<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Srinivas Kondepudi</title>
    <description>The latest articles on DEV Community by Srinivas Kondepudi (@sirinivask).</description>
    <link>https://dev.to/sirinivask</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3929806%2F3e582fb0-6ad8-4b28-bd40-b27808c07692.jpg</url>
      <title>DEV Community: Srinivas Kondepudi</title>
      <link>https://dev.to/sirinivask</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/sirinivask"/>
    <language>en</language>
    <item>
      <title>Your AI agent just took an action in production. Can you answer five questions about it?</title>
      <dc:creator>Srinivas Kondepudi</dc:creator>
      <pubDate>Thu, 02 Jul 2026 20:14:47 +0000</pubDate>
      <link>https://dev.to/sirinivask/your-ai-agent-just-took-an-action-in-production-can-you-answer-five-questions-about-it-17dp</link>
      <guid>https://dev.to/sirinivask/your-ai-agent-just-took-an-action-in-production-can-you-answer-five-questions-about-it-17dp</guid>
      <description>&lt;p&gt;AI agents are moving from answering questions to taking actions.&lt;/p&gt;

&lt;p&gt;A deployment agent pushes to staging. A code review agent comments on a pull request. A support agent drafts a response. A finance agent reads a report.&lt;/p&gt;

&lt;p&gt;These are all actions. They happened in your environment, on your behalf, triggered by AI. Now ask yourself:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Which agent took this action?&lt;/li&gt;
&lt;li&gt;Who is the human accountable for that agent?&lt;/li&gt;
&lt;li&gt;Was the action explicitly allowed before it ran?&lt;/li&gt;
&lt;li&gt;Which policy governed it?&lt;/li&gt;
&lt;li&gt;What tamper-evident proof exists right now?&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;If any of those answers is "I would have to check logs", you do not have a governance layer for your AI agents. You have AI with an audit trail. That is different.&lt;/p&gt;




&lt;h2&gt;
  
  
  Why IAM does not solve this
&lt;/h2&gt;

&lt;p&gt;Identity and access management tells you whether a service account has permission to reach a system. It was built for humans and services with static, predictable behavior.&lt;/p&gt;

&lt;p&gt;It cannot tell you whether a given action was inside the agent's declared scope. It cannot bind an agent action to a named human who accepted accountability for it. It does not evaluate intent or scope, only whether the credential is valid.&lt;/p&gt;

&lt;p&gt;An AI agent with a valid service account token can act far outside what you intended, and your IAM layer will not know the difference.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;The gap:&lt;/strong&gt; IAM governs what a credential can reach. Agent governance governs what an agent may actually do, and who answers if it does something wrong.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  What CLAIIM does
&lt;/h2&gt;

&lt;p&gt;CLAIIM is an identity control plane for AI agents. The model is four steps:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. Governed identity&lt;/strong&gt;: Each agent is registered with a unique identity, a declared skill set, and a named human accountability anchor, the person who authorized this agent to operate.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Policy gate before action&lt;/strong&gt;: Before the agent acts, it asks the CLAIIM gate. The gate evaluates the requested action against the active policy. It returns ALLOW or DENY with a reason, before execution.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. Versioned skills and policies&lt;/strong&gt;: Skills define what an agent is capable of doing. Policies define what it is allowed to do. Both are versioned and locked at evaluation time.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;4. Chron: proof after every decision&lt;/strong&gt;: Every ALLOW and DENY is written immediately to Chron, an append-only audit trail. Agent, anchor, action, policy version, skill version, outcome. Every decision, every time.&lt;/p&gt;




&lt;h2&gt;
  
  
  A concrete example: the DevOps agent
&lt;/h2&gt;

&lt;p&gt;You have a deployment agent. You want it to deploy freely to staging, but you want production blocked entirely.&lt;/p&gt;

&lt;p&gt;In CLAIIM, you define a policy:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="c1"&gt;# Skills this agent can use&lt;/span&gt;
&lt;span class="na"&gt;skill&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;deploy-v2&lt;/span&gt;

&lt;span class="c1"&gt;# What is allowed&lt;/span&gt;
&lt;span class="na"&gt;allow&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;deploy:staging&lt;/span&gt;
  &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;deploy:rollback-staging&lt;/span&gt;
  &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;health:check&lt;/span&gt;

&lt;span class="c1"&gt;# What is explicitly denied&lt;/span&gt;
&lt;span class="na"&gt;deny&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;deploy:production&lt;/span&gt;
  &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;deploy:rollback-production&lt;/span&gt;
  &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="s"&gt;infra:destroy&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;When the agent calls the gate, it gets a decision before it does anything:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;claiim&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;Gate&lt;/span&gt;

