Forensics · authorized personnel only

Unredacted access — the path around path-masking

Recondo's consumer transports (MCP, GraphQL API, REST, TUI, dashboard) apply path-masking when returning captured content. This page documents the recondo-gateway CLI commands that compliance auditors, incident responders, and forensic investigators use to access the raw, unmasked original bytes. This is the deliberate seam where privacy-safe summaries end and the audit-grade truth begins.

Who this is for

Compliance auditors — validating immutability claims and producing audit reports
Incident responders — investigating suspected data leaks or unauthorized access
Security operations — forensic analysis and pattern detection
Internal audit — periodic verification of governance controls

This is not a user feature. The commands below bypass path-masking and return raw captured bytes. They require shell access to the gateway host and read access to ~/.recondo/. Limit who can run them. Compose this with host-level audit logging so every invocation is recorded.

Prerequisites

Requirement Detail

Shell on gateway hostSSH or equivalent into the machine running recondo-gateway serve

Read on data dir~/.recondo/ by default — overridable via RECONDO_STORE / RECONDO_OBJECTS

DB accessSQLite at ~/.recondo/recondo.db for local; PostgreSQL connection string in cloud

CLI familiarityThe recondo-gateway subcommands (this page is the reference)

CLI commands

Every command below bypasses path-masking and returns raw captured bytes. Commands are extracted directly from gateway/src/main.rs in the repo.

recondo-gateway sessions

List every captured session with model, turn count, tokens, cost, started timestamp, intent.

Use case: Identify sessions in a suspect time window before drilling into individual turns.

recondo-gateway session <id> [--turns]

Full turn-by-turn trace of a session; with --turns the response text is dropped for a compact summary.

Use case: Walk the full conversation flow and locate the turns that may carry the leak or violation.

recondo-gateway turn <id>

Single-turn detail with unmasked filesystem paths, raw req/resp hashes, object-store refs, and unredacted user + response text.

Use case: Verify file hashes, confirm capture integrity, access unredacted content. This is where the MITM bytes become visible.

recondo-gateway search <query>

Full-text search across turn content (SQLite). PostgreSQL deployments use the GraphQL API for the same shape.

Use case: Find every turn that references a credential fragment, file path, user id, or endpoint across the database.

recondo-gateway verify <session_id>

Recompute SHA-256 hashes of on-disk captured bytes and compare against database hash claims.

Use case: Prove to auditors that on-disk captures are byte-perfect and have not been tampered with since capture.

recondo-gateway stats

Aggregate statistics — sessions, turns, total tokens, models used.

Use case: Baseline metrics for audit reporting.

recondo-gateway reprocess [--dry-run]

Rescan the captures directory for orphaned files (metadata written, DB row not committed) and re-insert.

Use case: Audit capture completeness after a gateway crash or restart.

The bytes themselves. When you need to inspect the literal HTTP request/response body that a turn produced, the object store is content-addressed. Decompress with zcat directly: zcat ~/.recondo/objects/req/e3/b0c44…855.gz | head -c 500. Use xxd for binary inspection. The first two hex chars of the hash form the shard directory.

Worked example — investigating a credential leak

A security alert flags a suspected database password leak in a Claude session between 2026-05-09 10:00 and 12:00 UTC. The full investigative loop:

Search for the credential fragment

recondo-gateway search "super_secret"

Search returns three matching turns across two sessions. One — trn_xyz789 in ses_abc123 — falls in the alert window.

Examine the full turn

recondo-gateway turn trn_xyz789

The turn output shows the exact user message that revealed the password, the timestamp, model, tokens, the unmasked object-store paths, and the SHA-256 hashes of the request and response.

Verify integrity

recondo-gateway verify ses_abc123

All five turns pass hash verification. The on-disk captures are byte-perfect — no tampering since capture. This is the line auditors actually care about.

Pull raw bytes (advanced)

zcat ~/.recondo/objects/req/e3/b0c44…855.gz | head -c 500
zcat ~/.recondo/objects/req/e3/b0c44…855.gz | xxd | head -20

Byte-level visibility into the literal HTTP request that contained the leak.

Report findings

Document session id, turn id, timestamp, model, the captured user-message excerpt with the leaked line, the root cause ("user pasted a hardcoded password while debugging"), the verify result, and the mitigation (rotate the exposed credential immediately).

What v1 protects — and what it doesn't

Path-masking on read

Protected: filesystem paths in captured prompts (e.g. /home/user/projects/secret-ai-app/api.ts) are replaced with placeholders like <file_at_line_2345> when content flows through MCP, GraphQL, REST, TUI, or dashboard.

Not protected: the CLI commands on this page bypass path-masking entirely. Anyone with shell access sees unmasked paths. This is intentional — forensic investigators need the raw truth; consumer transports get the privacy-safe view.

Credential-pattern redaction — not in v1

Raw captured prompts containing API keys, database passwords, OAuth tokens, or other secrets flow through every transport today — MCP, GraphQL, REST, TUI, dashboard, and gateway CLI. v1.5 / v2 will add a global credential-pattern redaction pass for AWS / GCP / Azure secrets, API keys, DB connection strings, OAuth tokens, and PII. Until then, Recondo operators carry the same content-handling discipline as for logs and transcripts: be careful with screen-shares, copies, and session links shared with untrusted parties.

Hardening recommendations

Limit exposure of sensitive captured content with these layered controls:

Restrict shell access to the gateway host Forensic-access tools require shell on the gateway box. Limit SSH to a security-team subnet in your firewall or security-group rules. Anyone with shell sees unmasked paths and unredacted content.
Restrict MCP / GraphQL / REST to trusted operators Consumer transports already apply path-masking, but they still return prompt text. Allow internal networks only; gate dashboard IPs explicitly.
Enable host-level audit logging Recondo does not log CLI invocations in v1. Linux: auditctl -w /usr/local/bin/recondo-gateway -p x -k recondo_cli, then ausearch -k recondo_cli. macOS: praudit. Windows: enable command-line auditing via Group Policy.
Encrypt the data directory at rest Captures are gzipped objects on disk. LUKS on Linux, FileVault on macOS, EBS/persistent-disk encryption in cloud. Compose with RDS / Cloud SQL encryption for the metadata DB.
Rotate database credentials Quarterly or after any access-control audit. ALTER USER recondo WITH PASSWORD … on the PostgreSQL side.
Set audit-log retention SOC 2 / ISO 42001 typically require a retention window. v1 has no purge tools — track this manually until v1.5 ships a retention pipeline.

Cross-references

The forensic seam is part of the broader architecture story. Adjacent reading:

Path-masking on read Immutability invariant v1 limitations & deferrals Source doc