VerifAIer Sentinel · Flight Recorder

Watch what AI
actually did.

The black box recorder for AI agents. Every tool call Claude makes is hash-chained and replayable. Local execution. No cloud. No dependencies.

Quick Start → Request Pilot Access View Architecture
local-first no cloud hash-chained replay-safe forensic-grade stdlib-only authoritative_for_wiw=false
5 phases shipped
(Phases 1–5)
4 capture levels
TELEMETRY → FORENSIC
164 Flight Recorder
unit + e2e tests
0 external dependencies
stdlib only
01 / What it is

The AI session
black box.

Flight Recorder captures every tool call Claude makes: Edit, Write, Bash, Read. Each is appended to a deterministic, hash-chained log. Every event references the hash of the previous one. If a single byte changes, the chain breaks.

The session is stored in your local filesystem. A cryptographic seal (proof_id) is computed as a SHA-256 Merkle root over all events. Same session inputs, same proof_id. Verifiable offline, air-gapped, years later.

There is no agent, no server, no network call during recording, replay, or archive. authoritative_for_wiw=false: all outputs are advisory evidence.

# Session event chain (events.jsonl) {"sequence_num": 0, "event_type": "SESSION_STARTED", "event_hash": "a3f9...", "prev_event_hash": ""} {"sequence_num": 1, "event_type": "TOOL_CALL_STARTED", "event_hash": "b72c...", "prev_event_hash": "a3f9..."} {"sequence_num": 2, "event_type": "GOVERNANCE_FINDING", "payload": {"severity": "HIGH", "rule": "SQL_INJECTION"}, "event_hash": "c91e...", "prev_event_hash": "b72c..."} # Seal {"proof_id": "fr-proof-7a9e3f1c2b8d456e...", "merkle_root": "7a9e...", "event_count": 42, "authoritative_for_wiw": false}
02 / How it works

Claude Code hooks wire it
in 30 seconds.

Three Claude Code hooks cover the entire session arc. No manual instrumentation. No config beyond settings.json.

PostToolUse: Edit | Write | MultiEdit
Governance scan + receipt + Flight Recorder event on every file change
PreToolUse: Bash
Dangerous-op detection before execution; DANGEROUS_OP_BLOCKED event recorded
Stop: Session end
Session sealed: proof_id computed (SHA-256 Merkle over all events), session archived
01 Install: pip install verifaier
02 Wire hooks: bash scripts/install_claude_hooks.sh
03 Work: Flight Recorder captures every Claude session automatically
# Install pip install verifaier # Wire Claude Code hooks bash scripts/install_claude_hooks.sh # Start a session (optional — auto-started by hooks) vai flight start # List sessions vai flight list # Export cinematic Replay Studio vai flight replay-export <session_id> \ --output replay.html # Create forensic archive vai flight archive <session_id> # Verify archive offline vai flight verify-archive archive.zip # Output: { "ok": true, "signed": true, "chain_ok":true }
03 / Capture Levels

Four levels.
Explicit opt-in required.

Flight Recorder uses a graduated capture model. No raw sensitive content is stored by default. Each level above OPERATIONAL requires explicit opt-in.

TELEMETRY · 0
Telemetry

Structural metadata only: tool names, file paths, risk levels, event timing. No prompt content. No stdout. No diffs. Safe for all environments.

OPERATIONAL · 1
Operational

Adds diffs and file-change content. Strips prompt/response/stdout. Suitable for engineering team audit trails. Default for most deployments.

DEEP CAPTURE · 2
Deep Capture

Captures prompts, responses, and stdout. All content truncated at configurable limits. Opt-in required. Designed for investigation of specific incidents.

FORENSIC · 3
Forensic

Full capture with workspace snapshots, reasoning checkpoints, encrypted vault storage, and signed forensic archive. For regulated or incident-response deployments.

04 / Sentinel Pill

Session state at
a glance.

The Sentinel Pill is a compact session indicator that shows the current governance state in real time. Five states, each with a distinct color.

