Recordant
The flight recorder for AI.
Your AI agents are doing real work. Recordant is the independent record of what they did, what went wrong, what got fixed, and what you decided about it. It finds the bug, writes the fix prompt, and then verifies the fix actually shipped. Continuous, tamper-evident, and impossible to silence. Patent-pending.
Self-hosted · bring your own LLM key · runs as an MCP server inside Claude Code and Cursor · token-auth by default
Who’s watching the AI?
Companies now hand real work to AI systems: writing code, running operations, making decisions. Here’s the uncomfortable part: the system doing the work also writes the logs about how the work is going. That is not oversight. That is a diary.
And the scariest failure isn’t a wrong answer. It is silence. A monitor that only speaks up when it finds something can quietly die, and you’ll never know the difference between “all clear” and “not looking.”
Aviation solved this decades ago: an independent recorder that cannot be edited by the pilot, and whose absence is itself an emergency. AI is just catching up.
The worker grades its own homework.
Detects, reports, writes the fix prompt, verifies the fix shipped.
Recordant watches your AI or software system from the outside. On a schedule, it reads what the system produced, what its logs say, and what changed in its code, then files a report. Good news, bad news, or no news, the report shows up. Every finding, every “we know, it’s fine” decision, and every fix is written into a permanent ledger you can hand to a boss, a customer, or a regulator.
Recordant runs on your infrastructure against three read-only feeds: telemetry and metrics, logs, and your version-control changelog. Each cycle it detects drift, regressions, and anomalies; reasons about root cause; and emits a structured report. The changelog is the inference substrate: Recordant reads what was supposedly fixed, then independently verifies whether the fix actually held in observed behavior (patent-pending inference loop). Findings and operator decisions persist to an append-only decisions ledger. The ledger records what you chose; it is never an input to what the engine concludes.
Three rules, enforced by architecture (not policy)
- 1It sees everything it’s pointed at. Changelog, logs, and telemetry, with no instrumentation of your code required.
- 2It must report every cycle. An “all clear” is as mandatory as an alarm. A missing report is itself the alarm.
- 3It can never touch what it watches. Read-only by construction. Recordant recommends; your team remediates. The moment a watcher can also “fix” things, it is just another agent.
It doesn’t just find the bug. It writes the fix.
For its highest-severity findings, Recordant doesn’t stop at “something’s wrong.” It writes a ready-to-use fix prompt: hand it straight to your engineer or your coding agent (Claude Code, Cursor). Then, on later cycles, it checks your changelog to confirm the fix actually shipped, and escalates if it didn’t.
P0 diagnoses emit titled, operator-ready remediation prompts as a structured output contract: prompt bodies suitable for direct handoff to a code-modification agent. Recordant never applies them (report-only, fail-conservative: a degraded cycle emits zero prompts). Implementation is then inferred from the version-controlled changelog with no acknowledgment or instrumentation required; unimplemented recommendations accrue strikes and escalate (patent-pending).
Find → fix prompt → hand off → verify shipped. The loop is closed, and you never had to tag a ticket.
Your data stays home. The report always arrives.
Your data stays home. Recordant runs on your machine with your LLM key. The only thing that ever leaves is a license ping: the key and a version number. It works offline for up to 72 hours if the license server is unreachable.
Monitoring tells you what happened. Governance proves what was decided.
Governance proves what was decided, what was fixed, and what the operator accepted. Patent-pending.
| Traditional monitoring / evals | Recordant | |
|---|---|---|
| When it looks | Point-in-time checks, or when triggered | Every cycle, on schedule, unconditionally |
| When it’s silent | Silence = presumed fine | Silence = alarm. A missing report pages you |
| Who writes the record | The system being watched (or its owners) | An independent observer with read-only access |
| Can findings be buried? | Alerts get muted, dashboards get ignored | Severity-gated: a P0 has no dismiss button, only Resolved (independently re-verified) or Accepted-Risk (on the permanent record, with your reason, pinned to every report) |
| What you get on a critical finding | An alert | A diagnosis plus a ready-to-run fix prompt for your engineer or coding agent |
| “We fixed it” | Taken on faith | Read from the changelog, then verified against behavior. Unconfirmed fixes are flagged RESOLUTION-UNVERIFIED |
| Guesses vs facts | Alerts don’t say which | Every finding labeled VERIFIED (data-path checked) or INFERRED (behavioral signal); high-severity inferred findings route to needs verification, not panic |
| Audit trail | Reconstruct it from chat logs, if you can | Append-only decisions ledger, hand it to a regulator as-is |
A report artifact, not marketing gloss.
