Launching today
Spotlight by Backplanes
Session reports for Claude Code & Codex to improve your code
271 followers
Session reports for Claude Code & Codex to improve your code
271 followers
Keep up with your agents. Spotlight reads your Claude Code and Codex sessions and shows you what your agents actually did, and how to get recursively better every session: what to fix now, what to ship better next time, what's worth sharing. One harness or seven, solo or across your team. Free.
Hey Product Hunt. We're Seth, Neil, and Nick, and we've spent a decade in security and dev tools across Google/Gmail, Valimail, Twilio, and Algolia.
We built Spotlight by Backplanes to help you keep up with your agents. It reads your Claude Code and Codex sessions and shows you what your agents actually did: session reports that make you a better engineer, every day.
This started with a scare. Neil asked Claude to fix one file. It read 47, including his ~/.ssh keys, and wrote an API key into a tracked .env. We build security software, and our own agents did this. We missed it, and caught it by accident while investigating something else.
So we looked deeper, stitching our Claude and Codex sessions together across machines. Two things floored us: how much we'd missed, and how many good moves we were making in one place but not another. Surfaced and shared, those patterns made us better, every day.
That's what Spotlight does for you. After every session, you get a report: what to fix now, what to ship better next time, what's worth sharing. One harness or seven, solo or across your team.
We're building toward a world where you can see and manage everything your agents do. Visibility is where it starts, and we think everyone deserves to know what their agents are doing, so we're making this piece free. We'll be offering paid features and automations in the near future; seeing what your agents did won't cost you. Private and secure by design, with details at backplanes.com/trust.
Install is one line, and your first report lands in ~2 minutes: Get started on backplanes.com.
Click here to join our Slack and say hello.
We hope you love Spotlight, and we can't wait to hear what it illuminates for you.
Product Hunt Shop
@antifreeze congrats on the launch! Such a needed product right now.
@antifreeze The SSH keys is exactly why this matters, gents move fast and
the blast radius is invisible until it isn't. Congrats on launch. Trying it today
@ricky_farmer : "Invisible until it isn't" is pretty much the whole problem in five words, and is better than much of the copy we wrote for this launch. :)
Glad you're giving it a run today. Tell us what your first report turns up; real sessions on day one are exactly the feedback we want.
Product Hunt
@curiouskitty This one's fun to answer, because the trick is that there's no trick: the harnesses already write everything down. Claude Code and Codex keep a transcript of every session. Spotlight's CLI watches those transcripts on your behalf, redacts sensitive info from new activity locally, and then sends the redacted version up for pattern analysis and report generation.
So attribution falls out of the session itself: it knows its user, its project, and its tools; org rollups are aggregation, not integration. Spend is computed from the same token counts the provider meters, which is why it tracks invoices closely. It's an estimate by construction, but a well-grounded one, and no OAuth or provider-side hooks are involved.
On tradeoffs: we deliberately chose to start with reading over intercepting. Real-time gating means sitting in the request path, and a proxy adds latency to every call and breaks when harnesses update. Our way, you're minutes behind live but never blocked mid-flight: a genuine trade, and one that buys zero added latency and zero workflow friction.
We'd love for you to take a look. The install is one line, and your first report lands in a few minutes. Let us know what you find! :)
Raycast
As of this year, I’ve become a “non-engineer engineer”, letting Claude and all his robot friends abuse my terminal. For example, the other day I just discovered how to actually use a `.env` file. Yes, I am embarrassed.
How was I forced to discover this? @antifreeze (who I've known for what? 20 years??) gave me a demo of Backplanes and in a reports on one of my coding sessions I saw red:
And this wasn't the only red I saw...!
Backplanes showed me the ugly underbelly of my agent sessions: leaked credentials, missing tests, sloppy patterns I’d normalized because the app I was building "worked".
By shipping like a maniac, I leaked my secrets all over the place — and Backplanes provided me actionable steps to get my shit locked down.
This isn't just “agent analytics.” It’s a backstop for the bullshit your coding agents quietly create while you’re moving at AGI speed. Like being shown what bacteria lives on your toothbrush when you stop to under a microscope. 🦠🤮
So if you haven't been practicing excellent agentic hygiene, give Backplanes a try.
Because behind every successful coding session is a backplane.
@chrismessina Twenty years and I pay it off by showing you the bacteria on your toothbrush. 😅 Don't be embarrassed about the red -- we build security software and our own reports lit up too. It would be embarrassing if it weren't happening to everyone.
"Non-engineer engineers" are exactly why we made seeing this free: everybody's shipping like maniacs now, and everyone deserves to know what their agents are doing. (And "behind every successful coding session is a backplane" is going on a shirt.)
