DetachDev Features
Every feature designed around one principle: your code doesn't stop when you walk away.
Remote & Multi‑Device
Remote session management
List, resume, start and stop Claude Code sessions on any connected device — from any AI client or MCP‑capable tool. Send prompts, approve permissions, interrupt or cancel sessions, toggle plan mode and read full history without SSH.
Real‑time streaming
Long‑running session responses stream back incrementally via Server‑Sent Events so tool calls, thinking and permission prompts appear as they happen.
Mobile‑first workflow
Use voice or text from your phone or AI assistant to stay in flow. Approve prompts and manage sessions without a laptop.
Multi‑device, multi‑VM
Connect environments across VMs, regions and machines. Persistent connections handle reconnection, heartbeat monitoring and per‑user scopes.
Local session capture
A transparent PTY wrapper captures sessions started locally, streams output to the platform and persists transcripts for the team — no workflow changes.
Session lifecycle tracking
Sessions follow a true lifecycle — active, idle, awaiting permission, stopped, error or disconnected — so you always know what's running and where.
Protocols & Packaging
MCP protocol
Standards‑compliant JSON‑RPC over HTTP/S with Streamable transport. Integrate with Claude.ai custom connectors, Cursor, Windsurf, ChatGPT actions or any HTTP client.
Zero external dependencies
Pure PHP daemons — no Composer, frameworks, Redis or Node.js. Just PHP 8.2+ and MariaDB.
RPM packaged
Separate server and client RPMs with systemd services for clean deployment. A curl‑pipe‑bash installer sets up everything in one step.
OAuth 2.1 server
Authorization code grant with PKCE, dynamic client registration and refresh tokens for secure external integrations.
Three auth methods
Choose from Sanctum bearer tokens, shared secrets for devices or full OAuth 2.1 flows. Supports social sign‑in via GitHub and Google with TOTP‑based MFA.
Team & Access Control
Multi‑tenant organizations
Invite teammates, assign roles and manage sessions, devices, prompts and billing across multiple organizations. Users can belong to several orgs.
Granular RBAC
Four roles and sixteen permissions across session, device, team and security domains. Override defaults per organization and enforce at every endpoint.
User & org preferences
Store per‑user settings like theme, notifications and language plus per‑org defaults. Manage via API; settings persist across sessions and devices.
Playbooks & automation
Create multi‑step workflows: chain sessions, require approval gates, call webhooks and branch conditionally. Trigger manually, on schedule or via webhook.
Session policies
Define guardrails per project: allowed tools, accessible file paths and environment variables. Specific policies override general ones.
Project context
Attach key‑value context to projects, users or organizations. Query it from sessions to inject shared knowledge without repeating it.
Data & Insights
Session history & persistence
Capture every prompt, response, tool call and token usage with metadata like device, project path, model, tokens and cost.
Full‑text search
Search across all captured session messages with Boolean queries and filters for device, project, session ID, message role and time range.
Session briefs
Automatically generate summaries capturing the first prompt, last response, tool usage patterns and duration.
Session export
Asynchronously export session data to JSON or CSV. Filter by device, project, session or time range and send to local storage, S3 or SFTP.
Prompt library
Versioned prompts with draft, published and archived states plus weighted A/B testing across versions. Scope prompts per organization or workspace.
Operations & Business
File transfer
Upload and download files on connected devices through MCP. Supports chunked transfer, directory listings and recursion within configured project directories.
Billing & plan enforcement
Stripe‑integrated subscriptions enforce limits on devices and team members. Track token consumption and cost per organization and manage plans via customer portal.
Dashboard
A full web interface to browse sessions, monitor statuses, manage devices and teams, edit prompts, build playbooks and oversee billing.
Enterprise Security
Encryption at rest
Field‑level AES‑256‑GCM encryption with per‑organization keys. Keys rotate to new versions without re‑encrypting existing data.
Key management service integration
Pluggable KMS abstraction supporting AWS KMS, HashiCorp Vault transit and local providers. Master keys wrap per‑org DEKs.
Immutable audit log
Every action recorded in an HMAC‑SHA256 hash chain per organization. Tampering is detectable and entries are queryable via API and dashboard.
MCP request logging
Optionally log every MCP request and response with parameters, status codes and durations. Filter logs in the admin panel.
IP allow‑lists
Restrict API access to specific IPv4 addresses or CIDR ranges for each organization. Enable or disable entries without deletion.
mTLS for devices
Require client certificates for mutual TLS authentication. Register device fingerprints and reject revoked certificates immediately.
SAML 2.0 SSO
Per‑organization SAML 2.0 integration with JIT provisioning and optional enforcement of SSO‑only logins.
SCIM 2.0 provisioning
Automated user and group lifecycle management via SCIM 2.0. Create, update and deactivate users from identity providers.
SIEM integration
Export audit events to external security platforms via REST polling, webhook push or syslog in JSON, CEF or LEEF formats.
Data retention
Define retention periods for session data, request logs, usage events and audit archives with automated cleanup. Audit logs are immutable.
Legal hold
Place holds on data for organizations, users or devices. Held data is exempt from cleanup and DSAR erasure until the hold is removed.
DSAR & right to be forgotten
Process data subject requests for access, erasure, rectification and portability with deadline tracking and compliance workflows.
Data residency
Assign organizations to geographic regions like US, EU or AU and enforce region‑specific data placement.
Break‑glass emergency access
Recover master encryption keys via Shamir's secret sharing. Configure a K‑of‑N threshold and record the ceremony in the audit log.
Administration
Admin panel
View system statistics, manage organizations, users and devices, configure plans and browse audit or request logs — all in one panel.
User impersonation
Admins can temporarily assume a user's view for support and debugging. All impersonation events are recorded in the audit log.
Subscription management
View, modify and cancel subscriptions across organizations. Override plan assignments and adjust billing status directly from the admin panel.