MusterMuster Docs

Agent Inventory

The lifecycle every agent moves through, from discovery to retirement.

The Agent Inventory is the registry of every AI agent your organization runs. Each agent moves through a status lifecycle — knowing those statuses is the foundation for everything else (cost rollups, anomaly alerts, risk scoring, business rules).

The six statuses

StatusWhat it meansHow it gets set
DISCOVEREDA scanner found something that looks like an agent, but no one has reviewed it yet.Auto-set by the Discovery Engine (DNS, cloud cost, or git scanner).
PENDING_REVIEWDefault state for any agent waiting on admin review.Auto-set when an admin manually creates an agent. Auto-transitioned from DISCOVERED when an admin opens it for review.
APPROVEDLive, tracked, included in dashboards, cost rollups, and alerts.Admin clicks Approve in the inventory UI.
SUSPENDEDTemporarily paused. Still in the inventory but excluded from aggregations and alerts.Admin clicks Suspend — typically during maintenance, an incident, or a budget freeze.
RETIREDThe agent no longer exists. Terminal state.Admin clicks Retire when the agent is decommissioned.
DISMISSEDThe discovery was wrong (false positive, duplicate, third-party noise). Terminal state.Admin clicks Dismiss on a DISCOVERED or PENDING_REVIEW row.

The happy path

For agents you instrumented yourself:

(create manually) → PENDING_REVIEW → APPROVED → (later) RETIRED

For agents the Discovery Engine surfaced:

DISCOVERED → PENDING_REVIEW → APPROVED → (later) RETIRED

For false positives:

DISCOVERED → DISMISSED

APPROVED and SUSPENDED flip back and forth as needed. RETIRED and DISMISSED are terminal — to bring an agent back you create a new record.

What changes per status

A few behaviors depend on status, so the choice isn't cosmetic:

  • Cost aggregation: only APPROVED agents contribute to the rollup numbers shown on dashboards.
  • Anomaly alerts: only fire on APPROVED agents. A SUSPENDED agent going wild won't page anyone.
  • Risk scoring: runs on APPROVED and PENDING_REVIEW agents.
  • Business rules: evaluated on APPROVED agents only.

This matters during incidents: pulling something out of the alert/cost path means moving it to SUSPENDED, not deleting it.

Suggested workflow

  1. Wire up the Discovery Engine so new agents surface automatically as DISCOVERED.
  2. Triage discoveries weekly — promote real agents to PENDING_REVIEW, dismiss false positives.
  3. For each PENDING_REVIEW, fill in team, department, framework, and any tags your reporting needs, then Approve.
  4. When an agent is decommissioned, Retire it (don't delete) so the historical traces and costs stay attributed.

What's not yet documented

  • The AgentCandidate table (status: NEW | REVIEWED | PROMOTED | DISMISSED) used for raw discovery results before they're promoted into MusterAgent.
  • Approval workflows (triggerType: LIFECYCLE_TRANSITION) that can require multi-party sign-off when moving from PENDING_REVIEW to APPROVED.

Both will land in a follow-up page covering governance.

Self-hosting

Run Muster on your own infrastructure with Docker Compose.

Discovery Engine

Find shadow agents already running in your AWS account by analyzing Route 53 DNS query logs.