Architecture

How Svalin works

Svalin is a lightweight agent deployed through your MDM that wraps supported AI coding tools at the MCP and LLM proxy layer — without modifying how developers work.

Developer
AI Agent
Svalin Agent
MCP + LLM Proxy
Platform
Compliance Team
1

Deployment

Deploy via MDM — zero developer action

Svalin deploys as a Go binary through Jamf, Microsoft Intune, or Kandji. It requires no developer action, no code changes, and no manual configuration. Once enrolled, the agent auto-detects supported AI coding tools on the machine and configures itself transparently.

Jamf, Intune, Kandji

Distributed as a standard MDM package — no custom tooling required.

Auto-detection of supported agents

The agent identifies Claude Code, Claude Desktop, Cursor, and Gemini CLI on enrolment.

Sub-day deployment for existing MDM fleets

If your fleet is already MDM-enrolled, initial rollout typically takes less than a day.

2

MCP Proxy Layer

Every tool call logged and policy-checked

For supported agents, Svalin wraps the tool's MCP configuration to intercept tool calls before they execute. Every file read, shell command, and API query that flows through MCP is logged, attributed, and policy-checked before transmission. Approved operations proceed transparently. Blocked or redacted operations are logged as policy events.

What gets captured

File reads and writes
Shell command invocations
LLM interaction when supported
Policy blocks and redactions
Developer and device attribution
Timestamps and sequence numbers
3

LLM Proxy Layer

Prompts attributed before they leave the machine

Where supported, Svalin configures itself as the local LLM proxy. Every prompt sent to a model provider and every response received is attributed to a specific developer session before being forwarded. Sensitive data patterns are detected and redacted before leaving the machine.

This is the layer that gateway-dependent tools depend on developer cooperation to route traffic through. Svalin's agent configures this at the OS level via MDM — no developer action required, and configuration changes are detected as compliance events.

4

Session Reconstruction

A coherent timeline, not just a list of events

Svalin uses process tree analysis — PID and PPID attribution — to reconstruct the full coding flow from developer prompt to session close. This means the audit trail is not just a list of events — it is a coherent session timeline showing what the agent did, in what order, on behalf of which developer.

Each tool call is linked to the session that spawned it. Each session is linked to the developer identity and device. The result is a navigable audit record: any event can be traced to its full context — what was asked, what was executed, what data moved.

5

Configuration Integrity

Bypass attempts detected, not just logged

Svalin continuously monitors agent configuration files for tampering. If a developer or administrator changes the LLM proxy URL, adds an unapproved MCP server, or suppresses a hook, Svalin detects the change, automatically re-applies the correct configuration, and raises a compliance alert on the platform.

What triggers an alert

LLM proxy URL changed · Unapproved MCP server added · Hook suppression detected · Agent configuration file modified · Svalin agent process terminated

What happens on detection

Correct configuration automatically re-applied · Compliance alert raised on platform with device identity and timestamp · Event logged in tamper-evident chain as a policy violation

6

Telemetry & Storage

Tamper-evident logs, append-only backend

Events are hash-chained and signed on device before being shipped to Svalin's append-only backend — EU-hosted, with separate key management. The result is a tamper-evident log that proves events were not modified after capture.

Sequence numbers and heartbeat checks allow auditors to identify gaps in coverage, not just verify what was logged. The distinction matters: a tamper-evident log proves integrity of what was captured. The heartbeat system helps identify periods where nothing was captured — so gaps are visible rather than invisible.

7

Coverage Scope

What Svalin governs — and what it doesn't

Svalin governs enrolled devices running supported agents. Knowing the boundary of coverage is part of governance.

In scope

  • Enrolled MDM devices
  • Claude Code and Claude Desktop
  • Cursor
  • Gemini CLI
  • MCP tool calls across supported agents

Surfaced as gaps

  • Unmanaged / personal devices
  • Web browser AI usage (ChatGPT, Claude.ai, etc.)
  • Remote dev boxes and cloud IDEs
  • Copy-paste workflows
  • Unsupported agents (outside Svalin's visibility)

Svalin's governance scope is explicit. What falls outside it is outside its visibility — and the platform makes no claim otherwise.

Supported agents

The four most widely adopted AI coding agents in regulated teams

Claude Code
Claude Desktop
Cursor
Gemini CLI
Your tool here

More on the roadmap. Tell us which AI coding tool your team uses and help shape what we support next.

See it in your environment

Request a demo and we'll walk through exactly how Svalin integrates with your MDM, your AI agents, and your compliance workflow.

Request a Demo