GenAI Detection Engineering Registry

GitHub Copilot: VS Code / JetBrains extension (Code Helper host), standalone Copilot CLI, and GitHub.com cloud coding agent. Cloud agent is branch-first (research/plan/code before PR). /fleet CLI command for parallel sub-agents. Commit signing and organization firewall controls. Signing on the IDE surface is the Visual Studio Code host — shared by all extensions, not Copilot-specific.

Cursor IDE (Electron) plus a separate Agent CLI (`agent` command). Cursor 3 rebuilt around agent-based workflows: Agents Window for parallel agents across local/cloud/SSH, Design Mode for browser annotation, /best-of-n parallel model runs, local-to-cloud handoff, and cursor.com/agents web interface sharing the desktop codebase.

Anthropic's agentic coding CLI and IDE companion. Native Mach-O binary (not Electron). Executes shell commands via a zsh wrapper with environment snapshot files. TUI mode (/tui, flicker-free fullscreen), push notifications, Opus 4.7 with xhigh effort level, Windows PowerShell support, session restoration for /loop workflows.

Anthropic's Electron-based desktop chat application. Separate product from Claude Code CLI. Can spawn Claude Code as a subprocess for agent mode. Claude Design (Anthropic Labs) is a visual creation tool within Claude (web and desktop) powered by Opus 4.7 -- creates prototypes, slides, one-pagers, landing pages. Exports PDF/PPTX/HTML. Shares infrastructure with Claude Desktop.

Electron VS Code fork by Codeium, acquired by Cognition (makers of Devin). 'Cascade' is the brand name for Windsurf's in-IDE AI agent. Adaptive model router intelligently selects best model per task. Supports Claude Opus 4.6, GPT-5.4, GPT-5.3-Codex, Gemini 3.1 Pro. Task queue and background agent features show Devin integration. 1M+ active users. Shell wrapper uses zsh -l (login shell).

OpenAI's open-source Rust-based coding agent CLI. Uses Seatbelt (macOS), Bubblewrap+seccomp (Linux), or custom ACLs (Windows) sandboxing. Default model is GPT-5.4. Amazon Bedrock provider support. background_agent tool for parallel work. Project instructions use AGENTS.md / AGENTS.override.md; user-level ~/.codex/AGENTS.md. MCP: ~/.codex/config.toml and project .codex/config.toml (trusted repos), `codex mcp`, in-session /mcp.

Google's open-source Node.js CLI coding agent. Sets GEMINI_CLI=1 in subprocesses (empirically observed). Config directory overridable via GEMINI_CLI_HOME per Gemini CLI configuration reference.

Google's agent-first IDE (VS Code-derived): Editor view plus Manager surface for asynchronous multi-agent work. Agents use the editor, terminal, and integrated browser; progress is surfaced as Artifacts. Public preview (Nov 2025). Multi-model (Gemini and partner models per product positioning). macOS Homebrew cask installs Antigravity.app (bundle id com.google.antigravity) with the sealed main Mach-O named Electron under Contents/MacOS plus a Homebrew-linked agy shim to Contents/Resources/app/bin/antigravity. Windows: winget Google.Antigravity (native ARM64/x64). Linux: official linux-x64 tarball (Antigravity.tar.gz) containing an ELF x86-64 antigravity binary; stable CDN has no linux-arm64 artifact as of 1.23.2.

Local LLM inference server written in Go with vendored webview wrapper (webview_go, NOT Electron despite bundle_id). Spawns ollama_llama_server runner subprocesses for loaded models. Default API on port 11434.

Autonomous AI coding agent VS Code extension. Creates/edits files, runs terminal commands with human-in-the-loop approval. Extension ID: saoudrizwan.claude-dev.

Open-source AI pair programming CLI. Edits code in local git repos by communicating with LLM APIs. Runs as Python process.

