Alma by Olivares AI is an enterprise governance platform that integrates, manages, and secures AI agents and sessions across your infrastructure — built around Claude but vendor-neutral, self-hosted, and open-core.
What is Alma?
Alma is a self-hosted governance plane for AI agents. It passively discovers every agent, session, MCP server, and model already running in your environment, builds a per-resource access map (read vs. read/write), enforces policy at access time, and exports an append-only, tamper-evident audit ledger. It does not proxy traffic or require calls home. Built by Olivares AI and released under AGPL-3.0, Alma runs as a single container or binary on your own infrastructure.
Key Features
- Access map — Visual graph showing what each agent can reach (R/RW) and what it actually touches, with drift detection (e.g., an unreviewed write flagged in orange the moment it appears).
- Policy enforcement — Declarative policies (agent, resource, allow/deny) enforced at access time — blocked, not just logged — with on-violation actions like block + alert.
- Inventory — Lists all agents, sessions, hosts, models, surfaces, and spend in a single view, filterable by host or group.
- Spend tracking — Per-agent cost over 30 days with trend, model breakdown, and percentage of total.
- Audit ledger — Append-only, hash-chained ledger recording every access attempt (allowed/denied) with timestamps.
- Compliance mapping — Maps controls to frameworks (EU AI Act, NIST AI RMF, ISO 42001, SOC 2) with coverage percentages.
- Kill switch — Emergency stop console to halt or persist agent access across the estate.
- Observability — Standards-based ingestion health, trace drill-down, and interoperability status.
Who is it for?
- Platform teams — Deploy Alma as a single container, let it discover all agents and resources running across cloud and on-prem, then set policies to enforce least-privilege access.
- Security teams — Monitor the access map for drift, review flagged writes, and block unauthorized resource access at enforcement time.
- Compliance officers — Map governance controls to AI regulations (EU AI Act, NIST AI RMF) and export tamper-evident audit trails for evidence.
- FinOps teams — Track per-agent model spend over 30 days, set budgets, and detect cost anomalies.
How does it work?
- Deploy — Run a single container or binary on your own infrastructure. No account, no cloud dependency, no calls home.
- Discover — Alma passively finds every agent, session, MCP server, and model already running — no mandatory proxy.
- Map — It builds the access graph: what each agent can reach and what it actually touches, read versus read/write.
- Govern — Set policy, watch for drift, and export audit evidence. Visibility becomes control as your estate grows.
Pricing
Alma is paid with a self-hosted open-core tier available under AGPL-3.0. A commercial license and dedicated enterprise tier are available for organizations that need them.
FAQ
Is Alma free to use?
The complete product is free to self-host under AGPL-3.0 with no feature gates on the core. A commercial license is available when your organization needs support or enterprise features.
Does Alma require internet access?
No. Alma runs fully air-gapped — it makes no mandatory calls home and works in isolated, regulated networks.
Which AI models and platforms does Alma support?
Vendor-neutral: Alma works with Claude, OpenAI, Gemini, Llama, Ollama/vLLM, and any MCP-compatible server. It also integrates with Postgres, S3, Vault, Kafka, Kubernetes, AWS, and Cloudflare.
How does Alma enforce policy?
Policies are defined declaratively (agent, resource, allow/deny) and enforced at access time — blocked actions are recorded in the audit ledger. The kill switch provides emergency estate-wide stops.