&lt;span class="n"&gt;gate&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nc"&gt;Gate&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;agent_id&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;deploy-bot&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;token&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;...&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="c1"&gt;# Staging deploy, will be allowed
&lt;/span&gt;&lt;span class="n"&gt;result&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;gate&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;check&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;action&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;deploy:staging&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;target&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;api-v2&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="c1"&gt;# result.outcome == "ALLOW"
# result.chron_id == "chr_01j..."
&lt;/span&gt;
&lt;span class="c1"&gt;# Production deploy, will be denied
&lt;/span&gt;&lt;span class="n"&gt;result&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;gate&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;check&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;action&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;deploy:production&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;target&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;api-v2&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="c1"&gt;# result.outcome == "DENY"
# result.reason == "policy:no-prod-v1 -- action not in allow list"
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The gate blocks the production deploy before it starts. The agent never calls your deploy infrastructure. Both decisions are in Chron immediately.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Chron record
&lt;/h3&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;outcome&lt;/th&gt;
&lt;th&gt;agent&lt;/th&gt;
&lt;th&gt;action&lt;/th&gt;
&lt;th&gt;anchor&lt;/th&gt;
&lt;th&gt;policy&lt;/th&gt;
&lt;th&gt;skill&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;ALLOW&lt;/td&gt;
&lt;td&gt;deploy-bot&lt;/td&gt;
&lt;td&gt;deploy:staging&lt;/td&gt;
&lt;td&gt;s.emp1&lt;/td&gt;
&lt;td&gt;no-prod-v1&lt;/td&gt;
&lt;td&gt;deploy-v2&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;DENY&lt;/td&gt;
&lt;td&gt;deploy-bot&lt;/td&gt;
&lt;td&gt;deploy:production&lt;/td&gt;
&lt;td&gt;s.emp2&lt;/td&gt;
&lt;td&gt;no-prod-v1&lt;/td&gt;
&lt;td&gt;deploy-v2&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;ALLOW&lt;/td&gt;
&lt;td&gt;review-bot&lt;/td&gt;
&lt;td&gt;pr:comment&lt;/td&gt;
&lt;td&gt;j.smith&lt;/td&gt;
&lt;td&gt;review-v2&lt;/td&gt;
&lt;td&gt;review-v1&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;DENY&lt;/td&gt;
&lt;td&gt;review-bot&lt;/td&gt;
&lt;td&gt;pr:merge&lt;/td&gt;
&lt;td&gt;j.smith&lt;/td&gt;
&lt;td&gt;review-v2&lt;/td&gt;
&lt;td&gt;review-v1&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Every row is a decision: who asked, what they wanted, who is accountable, which policy and skill version were active, and what was decided. Append-only. Every time.&lt;/p&gt;




&lt;h2&gt;
  
  
  One important nuance on prompt injection
&lt;/h2&gt;

&lt;p&gt;CLAIIM does not inspect model reasoning or detect prompt injection. But if a prompt-injected agent tries to call &lt;code&gt;deploy:production&lt;/code&gt;, the gate still returns DENY, it does not care why the agent made the request. It evaluates the action against the policy regardless.&lt;/p&gt;

&lt;p&gt;This means CLAIIM provides containment even when a model is compromised. It does not prevent the injection. It limits what the injection can actually do.&lt;/p&gt;




&lt;h2&gt;
  
  
  Installing the Evaluation Preview
&lt;/h2&gt;

&lt;p&gt;CLAIIM runs entirely in your environment. The evaluation path is Docker Compose, under ten minutes to a working gate with proof in Chron.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# 1. Clone the distribution repo&lt;/span&gt;
git clone https://github.com/nivaya/claiim
&lt;span class="nb"&gt;cd &lt;/span&gt;claiim

&lt;span class="c"&gt;# 2. Generate TOKEN_SECRET (your own, not issued by Nivaya)&lt;/span&gt;
&lt;span class="nb"&gt;cp&lt;/span&gt; .env.example .env
&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="s2"&gt;"TOKEN_SECRET=&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;openssl rand &lt;span class="nt"&gt;-hex&lt;/span&gt; 32&lt;span class="si"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; &lt;span class="o"&gt;&amp;gt;&amp;gt;&lt;/span&gt; .env

&lt;span class="c"&gt;# 3. Start the stack&lt;/span&gt;
docker compose up &lt;span class="nt"&gt;-d&lt;/span&gt;

&lt;span class="c"&gt;# 4. Run the gate rehearsal&lt;/span&gt;
bash rehearsal.sh
&lt;span class="c"&gt;# Expected: PASS: 13 / FAIL: 0&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Image access note:&lt;/strong&gt; Container images are gated during the controlled preview rollout. Email &lt;strong&gt;&lt;a href="mailto:support@claiim.io"&gt;support@claiim.io&lt;/a&gt;&lt;/strong&gt; with your GitHub username. After access is granted, create a GitHub PAT with &lt;code&gt;read:packages&lt;/code&gt; and run &lt;code&gt;docker login ghcr.io&lt;/code&gt; before step 3.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;The rehearsal script provisions a sample agent, defines what it may and may not do, fires both an ALLOW and a DENY through the gate, and prints the Chron IDs to verify. You see real gate decisions before you write a single line of integration code.&lt;/p&gt;




&lt;h2&gt;
  
  
  What is in the preview and what is not
&lt;/h2&gt;

&lt;p&gt;Complete and test-covered:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Gate enforcement (ALLOW / DENY)&lt;/li&gt;
&lt;li&gt;Chron audit trail (append-only)&lt;/li&gt;
&lt;li&gt;Organizational boundaries&lt;/li&gt;
&lt;li&gt;Versioned Skills and Policies&lt;/li&gt;
&lt;li&gt;Two-person control for privileged changes&lt;/li&gt;
&lt;li&gt;Python SDK&lt;/li&gt;
&lt;li&gt;Admin UI&lt;/li&gt;
&lt;li&gt;Docker Compose install&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Not in preview (in progress toward GA):&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Kubernetes Helm chart&lt;/li&gt;
&lt;li&gt;SAML / OIDC federation&lt;/li&gt;
&lt;li&gt;Active-active HA&lt;/li&gt;
&lt;li&gt;Signed air-gap bundle for Sovereign deployments&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Your data does not leave your environment. Chron records, agent identities, policies, and gate decisions are all stored in your database, not in any Nivaya-hosted system.&lt;/p&gt;




