Know what your AI coding agents are doing.

Your engineers use Claude Code, Codex, Gemini, Cursor, and Copilot every day. Every session generates file writes, test runs, and package installs. Today, none of it is audited.

SessionFS captures every AI coding session automatically — across 8 tools, with zero developer behavior change. The audit trail your compliance team needs. The visibility your CISO demands.

Contact Enterprise Sales View docs

The shadow AI problem

AI coding agents are already on your network. The question is whether you can see what they do.

80.9%

of engineering teams run AI agents without full security approval

24.4%

have visibility into AI agent communications

$670K

more per incident when shadow AI is involved

Sources: Gravitee 2026, Microsoft Data Security Index 2026

Complete visibility

SessionFS captures every session across 8 tools automatically. No developer behavior change required. No agents to install in each tool. One daemon watches everything.

Claude Code Codex Gemini Copilot Cursor Amp Cline Roo Code

session list

$ sfs list --today

Sessions (12)

ID	Tool	Msgs	Title
ses_a1b2	claude-code	47	Debug auth middleware
ses_c3d4	codex	31	Refactor database schema
ses_e5f6	gemini	23	Add rate limiting
ses_g7h8	cursor	52	Implement OAuth2 flow
ses_i9j0	amp	18	Write migration script

AI-verified audit trail

LLM Judge cross-references every claim an AI agent makes against the actual evidence in your codebase. CWE classification. Confidence scores. Dismiss false positives with a single command.

Runs automatically on sync or PR/MR. Contradiction reports appear directly in GitHub PR comments and GitLab MR threads.

audit report

$ sfs audit ses_a1b2

Trust Score: 87% | Claims: 23 | Verified: 18 | Contradictions: 2

CRITICAL [CWE-393] Confidence: 94%

Claim: "All tests pass with exit code 0"

Evidence: exit code 1, 3 tests failed

HIGH [CWE-552] Confidence: 78%

Claim: "Created config.yaml with database settings"

Evidence: File not found in workspace

Secrets never leave

DLP scanning detects sensitive content before any session syncs to the cloud. AWS keys, connection strings, API tokens, and 18 PHI identifiers for HIPAA compliance. BLOCK, REDACT, or WARN policies per organization.

BAA available for healthcare deployments.

dlp scan

$ sfs push ses_abc

DLP scan...

AWS_ACCESS_KEY detected in message 23

CONNECTION_STRING detected in message 41

Policy: REDACT

2 secrets redacted. Session pushed.

DLP scanning — coming in v1.0

Your data. Your boundary.

Session data never touches shared infrastructure. Choose how you deploy — we isolate the data either way.

Managed · Single-Tenant

We operate it. Your data stays yours.

Dedicated database and storage bucket — no shared infra. We handle updates, monitoring, scaling, and support. Zero DevOps on your side.

✓Dedicated PostgreSQL
✓Dedicated storage bucket
✓Managed updates & patches
✓99.9% uptime SLA
✓Zero Kubernetes required

Contact Sales

Self-Hosted · Your Cloud

You operate it. We support it.

Helm chart deploys to AWS EKS, GCP GKE, Azure AKS, or on-prem. Full network isolation. Bring your own PostgreSQL and object store.

✓Full network isolation
✓Air-gapped option
✓Your RDS / Cloud SQL
✓Your S3 / GCS bucket
✓HIPAA BAA available

helm deploy

$ helm install sessionfs ./charts/sessionfs \

--set license.key="sfs_helm_xxx" \

--set license.mode="local" \

--values values.prod.yaml

✓ API ready
✓ Dashboard ready
✓ Migrations applied

View Helm docs

Both options include dedicated support, custom SLA, and 14-day trial license.

Security & compliance

Designed for regulated industries and security-conscious teams. SessionFS self-hosted gives you complete control over access, storage, and audit trails.

Ask about compliance requirements →

✓

HIPAA-ready deployment

Air-gapped install with no external network calls. All session data stays within your VPC.

✓

SAML SSO

Integrate with Okta, Azure AD, or any SAML 2.0 identity provider for centralized access control.

✓

Full audit log

Every session write, push, handoff, and audit is logged with user, timestamp, and IP. Exportable for SIEM.

✓

Organizations + RBAC

Admin and member roles with organization management. Team-scoped session visibility with per-repo isolation and tier-based feature gating.

✓

DLP / Secret scanning

18 PHI identifiers, BLOCK/REDACT/WARN policies per organization. Detects API keys, connection strings, and tokens before sync. (Coming v1.0)

✓

License management

Trial keys, paid licenses, cloud or local validation. Self-hosted license server for air-gapped environments.

✓

SLA & dedicated support

Guaranteed uptime SLA, named support contact, and direct Slack channel for enterprise accounts.

"A major healthcare organization deploys SessionFS on AWS EKS with full network isolation for HIPAA compliance."

— Enterprise deployed, HIPAA environment

Talk to the team

Self-hosted deployment, compliance requirements, custom SLA, and pricing for large teams.

14-day trial license available for self-hosted evaluation.

We typically respond within one business day.

Contact Enterprise Sales