Agent Overview
Agents are the on-premises component of InfraScout. You install them on the hosts you want to assess — Windows servers, Linux systems, or macOS machines — and InfraScout coordinates them from the cloud. Each agent maintains a persistent encrypted connection and waits for commands from active assessment sessions.
What Agents Do
Agents execute commands on the host and stream results back to InfraScout. Claude (connected via MCP) decides what commands to run and interprets the output to produce Insights. The agent itself is stateless — it does not make assessment decisions; it only executes what it is asked.
Capabilities
Agents automatically detect and report what they can do based on the platform they run on. Capabilities determine which MCP tools Claude can use against that agent.
| Capability | Platforms | What it enables |
|---|---|---|
shell | Windows, Linux, macOS | Run shell commands (cmd on Windows, /bin/sh on Linux and macOS) |
powershell | Windows | Run PowerShell scripts and cmdlets |
wmi | Windows | Execute WMI queries |
eventlog | Windows | Query Windows Event Logs |
ldap | Windows, Linux, macOS | Search Active Directory via LDAP (requires configuration) |
LDAP is available on all platforms but only activates when you provide LDAP credentials in the agent config. This is useful for Linux or macOS hosts that need to query Active Directory.
Enrollment
Before an agent can connect, you must enroll it. Enrollment is a one-time process that establishes the agent's identity.
- Generate an enrollment token in the InfraScout dashboard (Settings → Enrollment Tokens → New Token).
- Run the agent with the
enrollsubcommand, passing the token and your InfraScout server address. - The agent generates a cryptographic key pair and sends a certificate signing request to InfraScout.
- InfraScout returns a signed certificate. The agent stores it locally and uses it for all future connections.
After enrollment the agent writes an agent-config.yaml file and is ready to run as a system service.
TIP
Enrollment tokens are single-use. Generate a fresh token for each agent or batch of agents you are enrolling at the same time.
Running as a Service
The agent is designed to run as a system service so it starts automatically and restarts on failure. Each platform has a dedicated service manager: Windows Service Control Manager (SCM), systemd on Linux, and launchd on macOS. See the platform-specific guides for exact steps: Windows, Linux, macOS.
Agent Identity
Once enrolled, the agent identifies itself by the hostname of the machine it runs on. InfraScout uses this hostname as a stable identifier — if the agent binary is re-enrolled on the same host, InfraScout reconnects it to the existing agent record rather than creating a duplicate. You can give each agent a human-readable display name in the dashboard.