Market Segments / AI Governance / Recordant

Recordant

The flight recorder for AI.

Your AI agents are doing real work. Recordant is the independent record of what they did, what went wrong, what got fixed, and what you decided about it. It finds the bug, writes the fix prompt, and then verifies the fix actually shipped. Continuous, tamper-evident, and impossible to silence. Patent-pending.

Status Patent-pending Deploy Self-hosted Access Read-only observation Domain-neutral by design

Self-hosted · bring your own LLM key · runs as an MCP server inside Claude Code and Cursor · token-auth by default

The Problem

Who’s watching the AI?

Companies now hand real work to AI systems: writing code, running operations, making decisions. Here’s the uncomfortable part: the system doing the work also writes the logs about how the work is going. That is not oversight. That is a diary.

And the scariest failure isn’t a wrong answer. It is silence. A monitor that only speaks up when it finds something can quietly die, and you’ll never know the difference between “all clear” and “not looking.”

Aviation solved this decades ago: an independent recorder that cannot be edited by the pilot, and whose absence is itself an emergency. AI is just catching up.


What Recordant Does

Detects, reports, writes the fix prompt, verifies the fix shipped.

Plain English

Recordant watches your AI or software system from the outside. On a schedule, it reads what the system produced, what its logs say, and what changed in its code, then files a report. Good news, bad news, or no news, the report shows up. Every finding, every “we know, it’s fine” decision, and every fix is written into a permanent ledger you can hand to a boss, a customer, or a regulator.

Technical

Recordant runs on your infrastructure against three read-only feeds: telemetry and metrics, logs, and your version-control changelog. Each cycle it detects drift, regressions, and anomalies; reasons about root cause; and emits a structured report. The changelog is the inference substrate: Recordant reads what was supposedly fixed, then independently verifies whether the fix actually held in observed behavior (patent-pending inference loop). Findings and operator decisions persist to an append-only decisions ledger. The ledger records what you chose; it is never an input to what the engine concludes.

Three rules, enforced by architecture (not policy)

It doesn’t just find the bug. It writes the fix.

Plain English

For its highest-severity findings, Recordant doesn’t stop at “something’s wrong.” It writes a ready-to-use fix prompt: hand it straight to your engineer or your coding agent (Claude Code, Cursor). Then, on later cycles, it checks your changelog to confirm the fix actually shipped, and escalates if it didn’t.

Technical

P0 diagnoses emit titled, operator-ready remediation prompts as a structured output contract: prompt bodies suitable for direct handoff to a code-modification agent. Recordant never applies them (report-only, fail-conservative: a degraded cycle emits zero prompts). Implementation is then inferred from the version-controlled changelog with no acknowledgment or instrumentation required; unimplemented recommendations accrue strikes and escalate (patent-pending).

Find → fix prompt → hand off → verify shipped. The loop is closed, and you never had to tag a ticket.


How It Works

Your data stays home. The report always arrives.


Comparison

Monitoring tells you what happened. Governance proves what was decided.

Governance proves what was decided, what was fixed, and what the operator accepted. Patent-pending.

Traditional monitoring / evals Recordant
When it looksPoint-in-time checks, or when triggeredEvery cycle, on schedule, unconditionally
When it’s silentSilence = presumed fineSilence = alarm. A missing report pages you
Who writes the recordThe system being watched (or its owners)An independent observer with read-only access
Can findings be buried?Alerts get muted, dashboards get ignoredSeverity-gated: a P0 has no dismiss button, only Resolved (independently re-verified) or Accepted-Risk (on the permanent record, with your reason, pinned to every report)
What you get on a critical findingAn alertA diagnosis plus a ready-to-run fix prompt for your engineer or coding agent
“We fixed it”Taken on faithRead from the changelog, then verified against behavior. Unconfirmed fixes are flagged RESOLUTION-UNVERIFIED
Guesses vs factsAlerts don’t say whichEvery finding labeled VERIFIED (data-path checked) or INFERRED (behavioral signal); high-severity inferred findings route to needs verification, not panic
Audit trailReconstruct it from chat logs, if you canAppend-only decisions ledger, hand it to a regulator as-is

See A Real Report

A report artifact, not marketing gloss.

A representative Recordant brief, drawn from a production deployment. It should look like an artifact your team would actually receive, not a marketing panel.

VERIFIED INFERRED · NEEDS VERIFICATION
Recordant Report: 2026-07-03 PM
System: [redacted] · Version 2.4.1
 
Status: Healthy · 0 backlog items · 100 cycles/24h · 1 source disabled (intentional)
 
Priority findings
P2 · VERIFIED - Raw lifecycle metric overstates net vs. the honest-reconciled ledger; 15 records flip classification under reconciliation. Contained: the dashboard reads the honest figure. Root-cause trace queued.
P2 · VERIFIED - Data source returning auth errors; sole cause of the "unhealthy" flag. Resolved: source intentionally disabled, excluded from health accounting.
P2 · INFERRED · NEEDS VERIFICATION - An upstream signal path may be consuming a stale feed. Not asserted, flagged for trace before escalation. On verification: fails safe via the freshness gate; no phantom signal reaches live decisioning.
P2 · VERIFIED - Rolling 30-day performance metric below target at usable sample size. Watch: secondary quality signal favorable, monitor, no parameter change.
P3 · INFERRED - Elevated warning volume, likely retry noise from the disabled source. Re-measure after the disable propagates.
 
