SOC 2 Type II Compliant

Every action.
Captured. Governed.
Immutable.

Chronicle is the enterprise command audit and compliance platform. Full trail visibility, policy-driven retention, surgical redaction, and instant replay — all in one mission-critical system.

Start Free Trial Watch Demo

Trusted by ScaleForge DataMesh Arcadian Nimbus

Live Audit Stream Recording

1042 chronicle -a ~/.chronicle_log 2s ago

1041 chronicle 20 14s ago

                        1040
                        chronicle -d 1038
                        28s ago
                        REDACTED
                    

1039 chronicle -w /var/audit/snapshot.log 45s ago

1038 [REDACTED] 1m ago

1037 chronicle -r /etc/chronicle/shared.log 2m ago

1036 chronicle -c 3m ago PURGE

1035 chronicle -n 5m ago

CAPABILITIES

Governance-first command intelligence

Every feature maps to a real compliance requirement. Nothing extraneous. Everything auditable.

📜

Full Audit Trail™

Complete, immutable record of every action taken across your organization. chronicle renders the full chronological ledger with entry numbers, timestamps, and attribution.

chronicle

🔍

Scoped Lookback™

Surface exactly the last N operations. Perfect for incident review windows and compliance spot-checks. Governance teams love the precision.

chronicle N

🗑️

Compliance Purge™

Full history wipe for GDPR right-to-erasure requests. One command invocation clears the entire audit log when regulatory requirements demand it.

chronicle -c

✂️

Surgical Redaction™

Delete specific entries by offset. When an operator accidentally logs sensitive credentials, redact the exact entry without disrupting the surrounding audit trail.

chronicle -d OFFSET

💾

Continuous Persistence™

Append session activity to your designated audit file in real-time. No batch jobs. No overnight ETLs. Every command hits durable storage immediately.

chronicle -a

📥

Session Hydration™

Reconstitute historical context from file-backed audit logs. New team members inherit institutional memory. Onboarding collapses from weeks to minutes.

chronicle -r

📸

Snapshot Export™

Write the entire current session state to a portable artifact. Ship it to compliance, attach it to incident reports, archive it for posterity.

chronicle -w

⏪

Instant Replay™

Re-execute any previous action by reference number, recency, or pattern match. !! replays the last action. !N replays by ID. !string matches by prefix. Zero friction re-execution at scale.

!N / !! / !string

WORKFLOW

Four steps to total audit coverage

Capture

Every command is recorded to a numbered, timestamped ledger. Chronicle captures each action the moment it executes — no agent required, no instrumentation overhead.

Govern

HISTCONTROL policies determine what gets recorded. ignoredups deduplicates. ignorespace creates off-the-record zones. erasedups enforces uniqueness retroactively.

Persist

Session data syncs to HISTFILE via chronicle -a, -w, and -r. Configurable HISTSIZE and HISTFILESIZE ensure your retention windows match regulatory requirements.

Replay

Any historical action can be re-executed with !!, !N, or !string. The fc integration lets auditors edit and re-run entries for remediation workflows.

EXPERIENCE

See Chronicle in action

Real commands. Real output. The same enterprise-grade audit experience your team deserves.

chronicle — audit session

$ chronicle 10

1033 cd /var/log 1034 ls -la 1035 grep "error" syslog 1036 tail -f auth.log 1037 cat /etc/hostname 1038 df -h 1039 ps aux | grep nginx 1040 chronicle -w /tmp/audit_snapshot.log 1041 chronicle -a 1042 chronicle 10

$ chronicle -d 1038

$ chronicle 5

1039 ps aux | grep nginx 1040 chronicle -w /tmp/audit_snapshot.log 1041 chronicle -a 1042 chronicle 10 1043 chronicle -d 1038

$ !1039

ps aux | grep nginx root 1824 0.0 0.1 10432 5284 ? Ss 00:00 0:00 nginx: master process www-data 1825 0.0 0.3 10964 8012 ? S 00:00 0:12 nginx: worker process

$ !!

ps aux | grep nginx root 1824 0.0 0.1 10432 5284 ? Ss 00:00 0:00 nginx: master process www-data 1825 0.0 0.3 10964 8012 ? S 00:00 0:12 nginx: worker process

$ chronicle -c

$ chronicle

1046 chronicle -c

PLANS

Right-sized audit for every org

Start with the free tier. Scale to enterprise compliance as your governance requirements grow.

