Skip to content
Synaptyx
Audit & compliance

Cryptographically signed, tamper-evident audit trail.

Every action - sessions, commands, secret access, policy edits - is hashed, linked to the previous entry, and signed with an Ed25519 key sealed in TPM. Anyone with your public key can verify the chain offline.

prev_hash↓
prev_hash↓
prev_hash↓
verified↓

How it works

1
Action happens
A user spawns a session, an agent reads a file, an admin edits a policy.
2
Hashed & linked
Entry hashed (sha256) with a reference to the previous row's hash.
3
Ed25519 signed
Signature produced by a key sealed in TPM - never leaves the hardware.
4
Verified offline
Anyone with the company's public key can verify the chain - no API call to us required.

Deep dives

Hash chaining
Each entry's prev_hash field is the sha256 of the prior row. Delete row N and rows N+1 onward all stop verifying - the chain is broken visibly.
Signing & TPM seal
On self-host, the signing key is sealed to the TPM and unwrapped only inside the audit-signer process. On managed cloud, the key lives in a cloud KMS (AWS KMS, GCP KMS, or HashiCorp Vault Transit) - same guarantees.
Paged verification
Big chains verify in 10k-row segments with a progress bar - no need to load 1.2M rows into memory.

Verify the chain yourself

shell Β· verify CLI
$ synaptyx audit verify --from 8400 --to 8500 [segment 8400-8499] ok signed_at=2026-05-24T10:42:18Z [segment 8500-8500] ok signed_at=2026-05-24T10:42:24Z ───────────────────────────────────────────────────────── chain intact: 1,284,309 entries Β· 0 tampered Β· 0 gaps

Tamper-evident, not just tamper-resistant.

You don't get a promise that we won't change records - you get a mathematical guarantee that we cannot. Even if our database is compromised, the broken chain proves the breach.

Compare

SynaptyxPlain DB logsAppend-only log
Tamper-evidentyesnono signature
Cryptographic proofEd25519 + sha256nonenone
Offline verificationCLI Β· pubkey onlynovendor required
Per-tenant signing keyTPM-sealednoshared key
Paged verification10k segmentsnoload all in memory

FAQ

A new key is generated. Pre-rotation rows stay verifiable with the old pubkey; post-rotation rows use the new one. Lost-without-rotation means the chain becomes append-only without future signatures, but everything signed up to that point is still verifiable.
An auditor verifies the chain with synaptyx audit verify --from <n> --to <n> - every entry's Ed25519 signature is checked against your company's published key. For long-term retention, the full signed log also streams to your SIEM or an S3 WORM bucket they control.
Signing is batched (10-50 entries per signature) and runs in a dedicated audit-signer goroutine. Action latency adds about 2 ms p99.
Inside the TPM 2.0 chip of the host running audit-signer - sealed to the chip, never exported in plaintext, and unsealed only on that host.

Ready to govern your AI infrastructure?

Request access in minutes - or talk to us about your air-gap deployment.

Get started