GS

Welcome

Quick Actions

Pending tasks & approvals

Recent documents

Compute

Compute overview

Live posture across every execution surface.

Guides & assistance
Cluster CPU--live utilisation
Cluster RAM--live utilisation
Workloads running--across tenants
Fn invocations--lifetime
Active incidents--needs attention
GPU allocated--accelerators
Compute surfaces

Cluster utilisation — CPU / RAM / GPU

Request throughput

Recent compute events

Loading events...

Compute topology

The live compute plane as an interactive SynInfra Canvas — nodes, workloads and their placement. Drag to arrange, click to inspect.

Platform runtimes

Live health of every in-process platform runtime.

The real, in-process logical runtimes this server is composed of — the SynDB engine, SynDrive, SynAuth, SynVault, SynCompute, SynOpt, SynNet, SynStream and SynPost. Each card is probed live: the latency is a real method call or SQL round-trip against the running subsystem, and the metric is counted from it. Health, transitions and last-known posture are persisted in the control plane and survive a restart.

Loading process telemetry…

Probing platform runtimes…

Self-healing & autoscale

A supervisor probes every runtime on a cadence and remediates any that aren’t healthy — re-probing, re-driving the SynOpt autoscaler, with backoff and escalation. The autoscaler launches and drains SynOpt-managed compute nodes against real load.

Loading autoscaler…
Remediation journal

No remediation events yet — all runtimes healthy.

☠ Fault-injection drill

Prove the fabric self-heals by breaking it on purpose. Use the control on any live replica (Workloads) to hard-kill it, or ☠ Drill on a runtime above to degrade it — then watch the supervisor recover it. Every drill is audited to the durable log and survives a restart.

No drills run yet — inject a fault to see the recovery.

Tenants

Isolation boundaries and resource quotas.

Isolation boundaries with hard resource quotas. Each tenant pins CPU / RAM / storage / GPU ceilings, an isolation mode (container / microVM / namespace) and a workload cap. Live usage is tracked against quota so over-subscription surfaces immediately.

--

Connecting to control plane...

Nodes

Servers in the compute cluster.

Servers participating in the mini-cloud. Each node advertises its role, CPU / RAM / GPU capacity, agent version and live heartbeat. New nodes are normally added via Settings → Enroll node, which mints a token and prints a real install script.

--

Connecting to control plane...

Devices

Trusted endpoints and fleet agents.

Trusted endpoints and fleet agents that consume platform resources. Track ownership, trust level, posture and last-seen freshness.

--

Connecting to control plane...

Workloads

Deployable compute units and their vault secrets.

Deployable compute units (web / worker / job / function / media / static). Scale, suspend, wake, restart or roll back any workload — the canonical "run only when needed" control. Each workload is backed by its own SynVault secret namespace.

Workload runtime — real processes

Deploy a workload and SynCompute spawns it as one or more real OS process replicas, bin-packed across the managed node pool. Each replica runs your command (or a built-in heartbeat service) in its own process group with a scrubbed, injected environment; stdout/stderr are captured live, and the supervisor restarts any replica that dies. Scaling and stopping start and signal real processes — and the resulting node load drives the autoscaler.

No workloads running yet — deploy one above.

--

Connecting to control plane...

Workload secrets & runtime tokens (SynVault)

Per-workload secret namespaces issued from the shared vault. Pick a workload namespace, then add or rotate the secrets its runtime reads at boot. Values are encrypted at rest and never returned — only the key, version and a short fingerprint are shown. Issue a scoped runtime token to let a workload authenticate to internal services.

Load a namespace to manage its secrets.

Processes

The live OS-level process table.

The live OS-level process table across every node. Suspend, resume, throttle, restart or kill any process in place — the actions a platform operator needs during an incident. CPU / RAM / restarts / open files are tracked per process.

--

Connecting to control plane...

Containers

Container runtime instances.

Container runtime instances. Track image, owning tenant, host node, exposed ports, CPU / RAM and restart counts.

--

Connecting to control plane...

Virtual Machines

Micro-VM and legacy VM workloads.

Micro-VM and legacy VM workloads for strong isolation or unmodified guests. Track guest OS, vCPU / RAM / disk allocation and isolation mode.

--

Connecting to control plane...

Functions

Scale-to-zero functions and invocation.

Real, isolated, multi-language functions — the AWS Lambda / Supabase / GCP Cloud Functions equivalent. Author a function in any runtime your nodes support, declare its environment variables and SynVault secrets, then invoke it with a JSON payload to run the code in a scrubbed subprocess sandbox with a hard wall-clock timeout. Every invocation captures real stdout / stderr, updates the rolling p95 and is journaled for audit.

Author function

Probing host runtimes…

Invoke

Invoke a function to run its real code and capture stdout / stderr.

Deployed functions

--

Connecting to control plane...

Recent runs

Select a function and invoke it to see its recent runs.

Jobs & Queues

Background queues and workers.

Background job queues and their workers. Track queue depth, processing rate, worker count and drain state — the backbone of asynchronous workloads.

--

Connecting to control plane...

Schedulers

Schedules and the placement simulator.

Cron and event schedules plus a live placement simulator. The simulator scores every node for a candidate workload by free CPU + free RAM, honouring role and GPU requirements and penalising degraded nodes — exactly the decision the scheduler makes.

Placement simulator

Score every node for a candidate workload.

Schedules

--

Connecting to control plane...

GPU Pools

Accelerator inventory and allocation.

GPU pool inventory and allocation. Track model, VRAM, host node, utilisation, temperature and the workload each accelerator is assigned to.

--

Connecting to control plane...

App Packager

Detect, build, sign and publish artifacts.

The custom application packager. Detect a runtime profile from any language or framework, then run the full eight-stage pipeline (detect → dependencies → build → test → SBOM → scan → sign → publish) to produce a signed, attested artifact.

Detect runtime profile

Enter a language to detect the build tool, start command, port and health endpoint.

Build & package

Run a build to watch the eight-stage pipeline execute.

Build history

--

Connecting to control plane...

Deployments

Vault-backed release lifecycle.

DevSecOps deployments. Deploy an application to provision (or patch) its workload, attach a dedicated SynVault secret namespace and mint a scoped runtime token, then advance the release through its full lifecycle (build → scan → sign → stage → health → approval → production → traffic shift → monitor → stable) with blue-green / canary / rolling strategies and one-click rollback.

Deploy an application

Deploy to provision a workload, attach a Vault namespace + runtime token, and start the release lifecycle.

Deployments

--

Connecting to control plane...

SRE & Observability

Real runtime, memory, scheduler, autoscaler and IPC telemetry.

The SRE surface, living inside the compute domain. Real, measured signals fused from the live process, SynOpt's tiered memory virtualisation, the work scheduler, the SynOpt↔SynCompute autoscaler and the instrumented IPC fabric — nothing here is synthesised. The autoscaler reconciles on a 15-second cadence; Force reconcile runs a cycle immediately and shows the decision.

--
Process RSS--resident memory
Host RAM--total physical
Load avg (1m)--run-queue pressure
OS threads--this process
IPC calls--measured lifetime
IPC error rate--across all actions

Process runtime

Sampling the live process…

Node lifecycle

Rolling up nodes…

Memory virtualisation — SynOpt hot / warm / cold tiers

Reading the tier manager…

Work scheduler — SynOpt queues

Reading the scheduler…

Autoscaler — SynOpt↔SynCompute bridge

Reading the bridge…

Autoscaler decision log

No reconcile decisions yet — trigger one with Force reconcile.

IPC fabric — measured at the dispatch chokepoint

No IPC measured yet.

Live IPC trace feed

Waiting for IPC traffic…

Runtime Tracing

Request-to-resource lifecycle traces.

Request-to-resource lifecycle tracing — the killer feature. Trace any request end to end and see exactly where time and resources go: DNS → firewall → TLS → proxy → auth → service → SynDB query → storage → response. The dominant bottleneck, CPU-ms, RAM, payload sizes and a risk grade are computed for every trace.

