Replay any AI session from receipts for forensic review

Given a receipt or a set of receipts, the dashboard's replay view shows: the tool calls in order, the arguments passed, the responses returned (digest or full depending on storage config), the model used per call, the timing between calls, the human approve/deny decisions. It's not a re-run (we don't re-call the LLM); it's a reconstruction of the actual session from the captured audit data.

Security incidents: "the agent accessed customer X's record at 02:14 — was it authorised?" Replay shows the full session context. Customer escalation: "the AI told my customer the wrong refund amount — how?" Replay shows the prompt and the model response. Compliance audit: "show us a worked example of the AI evidence trail for this control" — replay one specific receipt as the worked example.

Two storage modes: digest-only (cheaper, replay shows structure but not content) and full-content (more expensive, replay shows everything). Most orgs run digest-only by default with full-content turned on for specific high-stakes projects. The receipt schema is the same either way; the storage flag is per-project.

Redacted fields (per the agent's redactPaths config) appear as [REDACTED] in the replay. The fact that something was redacted is preserved; the content isn't. Useful for cases where the underlying data is too sensitive to store but the audit trail must still exist.

When an anomaly fires, the alert links directly to the relevant receipts in the dashboard. The responder clicks through to the replay view in <30 seconds. The replay is the data source for the incident report. Standard SOC playbook integration.

Receipts retain indefinitely on paid plans; replay works on any retained receipt. Free plan keeps 90 days. For regulated industries, configure retention via the per-project setting (some require 7 years; receipts can be archived to cold storage with audit-time retrieval).