Open-source AI code assistant. VS Code and JetBrains extension with agent mode, terminal execution, and MCP support. Continue CLI ('cn' binary) is also distributed via npm install -g @continuedev/cli, install scripts, or PowerShell installer; the CLI provides a terminal-based coding agent with the same config home (~/.continue/).

Sourcegraph and Amp are now independent companies. Cody is enterprise-only ($59/user/month, Free and Pro plans discontinued). Amp is a separate CLI-first agentic coding product (VS Code extension deprecated in favor of terminal and web). Amp offers free (ad-supported) and enterprise tiers.

High-performance AI-native code editor written in Rust (no Electron). Agent panel can execute shell commands. First-class MCP support. Reads multiple instruction file formats. Parallel Agents feature enables multiple AI agents running simultaneously in one editor with threads sidebar, top-down streaming, subagent content preview. Supports Opus 4.7, GPT-5.4, Gemini 3.1 Pro, Grok.

Electron-based local LLM inference desktop app. Exposes OpenAI and Anthropic-compatible REST API on localhost:1234.

Local AI desktop assistant built on Tauri v2/Rust+WebView. No Electron helper processes. Requires MCP for tool-use. Bundles bun and uv runtimes. Uses llama-server for local inference.

Qt 6.8-based local LLM desktop app by Nomic AI. No Electron helper processes. Local API server on port 4891.

AI code completion and review engine with agentic capabilities (code review, generation). Runs as a local binary subprocess within IDEs. Protocol: JSON over stdin/stdout, one JSON per line (newline-delimited).

Autonomous AI software engineer. Originally cloud-only; now also ships a local CLI ('Devin for Terminal') and an ACP server. Local CLI is a single statically-linked Rust binary (~110 MB) signed by Exafunction, Inc. (Team ID 83Z2LHX6XW). Cognition acquired Windsurf in July 2025; Devin CLI subprocesses still spawn the Windsurf shell wrapper.

Replit AI: cloud Agent/Ghostwriter (server-side) plus optional Electron desktop wrapper (github.com/replit/desktop). Surfaces split by footprint: cloud has no local agent binary; desktop exposes Replit* processes only.

AI-powered web development tool. 100% browser-based using WebContainers (Node.js in WebAssembly). No local process and no official CLI/desktop app from StackBlitz. Note: npm packages `bolt-cli` and `@stackblitz/cli` are unrelated to bolt.new.

xAI's LLM. Includes Grok Build (cloud-based agentic coding). No official CLI or desktop app from xAI itself — API-only at api.x.ai. Community wrappers exist and ARE detectable on the endpoint: grok-agent (npm), Grok-Electron-Client, GrokChat (SwiftUI). Confirmed no /Applications/Grok.app from xAI.

Microsoft's JavaScript-based scripting framework for LLM automation. Uses host.exec() for shell commands and Docker containers for sandboxed execution.

Personal AI agent daemon (Node.js). Gateway-based architecture with WebSocket + REST API. ClawHub skill marketplace. Multiple chat-platform integrations (Slack, Discord, Telegram, Matrix, WhatsApp). High-risk per third_party_research section. Related variants: NanoClaw (security-focused, ~24k stars), PicoClaw (edge/IoT, Go, ~25k stars), ZeroClaw (Rust, ~27k stars).

Alibaba's terminal-based AI coding agent. npm package @qwen-code/qwen-code. Qwen models also commonly run locally via Ollama.

Open-source AI coding agent with TUI, renamed from OpenCode to Crush (charmbracelet/crush). Distributed via npm (opencode-ai) as a native Bun binary. Supports 75+ LLM providers, built-in skills (crush-config), and server-client architecture (experimental). opencode-ai/opencode repo is ARCHIVED.

C/C++ local LLM inference tools. llama-server runs an OpenAI and Anthropic-compatible HTTP API on port 8080. llama-cli is the interactive CLI. Repo moved from ggerganov/llama.cpp to ggml-org/llama.cpp.

C++ (llama.cpp-based) local LLM inference server with Python wrapper. Default port 5001. No authentication by default.