&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;

&lt;p&gt;Install guide and preview scope: &lt;a href="https://claiim.io" rel="noopener noreferrer"&gt;claiim.io&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Preview access: &lt;a href="mailto:support@claiim.io"&gt;support@claiim.io&lt;/a&gt;, email with your GitHub username and we will enable package access.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>security</category>
      <category>devops</category>
      <category>governance</category>
    </item>
    <item>
      <title>We hit 3,600+ installs with zero marketing, here's what we learned building Chron</title>
      <dc:creator>Srinivas Kondepudi</dc:creator>
      <pubDate>Thu, 02 Jul 2026 18:46:47 +0000</pubDate>
      <link>https://dev.to/sirinivask/we-hit-3600-installs-with-zero-marketing-heres-what-we-learned-building-chron-2nj6</link>
      <guid>https://dev.to/sirinivask/we-hit-3600-installs-with-zero-marketing-heres-what-we-learned-building-chron-2nj6</guid>
      <description>&lt;p&gt;Six months ago I couldn't find a single tool that answered: what exactly did my AI coding assistant do in that session?&lt;/p&gt;

&lt;p&gt;Not the output. The actions. The tool calls. The secrets it may have seen. The suggestions I accepted, and the ones I didn't.&lt;/p&gt;

&lt;p&gt;So I built Chron.&lt;/p&gt;

&lt;p&gt;What drove the traction&lt;/p&gt;

&lt;p&gt;The problem is real and getting worse, developers want a record, security teams want visibility, nobody had a tool for both.&lt;/p&gt;

&lt;p&gt;SIEM integrations. The moment we shipped chron connect splunk/sentinel/crowdstrike, enterprise security teams took notice. They don't want a new dashboard, they want events in the tools they're already monitoring.&lt;/p&gt;

&lt;p&gt;The compliance angle. A community member pointed out Chron directly addresses OWASP AISVS C13 and NIST AI RMF logging requirements. That single comment spread further than anything we wrote.&lt;br&gt;
What surprised us&lt;/p&gt;

&lt;p&gt;Cross-platform demand. We built for Claude Code first. The moment we shipped chron connect codex for ChatGPT Codex, weekly installs jumped. People aren't loyal to one AI tool, they need audit coverage across all of them.&lt;/p&gt;

&lt;p&gt;Where we are&lt;/p&gt;

&lt;p&gt;3,657 installs. Zero marketing. Heading to 4,000.&lt;/p&gt;

&lt;p&gt;npm install -g chron-mcp&lt;/p&gt;

&lt;p&gt;What problem would make you install an AI audit tool without anyone telling you to?&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fuiukzouwys9tmel29b7e.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fuiukzouwys9tmel29b7e.png" alt="Chron" width="800" height="526"&gt;&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>mcp</category>
      <category>governance</category>
      <category>webdev</category>
    </item>
    <item>
      <title>CLAIIM: Identity and Governance for AI Agents Before They Act</title>
      <dc:creator>Srinivas Kondepudi</dc:creator>
      <pubDate>Thu, 25 Jun 2026 19:24:53 +0000</pubDate>
      <link>https://dev.to/sirinivask/claiim-identity-and-governance-for-ai-agents-before-they-act-5d72</link>
      <guid>https://dev.to/sirinivask/claiim-identity-and-governance-for-ai-agents-before-they-act-5d72</guid>
      <description>&lt;h2&gt;
  
  
  CLAIIM: Identity and Governance for AI Agents Before They Act
&lt;/h2&gt;

&lt;p&gt;AI agents are moving from experiments into real organizational workflows.&lt;/p&gt;

&lt;p&gt;They are helping with code review, infrastructure operations, customer support, finance reporting, internal knowledge work, workflow automation, and decision support.&lt;/p&gt;

&lt;p&gt;That shift creates a simple but uncomfortable question:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Who is responsible when an AI agent acts?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Most organizations already have controls for humans:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;SSO&lt;/li&gt;
&lt;li&gt;MFA&lt;/li&gt;
&lt;li&gt;IAM roles&lt;/li&gt;
&lt;li&gt;privileged access management&lt;/li&gt;
&lt;li&gt;approval workflows&lt;/li&gt;
&lt;li&gt;audit logs&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;They also have controls for services:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;service accounts&lt;/li&gt;
&lt;li&gt;API keys&lt;/li&gt;
&lt;li&gt;workload identity&lt;/li&gt;
&lt;li&gt;infrastructure logs&lt;/li&gt;
&lt;li&gt;SIEM pipelines&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;But AI agents sit awkwardly between those worlds.&lt;/p&gt;

&lt;p&gt;They are not exactly humans.&lt;br&gt;&lt;br&gt;
They are not exactly services.&lt;br&gt;&lt;br&gt;
They can reason, choose tools, call APIs, and act on behalf of people.&lt;/p&gt;

&lt;p&gt;And in many systems today, they still operate as “just a token.”&lt;/p&gt;

&lt;p&gt;That is the gap CLAIIM is built to close.&lt;/p&gt;

&lt;h2&gt;
  
  
  What CLAIIM Does
&lt;/h2&gt;

&lt;p&gt;CLAIIM is an identity control plane for AI agents.&lt;/p&gt;

&lt;p&gt;It gives each agent a governed identity and checks what that agent is allowed to do &lt;strong&gt;before&lt;/strong&gt; it acts.&lt;/p&gt;