Trace a request

Run a trace to see the stage-by-stage lifecycle waterfall and the bottleneck.

Recent traces

--

Connecting to control plane...

Resource Optimizer

Idle / leak / over-allocation findings.

The resource optimizer scans workloads and processes for idle, over-allocated and leaking resources and produces actionable findings with concrete recommendations. Run a scan, then act on (or dismiss) each finding.

--

Connecting to control plane...

Incidents

Detected anomalies and failures.

Incident and anomaly detection. The scanner inspects the process table, node health and function error rates for CPU exhaustion, crash loops, memory leaks, degraded nodes and error spikes, then opens deduplicated incidents you can triage and resolve.

--

Connecting to control plane...

Logs

Append-only operational event log.

Durable, queryable operational log for every action taken through the compute control plane — lifecycle changes, deployments, heal events, chaos drills, scans and vault operations. This tier is append-only and survives restart, independent of the live state document, with bounded retention.

--
Loading durable log stats…

Loading log…

Automation

Triggered and scheduled compute jobs.

The automation engine. Define triggered or scheduled jobs and run them on demand. Bound executors actually run: incident.scan, optimize, health.check, config.snapshot, scale_workload and scale_to_zero.

--

Connecting to control plane...

Settings

Enrollment, health, config and capabilities.

Plane-wide operations: enroll new nodes, sweep cluster health, version the entire desired-state and review the subsystems behind the control plane.

Enroll a node

Mint an enrollment token and generate a real install script + systemd unit the operator runs on the target host. The node appears in the Nodes surface in the enrolling state until health reporting goes green.

Generate an enrollment to see the token and the install script.

Cluster health sweep

Probe every node's heartbeat freshness and roll up workload health in real time.

Run a sweep to probe every node.

Config versioning

The control plane keeps versioned snapshots of the entire compute desired-state. Capture a snapshot before risky changes and roll back instantly if needed.

Loading versions...

Capabilities

SubsystemBacked byState
Execution control planesyndb-computeactive
Workload secrets & tokenssyndb-vaultactive
Tenancy & isolationsyndb-tenantactive
Runtime & modulessyndb-runtimeactive
Scheduling & placementsyndb-computeactive
Request tracingsyndb-computeactive
Capsule / device agentssyndb-capsulesupervised
Config versioningsyndb-computeactive
Compute Engines
Create virtual machines, install an OS, secure them, and reach them from anywhere — on native platform hardware via Syneratix
Loading compute engines…

Workspace

What needs you now — unread mail, approvals awaiting, open incidents and the ticket queue, all live and one click from the work.

Your communications workspace

Messages, meetings, approvals and the ticket queue — all in one place.

Quick actions

Approvals awaiting

Loading…

Open incidents

Loading…

Ticket queue · SLA

Loading…

SynComms overview

Live posture across every realtime, streaming, social & monetisation surface.

Assets ready--VOD library
Live now--active streams
Concurrent viewers--across players
Avg QoE--quality of experience
AI units--robots consumed
Chat messages--all channels
Communication surfaces

Featured stream

A real, adaptive HLS stream served through the SynComms player. Pick any ready asset from Video Assets or a channel from TV to play it here.

Press “Play featured” to start an adaptive HLS stream.
idle

Delivery throughput

Recent communication events

Loading events...

Chat & Channels

Realtime channels and messages.

Messages

Loading channels…

Select a conversation to begin.
Pick a channel on the left to start the conversation.

Shared Inbox & Tickets

Team Spaces: shared mailboxes, tickets and SLA — one governed conversation per address.

Team Spaces turn a shared address (e.g. incident-204@space.company.syn) into one governed conversation. Inbound mail opens a communicationContext, posts to the team channel, and raises a ticket with an SLA clock — auto-assigned to an on-rotation agent. Internal notes stay on the timeline and never enter outgoing mail.

Spaces

Loading spaces…

New space

Simulate inbound mail

Drop a message onto a Space address to watch the gate run end-to-end.

Shared inbox queue

--

Loading queue…

Conversation

Pick a conversation from the queue to triage it.

Tickets & Cases

A live, status-columned board over every open ticket and case across your shared inboxes — priority, assignee and SLA, breaching first.

A live board of every open ticket and case across your shared inboxes — the governed work objects behind support, incidents and requests. Move a card with its status buttons; the SLA clock and assignee stay honest, and breaching cards float to the top of each column.

--

Loading the board…

Selected ticket

Pick a card to reassign it, escalate, or move it through its lifecycle.

Scheduling & Bookings

Booking pages, availability, the booking gate and the meeting lifecycle — one context per appointment.

A booking page turns a resource and its working hours into a shareable scheduling endpoint. A request against it runs the Phase 3 gate: it opens one communicationContext, places the appointment, schedules a SynComms room, captures the intake and queues reminders — all threaded to one id.

Booking pages

--

Loading booking pages…

New booking page

Availability & the booking gate

Pick a page, find a free slot a day or more out, fill the invitee in and book — the gate confirms the appointment, the room and the reminders in one ordered burst.

Pick a page and find slots.

No slot selected — pick one above, then book.

Bookings

Every confirmed booking becomes a Meeting with its own join code —

--

Pick a page to see its bookings.

CRM Timeline

A customer's whole relationship in one time-ordered timeline with the stats a CRM card shows.

A customer's whole relationship in one time-ordered timeline — every email, chat, call, meeting and booking that shares their contexts — with the headline numbers a CRM card shows. A pure projection: it reproduces no message body, only references.

Enter a customer to build their timeline.

Timeline

No timeline yet.

Approvals

A governed workflow object — request, decide and resolve a document, purchase, expense, leave, access, publication or contract sign-off, all on one context.

An approval is a governed workflow object — not a chat reply saying “approved.” Request a document, purchase, expense, leave, access, publication or contract sign-off; it opens (or threads into) one communicationContext, places an approval facet, and runs a validated multi-step status machine — all / any / quorum rules, sequential or parallel — emitting one event per recorded verdict.

Approvals

--

Loading approvals…

Request an approval

No steps yet — add one below.

Selected approval

Pick an approval to review its steps, record a verdict, or withdraw it.

Incidents & Status

The operational-response gate — declare an incident to stand up a ticket, bridge, responders, affected services and tasks on one context; escalate, page and post status-page updates.

An incident is an operational-response object — not a status line in a chat. Declaring one opens a communicationContext and, in one call, stands up an incident ticket + a bridge call + responders + affected services + seeded response tasks, with a hot SLA clock that tightens on escalation. Post status-page updates, escalate the severity, page responders and flip a service’s state — all on one shared audit trail.

Incident board

--

Loading incidents…

Declare an incident

No responders yet — the first commander leads.

No affected services yet.

No seeded tasks yet.

Selected incident

Pick an incident to post a status update, escalate the severity, page a responder, or flip a service’s state.

Video Meetings

Native WebRTC meetings, webinars, recordings and transcripts.

Start a live call

Mint a join code and connect instantly — peer-to-peer on a LAN, server-forwarded as the room grows.

Schedule a meeting

Pick a time to schedule it for later, or leave the time blank to start now. Either way it becomes one Meeting with a shareable join code.

Meetings

Every call, scheduled meeting and booked appointment is one Meeting here — Join to enter the room, Start / End to drive its lifecycle. Need recurring availability or a public booking page?

--

Connecting to SynComms...

Link a capture

On-device capture yields a recording or transcript object — pick one to attach it to a meeting. The bytes stay on the device; only the reference is stored.

Recordings

Connecting to SynComms...

Transcripts

Connecting to SynComms...

Audio Rooms

Live audio spaces and participants.

Live audio rooms (think Spaces / Stages) — start a room, count participants, and end it. Backed by the realtime SFU media plane.

Loading rooms...

All rooms

Connecting to SynComms...

Video Assets

On-demand video & audio, encoding and ingest.

Upload or import video & audio; we encode adaptive HLS (up to 4K), each with its own playback ID.

Direct upload

Mint a resumable upload URL, then complete it to spawn a processing asset — exactly the Mux direct-upload flow.

Create an upload URL to receive a signed PUT target and an asset.

