Session Recording
ShellTab records every command run in a drive — by humans or AI agents — automatically. No configuration needed. Every session is replayable, searchable, and attributed to whoever ran it.
How recording works
A capture daemon runs inside every drive and writes a structured journal of shell events — commands entered, output produced, file writes, process starts and exits. The journal is stored locally on the drive's NVMe volume and synced to central storage asynchronously.
Every event in the journal is tagged with the identity of who caused it: a team member's user ID, an AI agent's service identity, or an automated script. This attribution is indelible — it can't be changed after the fact.
The Recording tile
Open the Recording tile from the canvas toolbar to access the session timeline. The tile shows every command run in the current drive, ordered chronologically, with the author avatar and timestamp on each entry.
Timeline scrubbing
Drag the scrubber to jump to any point in the session. The terminal output panel rehydrates to show exactly what was on screen at that moment.
Author filter
Filter the timeline to show only commands from a specific person or agent. Useful for reviewing what a Claude Code session did without unrelated teammate activity.
Command search
Full-text search over command text and output. Find every time git push was run, or every npm install, across the session history.
Export
Download the raw journal as NDJSON for analysis in external tools, or export a rendered HTML replay you can share with stakeholders.
AI agent review
After an AI agent session completes, ShellTab runs an automated review pipeline over the recorded trace. The pipeline analyses what the agent did across each phase of its task and surfaces structured findings:
Scope drift
Did the agent modify files or run commands outside the scope of the original prompt? Scope drift findings flag deviations with the specific commands and file paths involved.
Command side effects
Destructive or irreversible commands (package uninstalls, database drops, force pushes) are highlighted for human review before you merge or deploy.
Test run audit
Did the agent run the tests? Did they pass? The review pipeline checks whether the agent validated its own changes and flags if it skipped this step.
Security findings
Static analysis over agent-generated code for common vulnerability patterns: injection risks, hardcoded secrets, insecure defaults, and OWASP top-10 issues.
Retention & storage
Session recordings are stored in R2 and retained for 90 days on the Free and Plus plans, and 1 year on Team and Scale plans. The journal on the drive itself is retained until the drive is deleted.
Recordings are stored per-organisation and are accessible to all organisation members with at least Viewer role. Admins can export or delete recordings from the organisation settings.