&lt;p&gt;The core idea is simple:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Identity before action.
&lt;/li&gt;
&lt;li&gt;Policy before execution.
&lt;/li&gt;
&lt;li&gt;Proof after every decision.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;With CLAIIM, an organization can answer questions like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Which agent performed this action?&lt;/li&gt;
&lt;li&gt;Which human was accountable for that agent?&lt;/li&gt;
&lt;li&gt;Was the action allowed before it happened?&lt;/li&gt;
&lt;li&gt;Which policy version governed the decision?&lt;/li&gt;
&lt;li&gt;Which skill or capability was active at the time?&lt;/li&gt;
&lt;li&gt;What proof exists after the action?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;That matters because AI governance is not only about model evaluation or prompt safety.&lt;/p&gt;

&lt;p&gt;It is also about operational accountability.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why Existing Controls Are Not Enough
&lt;/h2&gt;

&lt;p&gt;Traditional IAM answers:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;“Can this user or service access this system?”&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;But agent governance needs to answer more specific questions:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;“Can this particular agent, acting for this specific purpose, under this accountable human, perform this action right now?”&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That is a different control problem.&lt;/p&gt;

&lt;p&gt;For example, a DevOps agent might be allowed to deploy to staging, but not production.&lt;/p&gt;

&lt;p&gt;A support agent might be allowed to draft a refund response, but not issue the refund.&lt;/p&gt;

&lt;p&gt;A finance agent might be allowed to read reporting data, but not move money.&lt;/p&gt;

&lt;p&gt;A code review agent might be allowed to comment on a pull request, but not merge it.&lt;/p&gt;

&lt;p&gt;The difference is not only technical. It is organizational.&lt;/p&gt;

&lt;p&gt;AI agents need boundaries that reflect real-world responsibility.&lt;/p&gt;

&lt;h2&gt;
  
  
  The CLAIIM Model
&lt;/h2&gt;

&lt;p&gt;CLAIIM is built around four ideas.&lt;/p&gt;

&lt;h3&gt;
  
  
  1. Governed Agent Identity
&lt;/h3&gt;

&lt;p&gt;Each agent gets its own identity.&lt;/p&gt;

&lt;p&gt;That identity is not just a generic API token. It is tied to the organization, the agent’s allowed capabilities, and the human accountable for its operation.&lt;/p&gt;

&lt;h3&gt;
  
  
  2. Human Accountability
&lt;/h3&gt;

&lt;p&gt;Every governed agent is anchored to a named human.&lt;/p&gt;

&lt;p&gt;That does not mean the human manually approves every action. It means there is a clear accountability chain when the agent acts.&lt;/p&gt;

&lt;p&gt;For regulated or sensitive environments, this becomes essential.&lt;/p&gt;

&lt;h3&gt;
  
  
  3. Policy Before Action
&lt;/h3&gt;

&lt;p&gt;Before an agent performs an action, it asks CLAIIM whether that action is allowed.&lt;/p&gt;

&lt;p&gt;CLAIIM evaluates the request against policy and returns an allow or deny decision.&lt;/p&gt;

&lt;p&gt;The agent can only proceed if the action is allowed.&lt;/p&gt;

&lt;h3&gt;
  
  
  4. Chron Proof
&lt;/h3&gt;

&lt;p&gt;Every allow and deny decision is recorded in Chron, CLAIIM’s audit trail.&lt;/p&gt;

&lt;p&gt;Chron is designed to preserve evidence of:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;the agent&lt;/li&gt;
&lt;li&gt;the action&lt;/li&gt;
&lt;li&gt;the decision&lt;/li&gt;
&lt;li&gt;the accountable human&lt;/li&gt;
&lt;li&gt;the policy version&lt;/li&gt;
&lt;li&gt;the skill version&lt;/li&gt;
&lt;li&gt;the reason for denial, if blocked&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This gives teams evidence after the fact, not just logs scattered across tools.&lt;/p&gt;

&lt;h2&gt;
  
  
  A Simple Example
&lt;/h2&gt;

&lt;p&gt;Imagine a deployment agent.&lt;/p&gt;

&lt;p&gt;It can help a team deploy software, but the organization wants clear boundaries.&lt;/p&gt;

&lt;p&gt;The policy might be:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;allow deployment to staging&lt;/li&gt;
&lt;li&gt;deny deployment to production&lt;/li&gt;
&lt;li&gt;record every decision&lt;/li&gt;
&lt;li&gt;attach the decision to the accountable human and active policy&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;When the agent tries to deploy to staging, CLAIIM allows it.&lt;/p&gt;

&lt;p&gt;When the same agent tries to deploy to production, CLAIIM denies it.&lt;/p&gt;

&lt;p&gt;Both decisions are recorded.&lt;/p&gt;

&lt;p&gt;That is the point: the agent is useful, but not unbounded.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why This Matters Beyond DevOps
&lt;/h2&gt;

&lt;p&gt;The same pattern applies across the organization.&lt;/p&gt;

&lt;p&gt;In support:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;allow drafting a customer response&lt;/li&gt;
&lt;li&gt;block sending it without review&lt;/li&gt;
&lt;li&gt;record who owned the agent&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In finance:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;allow reading reports&lt;/li&gt;
&lt;li&gt;block payment execution&lt;/li&gt;
&lt;li&gt;preserve evidence for audit&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In HR:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;allow summarizing policy documents&lt;/li&gt;
&lt;li&gt;block sensitive employee actions&lt;/li&gt;
&lt;li&gt;log the decision path&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In legal:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;allow document analysis&lt;/li&gt;
&lt;li&gt;block external disclosure&lt;/li&gt;
&lt;li&gt;preserve chain of custody&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The problem is not limited to engineering.&lt;/p&gt;