Import from URL

Ingest any public video URL straight into the encoder.

Asset library

--

Connecting to SynComms...

Preview

Click “Play” on any ready asset to preview its HLS stream.
Select an asset → Play to preview.

Live Streams

RTMP/SRT ingest, stream keys, simulcast and recordings.

Go live in three steps: create a stream, point your encoder at the ingest URL, then Go live from its row. Stopping a recording-enabled stream rolls it off to a VOD asset.

1 · Streams

--

Connecting to SynComms...

2 · Ingest

Point OBS / ffmpeg / a hardware encoder at the server URL with the stream key. Reset the key to revoke a leaked credential instantly.

Select a live stream to reveal its ingest URL + stream key.

3 · Monitor

Go live, then press Watch to monitor the output.
Select a stream and press Watch.

TV Channels

Linear channels and the EPG.

Linear TV channels with a live electronic programme guide (EPG). Each channel plays a continuous HLS feed; the guide shows what's on now and what's next, computed against the wall clock. Tune a channel to watch it.

Loading channels...

Now watching

Tune any channel above to start watching live TV.
Tune a channel to start watching.

Player

Public/signed playback IDs and signed-URL minting.

A ready-made adaptive player with public and signed playback IDs. Mint a short-lived signed token, then play the signed URL.

Playback IDs

--

Connecting to SynComms...

Sign a playback URL

Mint a token to get a signed, playable URL + verifiable JWT.

Player

Mint a signed URL or paste an .m3u8, then press Play.

Social Graph

Posts, comments, reactions, follows, polls and moderation.

A sovereign social graph — posts, threaded comments, reactions, reposts, polls and follows, each governed and audited.

Posts--published
Follows--graph edges
Moderation queue--flagged / hidden

Compose

follows

Feed

Load the feed to see graph-aware posts.

Polls

--

Connecting to SynComms...

All posts

--

Connecting to SynComms...

Moderation log

Connecting to SynComms...

Forms & Surveys

The unified forms engine — surveys, polls, feedback, contact, quizzes & registrations; draft → publish → analyse.

One engine for every form — surveys, polls, feedback, contact, quizzes & registrations — borrowing the best of SurveyMonkey, Typeform & Google Forms, native to the platform. Build it, publish it, collect through one validated gate, and roll it up into privacy-preserving analytics for SynAnaly. Phone & country questions use the Meridian international inputs.

Forms

--

Loading forms…

Build a form

No questions yet — add one below.

Selected form

Pick a form to publish, close, fill it in, or see its results.

Live form

A published form renders here exactly as a respondent sees it — submitting runs the public gate (no sign-in required).

Publish a form, then open it here to fill it in.

Results & analytics

--

Pick a form to see its privacy-preserving roll-up.

Monetisation

Access rules, the allow/deny gate, subscriptions, tips, coupons and revenue.

Per-object access rules with a real allow/deny gate, subscriptions, tips and an append-only revenue ledger.

Gross--all revenue
Platform fee--retained
Creator net--payable
Active subs--recurring

Access rule

Evaluate access

Evaluate an object to see the real allow/deny decision.

Subscribe

Tip a creator

Coupons

Connecting to SynComms...

Access rules

Connecting to SynComms...

Subscriptions

Connecting to SynComms...

Entitlements

Connecting to SynComms...

Tips

Connecting to SynComms...

Revenue ledger

Connecting to SynComms...

Data & QoE

Engagement analytics and real-time viewer counts.

Engagement & quality-of-experience analytics. Drop a view beacon to watch the numbers move in real time.

Total views--lifetime
Live viewers--playing now

Quality by platform

Loading analytics...

Top assets

Loading analytics...

Record a view beacon

Captions

Auto-generated transcripts and translation.

Automatic speech-to-text captions in many languages, plus on-demand translation.

Generate captions

Generate a caption track, then preview its transcript cues.

Tracks

--

Connecting to SynComms...

AI Robots

Summaries, chapters, moderation and Q&A.

AI robots run over any asset — title & summary, chapters, key moments, scenes, moderation, Q&A or caption translation.

Run a robot

Run a robot to see its structured result.

Robot jobs

--

Connecting to SynComms...

Security & DRM

Signed URLs, restrictions, DRM and media tools.

Protect content with signed playback IDs, URL signing keys, playback restrictions and DRM. Verify any minted token offline.

Signing keys

--

Connecting to SynComms...

Restrictions

--

Connecting to SynComms...

DRM configurations

--

Connecting to SynComms...

Media tools — thumbnails, GIFs, storyboards, clips, MP4

Build deterministic media URLs for any playback ID: a poster thumbnail at any timestamp, an animated GIF, a storyboard sprite, a sub-clip and an MP4 rendition.

Build URLs to get ready-to-use thumbnail / GIF / storyboard / clip / MP4 links.

Audit Logs

The append-only governance trail.

The append-only governance trail. Every object created across SynComms writes an immutable audit event (action, object kind/id, actor, tenant) — the backbone of compliance and tamper-evidence.

Audit events

--

Connecting to SynComms...

Developers

API keys, webhooks and simulcast targets.

Everything internal teams and external integrations need: environment-scoped API keys and webhooks that fire on asset/live lifecycle events — the developer contract for the engine.

API keys

--

Connecting to SynComms...

Webhooks

--

Connecting to SynComms...

Simulcast targets

Restream a live stream to external platforms (YouTube Live, etc.) in parallel.

--

Connecting to SynComms...

SynPost
··

Mail overview

Live posture across every mail surface.

Domains verified--sending + receiving
Mailboxes--active addresses
Unread--across inboxes
Messages--stored
Sent--outbound
Storage--MB used
Mail surfaces

Storage model

SynPost is fully native: message metadata lives in the SynDB control plane and raw RFC-5322 MIME is written once to a content-addressed object tier (CAS) — no Postgres, no S3, no Redis. New-mail fan-out, presence and the webserver are all in-tree (SynRealtime · SynPush · SynWeb).

--

Recent mail events

Loading events...

Webmail

Read, compose, send and receive.

Inbox
0 selected
No folder open
Select a folder to view its messages.
Select a conversation
Choose a message from the list to read it here. Replies, forwards and attachments all open inline — no context switch.
Press C to compose a new message

Calendar

Your day, your team and bookable time — native.

Loading calendar…

Bookings

Public scheduling pages and appointments.

Select a booking page
Pick a page to manage its services, preview live availability and review appointments.

Events

Event pages, programmes, tickets and registration.

Select an event
Pick an event to manage its programme, tickets and registrations.

Tasks

Work that comes out of your inbox.

Loading tasks…

Notes

Personal notes alongside your mail.

Files

Every attachment across the org, in one place.

Loading files…

Domains

Connect domains, publish DNS, verify and rotate DKIM.

Connect a domain to send and receive mail. SynPost mints a real 2048-bit RSA DKIM keypair (the private half is sealed in the key store) and renders the MX, SPF, DKIM and DMARC records — plus MTA-STS and TLS-RPT — to publish. Verify then queries live public DNS and confirms each record before flipping the domain to verified.

Connect a domain

Connect a domain to receive its DNS records.

DNS records to publish

Pick a domain below, then “View DNS”.

Connected domains

--

Connecting to SynPost...

Mailboxes

Provision email addresses and folders.

Create email addresses on a connected domain. Each new mailbox is provisioned with the standard folders (Inbox, Sent, Drafts, Archive, Spam, Trash) and a storage quota.

Create a mailbox

Create a mailbox to provision its folders.

Mailboxes

--

Connecting to SynPost...

Default signatures

Pick the signature each mailbox applies by default. New messages and replies from that mailbox are pre-signed automatically — senders can still switch or remove it per message in the composer.

Loading mailboxes…

Shared inboxes

Team mailboxes with shared access.

A shared inbox is a real mailbox — its own folders, storage and send/receive — that several people work together. Grant members access and it appears under Shared in their mailbox switcher, where they can read, reply and send-as the shared address. Perfect for support@, sales@ or a project desk.

Create a shared inbox

Create a shared inbox to grant members access.

