Use a redacted session replay as supporting evidence

Inspect one authorized, consented recording around a reported problem, distinguish rendered observations from inference, and avoid treating replay as automatic root cause.

Updated · published

markdown for agents →

difficulty advanced · time to value 10 minutes · execution human review required

Start from this

Inspect one authorized session replay related to this reported problem. Confirm consent and redaction, bind the exact identity and time window, render only the relevant segment, separate visible observations from hypotheses, and stop before changing code or contacting the customer.

Why this matters

A stack can show where code failed; a replay can show visible interaction around the failure. Neither proves root cause by itself. Replays are also high-risk customer data and should be inspected only for a specific authorized purpose.

Agentry can locate recent recordings for an authorized distinct_id and return snapshot data. Snapshot types and timestamps are rrweb data—not a natural- language narrative. Meaningful interpretation requires an actual replay renderer or another tool that can faithfully reconstruct the relevant segment.

What you get

  • One recording selected by exact identity and time bounds
  • A minimal rendered segment around the reported outcome
  • Visible observations separated from network, case, and code evidence
  • A diagnosis hypothesis and next test, not an automatic root-cause claim

Walk through it

You

Review the consented replay for the checkout problem reported at 14:20 UTC.

Agent

I will confirm the authorized identity and policy, locate the nearest recording, and render only the relevant segment.

GET /v1/projects/:project_id/users/:distinct_id/summary
GET /v1/projects/:project_id/session-replays?distinct_id=:distinct_id&date_from=:rfc3339&date_to=:rfc3339
GET /v1/projects/:project_id/session-replays/:replay_id/snapshots

Fetch the current OpenAPI schema for exact query parameters and response fields. Do not copy an email address directly into documentation or logs; URL-encode the authorized project identity at call time.

Render the bounded snapshot interval with a faithful rrweb-compatible viewer. Record only observable facts such as “the user selected the submit control and the page displayed an error state.” A raw snapshot with type: 3 does not prove which element was clicked or what a form contained.

If a real case ID or fingerprint is available, inspect it separately:

GET /v1/cases/:case_id

Correlate by time, session/release identifiers, and observed evidence. A nearby case is not automatically caused by the visible interaction.

The output

Replay review — <replay id> — <bounded interval>

Authorization and privacy
- purpose, consent/redaction policy, reviewer

Visible observations
- <rendered fact with timestamp>

Separate technical evidence
- <case/network/deploy fact from its own source>

Hypothesis
- <possible explanation, explicitly labelled>

Next verification
- <reproduction, code inspection, or additional telemetry>

Setting it up

Configure replay in an authenticated interactive owner session using the current OpenAPI schema. Load the required browser recorder only after consent, sampling, and redaction decisions are implemented. Mask inputs by default and exclude authentication, payment, health, secret, and other sensitive surfaces.

Use stable pseudonymous identities and session IDs across the relevant product events. Replays do not replace structured success/failure events or runtime error capture.

Variations

  • “Inspect only the 90 seconds around the reported failure.”
  • “Compare visible behavior with the selected real case without claiming causality.”
  • “Explain why this replay is not safe or sufficient to inspect.”
  • “Prepare a minimal reproduction checklist from verified observations.”

Adapt this workflow in your own agent.

Ask your agent to map the starter prompt to your saved signal map, live events, and the current HTTP API before answering.

Agentry gives coding agents production context from errors, product analytics, and deploys through one HTTP API. Fetch and read https://agentry.sh/install.md completely, then install Agentry's full first-time telemetry baseline in this repository. I authorize device-code login, saving the owner key only to ~/.agentry/credentials.json, creating one Agentry project for this repository, and read-only inspection of shipped source plus hidden CI/provider configuration. Deeply analyze the product's business logic and complete value flow before choosing telemetry. Save the complete source-backed plan and show me its exact contents and hash. Until I explicitly approve that plan or request a replacement, do not edit app/CI source, place runtime/CI credentials, commit, exercise product traffic, start proof, push, or deploy. After approval, I authorize only the reviewed targets: place the required scoped browser/server/CI credentials through the established environment or secret mechanism, preserve existing telemetry, implement and test the baseline, commit it, push that reviewed commit when the shipped CI/provider path requires it, exercise safe proof paths with test/non-customer data, and perform one deployment through the reviewed shipped CI/provider path. Ask first if proof would charge money, contact a third party, change real customer data, or require new external access. After the plan is saved, immediately before every onboarding state-changing POST, GET current onboarding state, perform only its single returned next_action, then read state again; do not batch or infer later stages. Continue until status is verified, installation_complete is true, and next_action is null. Keep all secrets, source snapshots, proof markers, and scratch files outside the repository.

+ Full access
5.5 Extra High
  1. 1. Open your repo in Codex, Claude Code, Cursor etc.
  2. 2. Paste the install prompt.
  3. 3. Your agent reads the install doc and shows you an implementation plan for approval.