&lt;p&gt;Any place where an AI agent can act, there needs to be identity, policy, accountability, and proof.&lt;/p&gt;

&lt;h2&gt;
  
  
  Sovereign by Design
&lt;/h2&gt;

&lt;p&gt;CLAIIM is designed to run in the customer’s own environment.&lt;/p&gt;

&lt;p&gt;That means:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;your database&lt;/li&gt;
&lt;li&gt;your policies&lt;/li&gt;
&lt;li&gt;your agent records&lt;/li&gt;
&lt;li&gt;your audit trail&lt;/li&gt;
&lt;li&gt;your infrastructure boundary&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Nivaya does not need to receive your agent activity data for CLAIIM to work.&lt;/p&gt;

&lt;p&gt;That matters for organizations that care about data residency, regulatory boundaries, internal confidentiality, or customer trust.&lt;/p&gt;

&lt;h2&gt;
  
  
  Public Preview
&lt;/h2&gt;

&lt;p&gt;CLAIIM is currently in public preview.&lt;/p&gt;

&lt;p&gt;The preview is for teams exploring how to govern AI agents before those agents become deeply embedded in business workflows.&lt;/p&gt;

&lt;p&gt;It is especially relevant if you are working on:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;AI agent platforms&lt;/li&gt;
&lt;li&gt;internal copilots&lt;/li&gt;
&lt;li&gt;DevOps automation&lt;/li&gt;
&lt;li&gt;support automation&lt;/li&gt;
&lt;li&gt;finance workflows&lt;/li&gt;
&lt;li&gt;regulated AI systems&lt;/li&gt;
&lt;li&gt;security and compliance programs&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The goal of the preview is simple:&lt;/p&gt;

&lt;p&gt;Help teams test the control model early, before agent sprawl becomes another unmanaged identity problem.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try It
&lt;/h2&gt;

&lt;p&gt;Website: &lt;a href="https://claiim.io" rel="noopener noreferrer"&gt;https://claiim.io&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Contact: &lt;a href="mailto:support@claiim.io"&gt;support@claiim.io&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If you are already asking questions like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;“Which agents are running in our organization?”&lt;/li&gt;
&lt;li&gt;“Who owns them?”&lt;/li&gt;
&lt;li&gt;“What are they allowed to do?”&lt;/li&gt;
&lt;li&gt;“Can we prove what happened?”&lt;/li&gt;
&lt;li&gt;“Can we block risky actions before they execute?”&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Then CLAIIM is probably worth a look.&lt;/p&gt;

&lt;p&gt;AI agents are becoming actors inside organizations.&lt;/p&gt;

&lt;p&gt;They need identity.&lt;/p&gt;

&lt;p&gt;They need boundaries.&lt;/p&gt;

&lt;p&gt;They need accountability.&lt;/p&gt;

&lt;p&gt;They need proof.&lt;/p&gt;

&lt;p&gt;That is what CLAIIM is for.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>security</category>
      <category>webdev</category>
      <category>governance</category>
    </item>
    <item>
      <title>Everyone Is Building AI. Nobody Is Governing It.</title>
      <dc:creator>Srinivas Kondepudi</dc:creator>
      <pubDate>Thu, 11 Jun 2026 17:29:05 +0000</pubDate>
      <link>https://dev.to/sirinivask/everyone-is-building-ai-nobody-is-governing-it-87d</link>
      <guid>https://dev.to/sirinivask/everyone-is-building-ai-nobody-is-governing-it-87d</guid>
      <description>&lt;p&gt;Every week there is a new model. A new product. A new funding round.&lt;/p&gt;

&lt;p&gt;And almost none of it comes with a serious answer to this question:&lt;/p&gt;

&lt;p&gt;Is your AI actually governed?&lt;/p&gt;

&lt;p&gt;Not "do you have a policy?", everyone has a policy. I mean: can you prove, from your live systems, which AI tools your employees are actually using, whether sensitive data is reaching consumer AI accounts, and whether your acceptable use policy is being followed in practice?&lt;/p&gt;

&lt;p&gt;Most organisations cannot. Most teams cannot. The evidence is not there.&lt;/p&gt;

&lt;p&gt;I have been building on this problem for the past couple of years. Four products, one principle:&lt;/p&gt;

&lt;p&gt;Is your AI compliant and governed?&lt;/p&gt;

&lt;p&gt;Nitivai, connects to your live environment (identity providers, cloud, AI APIs, endpoints) and surfaces your AI governance posture as verifiable evidence, not a questionnaire. Mapped to EU AI Act, ISO 42001, ISO 27001, SOC 2, and NIVAI-AGF.&lt;/p&gt;

&lt;p&gt;NIVAI, the independent certification body that published NIVAI-AGF framework, with an auditor pool we just launched.&lt;/p&gt;

&lt;p&gt;CLAIIM,  sovereign identity and control plane for AI agents. As agentic AI proliferates, the question shifts from "which tools are your employees using" to "which agents are acting on behalf of your organisation, with what permissions, and with what audit trail."&lt;/p&gt;

&lt;p&gt;Chron, audit-quality logging for every AI conversation, locally deployed. Your conversations. Your database. Nothing leaving your environment.&lt;/p&gt;