Accepted-Risk Register: 2 items acknowledged this cycle · 0 stale P0s

Evidence-labeled, not vibes

Every finding carries a VERIFIED or INFERRED · NEEDS VERIFICATION tag.

Decisions stay on the record

The Accepted-Risk Register line keeps every accepted risk visible, with your reason attached.

The report arrives even when everything is fine

The status header is mandatory: an all-clear is filed on the same schedule as an alarm.


Lifecycle

The lifecycle of a finding

Most tools stop at “here’s an alert.” Recordant tracks what happens after, because the decision is the part auditors actually ask about.

Technical note. Acknowledgments snapshot the quantitative condition they were accepted under; reopen-on-worsening is deterministic and recomputed statelessly each cycle from persisted reports plus ledger, with no mutable escalation database. Operator decisions gate presentation only; the engine’s implementation-status inference is byte-identical with the ledger present or absent (patent-pending).

For the Engineers

Self-hosted oversight, no write credentials.

Deploy

Install in ~15 minutes

Self-hosted and containerized, read-only against your feeds. Bring your own LLM API key: inference runs under your account, your data governance. First brief the same day.

MCP console

Govern from your editor

Ships as an MCP server: govern from inside Claude Code or Cursor. Seven tools: brief, status, digest, acknowledge, accept-risk, resolve, open-items. Token-auth by default (a startling share of public MCP servers ship with none).

Cadence

Every cycle, no exceptions

12-hour delta briefs (only what changed; a no-change cycle still files a 3-line mandatory report), a weekly digest with every open item, age, recurrence count, and the Accepted-Risk Register, plus severity-routed alerts (P0/P1 push, P2/P3 digest).

Privacy posture

Nothing leaves your box

The only outbound call is license verification: key + version, nothing else. 72-hour offline grace if the license endpoint is unreachable. No telemetry, no content leaves your environment.

What Recordant will never ask for

Observer/actor separation is the product

Write access, production secrets, customer data, or the ability to deploy, restart, or patch anything. We decline write credentials if offered.


Who It’s For

Built for teams that need proof, not trust-me logs.

Teams shipping AI agents

Your enterprise buyers are asking “who watches your agents?” Recordant is the answer you can put in the security-review packet: continuous behavioral oversight, evidence-labeled findings, an audit trail that isn’t your own logs.

Regulated shops running AI internally

When the examiner asks for a complete behavioral record of your AI systems for any given week, you produce the ledger. Scheduled, tamper-evident, on-prem if you need it.

Engineering orgs with autonomous tooling

Code agents in CI, ops bots, pipelines that “mostly work.” Recordant catches the regression the changelog claims was fixed, and the drift nobody was graphing.


Pricing

Start small. Keep the record complete.

Solo
$149/mo

For a single monitored system.

  • 1 monitored system
  • MCP console
  • Community support
Start with Solo →
Institutional
Contact

For unlimited systems with a formal governance program.

  • Unlimited systems
  • MCP console
  • SLA and onboarding
  • Quarterly governance report
Contact sales →
Governance Audit
$750-1,500/mo

We run Recordant against your system for 30-60 days.

  • Full briefs + a findings report
  • Try-before-you-commit path
  • 50% of fees credit toward a license if you convert
Book an Audit →

MCP console is included in every tier: it is the interface, not an upsell. Annual billing saves two months. All capabilities patent-pending.


FAQ

Objection killers.

Isn’t AI watching AI just turtles all the way down?

Two answers. The watcher is structurally simpler and cannot act: no write access, no remediation, no shared fate with the system it watches. Auditors don’t need to be smarter than CEOs; they need to be independent. And absence-detection is the backstop: even if the watcher itself fails, the missing report is the alarm. The failure mode is loud by design.

Does it stop bad things from happening?

No, and be suspicious of anything that says it does. Recordant detects and reports. Prevention is your team’s job; Recordant is how you prove the detecting, deciding, and fixing actually happened.

Does our data leave our environment?

No. Self-hosted, your LLM key. The only outbound call is a license check (key + version).

What do we have to integrate?

Read access to your repo/changelog and a behavioral feed (logs, metrics, or outputs). No SDK, no code changes. If offered write credentials, we refuse them.


Status & Patent Posture

A separate, domain-neutral licensing surface.

AI governance is a standalone licensing surface. Recordant is a patent-pending independent AI-oversight layer with its own patent filing, domain-neutral by design. Patents filed on the core oversight mechanisms. Public pages stay high-level; detailed architecture remains available only under NDA for qualified partners.

The independent record for your AI.

Recordant, by Mentor Sentinel: a patent-pending independent AI-oversight layer. It watches; it does not act.