Shared inboxes

Loading shared inboxes…

Aliases

Forwarders to local mailboxes.

Forwarders route mail from one address to another local mailbox. A message sent to an alias is delivered to its target's inbox.

Aliases

--

Connecting to SynPost...

Outbound

External delivery queue, retries and suppression.

External recipients are DKIM-signed with the sending domain's own key and queued here for delivery. The processor resolves each recipient's MX, opens STARTTLS, and delivers over real ESMTP. Transient failures are retried with exponential backoff; hard bounces fail the message and suppress the address automatically.

--Queued
--Deferred
--Delivered
--Failed
--Suppressed

Delivery queue

Loading queue…

Suppression list

Loading suppressions…

Mail server

Ports, relay/smarthost and delivery settings.

One place to configure how SynPost sends and receives mail. Point delivery at an authenticated relay / smarthost when your host blocks outbound port 25 (AWS, GCP, Azure, DigitalOcean and most home ISPs do), set the listening ports and HELO identity, and manage your sending domains and mailboxes.

Outbound relay (smarthost)

Route every outbound message through an authenticated relay instead of delivering direct-to-MX on port 25. Works with any provider — Postmark, SendGrid, Mailgun, Amazon SES, Brevo, or your own MTA. Leave this off to deliver straight to each recipient's mail exchanger.

Save your relay, then run a connection test to verify the host, TLS and authentication before enabling it.

Server ports & identity

The HELO name SynPost announces and the standard service ports. Inbound SMTP (25) accepts mail from the internet; Submission (587) and SMTPS (465) accept authenticated client sends; IMAP (143 / 993) serves mailboxes to mail apps.

Domains — send & receive

When a company brings their own domain, configure both directions here. Receive accepts inbound mail addressed to the domain (its MX points to our MTA and is routed to mailboxes); Send lets its mailboxes deliver outbound, DKIM-signed with the domain's own key. A catch-all routes any unmatched recipient to one mailbox on the domain.

Loading connected domains…

Storage

Every mailbox quota draws from one shared company storage pool. Set the pool size, then give each provisioned mailbox a slice of it — total allocation can never exceed the pool.

Loading mailboxes…

Resource meter & quotas

Live per-tenant telemetry across storage, mailboxes, domains and messages, each measured against its quota. A resource turns amber past 75% and red once it reaches its limit. Set a limit to 0 for “no limit”, then Save limits to apply.

Loading resource meter…

Provision a mailbox

Create a mailbox on a connected domain. Sign-in uses the member's platform identity password — provisioning links the mailbox to that identity, so there is no separate mail credential to manage. You can provision a person's mailbox before they first sign in to the Syneratix platform.

Provisioned mailboxes appear under Storage above and on the Mailboxes surface.

Contacts

Address book.

A lightweight address book. Contacts autocomplete in the composer and back the People surface in later phases.

Contacts

--

Connecting to SynPost...

Studio

Design rich email visually — designs, templates and signatures.

Compose rich, on-brand email visually — headings, buttons, images, columns, data tables and action cards. Every design compiles to email-safe HTML with a plain-text alternative and an image-blocked fallback, and is checked for deliverability issues before you send. Save a design to reuse it, promote it to a template, or publish it as an organisation signature.

Saved designs

Loading designs…

Templates

Loading templates…

Signatures

Loading signatures…

Campaigns

Bulk sends on the same mail infrastructure.

Campaigns reuse the exact send pipeline — DKIM-signed with the sending domain's key, suppression-aware, and queued through the same outbound MTA. The audience is your contacts (optionally narrowed to a team). Every recipient is stamped with the campaign id so delivery stats roll up live.

Create a campaign

Campaigns

Loading campaigns…

API & Channels

Communications API keys and the REST send endpoint.

Issue bearer keys for the Communications API — programmatic transactional email over the same infrastructure. Keys are shown once and stored only as a SHA-256 hash. Send with a single authenticated POST.

Issue an API key

A new key's secret token appears here once — copy it now.

Active keys

Loading keys…

REST endpoint

Send a transactional email with one authenticated request:

curl -X POST https://YOUR_HOST/v1/comms/email/send \
  -H "Authorization: Bearer YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"to":"user@example.com","subject":"Hello","text":"Sent via the Communications API"}'

Audit log

Immutable, reference-only governance trail.

An immutable, reference-only record of governed actions — message opens, forwards, exports, permission denials, attachment downloads, signatures applied, drafts shared, events created, bookings cancelled, mailbox delegations and legal holds. Each entry stores object references and a tamper-evident digest; message bodies are never copied here.

--Events
--Access
--Denials
--Exports

Governance audit trail

Loading audit trail…

Settings

Design, delivery, growth and compliance — scoped to what you manage.

Design & composition

Infrastructure & delivery

Developer & compliance

Global mail settings

Loading mail settings…

SynWrite
Loading your workspace…
0/0

Networking

Network overview

Live posture across every networking surface.

Guides & assistance
Requests / sec--live throughput
Active routes--reverse proxy
Healthy upstreams--load balancer
DNS records--authoritative
Firewall denies--last window
VPN peers up--tunnels
Network surfaces

Traffic — last 30 minutes

Recent network events

Loading events...

Network topology

The live network plane as an interactive SynInfra Canvas — drag to arrange, click a node to inspect.

Webserver

The live gateway and domain configuration.

The live SynWeb gateway fronting this system. Configure a domain to make the running platform reachable by name — start with the local DNS resolver and a custom name like syneratix.syn, then add the printed hosts line to open it in your browser, mirroring a production deployment.

Loading webserver…

--

Domains & virtual hosts

Connecting to control plane...

Last domain configuration

Configure a domain to see the authoritative DNS record, the hosts-file line and a verification command.

Webserver & Proxy

Reverse proxy, SNI routing and rate limits.

Reverse-proxy and SNI routes. Each route maps a host (and optional path) to an upstream pool, with TLS termination, WAF and per-route rate limits.

--

Connecting to control plane...

Load Balancers

Upstream pools, members and health checks.

Upstream / load-balancer pools. Members are comma-separated host:port endpoints balanced by the chosen algorithm. Run an active health check to TCP-probe every member and refresh the healthy/total counts.

--

Connecting to control plane...

Last health sweep

Run a health check to probe pool members in real time.

DNS

Authoritative zones and records.

Authoritative DNS. Author zones and the A/AAAA/CNAME/MX/TXT/SRV records served from them.

Zones

--

Connecting to control plane...

Records

--

Connecting to control plane...

API Gateway

Published API endpoints, auth and quotas.

API gateway. Publish API endpoints backed by an upstream pool, with per-endpoint auth (API key / JWT / OAuth2 / mTLS), rate limits and timeouts.

--

Connecting to control plane...

Service Mesh

East-west services, mTLS and traffic policy.

Service mesh. Register east-west services with their namespace, version, mTLS posture, instance count and traffic-distribution policy.

--

Connecting to control plane...

Firewall

L3/L4 allow/deny policy engine.

L3/L4 firewall policy, evaluated in priority order. Lower priority numbers are evaluated first; the default-deny rule should always sit last.

--

Connecting to control plane...

VPN

Encrypted tunnels and peer management.

WireGuard-style VPN peers. Each peer carries an endpoint, allowed-IP set and public key; status reflects the last successful handshake.

--

Connecting to control plane...

IPAM & Subnets

CIDR allocation and utilisation.

IP address management. Track CIDR allocations, their gateway, owning VLAN and utilisation across the estate.

--

Connecting to control plane...

VLANs

Layer-2 segment definitions.

Layer-2 segments. Map VLAN ids to subnets and control tagging for trunk ports.

--

Connecting to control plane...

Routes & NAT

Static routes and address translation.

Static routes and NAT entries. Define destination/gateway pairs, the egress interface, metric and NAT mode (masquerade / SNAT / none).

--

Connecting to control plane...

DHCP

Reservations and active leases.

DHCP reservations and active leases. Bind MAC addresses to fixed IPs or review dynamically-assigned leases and their expiry.