Starter

$0/mo

For individuals and small projects

✓ chronicle — view full trail
✓ chronicle N — last N entries
✓ HISTSIZE up to 500
✗ Redaction (-d)
✗ File persistence (-a/-w/-r)
✗ Retention policies
✗ Instant Replay

Get Started

Trusted by compliance-obsessed teams

"Chronicle's Surgical Redaction is a game-changer. We had an operator accidentally log database credentials and were able to redact the exact entry in milliseconds. Before Chronicle, that would have been a full incident review."

Raj Krishnamurthy

VP of Security, ScaleForge

"We configured HISTCONTROL to erasedups across all production sessions and reduced our audit log noise by 73%. Retention compliance went from 'aspirational' to 'automated' overnight."

Anise Dubois

Head of Platform Engineering, Nimbus

"Instant Replay has 10x'd our incident response speed. When something goes wrong, our SREs just !! to re-execute the last remediation step. No copy-paste. No typos. Zero friction."

Ash Chen

CTO, DataMesh

"Our auditors wanted a complete trail of every command executed in production. Chronicle's -w flag lets us export snapshots directly to our GRC platform. Compliance reviews that used to take days now take minutes."

Asha Patel

Director of Compliance, Arcadian

FAQ

Questions from compliance teams

How does Chronicle handle sensitive commands that shouldn't be logged?

Chronicle's HISTCONTROL policy engine includes ignorespace mode — any command prefixed with a space is automatically excluded from the audit trail. For pattern-based exclusion, HISTIGNORE lets you define colon-separated patterns that are silently filtered. This gives your operators the flexibility to work without compromising the audit surface.

What happens if the session terminates unexpectedly?

Configure Chronicle with chronicle -a in your session hooks to continuously append to HISTFILE. Combined with chronicle -n to read new entries from shared logs, your audit data is durable even across unexpected terminations. We never lose a single entry.

Can multiple team members share a single audit file?

Absolutely. HISTFILE can point to a shared location. Use chronicle -r to hydrate a session from the shared log and chronicle -a to contribute back. The -n flag reads only new entries appended since the last sync, preventing duplicates and ensuring conflict-free multi-user audit trails.

Is there a way to edit a command before re-executing it?

Chronicle integrates with the fc subsystem, which opens any historical command in your configured editor for modification before re-execution. This is what we call Inline Remediation — fix-and-replay without leaving the audit context. Available on Team plans and above.

How do we prove to auditors that our retention policies are enforced?

HISTSIZE and HISTFILESIZE are declarative retention controls. Set them once, and Chronicle enforces the limit automatically by evicting the oldest entries. Export the current configuration with chronicle -w alongside your audit snapshots. Auditors get both the data and the policy proof in one artifact.

OUR THESIS

The missing layer in operational governance

Every regulated industry demands a complete audit trail. Financial services log every trade. Healthcare logs every access. Aviation logs every maintenance action. But the most powerful interface in technology — the command line — has operated in a governance vacuum. Operators execute commands that provision infrastructure, modify data, and configure security controls, and unless someone is watching, that activity vanishes.

Chronicle exists to close that gap. We believe that every command executed in a production environment is a compliance event. Every keystroke is an audit entry. Every session is a record that should be captured, governed, and retained according to policy — not left to chance. This is not about surveillance. It is about accountability, reproducibility, and the fundamental right of an organization to understand what happened and when.

We built Chronicle because the most consequential actions in technology still happen in the dark. Not anymore.

Every action.
Captured. Governed.
Immutable.