SVALIN AI Governance Platform
Request a demo
Svalin · Observability for AI coding agents

Engineers keep their speed.
Security keeps the receipts.

Svalin is an observability platform for AI coding agents. The local agent ships through your MDM and watches every Cursor, Claude Code, and Gemini CLI session on the device — without changing a single engineering workflow. Security and compliance get the full picture, in one place.

Request a demo How it works →
Svalin conversation detail — governed Claude Code session with duration, token counts, model usage, environment snapshot, active MCP servers, policy version and a chronological timeline of sessions, LLM calls and tool invocations
Telemetry foundations for
SOC 2 ISO 27001 EU AI Act GDPR DORA
The agent event ledger

One stream for every Cursor, Claude or Gemini session your fleet ran.

Svalin conversations table with 85 governed sessions across Claude Code and Gemini CLI
Svalin aggregates fragmented agent sessions into a centralized compliance stream. Filter by local OS user, active MCP servers, or behavioral risk signatures across your entire machine fleet.
Host environment mapping

Every AI coding tool on every device, mapped without asking.

Detected and governed AI coding tools — Claude Desktop, Claude CLI, Gemini CLI, Cursor with their config file paths
Svalin maps your active configuration matrix automatically. It monitors system directories for Cursor, Gemini and Claude without asking developers to change their environment.
Immutable state telemetry

Every heartbeat, validated. The chain breaks loudly when it should.

{
  "id": "evt_47495ce6-5cc5-403c-9dc2-70cefe6db229",
  "scope": "agent",
  "device_hostname": "mbp-engineering-04.local",
  "os_user": "jsmith",
  "os_platform": "macos",
  "agent_version": "v0.5.0-prod",
  "governance_status": "governed",
  "event_type": "heartbeat",
  "chain_status": "broken",
  "occurred_at": "2026-05-19T18:28:15.831Z",
  "payload": {
    "interval_ms": 30000,
    "active_sessions": 0,
    "governance_status": "governed"
  }
}
Svalin structures every agent heartbeat and system log into validated state payloads. Security teams can instantly verify telemetry integrity right out of the box.

Built around one idea: observe without getting in the way.

01

Engineers don't change a thing.

Deployed through your MDM in the same wave as any other endpoint. The agent watches Cursor, Claude Code, Gemini CLI and the MCP servers they connect to — invisibly, on the device. No proxy, no new IDE settings, no tickets in the engineering backlog.

02

One registry, every surface.

Governed devices, supported AI coding agents, connected MCP servers — all in one place. The CISO surface answers "who is using what, where" without an email thread.

03

Incidents, not log floods.

Secrets, credentials, PII and policy violations surface as incidents — triaged, owned, resolved. Everything else stays in the timeline where it belongs.

04

Compliance, as a side effect.

A signed, append-only audit trail of every call by every AI agent on every device. SOC 2, ISO 27001 and EU AI Act evidence falls out of the system you were going to deploy anyway.

You have an AI policy. You don't have proof anyone follows it.

Every InfoSec lead we talk to has the same answer: "we have a document registry." A Notion page, a Confluence space, a PDF that lists the AI coding tools they sanction and how they should be used. None of them can tell you, today, which engineer is actually running which agent against which MCP server.

The gap between the document and reality is where audit findings come from. It is also where credential leaks and unsanctioned MCP servers slip in.

Svalin closes the gap. The platform tells you which AI coding agents are in use across the fleet, which MCP servers they are connected to, and whether each device matches the policy you wrote — without asking engineers to log a thing.

Two surfaces. One source of truth.

A · Local agent

Lives on the device, deployed by your MDM in the same wave as any other endpoint tool. Watches every AI coding session in the background — and applies policy locally, with no network round-trip.

MDM deployment (Jamf, Kandji, Intune)
Local policy engine — zero decision latency
Captures tool calls, file access, MCP traffic
PII and credential detection on-device

B · Governance platform

The CISO and CTO surface. Registry of every governed device, every supported AI coding agent, every connected MCP server. Central policy management and the full audit trail in one place.

Device, agent and MCP server registry
Central policy management, pushed to every agent
Incident queue and audit log exploration
SOC 2 / ISO 27001 / AI Act evidence export

See what AI coding agents accessed yesterday.
Without asking a single engineer.

Request a demo