--

Connecting to control plane...

Traffic Monitor

Throughput, bandwidth and flow telemetry.

Live throughput and flow telemetry sampled from the data plane. The series refresh on a short interval while this panel is open.

Loading counters...

Requests / min

Ingress vs egress (MB / min)

Denied flows / min

Automation

Scheduled and triggered network jobs.

Network automation. Schedule or trigger jobs (config snapshots, health sweeps, certificate refresh) and run them on demand with the Run action. Bound executors: config.snapshot, health.check.

--

Connecting to control plane...

Config Scripts

Versioned desired-state snapshots.

Config script management. The control plane keeps versioned snapshots of the entire network desired-state; capture a snapshot before risky changes and roll back instantly if needed.

Saved versions

Loading versions...

Export — current desired-state (read-only)

Click "Refresh" to load the current configuration export.

Diagnostics

Live DNS / TCP / TLS / HTTP probes.

Troubleshooting. These probes run real operations against the host network stack — DNS resolution, TCP reachability, TLS-port checks and HTTP requests.

DNS lookup

TCP ping

TLS port

HTTP probe

Probe results

Run a probe above to see live results.

Logs

Append-only operational event log.

Append-only operational log for every change and probe made through the control plane.

--

Loading log...

Settings

Plane behaviour and subsystem state.

Plane-wide behaviour. These map to the runtime subsystems behind the control plane (syndb-web proxy, syndb-dns, syndb-firewall, syndb-vpn).

Reconcile desired-state to runtime

Push the control plane's desired-state into the live runtime. This ensures every desired DNS zone and record exists in the authoritative resolver and reports what changed.

Click "Reconcile now" to apply desired-state and see the diff.

Capabilities

SubsystemBacked byState
Reverse proxy / SNI routingsyndb-webactive
Load balancing + healthsyndb-webactive
Authoritative DNSsyndb-dnsactive
API gatewaysyndb-gatewayactive
Service meshsyndb-fabric-gatewaysupervised
Firewall / WAFsyndb-firewallactive
VPN tunnelssyndb-vpnsupervised
Config versioningsyndb-netctlactive

SynInfra Canvas

Visual control plane
Resources--
Healthy--
Warnings--
Critical--
Connections--
Throughput--
HealthyWarningCriticalProvisioningOfflineUnknown
Drag to arrange Click a node to inspect Drag empty space to pan

Storage

Tables, objects, volumes, archive, protection and replication for this tenant.

Storage healthBackupReplicationActive jobs

Quick actions

Storage overview

Used capacity
Recovery readiness
Restore points
Active jobs

Storage services

Needs attention

Recent activity

Documentation

Trust & protection plane

Security

Identity, policy, encryption, audit, detection, response and recovery for the entire sovereign enterprise stack.

Security overview

Live posture across every trust and protection plane.

Guides & assistance
Security postureStrongall planes active
Open alerts--threat engine
MFA coverage--identity plane
Audit integrity--hash-chain
Certs issued--trust services
Trusted peers--federation
Services in this plane

Security topology

The live security plane as an interactive SynInfra Canvas — vault, identity, trust, threat and audit, with their internal trust edges. Drag to arrange, click to inspect.

Identity & access

Users, service accounts, MFA, sessions and login policy.

live service
Users
MFA coverage
Active sessionstoken-bound
Locked accounts

User directory

The live user directory — roles, MFA state, lockouts and login history from the auth engine.

Loading users…

Account protections (enforced)

  • Brute-force login protection with progressive delays
  • Account lockout thresholds + suspicious login alerts
  • Two-step verification on every admin door (email OTP / TOTP)
  • Session revocation + refresh-token rotation
  • Hardened admin login with tamper-evident audit

Roles & policies

RBAC, ABAC and policy-based access with tenant isolation.

live service
Roles
Custom rolestenant-defined
Permissionsbound to roles
Tenant boundariesstrictrow-level isolation

Role registry

The live RBAC role registry — system + custom roles with their permission counts.

Loading roles…

Access models

ModelMeaning
RBACRole-based access: Admin, Developer, Auditor
ABACAttribute-based: department, branch, clearance, device, time
PBACPolicy-based: rules expressed as security policies
Tenant isolationOne enterprise cannot reach another's resources

Vault & key management

Secrets, encryption keys, leasing and rotation.

live service
Secrets302tenant-scoped
Keys419 rotation due
Leases active57auto-expiring
Reveals (24h)12all audited

Managed secrets

ItemExample
API keysPayment provider keys, SMS gateway keys
DB passwordsInternal service credentials
Encryption keysTenant master keys (KEK / DEK)
Signing keysJWT, webhook, package signing
TLS private keysWebserver certificates
Federation keysPartner trust keys
Backup keysOffline restore keys

Vault capabilities

  • Envelope encryption with key versioning + rotation + revocation
  • Secret leasing, one-time reveal and automatic expiry
  • Per-tenant key namespaces with full access audit
  • Emergency key escrow + hardware-backed keys (roadmap)

Operating principle

No service stores long-term secrets in config files. Every sensitive service requests short-lived credentials from Vault at runtime.

Trust services

Sovereign certificate authority and PKI hierarchy.

Connecting to live backend...
Root CAoffline-anchored
Authorities
Issued certs
RevokedCRL published

Certificate authorities

Certificate authorities in the SynTrust registry — sovereign root + intermediates.

Loading authorities…

Certificate hierarchy

SynDB Root CA
  └── Enterprise Intermediate CA
        ├── Webserver TLS certificates
        ├── Database mTLS certificates
        ├── Service-to-service certificates
        ├── Federation certificates
        ├── Backup node certificates
        └── Device / agent certificates

Certificate revocation list

Loading revocation list…

Certificates & TLS

Certificate inventory, TLS profiles and domain security.

Connecting to live backend...

Managed serving certificates (SynWeb · SynTrust)

Rotate, check validity and toggle auto-renew — issuance, renewal and monitoring all run in SynTrust.

Loading managed certificates…

Certificate inventory (SynTrust registry)

Every certificate issued by SynTrust CAs — leaves and intermediates, live from the registry.

Loading inventory…

Web protection

Web application firewall and bot defense.

build-out targetWeb Application Firewall + bot defense — backed by syndb-web + syndb-firewall.
Connecting to live backend...
Requests blocked1,203last 24h
Bot score failures87challenged
WAF rules active426 tenant-scoped
Critical attacks6auto-contained

WAF defenses

AttackProtection
SQL injectionQuery pattern blocking
XSSScript payload detection
Path traversalBlock ../ and encoded traversal
Command injectionBlock shell payload patterns
SSRFBlock internal metadata + private-IP calls
CSRFToken enforcement
File upload attacksMIME / type / extension scanning
Bot abuseFingerprinting and scoring

WAF modes

  • Monitor only / Block / Challenge / Rate-limit
  • Allowlist bypass + tenant-specific rule sets

Bot scoring model

bot score
  0 - 30   normal
  31 - 60  suspicious
  61 - 80  challenge
  81 - 100 block

API protection

Auth, signed requests, rate limits and quotas.

build-out targetAPI security gateway — auth, signed requests, rate limits, quotas, full traceability.
Requests today1.8Macross all tenants
Rate-limited3,421token buckets
Abusive clients14shadow-banned
Auth failures6120.03% of calls

API protections

FeaturePurpose
API keysApp-level access
OAuth / OIDCUser-delegated access
JWT validationToken-based auth
HMAC signaturesSigned requests
mTLSHigh-trust API access
Scopes + quotasLimit permissions and protect tenants
Rate limitsToken-bucket abuse prevention
Schema validationReject malformed payloads
Replay protectionNonce / timestamp validation
Webhook signingVerify callbacks

API access levels

Public API     light auth, strict rate limits
Partner API    API key + HMAC + quotas
Internal API   service identity + mTLS
Admin API      mTLS + MFA + audit
Federation API enterprise cert + signed exchange
Break-glass    one-time, fully audited

Network firewall

IP policy, segmentation and per-service firewalls.

