Local Developer State as Supply-Chain Evidence
Read-only MCP and agent-skill inventory maps directly to joelclaw fleet exposure checks without running package managers or touching source files.
Supply-chain response has an awkward gap: knowing what shipped is not the same as knowing what is sitting on every developer machine right now. SBOMs help with the first question, and EDR helps with runtime behavior, but neither cleanly answers “which laptops have this sketchy package, extension, or MCP server config on disk?”
Perplexity AI built Bumblebee for that exact slice. It’s a single static Go binary that walks known metadata surfaces on macOS and Linux, emits NDJSON component records, and can match them against an exposure catalog. No npm ls, no pip show, no go list, no source-file spelunking. Just read the boring metadata that already exists and make it searchable.
The clever bit is the scope discipline. Bumblebee covers package managers like npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, Composer, Homebrew, editor extensions for VS Code, Cursor, Windsurf, and VSCodium, plus browser extensions and several MCP config formats. It even inventories locked agent skills via skills.sh / vercel-labs/skills lock files. That last part is very relevant to joelclaw, because “what agent capabilities are installed where?” is now a real operational question, not cute agent cosplay bullshit.
This looks immediately useful as a fleet-side exposure primitive: run baseline on a cadence, run project across known code roots, and reserve deep for incident sweeps with --exposure-catalog and --findings-only. The receiver-side current-state model in docs/state-model.md is the other important piece: scans are ephemeral, but the inventory needs to become current truth somewhere else.
Key Ideas
- Bumblebee treats local developer metadata as evidence for supply-chain response, separate from shipped-artifact SBOM data and runtime EDR telemetry.
- The scanner is intentionally read-only: it parses lockfiles, install metadata, extension manifests, and supported MCP JSON configs without executing package-manager commands or reading source files.
- The three profiles,
baseline,project, anddeep, separate recurring lightweight inventory from known workspace scans and on-demand incident sweeps. - Exposure catalogs turn inventory into findings, so responders can ask “do any machines show this exact package, extension, or version?” and get structured NDJSON records back.
- MCP and agent skills coverage makes this more interesting than a normal dependency scanner for agent-heavy systems like joelclaw.
- The built-in
bumblebee selftestgives a deploy-time smoke test with embedded fake fixtures and no network calls, which is the kind of boring verification hook that keeps rollout scripts honest.