GREEN: clean session, no findings
YELLOW: governance risk or semantic drift detected
RED: dangerous op blocked or HIGH finding
PURPLE: forensic / deep-capture mode active
BLUE: session sealed, proof_id issued
Replay Studio

Cinematic session replay with timeline scrubber, causality graph, risk heatmap, and jump-to-next-finding navigation. Single self-contained .html file, no server required.

🔒
Encrypted Evidence Vault

FRVAULT-1: PBKDF2-HMAC-SHA256 (100k iterations) + SHAKE-256 stream cipher + HMAC-SHA256 auth tag. Stdlib only; no external cryptography package.

📦
Forensic Archive

fr-archive-1.0: ZIP_DEFLATED with per-file SHA-256 hashes and HMAC-SHA256 signed manifest. Restore to any workspace. Verify integrity offline, air-gapped, years later.

Tamper Escalation

TAMPER_DETECTED, CHAIN_BREAK, INVALID_SIGNATURE, ARCHIVE_MISMATCH events are appended automatically. Tamper banner shown in Replay Studio when chain integrity fails. Escalation events include the affected event index and a reviewer note field for the approving operator.

ESCALATION · ses-8f2a1b3c · CHAIN_BREAK at event #14
Status: PENDING REVIEW · assigned: security-lead
📷
Workspace Snapshots

WORKSPACE_SNAPSHOT and SESSION_CHECKPOINT events capture directory structure hash and session state at any point. Forensic-grade retention class, never pruned.

🤔
Reasoning Checkpoints

REASONING_CHECKPOINT, STRATEGY_TRANSITION, DEBUGGING_HYPOTHESIS, ROOT_CAUSE_IDENTIFIED: operational reasoning captured, not raw chain-of-thought. Purple markers in Replay Studio.

05 / Forensic Archive

Signed. Verifiable.
Offline.

Every forensic archive is a ZIP_DEFLATED file containing the full session event log, session metadata, seal, and a signed manifest. The manifest contains per-file SHA-256 hashes and an HMAC-SHA256 over the entire manifest.

Verification does not require VerifAIer. Any tool that can compute SHA-256 and HMAC-SHA256 can verify the archive. The signing key is local to your deployment. No key material ever leaves your machine.

Archives restore to any workspace; the chain re-verifies from first principles. Tamper detection is automatic: a single modified byte triggers CHAIN_BREAK or ARCHIVE_MISMATCH.

# Create forensic archive vai flight archive fr-session-abc123 # → fr-session-abc123-archive.zip # Verify archive integrity (offline) vai flight verify-archive fr-session-abc123-archive.zip { "ok": true, "session_id": "fr-session-abc123", "event_count": 42, "signed": true, "archive_version":"fr-archive-1.0", "tamper_detected":false } # Restore to a new workspace vai flight restore fr-session-abc123-archive.zip \ --workspace-root /restored/ # Verify chain in restored workspace vai flight forensic-verify \ --workspace-root /restored/ { "chain_ok": true, "gaps": [], "breaks": [], "authoritative_for_wiw": false }
06 / Replay Studio

The cinematic AI
session player.

Export any session as a single self-contained HTML file. Drag it into any browser. No server. No login. No CDN. The entire Replay Studio is embedded: timeline scrubber, causality graph, risk heatmap, event search, and cinematic playback.

Blue events: AI tool calls (Read, Bash, etc.)
Gold events: file writes (AI modified your code)
Red events: dangerous ops detected / blocked
Purple events: reasoning checkpoints (Phase 5)
Light blue events: forensic snapshots (Phase 5)

Keyboard shortcuts: Space=play, ←→=step, f=next finding, d=next dangerous op, b=bookmark

# Generate 5 demo sessions instantly python scripts/generate_demo_sessions.py # Export a replay bundle vai flight replay-export <session_id> \ --output session_replay.html # Open in browser open session_replay.html # VSCode: open the Replay Studio panel # Command palette → "VerifAIer: Open Replay Studio" # Jump to Phase 5 markers in the UI: # "Next reasoning" button → REASONING_CHECKPOINT # "Next snapshot" button → WORKSPACE_SNAPSHOT # Tamper banner appears → if chain_ok = false
06b / Replay Verification

Deterministic hash verification.
Same session, same receipt.

