Platform teams
You support engineers, not write all the code yourself. You need governance without becoming the bottleneck.
Enrol your machines, give every team its own AI coding sessions, and keep a signed, tamper-proof record of each one. Your keys and data stay yours - we can't read them.
Enrol your hosts, spawn agent sessions per team, and watch every transcript - end-to-end encrypted with keys we cannot decrypt.
You shipped agents to engineering. Compliance, finance, and your CISO want answers now. Synaptyx has them - without a new stack.
"My team uses coding agents but I have no audit trail."
A record you can hand an auditor. Every action your team's AI takes is logged and signed - you can prove exactly who did what, with no gaps.
Audit signing chain. Every event Ed25519-signed, hash-chained, and verifiable by anyone with your public key.
"One API key per vendor, shared across the whole org."
Per-team access and budgets. Each team gets its own locked access and a spending cap, so one leaked key or a runaway bill can't hit the whole company.
Per-team key, per-team budget. Each team gets its own wrapped key, live burn-rate per team, user, and repo, plus a hard USD cap that stops spend on breach.
"Compliance asked for proof we don't leak prompts."
Your data stays yours. Prompts and transcripts are stored so only your own team can read them - not us, not anyone else.
Your keys. Your data. Never ours. Every prompt and transcript is locked with your team's own key. We store only unreadable data - lose your key and even we can't recover it.
The EU Cyber Resilience Act, NIS2, SOC 2, and ISO 27001 all demand the same things: proof of who did what, controls you can show an auditor, and data you actually keep. Synaptyx hands you the evidence - not another policy PDF.
EU CRA
Signed, tamper-proof records of every AI session - the audit trail the Cyber Resilience Act expects.
NIS2
Access control, isolation, and incident-ready logs for the systems NIS2 puts in scope.
SOC 2
Audit-ready evidence for the trust criteria (SOC 2 Type II in progress).
ISO 27001
Key management, encryption, and access records that map to Annex A controls.
GDPR
Your keys, your data - prompts stored as unreadable ciphertext, never processed in the clear by us.
Synaptyx provides technical controls and audit evidence to support these frameworks. It is not itself a certification; certification remains yours to obtain. SOC 2 Type II is in progress.
A tamper-proof log of every action, so you can show an auditor exactly who did what - with no gaps.
Ed25519 signs every audit row. Tamper-evident hash chain. Verify any range cryptographically against your public per-company key.
Learn moreSends a signed record of activity straight into the security tools your team already uses.
Stream signed audit events to Splunk, Datadog, Elastic, Microsoft Sentinel, or S3 WORM. mTLS + JWT, retry with backoff.
Learn more{
"class_uid": 3002,
"activity_name": "Create",
"actor": { "user": "dev@example.com" },
"signature": "ed25519:3f9a…c21b"
}People sign in with your existing company login; access is granted and revoked automatically.
OIDC login from Okta, Azure AD, Google. Optional SCIM 2.0 for full user lifecycle. JIT-provision groups on first login.
Learn moreSee spend per team in real time and set hard limits, so AI costs never surprise you.
Per-team, per-user, per-repo cost visibility with real-time burn-rate. Token cost attributed to the exact prompt. Seat limits plus configurable USD caps that hard-stop, notify, or warn on breach.
Learn morePlay back any session step by step to review what the AI actually did.
xterm-accurate playback with scrubber, bookmarks, lazy keyframes. Your full retention window at your fingertips.
Learn moreInstall and run it entirely inside your own network - even fully offline, with no data leaving.
Signed mega-tarball. Customer-supplied license JWS. Caddy internal CA. Optional offline update server, polled - never push.
Learn moreBuild repeatable multi-step AI tasks your team can run and watch, kept isolated per team.
Wire agent and exec steps into a DAG, validate it, run it, and watch the run record live. Starter templates and a visual canvas. Isolated per team; node timeout sends SIGTERM.
Learn moreOptionally run AI sessions in a sealed environment that can't send your data out to the internet.
Opt-in per-company policy to run agent sessions in an isolated network namespace (netns). Egress is denied by default, so an agent can't exfiltrate over the network. Default off.
Learn moreDaemon over mTLS, one-time approval, TOFU pin.
The daemon enrols over mTLS by default. One-time approval mints a per-host token, and TOFU cert pinning locks in the host's identity from the first handshake.
