Read-only observability for live production.
Most tools hand an agent the service account. Heimdall scopes it to its own.
An open-source observability platform that gives an AI agent read-only, scoped access to your live production systems — repositories, deployment platforms, and databases. Connect Fly.io, AWS, Azure, and GCP once, and an agent can monitor, analyse, and investigate incidents in realtime. The distinction that matters: it reads only what it is permitted to read — never the unbounded reach of a shared service account.
Link your repositories, deployment platforms — Fly.io, AWS, Azure, GCP — and databases once. Heimdall holds the integrations, so an agent never touches raw credentials to any of them.
An agent watches logs, metrics, deployments, and database state in realtime — across every connected system, through a single read-only surface.
When production breaks, the agent traces the fault across services — the failing logs, the recent deploy, the rows behind it — and reports what it found.
Read-only by construction. Each agent bounded to its own role at the database. Live state from every connected system, correlated into one investigation.
Heimdall is a cloud-hosted observability platform that gives an agent a single read-only window onto live production state — source repositories, deployment platforms, and databases — built on a foundation that queries live system state rather than scraping dashboards. The agent can read logs, inspect deploys, and query rows, but holds no write capability anywhere. There is no path from observation to mutation; the surface simply does not expose one.
Most agentic-observability tools hand the agent a service account and let it see whatever that account can — collapsing the distinction that matters most. Heimdall enforces row-level security with a role-split: an agent's reach is bounded by its own role, in the database, not by the broad credentials of a shared service account. What a given agent is allowed to read is decided at the data layer and cannot be widened from inside the agent. This is the access-control milestone the platform was built around.
An incident rarely lives in one place. Heimdall lets an agent correlate across the connected systems in realtime — reading the failing logs, the deploy that preceded them, and the database state behind the symptom — iterating until it can name a probable cause. Not a static dashboard an operator reads, but a live surface an agent reasons over, then explains in plain language with the evidence it used.
Connecting a target is a one-time action: link a platform and Heimdall holds the integration, scope an agent to its own role, and it begins reading live state — bounded by that role for as long as it runs. A Go service brokers every connection so credentials stay with the platform, never the agent. One surface across repositories, deployments, and databases; one role per agent; realtime throughout.
Heimdall is an open-source observability platform that gives an AI agent read-only, scoped access to live production systems — source repositories, deployment platforms, and databases. Connect Fly.io, AWS, Azure, and GCP once, and an agent can monitor, analyse, and investigate incidents in realtime through a single read-only surface.
Yes. Heimdall is open source under the Apache 2.0 license, with source at github.com/kaminocorp/heimdall.
Heimdall is in development and not yet publicly available; its page lists the status as In Development with a Coming Soon call to action. The most recent milestone recorded is the row-level-security role-split at v0.48.
Heimdall differs from handing an agent a shared service account with unbounded reach. It enforces row-level security with a role-split, so an agent reads only what its own database role permits — a boundary decided at the data layer that cannot be widened from inside the agent — and the surface is read-only by construction, exposing no path from observation to mutation.
Heimdall is written in Go, with a Go service brokering every connection so that credentials stay with the platform and never reach the agent. It can be self-hosted and queries live system state directly rather than scraping dashboards.