Run vai replay --verify on any sealed session to re-derive the Merkle root from raw events and confirm it matches the receipt. If a single event was altered, by any tool, any editor, or any process, the root diverges and verification fails. Offline verifiable. No network call required.

# Verify a sealed session — re-derives Merkle root from raw events vai replay --session ses-8f2a1b3c --verify Session ses-8f2a1b3c Events 47 Status SEALED Receipt ~/.verifaier/receipts/ses-8f2a1b3c-receipt.json Recomputing Merkle root over 47 events... Derived root a3f8c12de901bb47f2c9d05e6a8b3190c4e72d8f11a635bc79240ed58f06a12 Receipt root a3f8c12de901bb47f2c9d05e6a8b3190c4e72d8f11a635bc79240ed58f06a12 VERIFIED ✓ Chain integrity confirmed. authoritative_for_wiw=false ──────────────────────────────────────────────────────────────── # Verify a session with a tampered event — chain break detected vai replay --session ses-4d91e22a --verify Session ses-4d91e22a Events 31 Status SEALED Recomputing Merkle root over 31 events... Derived root b72f1c84a3...d90ef21 [mismatch at event #14] Receipt root a3f8c12de9...06a12 CHAIN_BREAK ✗ Event #14 hash mismatch. Escalation appended. Escalation ID ESC-2026-05-16-0031 Assigned to security-lead Next step vai escalation review ESC-2026-05-16-0031
07 / Integrations

Claude Code, VSCode,
and Cursor.

Claude Code

Three hooks cover the full session arc. Install in 30 seconds with install_claude_hooks.sh. Every Edit, Bash, Write is auto-recorded.

VSCode Extension

FR Replay Sessions sidebar. Click-to-open Replay Studio panel. Open/sealed status, event count, and risk indicators per session.

MCP Server

MCP overlay exposes session lineage, audit tools, and session finding queries directly in Claude's context. Air-gapped capable.

08 / Deployment Tiers

From solo developer to
sovereign forensic.

All tiers run locally. No cloud sync. No upload. No external API calls.

individual · CLI
Flight Recorder
Included

Core recording for individual developers. Auto-records all Claude tool calls via hooks. Replay Studio export included.

Hash-chained event log
Replay Studio export (.html)
Timeline, causality, heatmap
TELEMETRY + OPERATIONAL levels
Forensic archive (signed ZIP)
Encrypted vault (FRVAULT-1)
Included with CLI
team · audit
FR Pro
~$10 /seat/mo (indicative)

For teams needing forensic-grade archives and multi-session audit trails.

All Free features
Signed forensic archives
Archive restore & offline verify
Tamper escalation events
DEEP_CAPTURE / FORENSIC
Encrypted vault
Contact for pilot access
enterprise · forensic
FR Enterprise
~$25 /seat/mo (indicative)

Full forensic capability. DEEP_CAPTURE + FORENSIC levels with encrypted vault, reasoning checkpoints, and workspace snapshots.

All Pro features
DEEP_CAPTURE + FORENSIC levels
Encrypted vault (FRVAULT-1)
Reasoning checkpoints
Workspace + session snapshots
Forensic gap + chain-break detection
Contact for pilot access
sovereign · regulated
FR Sovereign
Custom structured engagement

For regulated operators. Air-gapped forensic archive, custom retention policies, compliance documentation.

All Enterprise features
Custom retention policies
Compliance documentation
Air-gap archive workflow
SLA + dedicated engineering
Roadmap influence
Contact for access

Every AI session.
Recorded. Replayable. Provable.

Available now. No cloud account. No telemetry. Runs behind your firewall or on file://.

contact@verifaier.io
Back to Console View Pricing Architecture
Advisory authoritative_for_wiw = false. All Flight Recorder outputs are governance evidence, not binding determinations. The system never issues autonomous enforcement actions. Compliance posture is the operator's responsibility.