What you get

We built the platform that the monitoring is. Every feature below is table stakes on Synsmarts. Not an add-on. Not an integration. Built into the platform.

Deploys

Push to GitHub. Or SSH in and rsync. We accept both. Code is built into an immutable image, deployed blue/green via Argo Rollouts, and gated by health + canary metrics before traffic shifts. Failed deploys auto-revert with full forensics preserved.

  • Webhook-triggered builds for git-backed tenants
  • CLI synsmarts deploy for workspace-backed tenants
  • Migration-aware deploy paths (code-only / additive / breaking)
  • Per-tenant blue/green cache + shared session continuity

Diagnostics

Detect, diagnose, report, recommend, contain. Five steps, in that order. Other hosts kill first and explain never. We diagnose first, capture evidence, and contain only when there's no other option.

  • Diagnostic reports with finding ID, evidence, code location, suggested fix — delivered via dashboard, email, API, MCP
  • Code-level RAG/DAG (ChunkHound) traces SQL queries back to PHP functions
  • AI agent uses three surfaces: ClickHouse telemetry, code index, live runtime state
  • Code patch upsell — we ship the fix if you want; human approval gates the merge

Backups + restore

Hourly XtraBackup. Continuous binlog shipping (1-minute intervals). Hourly EBS snapshots. Cross-region replication via AWS Backup Vault Lock (WORM). Same retention for every tenant — backups are table stakes, not a premium tier.

  • 30-day XtraBackup retention
  • 14-day binlog retention (PITR window)
  • 7-day EBS snapshot retention (tertiary safety net)
  • Self-service restore: pick a timestamp, watch the Temporal workflow provision a fresh primary, swap endpoints, keep the old for a rollback window
  • Quarterly cross-region restore drills

Observability

ClickHouse-backed unified store. Metrics, logs, traces, business events, cost data — all SQL-queryable in one place. 100% trace capture, no sampling. Per-tenant cost attribution from day one.

  • Every Temporal workflow logs to ClickHouse for process mining
  • Per-service network byte counters for cross-AZ cost attribution
  • Grafana for internal debugging; agents query ClickHouse via SQL
  • 12-month audit log retention per PCI Req 10

Security + compliance

PCI-DSS SAQ D as a Service Provider. GDPR co-equal. CDE boundary published, audited annually, validated quarterly via ASV scans + Falco runtime monitoring.

  • Per-tenant KMS keys, multi-region
  • Falco for container runtime security / FIM
  • PAN discovery scanner across MySQL, S3, ClickHouse — Luhn-valid pattern detection
  • MFA mandatory on all CDE access
  • Cloudflare for SaaS (WAF + CDN + DDoS, Level 1 PCI sub-processor)

Agent surface

Two MCP servers. External for your developer agent (Claude Code, Cursor, etc.), internal for our ops. ~35 tools at launch. Same APIs, same data, same access as human operators.

  • Deploy, rollback, restart, restore via MCP tool call
  • Query traces, logs, metrics by tenant + endpoint + window
  • Self-service actions: restart PHP, kill query, clear cache, manage DNS/SSL/SSH/backups
  • Tenant API keys with 3 scopes: admin, deploy, read-only

Sign Up See pricing