Python-based local LLM web UI with Gradio frontend. Runs server.py as main entry. Has built-in tool-calling via user_data/tools/. Zero telemetry. Distributed as a git-cloned repo (no PyPI / homebrew package); Conda environment is materialized into installer_files/env/ on first run of start_<os>.sh.

NVIDIA's open-source (Apache 2.0) enterprise security wrapper for OpenClaw. Architecture: NemoClaw Plugin (TypeScript CLI) + NemoClaw Blueprint (Python orchestrator) + OpenShell Sandbox (K3s Kubernetes inside Docker container). Adds container-isolated agent execution with YAML security policies, inference routing through approved endpoints, and PII stripping. Announced at GTC 2026 (March 16, 2026). Early preview/alpha.

AI code assistant with IDE extensions (VS Code, JetBrains) and standalone CLI. AI Architect MCP server available. AI models: ADVANCED (GPT-4o, Claude Sonnet 3.5, 240K context), BASIC (GPT-4o mini, 40K context).

Community build of VS Code from MIT source, without Microsoft telemetry. Uses Open VSX Registry instead of VS Code Marketplace. Different process names and config paths from VS Code.

Open-source extensible AI agent (Rust). Desktop app and CLI. Supports 20+ LLM providers, MCP extensions, and marketplace. macOS sandbox support. 41k+ GitHub stars. Originally by Block (Square), now under AAIF at Linux Foundation.

AWS AI coding agent CLI, rebranded from Amazon Q Developer CLI in November 2025. Agent mode, MCP support, custom agents, hooks. Backwards compatible with Q Developer CLI.

Full-featured AI agent platform by Nous Research. CLI and Python library. Supports MCP, 20+ messaging integrations (Telegram, Discord, Slack, WhatsApp, Signal), persistent memory, scheduled jobs, and a skills marketplace.

AI coding agent with CLI (auggie) and VS Code extension. Supports subagents, custom commands, MCP, and hierarchical configuration. Interactive TUI and print (non-interactive) modes.

Autonomous VS Code coding agent (fork of Cline ecosystem). Multi-mode (Code, Architect, Ask, Debug, Orchestrator). Note: company announced sunset of the VS Code extension on May 15, 2026, pivoting to a cloud agent (Roomote). Endpoint detection signal still relevant for installed extensions until cutover.

Open-source AI coding agent with both VS Code extension and standalone CLI surfaces sharing a portable core. Supports parallel agents, subagent delegation, git worktree isolation, and multi-mode operation (Architect, Ask, Debug, Orchestrator).

Glamorous terminal AI coding agent. Multi-model LLM switching, session-based context, LSP integration. Distributed cross-platform (macOS, Linux, Windows, BSDs, Android) via Homebrew tap, npm, Go install, scoop, winget, and Arch AUR.

Open-source autonomous coding agent with TUI, headless, IDE, web, and GUI server modes. Sandboxed execution via Docker by default. MCP support, model-agnostic (Claude, OpenAI, Ollama, etc.), confirmation modes including LLM-based security analysis.

JetBrains AI coding agent. Runs as IDE plugin (IntelliJ-family), standalone CLI, or headless mode for CI/CD. Supports Agent Client Protocol (ACP) for editor integrations. BYOK to Anthropic, OpenAI, Google, xAI, OpenRouter, or Copilot; or use JetBrains account with usage-based billing.

Factory AI's terminal development agent. End-to-end feature development with deep codebase understanding. Integrates with Jira, Notion, Slack. Interactive REPL and non-interactive 'droid exec' modes.

Command-line companion for Google's async coding agent Jules. TUI dashboard, remote session management, and repo-level operations. Authenticates with Google account; sessions execute on Google's cloud infrastructure (low local endpoint footprint beyond the CLI itself).

ByteDance's AI-native IDE (Electron-based). Multi-LLM (OpenAI, Anthropic, Doubao, Azure, Gemini), free tier including GPT-4o, Claude-3.5-Sonnet, DeepSeek. SOLO autonomous mode for end-to-end workflows. International (trae.ai) and China (trae.cn) variants.