&lt;p&gt;The race to build AI is real. The race to govern it has barely started.&lt;/p&gt;

&lt;p&gt;And one day, sooner than most teams expect, a user, a customer, a regulator is going to ask: are you feeding my personal data stored in your apps to AI?&lt;/p&gt;

&lt;p&gt;What is your answer?&lt;/p&gt;

&lt;p&gt;Genuinely curious what the developer community thinks. Are you seeing governance and compliance come up in the products you are building? Or is it still treated as an afterthought?&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnyw8rfasfamvdan440c6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnyw8rfasfamvdan440c6.png" alt=" " width="800" height="530"&gt;&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>security</category>
      <category>discuss</category>
      <category>webdev</category>
    </item>
    <item>
      <title>How to stream Claude Code audit logs into Microsoft Sentinel (with Chron)</title>
      <dc:creator>Srinivas Kondepudi</dc:creator>
      <pubDate>Tue, 26 May 2026 15:41:50 +0000</pubDate>
      <link>https://dev.to/sirinivask/how-to-stream-claude-code-audit-logs-into-microsoft-sentinel-with-chron-49jb</link>
      <guid>https://dev.to/sirinivask/how-to-stream-claude-code-audit-logs-into-microsoft-sentinel-with-chron-49jb</guid>
      <description>&lt;p&gt;If your team uses Claude Code (or any MCP-based AI tool), those sessions are currently invisible to your security stack. No SIEM events. No audit trail. Nothing.&lt;/p&gt;

&lt;p&gt;Chron fixes that. It's an MCP server that logs every AI session to a local SQLite database and can relay structured metadata events to your SIEM. This post walks through the Azure Sentinel integration end to end.&lt;/p&gt;

&lt;p&gt;What gets logged&lt;/p&gt;

&lt;p&gt;Chron transmits metadata only, never message content:&lt;/p&gt;

&lt;p&gt;Event Fields&lt;br&gt;
session_started session ID prefix, AI tool, timestamp, OS&lt;br&gt;
message_logged  role (user/assistant), session ID prefix&lt;br&gt;
secret_detected detection type, masked value&lt;br&gt;
Prerequisites&lt;/p&gt;

&lt;p&gt;Chron installed (npm install -g chron-mcp or via npx)&lt;br&gt;
Azure subscription with a Log Analytics workspace&lt;br&gt;
App Registration with a client secret&lt;br&gt;
Azure setup (5 steps)&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Create a Data Collection Endpoint (DCE) — Azure Portal &amp;gt; Monitor &amp;gt; Data Collection Endpoints &amp;gt; Create&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Create a custom table — Log Analytics workspace &amp;gt; Tables &amp;gt; Create &amp;gt; New custom log (MMA-based) — name it ChronEvents_CL, add columns: EventType, SessionIdPrefix, AiTool, OS, ChronVersion, Computer, Role, DetectionType, MaskedValue (all string type)&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Create a Data Collection Rule (DCR) — Monitor &amp;gt; Data Collection Rules &amp;gt; Create, point the stream Custom-ChronEvents_CL to your workspace table&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Assign role — on the DCR resource, add your App Registration as Monitoring Metrics Publisher&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Note down your Tenant ID, Client ID, Client Secret, DCE URL, and DCR Immutable ID (starts with dcr-)&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Connect Chron&lt;br&gt;
chron connect sentinel&lt;/p&gt;

&lt;p&gt;The CLI prompts for your credentials, authenticates against Azure AD, sends a test event, and patches ~/.claude.json automatically. You should see the test event in Log Analytics within 5-10 minutes (first ingestion into a new custom table can take up to 15 min).&lt;/p&gt;

&lt;p&gt;Verify in Log Analytics&lt;/p&gt;

&lt;p&gt;ChronEvents_CL&lt;br&gt;
| order by TimeGenerated desc&lt;br&gt;
| take 10&lt;/p&gt;

&lt;p&gt;If the table doesn't appear yet, check the DCR &amp;gt; Monitoring tab for ingestion errors. The most common issue is a missing Monitoring Metrics Publisher role on the DCR (not the workspace).&lt;/p&gt;

&lt;p&gt;What you get&lt;/p&gt;

&lt;p&gt;Once connected, every Claude Code session generates a real-time stream of events in your Sentinel workspace. You can build workbooks, alerts, and hunting queries on top of it — e.g. alert when EventType == "secret_detected", or track AI tool adoption across your org by machine ID.&lt;/p&gt;

&lt;p&gt;Issues can be logged here: &lt;a href="https://github.com/SirinivasK/chron" rel="noopener noreferrer"&gt;https://github.com/SirinivasK/chron&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftfhll9yq1u2vudlc9fdm.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftfhll9yq1u2vudlc9fdm.png" alt="AI Session logs from Chron to Azure" width="800" height="383"&gt;&lt;/a&gt;&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>mcp</category>
      <category>governance</category>
    </item>
    <item>
      <title>How I wired chron into CrowdStrike LogScale - and shipped 5 dashboards with it</title>
      <dc:creator>Srinivas Kondepudi</dc:creator>
      <pubDate>Mon, 18 May 2026 15:12:03 +0000</pubDate>
      <link>https://dev.to/sirinivask/how-i-wired-chron-into-crowdstrike-logscale-and-shipped-5-dashboards-with-it-2oeh</link>
      <guid>https://dev.to/sirinivask/how-i-wired-chron-into-crowdstrike-logscale-and-shipped-5-dashboards-with-it-2oeh</guid>
      <description>&lt;p&gt;In my first post I wrote about why I built chron, an MCP server that logs every AI conversation to local SQLite. This one is about what I built next: streaming those events into CrowdStrike LogScale so security teams can see AI activity across their org.&lt;/p&gt;