The session report angle makes sense. What I'm curious about is how much signal you're actually extracting versus just replaying what happened. Claude Code sessions can get noisy fast, lots of back-and-forth, abandoned branches, retried prompts, and the raw transcript isn't that useful without some layer of interpretation on top. Does Spotlight surface things like where the agent got stuck, or which tool calls failed silently, or is the report mostly a structured summary of the final output? Also curious what the security topic covers here, whether you're flagging things like secrets exposed in prompts or risky code patterns the agent introduced, since that would be a genuinely different use case than the reporting side.
You're spot on @fberrez1 : the session replay is the easy part; the interpretation layer is the product.
Short version: the raw session info is the input, not the report. The bookkeeping (counts, files touched, domains, cost) is computed mechanically, and the analysis on top is held to one rule: every finding has to point at the specific moment in the session it came from. If it can't cite the event, it doesn't ship.
On noise: that's most of what the engineering portion of the report is for. It surfaces retry storms, redundant tool loops, repeated lookups that should have been cached, and it distinguishes failing retries from deliberate re-verification. Those land as "Faster Next Time" items with payoff grounded in the session, like "~60 calls collapsed into one." CI, test, and lint outcomes get flagged when the transcript shows them. And when something isn't observable, the report says so in a blind-spots section instead of guessing. We'd rather show you an empty field than an invented one.
Security is a separate findings stream, severity-ordered, with categories like credential, shell, file, network, production, and subagent. Concretely: a live-looking key written into a tracked .env (with a paste-into-Claude prompt to rotate it), a destructive command against prod with no dry run, a call to a domain you've never used, a subagent reaching outside the project. One detail worth knowing: secrets are redacted on your machine before anything uploads and a second pass is run on the server before we write, so the report can flag the secret class without ever holding the value.
You're right that those are two different use cases. The report carries both on purpose: the security stream and the engineering narrative come from one pass over the same session and give you the full picture. That's the bet we're making.
Run it on your messiest session and tell us what you find, here on our community Slack. :)
Tabstack
@fberrez1 @gogogadgetneil FWIW you can see a sample report here: https://www.backplanes.com/features/session-reports
Tabstack
had a blast collaborating with @gogogadgetneil @natwar86 and team!
Some recent discussions here pointed out that using a terminal like @Claude Code might feel too "zoomed out" from the code. Many prefer to stay in the loop and see what their agents are actually doing. [1]
@Spotlight by Backplanes fixed just that. It brings clarity to your agentic coding sessions and, more importantly, it compounds, making you a better engineer every session.
Go to backplanes.com to generate your first report in minutes - or see sample report here.
S/O to the ?makers, keep up the great work 👏👏
[1]: How do you like to work with AI coding agents?
Well done! Was post-session reporting a deliberate call over an inline guardrail that interrupts the agent mid-write (i.e. less intrusive, keeps you in flow)?
@artstavenka1 Thanks, Art! Definitely deliberate, but one (good!) clarification: it's not limited to being post-session. Spotlight reports actually build while you work, just minutes behind your agent, so you're not waiting for a session to end to find out what happened.
What we deliberately avoided is the inline path. A guardrail that interrupts mid-write has to sit between you and the model, with the latency and potential breakage that path implies, and we very much want to help keep you in flow. :)
Best Meme of The Decade
Congrats @antifreeze - this is one of those products that feels obvious once you see it.
I’m using Claude Code/Codex every day right now, and the trade off is you don’t really know what got touched, what got skipped, or what weird security debt just got created. In our space making sure everything is tightened up and polished is a necessity more than ever.
Spotlight makes it clear what actually happened. Every team using agents seriously is going to need this. Bullish.
@armand thank you! "Obvious once you see it" is the best kind of compliment. Excited to hear what Spotlight illuminates for you-- and what you wish it showed. That's the stuff we want to build next!
Tabstack
@antifreeze curious what's on your product roadmap btw? anything you could share here?
@fmerian Ha, fair question. Happy to share the general compass, even if I have to hang on to the detailed map for now. ;-)
The direction is in the name: Spotlight is the visibility and advisory layer, illuminating what's happening. The plan for Backplanes is not just being able to see, but to manage/shape everything your agents do, whether you're an individual user or an enormous organization.
Where we're pushing next with Spotlight, directionally:
Deeper: richer insights on individual sessions as well as richer cross-session and team-level patterns.
Broader: more harnesses and agent surfaces beyond Claude Code and Codex.
Automated: from reports to actions. Today a Spotlight finding hands you advice on how to resolve an issue; over time, more of that loop gets automated.
What I'd love from this thread: tell me which harness you'd want next, or what a report should catch that it doesn't today.
We're building this for builders and creators like you, and nothing steers the roadmap like hearing it straight from you.
Tabstack
@armand exactly! @Spotlight by Backplanes brings clarity to your sessions. it improves your code and makes you a better engineer.
S/O to @antifreeze @gogogadgetneil @natwar86 and team