Audit & compliance
Cryptographically signed, tamper-evident audit trail.
Every action - sessions, commands, secret access, policy edits - is hashed, linked to the previous entry, and signed with an Ed25519 key sealed in TPM. Anyone with your public key can verify the chain offline.
audit:8419 Β· tool.readb3:9f8cβ¦
prev_hashβ
audit:8420 Β· tool.edit7f:21c8β¦
prev_hashβ
audit:8421 Β· session.spawna4:6055β¦
prev_hashβ
audit:8422 Β· vault.readc8:1142β¦
verifiedβ
Chain intact Β· 1,284,309 entriesβ
How it works
1
Action happens
A user spawns a session, an agent reads a file, an admin edits a policy.
2
Hashed & linked
Entry hashed (sha256) with a reference to the previous row's hash.
3
Ed25519 signed
Signature produced by a key sealed in TPM - never leaves the hardware.
4
Verified offline
Anyone with the company's public key can verify the chain - no API call to us required.
Deep dives
Hash chaining
Each entry's prev_hash field is the sha256 of the prior row. Delete row N and rows N+1 onward all stop verifying - the chain is broken visibly.
Signing & TPM seal
On self-host, the signing key is sealed to the TPM and unwrapped only inside the audit-signer process. On managed cloud, the key lives in a cloud KMS (AWS KMS, GCP KMS, or HashiCorp Vault Transit) - same guarantees.
Paged verification
Big chains verify in 10k-row segments with a progress bar - no need to load 1.2M rows into memory.
Verify the chain yourself
shell Β· verify CLI
$ synaptyx audit verify --from 8400 --to 8500
[segment 8400-8499] ok signed_at=2026-05-24T10:42:18Z
[segment 8500-8500] ok signed_at=2026-05-24T10:42:24Z
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
chain intact: 1,284,309 entries Β· 0 tampered Β· 0 gaps
Tamper-evident, not just tamper-resistant.
You don't get a promise that we won't change records - you get a mathematical guarantee that we cannot. Even if our database is compromised, the broken chain proves the breach.
Compare
| Synaptyx | Plain DB logs | Append-only log | |
|---|---|---|---|
| Tamper-evident | yes | no | no signature |
| Cryptographic proof | Ed25519 + sha256 | none | none |
| Offline verification | CLI Β· pubkey only | no | vendor required |
| Per-tenant signing key | TPM-sealed | no | shared key |
| Paged verification | 10k segments | no | load all in memory |
FAQ
A new key is generated. Pre-rotation rows stay verifiable with the old pubkey; post-rotation rows use the new one. Lost-without-rotation means the chain becomes append-only without future signatures, but everything signed up to that point is still verifiable.
An auditor verifies the chain with synaptyx audit verify --from <n> --to <n> - every entry's Ed25519 signature is checked against your company's published key. For long-term retention, the full signed log also streams to your SIEM or an S3 WORM bucket they control.
Signing is batched (10-50 entries per signature) and runs in a dedicated audit-signer goroutine. Action latency adds about 2 ms p99.
Inside the TPM 2.0 chip of the host running audit-signer - sealed to the chip, never exported in plaintext, and unsealed only on that host.
Ready to govern your AI infrastructure?
Request access in minutes - or talk to us about your air-gap deployment.