&lt;p&gt;The problem with local-only logging&lt;br&gt;
chron stores everything locally. That's good for individuals, your data, your machine, no cloud. But for an org with 50 developers all using Claude or Cursor, "local SQLite per machine" doesn't give anyone a picture of what's happening org wide.&lt;/p&gt;

&lt;p&gt;Security teams need a centralized view. And they already have one: their SIEM.&lt;/p&gt;

&lt;p&gt;Why LogScale (Humio)&lt;br&gt;
CrowdStrike acquired Humio in 2021 and rebranded it LogScale. It's one of the fastest log ingestion systems available, and it's already deployed at most enterprises that take security seriously. If I could get chron events into LogScale, I'd be sending data somewhere security teams already look.&lt;/p&gt;

&lt;p&gt;LogScale has a clean structured ingest API. You POST an array of events, each with a timestamp and key-value attributes. No schema to define upfront, it's schema less by default.&lt;/p&gt;

&lt;p&gt;The relay design&lt;br&gt;
I wanted the integration to be genuinely zero-friction for chron's critical path. Logging a message should never slow down because the relay is having a bad day.&lt;/p&gt;

&lt;p&gt;The solution: fire-and-forget via setImmediate.&lt;/p&gt;

&lt;p&gt;export function emitEvent(payload: ChronEventPayload): void {&lt;br&gt;
  const url = process.env.CHRON_LOGSCALE_URL;&lt;br&gt;
  const token = process.env.CHRON_LOGSCALE_TOKEN;&lt;br&gt;
  if (!url || !token) return;&lt;/p&gt;

&lt;p&gt;setImmediate(() =&amp;gt;&lt;br&gt;
    fetch(url, {&lt;br&gt;
      method: 'POST',&lt;br&gt;
      headers: {&lt;br&gt;
        'Authorization': &lt;code&gt;Bearer ${token}&lt;/code&gt;,&lt;br&gt;
        'Content-Type': 'application/json',&lt;br&gt;
      },&lt;br&gt;
      body: buildLogScalePayload(payload),&lt;br&gt;
    }).catch(() =&amp;gt; undefined)&lt;br&gt;
  );&lt;br&gt;
}&lt;br&gt;
setImmediate pushes the fetch to the next iteration of the event loop, after the current operation completes. The .catch(() =&amp;gt; undefined) means a failed relay never surfaces as an error. The audit log always writes to local SQLite first. The relay is best effort.&lt;/p&gt;

&lt;p&gt;Three event types&lt;br&gt;
chron emits exactly three event types to LogScale:&lt;/p&gt;

&lt;p&gt;session_started - when a new AI session begins. Includes the AI tool name and an anonymized machine ID (SHA-256 of hostname, truncated to 16 chars).&lt;/p&gt;

&lt;p&gt;message_logged - when a message is recorded. Includes role (user/assistant), timestamp, session prefix. Message content never leaves the machine.&lt;/p&gt;

&lt;p&gt;secret_detected - when the auto-scanner finds a credential in a user message. Includes detection type (aws_key, github_token, etc.) and a masked value. The real value stays local.&lt;/p&gt;

&lt;p&gt;That last point matters: chron's secret detection is designed to alert without exfiltrating. The masked value in LogScale tells the CISO "a GitHub token appeared in a developer's AI prompt on this machine at this time." The token itself is not in LogScale.&lt;/p&gt;

&lt;p&gt;The connect CLI&lt;br&gt;
Getting the credentials set up should be one command, not a documentation page.&lt;/p&gt;

&lt;p&gt;chron connect crowdstrike&lt;br&gt;
This prompts for your LogScale URL and ingest token, sends a real test event, validates the HTTP 200 response, and saves the config to ~/.chron/config.json. It also prints the exact env block to paste into ~/.claude.json so the credentials load automatically on every Claude Code session.&lt;/p&gt;

&lt;p&gt;Five dashboards, ready to import&lt;br&gt;
The hardest part of a new data source isn't the ingest — it's getting useful queries in front of the people who need them. I shipped five LQL queries and one importable dashboard YAML with chron 0.1.14.&lt;/p&gt;

&lt;p&gt;The dashboard covers:&lt;/p&gt;

&lt;p&gt;AI tool usage by count (which tools are developers actually using)&lt;br&gt;
Daily active developers by machine&lt;br&gt;
Sessions per developer&lt;br&gt;
Secret detections by type over time&lt;br&gt;
API key alert query for scheduled SOC alerting&lt;br&gt;
Import the YAML into LogScale and all five widgets are live. If you have chron running on even one machine, you'll see data immediately.&lt;/p&gt;

&lt;p&gt;What's next&lt;br&gt;
The relay currently supports LogScale and a generic HTTP endpoint (CHRON_RELAY_URL). Splunk, Elastic, and Datadog integrations are on the roadmap, the event schema is the same, just different destination formats.&lt;/p&gt;

&lt;p&gt;If you're running LogScale and want to try it:&lt;/p&gt;

&lt;p&gt;npx -y chron-mcp&lt;br&gt;
chron connect crowdstrike&lt;br&gt;
Restart Claude Code or Cursor, have a conversation, and watch the events appear in your LogScale stream.&lt;/p&gt;

