UNWIND

SIMULATED — NO CHANGES MADE

OFF→ RUNNING→ ENDED→ REVIEWED

Ghost Mode is off. Your agent's actions are live.

Generating summary...

🔒

Click to verify CR-AFT hash chain integrity

🛡️

See Everything. Rewind File Changes. Test Without Consequences.

UNWIND is a security layer that sits between your AI agent and the tools it uses. Every tool call — reading a file, sending an email, running a command — passes through a 15-stage enforcement pipeline before it reaches the real world.

If something looks wrong, UNWIND blocks it. If something goes through and you change your mind, UNWIND can undo it. If you want to test something risky, UNWIND can simulate it without consequences.

No AI in the security path. Every check is deterministic. The agent doesn't know UNWIND exists.

Trust Light — the coloured orb at the top. Green means all clear. Amber means the session has ingested external content and high-risk actions need your approval. Red means something was blocked or a security rule was triggered.

Flight Recorder — every tool call is logged to a tamper-evident database with cryptographic hash chaining. The timeline below shows what happened, when, and whether it was allowed.

Undo Button — before every file write, UNWIND takes a snapshot. You can undo any action, or undo everything since a point in time.

👻

Ghost Mode

See what your agent would do — without it actually doing anything.

Ghost Mode is a dry-run sandbox. When active, all state-modifying actions (file writes, emails, commands) are intercepted and simulated. The agent receives a fake success response and continues working normally, but nothing real changes.

A shadow filesystem serves back "written" content on subsequent reads, so the agent stays internally consistent. An egress guard scans outbound requests for leaked secrets before they leave your device.

Use it to test untrusted tools, risky prompts, or new agent configurations. When the purple banner appears at the top of this dashboard, Ghost Mode is active.

🔗

CRAFT Protocol

Cryptographic proof that every command is genuine, in sequence, and untampered.

CRAFT (Cryptographic Relay Authentication for Faithful Transmission) authenticates every command before it reaches the enforcement pipeline. It provides proof of who sent a command, that it hasn't been modified in transit, and that it arrived in the correct order.

Every event in the timeline is linked to the previous one by a cryptographic hash — forming an unbreakable chain of evidence. If anyone alters or deletes a record, the chain breaks and the dashboard will show you exactly where.

The "Chain Verify" tab lets you check this at any time. CRAFT has zero external dependencies and can be used independently as a standalone audit library.

⏱️

Cadence

Your agent learns your rhythm — and uses it to keep you safe.

Cadence watches timing patterns (never content) to understand when you're actively working, reading, in deep focus, or away from your device. It feeds these signals into the enforcement pipeline.

If tool calls arrive at machine speed while you appear to be away, Cadence raises the alert level. If the timing between actions is suspiciously regular (like a bot, not a human), it flags it. The small pill in the header shows your current detected state.

All timing data stays on your device, auto-deletes after 7 days, and UNWIND works perfectly without it. Cadence is opt-in — enable it with UNWIND_CADENCE_BRIDGE=1, disable it any time with no side effects.

UNWIND See Everything. Rewind File Changes. Test Without Consequences.

All Clear

Files your agent wrote to the sandbox

Network Activity

UNWIND

Ghost Mode

CRAFT Protocol

Cadence