Skip to main content
Back to Blog
Deep Dive6 min read

Session Replay: Reviewing What Your AI Agent Did

After a long agent session, you need to understand what happened. What files were changed? How much did it cost? Did the agent take any unexpected actions? Session replay is how Styrby provides that visibility without compromising encryption.

How Encrypted Replay Works

Every session message is stored encrypted on the server. When you open a past session in the Styrby app or web dashboard, the messages are downloaded as ciphertext and decrypted locally on your device using your stored key pair.

Replay works only on devices that have the encryption keys for that session. If you started a session from your workstation and want to review it on your phone, both devices need to be registered with Styrby, which happens automatically during setup. The replay loads in chronological order, showing each exchange between you, the agent, and any tool executions. Each message displays its token count and cost alongside the content.

Filtering and Search

With dozens or hundreds of sessions over a month, finding the right one matters. Styrby supports filtering by:

  • Agent. Show only Claude sessions, only Codex sessions, or any combination.
  • Date range. Last 24 hours, last week, or custom range.
  • Cost. Sessions above $5, above $10, or custom threshold. Useful for investigating expensive sessions.
  • Project. Filter by the project directory the session was run in.
  • Status. Completed, errored, or still running.

Full-text search within session content happens client-side after decryption. The server cannot search encrypted content, so search requires downloading and decrypting the session first. For large session histories, this means search is slower than a server-side query. The tradeoff is privacy: your search terms never leave your device.

Bookmarking Sessions

Some sessions are worth keeping for reference: a good architecture discussion, a complex debugging session that solved a hard problem, or a session that demonstrates a useful technique.

Bookmarks add a session to your saved list with an optional label. Bookmark metadata (session ID, label, timestamp) is stored on the server. The session content itself remains encrypted.

# Bookmark from the CLI
styrby session bookmark --id ses_abc123 --label "Auth refactor approach"

# List bookmarks
styrby session bookmarks
# ID            Label                    Agent    Date         Cost
# ses_abc123    Auth refactor approach   claude   2026-03-15   $4.20
# ses_def456    Perf debugging           codex    2026-03-12   $2.10

Cost Breakdown per Session

Each session summary shows a cost breakdown:

  • Total cost
  • Input tokens and cost
  • Output tokens and cost
  • Cache tokens and savings
  • Model used
  • Session duration
  • Number of turns (exchanges)

This breakdown helps identify which sessions are cost-efficient. A session that spent 40 turns retrying a failing test at $0.50 per turn is a clear signal to improve the test setup or switch to a cheaper model for iterative work.

Reviewing Permission Decisions

The replay timeline highlights permission requests and your responses. Each permission event shows:

  • What the agent requested
  • The risk classification
  • Whether you approved or denied
  • How long the agent waited for your response

This is useful for post-session security review, especially for overnight sessions where you may have approved dozens of permissions from your phone without full context.

Export

Sessions can be exported as JSON for external processing or archival. The export decrypts the session locally and writes a JSON file to your device. The exported file is plaintext, so handle it with the same care you would give source code.

# Export a session to JSON
styrby session export --id ses_abc123 --output ./session-export.json

Export is a client-side operation. The server sends encrypted data, your device decrypts it, and the plaintext JSON is written locally. Nothing unencrypted touches the network.

Limitations

Session replay has inherent limitations due to the zero-knowledge architecture:

  • Search is client-side only. Large session histories take time to search because each session must be decrypted first.
  • Lost keys mean lost sessions. If both of your registered devices lose their keys, those sessions are permanently inaccessible.
  • Live session replay is not supported. You can review sessions after they complete, but you cannot watch a live session from the replay interface. Use the live monitoring view for that.

Ready to manage your AI agents from one place?

Styrby gives you cost tracking, remote permissions, and session replay across five agents.

Start FreeView Pricing