live service
Rules96ingress + egress
Denied flows (24h)2,400logged
Open ports8minimised
Segments6zoned

Network controls

ControlPurpose
IP allowlist / blocklistApprove or block sources (CIDR-aware)
Country rulesAllow / block by geography
Port policiesControl exposed ports per service
Service firewallPer-service ingress / egress
Tenant firewallTenant-specific network isolation
VPN-only adminAdmin portals reachable only via secure network

Network segmentation

Public Zone     websites, public APIs
DMZ Zone        gateway, reverse proxy, WAF
App Zone        app services, job workers
Data Zone       SynDB, object store, ledger
Security Zone   Vault, CA, audit, key manager
Backup Zone     encrypted backups, federation replication

Threat detection

Risk scoring, anomaly detection and alerts.

build-out targetLive detection engine — backed by syndb-security threat engine.
Connecting to live backend...
Active alerts61 critical
Risk levelMediumtrending down
Events / min1,360correlated
Auto-contained4last 24h

Event sources

SourceEvents
IdentityLogins, MFA, lockouts
Webserver / APIBlocked payloads, rate limits, auth failures
VaultSecret access, key rotation
SynDBQueries, exports, schema changes
NetworkDenied flows, unusual traffic
FederationRemote syncs, trust changes

Detection rules

  • Brute-force login + password spraying + credential stuffing
  • Impossible travel / new-country login
  • Large export anomaly + unusual database reads
  • Secret accessed by unusual service + certificate misuse
  • Privilege escalation + unexpected outbound traffic
  • Ransomware-like file changes + crypto-mining behavior

Threat score example

user risk: 72 / 100
  reason:
    - new device
    - failed MFA
    - login from new country
    - attempted admin endpoint
  action:
    - require MFA
    - alert security admin
    - restrict sensitive exports

Audit logs

Immutable, tamper-evident, correlated audit trail.

live service
Events today82,000all retained
Tamper statusVerifiedhash-chain intact
Retention365 dayspolicy-bound
Signed events1,204exportable

Audit log requirements

RequirementDescription
Append-onlyLogs cannot be silently edited
Tamper-evidentHash-chained log entries
SearchableFilter by user, service, tenant, IP
ExportableCSV, JSON, PDF, compliance bundle
SignedImportant events are cryptographically signed
CorrelatedLink user -> API -> DB -> file -> export
Tenant-isolatedEach enterprise sees only its own logs

Compliance

Control packs mapped to live audit + policy evidence.

Controlsevidence-linked
Passing
Failingneeds remediation
Evidence sourceliveauth · audit · PKI · threat

Control evaluations

Each control is evaluated from live platform evidence at request time — never hand-entered.

Evaluating controls…

Federation trust

Trusted peers, signed exchange and revocable contracts.

build-out targetSovereign federation — backed by syndb-security federation registry.
Connecting to live backend...
Trusted peers3cert-bound
Backup links2encrypted
Last sync12 minsigned
Trust contracts3policy-bound

Federation security

FeaturePurpose
Federation identityEach enterprise has a cryptographic identity
mTLS federationBoth sides authenticate
Signed data exchangePrevent tampering
Encrypted replicationRemote node cannot read data
Policy-bound sharingShare only approved data
RevocationCut off partner trust instantly
Federation auditLog all cross-org activity

Zero-knowledge backup model

Enterprise A encrypts backup locally
backup is signed
backup is sent to Enterprise B
Enterprise B stores encrypted backup only
Enterprise B cannot decrypt it
Enterprise A keeps restore keys
audit log records every replication event

Backup security

Encrypted, key-separated, verifiable backups.

build-out targetBackup security — maps to syndb-backup + Vault key separation.
Encrypted backups100%AES-256-GCM
Restore approvals2audited
Key separationEnforcedhost cannot decrypt
Last verify1 h agochecksum OK

Encryption layers

LayerProtection
Data at restAES-256-GCM page encryption, per-tenant DEKs
Backup encryptionSeparate backup keys, never co-located
Export encryptionPassword / key-protected exports
Federation backupmTLS + payload encryption, remote zero-knowledge
Restore approvalPrivileged, audited restore workflow

Backup controls

  • Backup window controls to prevent flooding
  • Disaster-recovery proof: verify backups without exposing content
  • Tamper-evident backup manifests with signed checksums

Device & agent trust

Zero-trust workload + device identity and posture.

live service
Enrolled devicescompute control plane
Healthyposture-checked
Sessionstoken-bound
Trust modelzero-trustdeny by default

Zero-trust workload model

No workload or device is trusted by default.
Each must:
  1. prove identity
  2. receive short-lived credentials
  3. access only assigned resources
  4. communicate over mTLS
  5. emit audit logs
  6. respect quota and policy

Incident response

Detect, contain, investigate, recover.

Active alerts
Risk level
Tracked subjectsrisk-profiled
Signalscorrelated

Alert queue (threat engine)

The threat engine's live alert queue — acknowledge to mark an alert handled (audited).

Loading alerts…

Top risk profiles

Loading risk profiles…

Response lifecycle

PhaseAction
DetectCorrelate signals into a scored incident
ContainLock account / IP, revoke tokens, isolate workload
InvestigateReplay access path: user -> API -> DB -> file
EradicateRotate secrets, revoke certs, patch policy
RecoverRestore from verified backup, re-enable access
ReviewPost-incident report + control hardening

Security settings

Controls, posture targets and rollout phases.

Controls enforced5 / 72 in phase 2
Posture target95% MFA82% today
Rotation policy90 days9 overdue
Default WAFBlocktenant overrides

Security settings

SettingState
Enforce MFA for adminson
TLS 1.3 minimumon
mTLS between servicesphase 2
Tamper-evident auditon
Automatic key rotation9 due
Geo / IP login policyon
WAF default modeblock

Production rollout phases

Phase 1 — Foundation

  • Identity, sessions, RBAC
  • Vault, internal CA, TLS manager
  • Audit logs, IP allow/blocklist, API keys + JWT
  • Rate limiting + basic brute-force protection

Phase 2 — Enterprise protection

  • mTLS between services, WAF, bot detection
  • Threat detection rules, data + backup encryption
  • Certificate + secret rotation, tenant policies

Phase 3 — Sovereign federation

  • Enterprise identity certificates + trust contracts
  • Encrypted backup replication + cross-enterprise mTLS
  • Zero-knowledge remote backup + trust revocation

Analytics

Metrics, dashboards and operational insight across the platform.

Guides & assistance
Operational summary
Active dashboards0No boards yet
Series ingested0/sAwaiting first source
Reports0No scheduled exports
Services in this plane
Tracing Planned roadmap
Logs Planned roadmap
AI insights Planned roadmap
Forecasting Planned roadmap
Billing analytics Planned roadmap
Partners & Customers
Contracts, invoices, MOUs, supplies, orders and joint projects — collaborate with your partner network
Loading partner workspace…
Meridian library

Data layout components

DataTable, DataGrid, and DataList — the three primitives every module composes its resource surfaces from.

