Skip to content
Synaptyx
Visibility & forensics

Replay any session, prove it wasn't altered.

Every Claude Code session is recorded as an xterm.js stream with keyframes for instant scrubbing. Recording hashes (sha256) prove the replay matches what actually happened - no edit-after-the-fact.

7f3a9c12 · replay08:08 / 12:42
$ fix the broken csrf middleware in /api/auth and add a unit test
⚙ Read api/auth/csrf.go (98 lines)
⚙ Grep "X-Csrf-Token" → 4 files, 7 matches
⚙ Edit api/auth/csrf.go (+12 −4)
⚙ Bash $ go test ./api/auth/...
✓ Tests pass · 4 tests, 8 assertions

How it works

1
Session streamed over WebSocket
Every input, output, tool call streamed to the broker in real time.
2
Recorded with keyframes
Snapshot every ~30s of stream - instant scrub to any point without replaying from start.
3
Scrub instantly
xterm.js re-renders from the nearest keyframe in milliseconds, via a Web Worker.
4
sha256 proves integrity
Each recording's hash is signed at close time. Mismatched playback = tamper detected.

Deep dives

Keyframe scrubbing
Click anywhere on the timeline - a Web Worker rebuilds from the prior keyframe in under 100 ms. No waiting while we re-stream from minute 0.
Permission events inline
Every time the agent asked for permission (Bash, network, file write) appears as a marker on the timeline - see exactly what was approved and when.
Integrity verification
The recording's sha256 lives in the audit chain - signed. The replay you watch is provably the recording that was made; nobody can swap it.

Verify a recording

shell · verify recording
$ synaptyx replay verify 7f3a9c12-5e44-4b21-9c8a-1de2f6a09b3c recording_id: 7f3a9c12-5e44-4b21-9c8a-1de2f6a09b3c hash_in_audit: sha256:b3:9f8c:e4d2:7a91…3a4e hash_recomputed: sha256:b3:9f8c:e4d2:7a91…3a4e ✓ match — recording is exactly what was streamed at session close

What you replay is exactly what happened.

Provably. The audit chain stores the recording hash; the replay matches or it doesn't. Tamper detection isn't a "trust us" - it's a checksum compare.

Compare

SynaptyxasciinemaPlain text log
Terminal fidelityxterm.js · 256 colouryesno ANSI
Instant scrubkeyframesre-render from 0no playback
Permission eventsinline markersnono
Tamper-proofsha256 in audit chaintrivially editabletrivially editable
Shareable deep link#t=08:08timestamp paramN/A

FAQ

90 days on Team, configurable on Enterprise (90 / 365 / custom). Transcripts captured by the local daemon are stored encrypted with the team DEK - we can't read those. Live-streamed sessions are processed server-side so we can render them for real-time watching and replay; they stay tenant-isolated and retention-bound.
Imperceptibly. Recording happens at the broker, not in the daemon's hot path. Adds under 1 ms per round trip.
Yes - with another authenticated team member. The link is scope-gated; outsiders see a 404. Add #t=08:08 to deep-link to a moment.
Yes - with your team DEK on the client before upload. The server stores ciphertext only, even for managed.

Ready to govern your AI infrastructure?

Request access in minutes - or talk to us about your air-gap deployment.

Get started