&lt;p&gt;github.com/sirinivask/chron&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvthhivqzqabz07us8x9c.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvthhivqzqabz07us8x9c.png" alt=" " width="800" height="533"&gt;&lt;/a&gt;&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>claude</category>
      <category>mcp</category>
    </item>
    <item>
      <title>I built an MCP server to log every AI conversation, here's what I learned</title>
      <dc:creator>Srinivas Kondepudi</dc:creator>
      <pubDate>Wed, 13 May 2026 17:47:43 +0000</pubDate>
      <link>https://dev.to/sirinivask/i-built-an-mcp-server-to-log-every-ai-conversation-heres-what-i-learned-c28</link>
      <guid>https://dev.to/sirinivask/i-built-an-mcp-server-to-log-every-ai-conversation-heres-what-i-learned-c28</guid>
      <description>&lt;p&gt;Every serious system gets audited; databases, code, finances. AI shouldn't be the exception. I'm building the tools to close that gap. chron is the first one.&lt;/p&gt;

&lt;p&gt;The problem&lt;/p&gt;

&lt;p&gt;I was doing long coding sessions with Claude. We'd work through a problem, make decisions, figure out an approach together. Then the context window fills up. It resets. And suddenly the AI has forgotten everything, but I still need to know what we decided and why.&lt;/p&gt;

&lt;p&gt;I wanted a permanent local record. Not stored in some cloud. Not owned by any AI company. Just mine, on my machine, in a format I can actually read.&lt;/p&gt;

&lt;p&gt;What is MCP?&lt;br&gt;
MCP (Model Context Protocol) is an open standard from Anthropic that lets you extend Claude with custom tools. Think of it like a plugin system, you build a server that exposes tools, Claude learns to call them, and suddenly your AI can do things it couldn't before.&lt;/p&gt;

&lt;p&gt;I'd never built one before. This was my first.&lt;/p&gt;

&lt;p&gt;Turns out it's simpler than it sounds. You define a tool with three things:&lt;/p&gt;

&lt;p&gt;A name Claude can call&lt;br&gt;
A description Claude reads to know when to use it&lt;br&gt;
An input schema so Claude knows what arguments to pass&lt;br&gt;
That's it. Claude figures out the rest.&lt;/p&gt;

&lt;p&gt;What I built&lt;br&gt;
chron; an MCP server that automatically logs every AI conversation to a local SQLite database. Every message. Every timestamp. Fully yours.&lt;/p&gt;

&lt;p&gt;npx -y chron-mcp&lt;br&gt;
Run that once in your terminal. It detects which AI tools you have installed, Claude Desktop, Claude Code, Cursor, Windsurf, and configures them automatically. Restart your AI tool. Done. Everything gets logged from that point on, with zero manual steps.&lt;/p&gt;

&lt;p&gt;Three things I built that were interesting&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Hash chaining&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Each message stores a SHA-256 hash that includes the previous message's hash, same idea as a blockchain, but much simpler. It means you can verify the log hasn't been tampered with. If anyone edits an old message, every hash after it breaks.&lt;/p&gt;

&lt;p&gt;message 1: hash(content)           → abc123&lt;br&gt;
message 2: hash(content + abc123)  → def456&lt;br&gt;
message 3: hash(content + def456)  → ghi789&lt;br&gt;
Run verify_session and chron walks the chain. Any break means tampering.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Auto-setup&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The hardest part of building an MCP server isn't the server, it's getting people to install it. Writing JSON config files by hand is a real barrier.&lt;/p&gt;

&lt;p&gt;So npx -y chron-mcp now does it automatically. It reads your filesystem, detects which AI clients are installed, writes their config files, and installs a SessionStart hook in Claude Code so the logging skill loads on every new session. One command, restart, works.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;The SessionStart hook&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Claude Code has a hook system; shell commands that run automatically at session start. I use this to inject the chron skill instructions so Claude knows to call the logging tools without you doing anything. This was the missing piece. Without it, the MCP server is registered but idle.&lt;/p&gt;

&lt;p&gt;What surprised me&lt;br&gt;
The install experience is harder than the feature itself. Getting the MCP server running took a day. Getting it to work without any user configuration took a week.&lt;/p&gt;

&lt;p&gt;Also: npm download counts are mostly bots. chron crossed 1,000 downloads in the first week, but honest estimate is maybe 50–150 real humans. Security scanners and registry mirrors download every new package automatically. Worth knowing before you celebrate.&lt;/p&gt;

&lt;p&gt;What's next&lt;br&gt;
The data is locked in SQLite right now. The next step is a local web UI — npx chron-mcp --ui opens a browser showing your sessions, messages, and stats. If AI is doing real work, you should be able to read the log without writing SQL.&lt;/p&gt;

&lt;p&gt;If you use Claude, Cursor, or Windsurf and you care about keeping a record of your AI conversations, give it a try.&lt;/p&gt;

&lt;p&gt;npx -y chron-mcp&lt;br&gt;
GitHub: github.com/sirinivask/chron&lt;/p&gt;

&lt;p&gt;I'm happy to answer questions about building MCP servers, it's genuinely worth learning right now.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4a18k3p26p74cub48o1d.jpeg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4a18k3p26p74cub48o1d.jpeg" alt=" " width="800" height="414"&gt;&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>productivity</category>
      <category>beginners</category>
      <category>mcp</category>
    </item>
  </channel>
</rss>