Any backend, per-team isolation, admins manage - don't snoop.
Team members spawn agent sessions on any backend, scoped to their team. Row-level security isolates every row, so admins manage access - they don't snoop on your prompts.
| team | session | status |
|---|---|---|
| payments-api | cl-9832 | live |
| payments-api | cl-9840 | live |
| ◐ other teams' rows — RLS-hidden from this admin | ||
Live xterm stream, frame-by-frame replay, permission events.
Watch sessions live over an xterm stream, then scrub frame-by-frame in replay with bookmarks. Every permission event lands as a marker on the timeline.
Signed audit to SIEM, per-repo USD attribution, hard caps.
Every action is signed and pushed straight to your SIEM. Per-repo USD attribution and hard spend caps land before the invoice does.
{
"class_uid": 3002,
"sink": "splunk-prod",
"repo": "monorepo/api",
"signature": "ed25519:9c2f…7ab1"
}Hosted SaaS, or self-host the signed mega-bundle air-gapped - same binary, your hardware.
The portal is what your platform team lives in. An interactive preview of the operator console.
Not "we promise". Cryptographic proof. Auditable cryptography. Self-hostable when your auditor demands it.
A real 5-row sample audit chain, embedded right in this page. Recompute every SHA-256 hash, check every Ed25519 signature - live, in your browser, right now.
| ts | event | prev_hash | hash | sig | status |
|---|---|---|---|---|---|
| 2026-06-30T09:12:04Z | session.spawn | 00000000…000000 | 1fc9478e…d23310 | OyglWI4l…HbCQ== | |
| 2026-06-30T09:14:51Z | permission.approved | 1fc9478e…d23310 | f51cd7d3…62b875 | DJELgYNW…mFBQ== | |
| 2026-06-30T09:21:37Z | secret.access | f51cd7d3…62b875 | 0951657e…440f92 | kkygR5aa…eyBA== | |
| 2026-06-30T09:44:02Z | policy.updated | 0951657e…440f92 | 5fd659a7…20aa98 | e4dkZY5U…lkCA== | |
| 2026-06-30T10:03:19Z | session.closed | 5fd659a7…20aa98 | 99022532…b4952f | MFUtvbrJ…6vCw== |
Not verified yet - press Verify chain.
| Anthropic Console | Synaptyx | |
|---|---|---|
| Per-team budgets | ◐ org only | ✓ |
| Audit signing chain (Ed25519) | ✗ | ✓ |
| SIEM push | ✗ | ✓ |
| Self-host air-gapped | ✗ | ✓ |
| BYOK end-to-end encryption | N/A | ✓ |
| Session replay (xterm) | ✗ | ✓ |
| SCIM 2.0 provisioning | ◐ | ✓ |
| Source-available | ✗ | ✓ |
| Time to first agent | hours | < 5 min |
| LLM Gateways | Synaptyx | |
|---|---|---|
| Layer governed | model API request / response | agent execution on the host |
| Per-session capture + xterm replay | – | ✓ |
| Transcript BYOK end-to-end | – | ✓ |
| Signed audit chain (Ed25519) | access logs | ✓ |
| Host enrolment + per-team RBAC | – | ✓ |
| Cost attribution | per API key | per repo · team · session |
| Self-host air-gap | some | ✓ |
Complementary, not competitive: gateways route the API traffic; Synaptyx proves who ran which agent, on what, under whose key — and caps the spend. Run on top of any gateway.
| Build it yourself | Synaptyx | |
|---|---|---|
| Per-team budgets | ✗ | ✓ |
| Audit signing chain (Ed25519) | build it | ✓ |
| SIEM push | ✗ | ✓ |
| Self-host air-gapped | depends | ✓ |
| BYOK end-to-end encryption | depends | ✓ |
| Session replay (xterm) | ✗ | ✓ |
| SCIM 2.0 provisioning | ✗ | ✓ |
| Source-available | N/A | ✓ |
| Time to first agent | weeks | < 5 min |
You support engineers, not write all the code yourself. You need governance without becoming the bottleneck.
You answer to auditors for CRA, NIS2, SOC 2 and ISO 27001. You need cryptographic evidence, not policy PDFs. SIEM streams that prove a negative.
Your team is already using Claude. You want oversight without spying - and a number to show the CFO.
No obligation - a 30-minute walkthrough. Your keys, your data, and signed evidence for your auditors.