Malviont is where execution happens: in the editor when you commit, and across your ops tools when something breaks. It catches unsafe commits before they ship and assembles incident context so triage starts in minute two, not minute forty.
What Malviont does
- Fridy: a VS Code extension that runs Deploy Safety and Quick Peek inside your editor.
- Deploy Safety: AST-based scanning that blocks secrets and flags risky config before a commit lands.
- CI/CD Hub: a real view of CI runs and deploys, ingested from your CI providers over webhooks.
- Incident triage (Attention Tab): parallel context assembly across Datadog, Sentry, GitHub, Slack, and the other layers when an incident fires.
- On-Call: who is on call now, synced from PagerDuty.
Where each piece runs
This matters for understanding the product. Deploy Safety and Quick Peek run locally inside the extension. The Attention Tab and Notifications are pages in the Malviont web app that the extension opens for you. So "Fridy shows you the incident" means Fridy opens the Malviont attention page; the heavy scanning work stays on your machine.
Source code never leaves the extension. Only file paths and environment-variable names are sent to the backend, never the code itself.
Real data, once connected
The CI/CD Hub, incident triage, and on-call all read real data that arrives from your connected tools over webhooks. Before you connect a CI provider or PagerDuty, those surfaces show empty results rather than placeholder data.