Virtual servers

Compute fleet across all regions

Applications

Deployed workloads and their runtime health

DNS records

Authoritative zone — syneratix.io

NameTypeValueTTLState
syneratix.ioApex
A203.0.113.42300Resolved
www.syneratix.ioSubdomain
CNAMEsyneratix.io.300Resolved
api.syneratix.ioGateway
A203.0.113.5560Resolved
mail.syneratix.ioMail
MX10 mx1.mailhost.net.3600Propagating
_dmarc.syneratix.ioDMARC
TXTv=DMARC1; p=reject; rua=mailto:dmarc@…3600Resolved
staging.syneratix.ioStaging
A198.51.100.1860NXDOMAIN

Drive elements

Recent objects in the active workspace bucket

Network nodes

Routers, switches and gateways across the fabric

Active sessions

Live identity sessions for the current tenant

UserDeviceIPLast seenState
Sarah Achensuperadmin
MacBook Pro · macOS 14203.0.113.4activeOnline
Daniel Okothtenant_admin
Windows 11 Pro203.0.113.219mOnline
Lillian Vegaanalyst
iPhone 15 · iOS 18198.51.100.644mIdle
Mateo Ríosdeveloper
Ubuntu 24.0410.0.4.182hAway
Identity & Access
Governance-first CIAM — people, departments, access, approvals, policies, reporting lines and accountability
Loading identity overview…
Identity Health
Policy Violations
Department Access Distribution
Recent Audit Activity
Tenant Management
Multi-tenant isolation, quotas, and namespace management
TenantEnterpriseStatusIsolationNamespaceRegionDatabasesRepresentationCreated
Role-Based Access Control
Roles, permissions, and policies are now managed in Identity & Access Management
SynDB Studio Workbench SYNQL
Tenant Database hybrid local
Database Objects
Native streams & relational tables
Inspect the objects in the selected database. Native databases expose capsule streams; relational databases expose SQL tables; hybrid databases expose both.
Objects
STREAMS · NATIVE
Loading…
TABLES · RELATIONAL
Click refresh
Select a stream or table
Choose a database object to inspect its schema, codec, descriptor, data, and API exposure. Streams are native capsule objects; tables are relational SQL objects.
--
Click Refresh to load live streams from the fabric gateway.
Endpoints
Loading…
Select an endpoint
Browse the fabric gateway's live REST endpoints on the left. Select one to view its contract and try a live request.
Schema Browser
SynDB (local)
Click refresh to load schema
Ready
1
Execute a query to see results
DB Studio ready -- connected to SynDB engine
Run Explain on a query to see the execution plan
Entity Relationship Diagram
Click "Load ER Diagram" to visualise your database schema.
Tables, columns, primary keys, foreign keys, and indexes are rendered automatically.
Last refresh: --
Total Queries
0
Session total
Avg Latency
--
Milliseconds
Tables
--
Across all schemas
Errors
0
This session
Server Status
Connection StatusConnected
Server Uptime--
Active Sessions0
Open Tables0
Total Connections1
Query Error Rate --
SQL Statements
Execute queries to populate analytics
Duration
Rows
Status
Query Log
#TimeQueryDurationRowsStatus
No queries executed yet
Client Connections
Current Sessiondev_session_bypass
Usermaster_admin
Queries This Session0
Errors This Session0
Avg Response Time--
Throughput 0 q/min
Status
--
Requests Inspected
0
Blocked
0
Rate-limited
0
WAF Signatures--
IDNameSeverityHitsEnabledAction
Loading…
Status
--
Requests Total
0
Local Responses
0
Proxy Errors
0
404s
0
About SynWeb Gateway

Bare-metal HTTP/1.1 reverse proxy fronting Studio and the JSON IPC plane. Configure under [web] in syndb.toml.

Secrets
0
Keys
0
Active Tokens
0
Key Rotations
0
Secrets
KeyTenantNamespaceCreatedAction
No secrets loaded
Encryption Keys
Key IDPurposeStateVersionCreatedAction
No keys loaded
Tokens
Token IDIdentityKindScopeExpiresAction
No tokens loaded
Reference

Quick Start Guide

Note: Press Cmd+Enter (Mac) or Ctrl+Enter (Win) to execute the current query.

Basic Queries

-- List all tables
SHOW TABLES;

-- Describe a table structure
DESCRIBE auth_users;

-- Select data
SELECT email, display_name, status FROM auth_users WHERE status = 'active';

-- Insert data
INSERT INTO my_table (col1, col2) VALUES ('value1', 42);

-- Update data
UPDATE auth_users SET status = 'suspended' WHERE email = 'user@example.com';

-- Delete data
DELETE FROM auth_users WHERE status = 'locked';

SynQL Extensions

-- SynQL supports all standard SQL plus:
-- SHOW TABLES, DESCRIBE, EXPLAIN
-- Window functions (ROW_NUMBER, RANK, DENSE_RANK, etc.)
-- CTE (WITH ... AS), Recursive CTE
-- GROUPING SETS, ROLLUP, CUBE
-- TRY_CAST for safe type conversions
-- Hash and merge join optimizer hints
Tip: Use the AI Assistant panel to generate complex queries from natural language descriptions.

SynQL Reference

SynQL is SynDB's native query language — a superset of SQL with enterprise extensions.

Data Types

TypeDescriptionExample
INTEGER64-bit signed integer42
REAL64-bit floating point3.14
TEXTUTF-8 string'hello'
BLOBBinary large objectX'DEADBEEF'
BOOLEANTrue/False (0/1)TRUE
TIMESTAMPUnix epoch seconds1700000000

DDL Statements

CREATE TABLE table_name (
  id INTEGER PRIMARY KEY,
  name TEXT NOT NULL,
  value REAL DEFAULT 0.0,
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

ALTER TABLE table_name ADD COLUMN new_col TEXT;
DROP TABLE IF EXISTS table_name;
CREATE INDEX idx_name ON table_name(column_name);

DML Statements

SELECT ... FROM ... WHERE ... GROUP BY ... HAVING ... ORDER BY ... LIMIT ... OFFSET ...;
INSERT INTO ... (cols) VALUES (...);
UPDATE ... SET ... WHERE ...;
DELETE FROM ... WHERE ...;
INSERT OR REPLACE INTO ... VALUES (...);

SQL Reference (Standard)

SynDB supports ANSI SQL with the following clauses and operators:

Operators

OperatorDescription
=, !=, <, >, <=, >=Comparison operators
AND, OR, NOTLogical operators
BETWEEN ... AND ...Range check
IN (...)Set membership
LIKE, GLOBPattern matching
IS NULL, IS NOT NULLNull checks
EXISTS (...)Subquery existence
CASE WHEN ... THEN ... ELSE ... ENDConditional expression

Aggregate Functions

COUNT(*), COUNT(DISTINCT col)
SUM(col), AVG(col), MIN(col), MAX(col)
GROUP_CONCAT(col, ',')

-- With FILTER clause:
COUNT(*) FILTER (WHERE status = 'active')
SUM(amount) FILTER (WHERE type = 'credit')

Built-in Functions

Note: All functions can be used in SELECT, WHERE, HAVING, and ORDER BY clauses.

String Functions

FunctionDescriptionExample
LENGTH(s)String lengthLENGTH('hello') -> 5
UPPER(s)UppercaseUPPER('abc') -> 'ABC'
LOWER(s)LowercaseLOWER('ABC') -> 'abc'
SUBSTR(s,i,n)SubstringSUBSTR('hello',2,3) -> 'ell'
TRIM(s)Remove whitespaceTRIM(' hi ') -> 'hi'
REPLACE(s,a,b)Replace occurrencesREPLACE('aXb','X','Y') -> 'aYb'
COALESCE(a,b,...)First non-nullCOALESCE(NULL,'x') -> 'x'

Numeric Functions

FunctionDescription
ABS(n)Absolute value
ROUND(n,d)Round to d decimal places
CEIL(n) / FLOOR(n)Ceiling / floor
RANDOM()Random integer
TRY_CAST(expr AS type)Safe cast (returns NULL on failure)
Note: TRY_CAST is a SynQL extension -- it returns NULL on type mismatches instead of erroring. Useful for ETL/migration scripts.

Window Functions

-- Row numbering
SELECT name, ROW_NUMBER() OVER (ORDER BY created_at DESC) as rn FROM users;

-- Ranking (with ties)
SELECT name, score, RANK() OVER (ORDER BY score DESC) FROM leaderboard;
SELECT name, score, DENSE_RANK() OVER (ORDER BY score DESC) FROM leaderboard;

-- Running totals
SELECT date, amount, SUM(amount) OVER (ORDER BY date ROWS BETWEEN UNBOUNDED PRECEDING AND CURRENT ROW) as running_total FROM transactions;

-- Partitioned windows
SELECT dept, name, salary, AVG(salary) OVER (PARTITION BY dept) as dept_avg FROM employees;

-- NTILE - distribute into buckets
SELECT name, salary, NTILE(4) OVER (ORDER BY salary DESC) as quartile FROM employees;

-- LAG / LEAD (prev/next row values)
SELECT date, price, LAG(price,1) OVER (ORDER BY date) as prev_price FROM stock_prices;
Note: Window functions do not reduce rows like GROUP BY -- they compute values across a "window" of related rows while keeping all original rows.