A representative Recordant brief, drawn from a production deployment. It should look like an artifact your team would actually receive, not a marketing panel.
Evidence-labeled, not vibes
Every finding carries a VERIFIED or INFERRED · NEEDS VERIFICATION tag.
Decisions stay on the record
The Accepted-Risk Register line keeps every accepted risk visible, with your reason attached.
The report arrives even when everything is fine
The status header is mandatory: an all-clear is filed on the same schedule as an alarm.
The lifecycle of a finding
Most tools stop at “here’s an alert.” Recordant tracks what happens after, because the decision is the part auditors actually ask about.
P1 requires a written reason; the reason becomes the ledger entry. Drops out of daily briefs, lives in the weekly digest.
Mandatory reason. Pinned permanently to the Accepted-Risk Register on every digest.
No dismiss button for P0, enforced server-sideSelf-hosted oversight, no write credentials.
Install in ~15 minutes
Self-hosted and containerized, read-only against your feeds. Bring your own LLM API key: inference runs under your account, your data governance. First brief the same day.
Govern from your editor
Ships as an MCP server: govern from inside Claude Code or Cursor. Seven tools: brief, status, digest, acknowledge, accept-risk, resolve, open-items. Token-auth by default (a startling share of public MCP servers ship with none).
Every cycle, no exceptions
12-hour delta briefs (only what changed; a no-change cycle still files a 3-line mandatory report), a weekly digest with every open item, age, recurrence count, and the Accepted-Risk Register, plus severity-routed alerts (P0/P1 push, P2/P3 digest).
Nothing leaves your box
The only outbound call is license verification: key + version, nothing else. 72-hour offline grace if the license endpoint is unreachable. No telemetry, no content leaves your environment.
Observer/actor separation is the product
Write access, production secrets, customer data, or the ability to deploy, restart, or patch anything. We decline write credentials if offered.
Built for teams that need proof, not trust-me logs.
Teams shipping AI agents
Your enterprise buyers are asking “who watches your agents?” Recordant is the answer you can put in the security-review packet: continuous behavioral oversight, evidence-labeled findings, an audit trail that isn’t your own logs.
Regulated shops running AI internally
When the examiner asks for a complete behavioral record of your AI systems for any given week, you produce the ledger. Scheduled, tamper-evident, on-prem if you need it.
Engineering orgs with autonomous tooling
Code agents in CI, ops bots, pipelines that “mostly work.” Recordant catches the regression the changelog claims was fixed, and the drift nobody was graphing.
Start small. Keep the record complete.
For a single monitored system.
- 1 monitored system
- MCP console
- Community support
For teams governing several systems.
- Up to 5 systems
- MCP console
- Email support
- Shared-channel digest
For unlimited systems with a formal governance program.
- Unlimited systems
- MCP console
- SLA and onboarding
- Quarterly governance report
We run Recordant against your system for 30-60 days.
- Full briefs + a findings report
- Try-before-you-commit path
- 50% of fees credit toward a license if you convert
MCP console is included in every tier: it is the interface, not an upsell. Annual billing saves two months. All capabilities patent-pending.
Objection killers.
Isn’t AI watching AI just turtles all the way down?
Two answers. The watcher is structurally simpler and cannot act: no write access, no remediation, no shared fate with the system it watches. Auditors don’t need to be smarter than CEOs; they need to be independent. And absence-detection is the backstop: even if the watcher itself fails, the missing report is the alarm. The failure mode is loud by design.
Does it stop bad things from happening?
No, and be suspicious of anything that says it does. Recordant detects and reports. Prevention is your team’s job; Recordant is how you prove the detecting, deciding, and fixing actually happened.
Does our data leave our environment?
No. Self-hosted, your LLM key. The only outbound call is a license check (key + version).
What do we have to integrate?
Read access to your repo/changelog and a behavioral feed (logs, metrics, or outputs). No SDK, no code changes. If offered write credentials, we refuse them.
A separate, domain-neutral licensing surface.
AI governance is a standalone licensing surface. Recordant is a patent-pending independent AI-oversight layer with its own patent filing, domain-neutral by design. Patents filed on the core oversight mechanisms. Public pages stay high-level; detailed architecture remains available only under NDA for qualified partners.
The independent record for your AI.
Recordant, by Mentor Sentinel: a patent-pending independent AI-oversight layer. It watches; it does not act.