ByteDance's standalone autonomous coding agent — distinct downloadable product from TRAE IDE. Electron-based VS Code OSS fork focused on end-to-end task execution rather than interactive editing. macOS Apple Silicon shipped April 2026; Windows on waitlist; Linux not announced.

Atlassian's AI agent for software engineers. Runs as a subcommand of the Atlassian CLI (acli). TUI is the default as of April 2026, replacing the prior web-based experience. Supports interactive, non-interactive, server, and git worktree modes.

Open-source terminal coding assistant. Indexes the codebase in seconds, edits files, and runs terminal commands. Persistent project context via knowledge.md.

Open-source AI code editor forked from VS Code. Includes PearAI Router (auto-selects best LLM) and PearAI Agent (powered by Roo Code/Cline lineage). MIT-licensed.

Open-source AI-native code editor (VS Code fork). Status: paused. Team announced they paused work on the IDE to explore new directions; existing builds continue to run but may bit-rot. MCP support added in beta. Keep entry only for fielded installations.

Native CLI agent powering Zencoder IDE plugins and Zenflow automation. Includes built-in skills, research agent, subagent streaming, and scheduled automation.

CLI for building, managing, and running AI agents. Interactive chat, custom agent configuration, web UI mode, and webhook (HTTP API) mode. Successor to deprecated @qodo/gen package.

Self-hosted AI coding assistant server. Open-source alternative to GitHub Copilot. Runs code-specific LLMs locally (StarCoder, CodeLlama, Qwen) with optional CUDA. Serves completions and chat to VS Code, JetBrains, and Vim/Neovim plugins. Now includes GitLab Merge Request indexing (v0.30).

Open-source AI coding agent by TabbyML. VS Code extension and CLI sharing the same auth. Parallel agents using Git worktrees, GitHub integration, multi-file refactoring. Companion to Tabby model server but works with any LLM provider (BYOK).

AI-powered GitLab Duo Agentic Chat in the terminal. Interactive (human-in-the-loop) and headless modes. Understands codebase, modifies code, troubleshoots errors, automates CI/CD. Public beta as of April 2026. Requires GitLab 18.11+.

VS Code coding agent with multi-agent execution. /multi-agent dispatches tasks to Blackbox, Claude Code, Codex, Gemini, Goose, OpenCode, and 15+ other coding agents in parallel; a 'Chairman LLM' selects the best result. 4M+ marketplace installs.

Fast code completion VS Code extension with 1M-token Pro context window. Lightweight inline suggestions and chat (OpenAI/Anthropic). Primarily completion-focused; agentic shell-spawning behavior is limited compared to full coding agents.

Official OpenAI Python SDK ships an `openai` console script (entry-point in the openai-python pip package). Used by developers and detection rules as a parent process when scripts and agents shell out via the OpenAI API. Not an agent on its own; reaches LLM and is referenced by GenAI rules as a parent indicator.

Pluggable command-line tool for interacting with LLMs. Single `llm` console script written in Python with a plugin model that supports OpenAI, Anthropic, local Llama and Ollama backends, and custom providers. Stores chat history in SQLite under user data dir.

Official GitHub MCP server. Single Go binary that proxies the GitHub REST and GraphQL APIs over MCP (stdio or HTTP). Used by Claude Code, Cursor, Windsurf, and other MCP clients to grant LLMs access to repositories, issues, PRs, and Actions runs.

Official Elastic Elasticsearch MCP server. Bridges Claude Code, Cursor, and other MCP hosts to an Elasticsearch cluster (list indices, get mappings, search, shard stats). Distributed as @elastic/mcp-server-elasticsearch on npm and at docker.elastic.co/mcp/elasticsearch. DEPRECATED on npm — Elastic recommends Elastic Agent Builder. The package `@elastic/mcp-server-elastic-cloud` referenced in older docs DOES NOT EXIST on npm.