Indexes

-- Create an index
CREATE INDEX idx_users_email ON auth_users(email);

-- Create a unique index
CREATE UNIQUE INDEX idx_users_email_unique ON auth_users(email);

-- Composite index
CREATE INDEX idx_users_tenant_status ON auth_users(tenant_id, status);

-- Drop an index
DROP INDEX idx_users_email;
Performance: Indexes speed up reads but slow down writes. For high-write tables (logs, events), be conservative with indexes. For read-heavy lookup tables, index all frequently queried columns.
Best Practice: Always index columns used in WHERE, JOIN ON, and ORDER BY clauses. Use EXPLAIN to verify your indexes are being used.

Joins

-- Inner Join
SELECT u.email, s.created_at FROM auth_users u INNER JOIN auth_sessions s ON u.user_id = s.user_id;

-- Left Outer Join
SELECT u.email, r.name FROM auth_users u LEFT JOIN auth_user_roles ur ON u.user_id = ur.user_id LEFT JOIN auth_roles r ON ur.role_id = r.role_id;

-- Cross Join
SELECT a.name, b.name FROM table_a a CROSS JOIN table_b b;

-- Self Join
SELECT e.name as employee, m.name as manager FROM employees e LEFT JOIN employees m ON e.manager_id = m.id;
Note: SynDB's optimizer automatically chooses between hash join and merge join based on data sizes. Use EXPLAIN to see which strategy was chosen.

Transactions

-- Begin a transaction
BEGIN TRANSACTION;

-- Perform operations
INSERT INTO orders (customer_id, total) VALUES (1, 99.99);
UPDATE inventory SET quantity = quantity - 1 WHERE product_id = 42;

-- Commit changes
COMMIT;

-- Or rollback on error
ROLLBACK;
Important: SynDB uses SERIALIZABLE isolation by default. Long-running transactions may block other writers. Keep transactions short and focused.

Database Admin Tips

Performance: Run EXPLAIN before deploying any query that touches >10k rows. Look for full table scans and add indexes accordingly.
Monitoring: Use the Metrics tab to track query latency and error rates. Set alerts if avg latency exceeds 100ms.
Backups: SynDB's backup module creates point-in-time snapshots. Schedule backups via the Backup module before any schema migration.
Multi-tenancy: All queries are scoped to your tenant by default. Superadmins can query across tenants using the RBAC module.

Useful Admin Queries

-- Check table sizes
SELECT name, COUNT(*) as rows FROM (SHOW TABLES) ORDER BY rows DESC;

-- Find slow queries (from metrics log)
-- Check the Metrics tab -> Query Log -> sort by Duration

-- Verify indexes
SHOW TABLES;
DESCRIBE table_name;

-- Check active sessions
SELECT * FROM auth_sessions WHERE expires_at > strftime('%s','now');

Developer Tips

Autocomplete: Type a table name followed by . to see column suggestions. Press Tab to accept a suggestion.
CTEs: Use Common Table Expressions (WITH ... AS) to break complex queries into readable steps.
WITH active_users AS (
  SELECT * FROM auth_users WHERE status = 'active'
),
user_sessions AS (
  SELECT user_id, COUNT(*) as session_count
  FROM auth_sessions
  GROUP BY user_id
)
SELECT u.email, u.display_name, COALESCE(s.session_count, 0) as sessions
FROM active_users u
LEFT JOIN user_sessions s ON u.user_id = s.user_id
ORDER BY sessions DESC;
Editable Results: Double-click any cell in the Results table to edit it in-place. Press Enter to save -- the studio auto-generates an UPDATE statement.
Security: Always use parameterized queries in application code. The DB Studio is for admin/dev use -- never expose raw SQL inputs to end users.

Keyboard Shortcuts

ShortcutAction
Cmd+Enter / Ctrl+EnterExecute query
Cmd+Shift+F / Ctrl+Shift+FFormat / beautify query
Cmd+S / Ctrl+SSave query
Cmd+L / Ctrl+LClear editor
TabAccept autocomplete suggestion
EscapeDismiss autocomplete / AI panel
Cmd+/ / Ctrl+/Toggle line comment
Cmd+I / Ctrl+IToggle AI panel
Guides & assistance
Vault — Secrets & key management
Store secrets encrypted at rest with AES-256-GCM, manage encryption keys with scheduled rotation, and keep a tamper-evident audit trail of every access.
Loading…
My files
Loading…
Guides & assistance
VPN — Encrypted mesh networking
Stand up WireGuard-style interfaces, enrol peers with server-generated keys, and render ready-to-deploy configs — all managed from one console.
Loading…
Guides & assistance
DNS — Domains, records & verification
Host your own zones or control a domain you keep elsewhere — import from another provider, generate records to publish at your DNS host, and verify them live from Syneratix.
Loading zones…
Guides & assistance
Firewall — L3/L4 policy engine
Author priority-ordered allow/deny rules with real IPv4 CIDR and port matching, short-circuit IP allow/deny lists, and simulate any packet before you ship the policy.
Loading…
Backup & recovery
Protect, verify and recover tenant data — capture storage, identity governance and infrastructure configuration into real zstd-compressed archives, then preview or merge-restore any point without ever overwriting live data.
Loading…
Device Management
Register hosts and manage compute, networking, storage and security across the four domains
Loading devices…
Guides & assistance
Block Volumes
Provision named, sized block devices with a filesystem and IOPS class, then attach, resize, detach and retire them — raw capacity for any workload, fully tenant-scoped.
Loading…
Guides & assistance
Archive Tier
Move cold data into low-cost archive storage with a transition policy, then retrieve it on demand — cold tier in minutes, deep tier in hours — with a tamper-evident audit of every transition.
Loading…
Guides & assistance
Replication
Replicate tenant state to standby targets in synchronous or asynchronous mode, watch live lag per link, pause or resume streams, and promote a replica for failover — continuity you can prove.
Loading…
A governed catalogue of KPIs with targets, thresholds and owners.
MetricActualTargetStatusOwnerCertification
No metrics defined
Reports run against the durable log tier and live telemetry.
ReportTypeSourceScheduleLast run
No saved reports
Paused 0 events
--:--:--Press Start to tail the platform telemetry pipeline.
When a condition is met, SynAnaly can notify and trigger institutional action.
AlertConditionStateThenLast checked
No alert rules
Spatial Geospatial datasets & maps
World
Regions
0
Total
0
Datasets
0
Layer
Choropleth
Value
lowhigh
SynPost Settings
Configure the shared SMTP sender profile used by AUTH invites, password resets, and future SynPost delivery services.
SMTP Profile
Scope the profile to the platform default or to a specific tenant, then save the sender and relay settings.
Scope
Browser deployments use this URL for clickable invite and reset links. Leave it blank for standalone desktop deep links.
Passwords are stored in Vault under the SynPost namespace. Leave this blank to preserve the current secret.
AUTH invite and reset flows will inherit this transport when this scope is active.
Effective Delivery
This is the transport AUTH will actually use for the selected scope today.
Loading
Loading SynPost delivery settings…
Current Integrations
The first rollout is intentionally narrow so the profile can stabilize before wider SynPost adoption.
  • AUTH user onboarding invites
  • AUTH password reset recovery
  • AUTH email OTP sign-in codes
  • Future SynPost submission and notification services
Branding & Home
Tenant identity for this installation: logos, favicon, navbar colour, hero imagery and which widgets appear on every user's landing page.
Organisation Identity
Applies platform-wide — including the sign-in screen — for everyone in this tenant.
#263168
Logo — light theme PNG/SVG/WebP, max 400KB. Shown on the navbar in light mode.
None set
Logo — dark theme Used when the interface is in dark mode. Falls back to the light logo.
None set
Favicon PNG/ICO/SVG, max 100KB. Shown in the browser tab.
None set
All Services
Security
Infrastructure
Data
Analytics
System