Platform teams
You support engineers, not write all the code yourself. You need governance without becoming the bottleneck.
Enrol your hosts, spawn agent sessions per team, and watch every transcript — end-to-end encrypted with keys we cannot decrypt.
You shipped agents to engineering. Compliance, finance, and your CISO want answers now. Synaptyx has them - without a new stack.
"My team uses coding agents but I have no audit trail."
Audit signing chain. Every event Ed25519-signed, hash-chained, and verifiable by anyone with your public key.
"One API key per vendor, shared across the whole org."
Per-team key, per-team budget. Each team gets its own wrapped key, live burn-rate per team, user, and repo, plus a hard USD cap that stops spend on breach.
"Compliance asked for proof we don't leak prompts."
BYOK end-to-end encryption. Your prompts and transcripts are stored as ciphertext under your team key - lose the passphrase and everyone loses the data, including us.
199/199
Automated suites green: crypto, RLS, auth, secrets.
21/21
Live E2EE write/share ceremony.
< 5 min
Deploy-from-zero to a governed agent session.
5+
Agent backends on a real daemon.
Ed25519 signs every audit row. Tamper-evident hash chain. Verify any range cryptographically against your public per-company key.
Learn moreStream signed audit events to Splunk, Datadog, Elastic, Microsoft Sentinel, or S3 WORM. mTLS + JWT, retry with backoff.
Learn more{
"class_uid": 3002,
"activity_name": "Create",
"actor": { "user": "dev@example.com" },
"signature": "ed25519:3f9a…c21b"
}OIDC login from Okta, Azure AD, Google. Optional SCIM 2.0 for full user lifecycle. JIT-provision groups on first login.
Learn morePer-team, per-user, per-repo cost visibility with real-time burn-rate. Token cost attributed to the exact prompt. Seat limits plus configurable USD caps that hard-stop, notify, or warn on breach.
Learn morexterm-accurate playback with scrubber, bookmarks, lazy keyframes. Your full retention window at your fingertips.
Learn moreSigned mega-tarball. Customer-supplied license JWS. Caddy internal CA. Optional offline update server, polled - never push.
Learn moreWire agent and exec steps into a DAG, validate it, run it, and watch the run record live. Starter templates and a visual canvas. Tenant-scoped; node timeout sends SIGTERM.
Learn moreOpt-in per-company policy to run agent sessions in an isolated network namespace (netns). Egress is denied by default, so an agent can't exfiltrate over the network. Default off.
Learn moreDaemon over mTLS, one-time approval, TOFU pin.
Any backend, RLS isolation, admins manage - don't snoop.
Live xterm stream, frame-by-frame replay, permission events.
Signed audit to SIEM, per-repo USD attribution, hard caps.
The daemon enrols over mTLS by default. One-time approval mints a per-host token, and TOFU cert pinning locks in the host's identity from the first handshake.
Team members spawn agent sessions on any backend, scoped to their team. Row-level security isolates every row, so admins manage access - they don't snoop on your prompts.
| team | session | status |
|---|---|---|
| payments-api | cl-9832 | live |
| payments-api | cl-9840 | live |
| ◐ other teams' rows — RLS-hidden from this admin | ||
Watch sessions live over an xterm stream, then scrub frame-by-frame in replay with bookmarks. Every permission event lands as a marker on the timeline.
Every action is signed and pushed straight to your SIEM. Per-repo USD attribution and hard spend caps land before the invoice does.
{
"class_uid": 3002,
"sink": "splunk-prod",
"repo": "monorepo/api",
"signature": "ed25519:9c2f…7ab1"
}Hosted SaaS, or self-host the signed mega-bundle air-gapped - same binary, your hardware.
The portal is what your platform team lives in. An interactive preview of the operator console.
Not "we promise". Cryptographic proof. Auditable cryptography. Self-hostable when your auditor demands it.
A real 5-row sample audit chain, embedded right in this page. Recompute every SHA-256 hash, check every Ed25519 signature - live, in your browser, right now.
| ts | event | prev_hash | hash | sig | status |
|---|---|---|---|---|---|
| 2026-06-30T09:12:04Z | session.spawn | 00000000…000000 | 1fc9478e…d23310 | OyglWI4l…HbCQ== | |
| 2026-06-30T09:14:51Z | permission.approved | 1fc9478e…d23310 | f51cd7d3…62b875 | DJELgYNW…mFBQ== | |
| 2026-06-30T09:21:37Z | secret.access | f51cd7d3…62b875 | 0951657e…440f92 | kkygR5aa…eyBA== | |
| 2026-06-30T09:44:02Z | policy.updated | 0951657e…440f92 | 5fd659a7…20aa98 | e4dkZY5U…lkCA== | |
| 2026-06-30T10:03:19Z | session.closed | 5fd659a7…20aa98 | 99022532…b4952f | MFUtvbrJ…6vCw== |
Not verified yet - press Verify chain.
| Anthropic Console | Synaptyx | |
|---|---|---|
| Per-team budgets | ◐ org only | ✓ |
| Audit signing chain (Ed25519) | ✗ | ✓ |
| SIEM push | ✗ | ✓ |
| Self-host air-gapped | ✗ | ✓ |
| BYOK end-to-end encryption | N/A | ✓ |
| Session replay (xterm) | ✗ | ✓ |
| SCIM 2.0 provisioning | ◐ | ✓ |
| Source-available | ✗ | ✓ |
| Time to first agent | hours | < 5 min |
| LLM Gateways | Synaptyx | |
|---|---|---|
| Layer governed | model API request / response | agent execution on the host |
| Per-session capture + xterm replay | – | ✓ |
| Transcript BYOK end-to-end | – | ✓ |
| Signed audit chain (Ed25519) | access logs | ✓ |
| Host enrolment + per-team RBAC | – | ✓ |
| Cost attribution | per API key | per repo · team · session |
| Self-host air-gap | some | ✓ |
Complementary, not competitive: gateways route the API traffic; Synaptyx proves who ran which agent, on what, under whose key — and caps the spend. Run on top of any gateway.
| Build it yourself | Synaptyx | |
|---|---|---|
| Per-team budgets | ✗ | ✓ |
| Audit signing chain (Ed25519) | build it | ✓ |
| SIEM push | ✗ | ✓ |
| Self-host air-gapped | depends | ✓ |
| BYOK end-to-end encryption | depends | ✓ |
| Session replay (xterm) | ✗ | ✓ |
| SCIM 2.0 provisioning | ✗ | ✓ |
| Source-available | N/A | ✓ |
| Time to first agent | weeks | < 5 min |
You support engineers, not write all the code yourself. You need governance without becoming the bottleneck.
You answer to auditors. You need cryptographic evidence, not policy PDFs. SIEM streams that prove a negative.
Your team is already using Claude. You want oversight without spying - and a number to show the CFO.
Per-seat pricing for teams and organizations. Annual billing saves 17%.
For individuals - secure agent workflows and memory across your devices, no team needed.
For engineering orgs that need governance without slowdown.
Whatever your CISO signs off on.