to see what AI components exist before scanning - Scoping a scan: Confirm which platforms were detected before targeting a specific one with
--platform - Inventory for ops: Get a quick human-readable map of your agent stack without generating a full BOM
- Debugging a missed detection: If
scanseems to be missing something,discover --verboseshows you exactly what was found and why
For a machine-readable, audit-grade inventory, use firmis bom instead. For immediate security findings, use firmis scan — it runs discovery automatically.
firmis discover [path] [options]What gets discovered
Section titled “What gets discovered”For each detected platform, Firmis reports:
- Platforms — Claude, MCP, Codex, Cursor, CrewAI, AutoGPT, OpenClaw, Nanobot
- Components — individual tools, skills, plugins, or agents within each platform
- Dependencies — npm/pip packages related to AI functionality, with version numbers
- Models — detected model files or model references in config files
- File paths — exact locations of every detected file
Example output
Section titled “Example output”Firmis DiscoveryScanning: /Users/me/my-agent-project
Platforms detected: 3
claude (2 components) ├── CLAUDE.md └── .claude/tools/fetch.ts
mcp (4 components) ├── mcp.config.json ├── src/server/index.ts ├── src/tools/file-reader.ts └── src/tools/web-search.ts
cursor (1 component) └── .cursorrules
Dependencies (AI-related): 6 @modelcontextprotocol/sdk@1.2.0 openai@4.28.0 anthropic@0.20.0 langchain@0.1.36 ...
Models referenced: 1 claude-3-5-sonnet-20241022Options
Section titled “Options”| Flag | Type | Default | Description |
|---|---|---|---|
--platform <name> | string | auto-detect | Discover a specific platform only — useful when you know exactly what you’re looking for |
--json | boolean | false | JSON output for piping into scripts or other tools |
--output <file> | string | stdout | Save discovery results to a file |
--verbose | boolean | false | Show detailed component metadata including file sizes, parse results, and detection confidence |
--show-deps | boolean | true | Include AI-related dependencies in output |
--show-models | boolean | true | Include detected model references in output |
Examples
Section titled “Examples”Discover all platforms in current directory
Section titled “Discover all platforms in current directory”npx firmis discoverDiscover only MCP servers with JSON output
Section titled “Discover only MCP servers with JSON output”npx firmis discover --platform mcp --jsonSave discovery to file for later reference
Section titled “Save discovery to file for later reference”npx firmis discover --output discovery.json --jsonVerbose discovery — see exactly what Firmis found and why
Section titled “Verbose discovery — see exactly what Firmis found and why”npx firmis discover --verbose