The full catalog

Everything SnitchOS does today

This is the complete, shipping feature set — 75 capabilities in production across 11 categories right now. Nothing on this page is a preview. The parts still in flight live on the roadmap, not here.

The endpoint agent

One signed Windows agent behind every number.

Every metric on the dashboard comes from a single Windows endpoint agent: a code-signed LocalSystem service and a per-session helper it spawns to reach the interactive desktop. The collectors sample on a fixed cadence, input is recorded as counts only, and each device batches its events to the API over TLS every minute.

Service plus session helper

A LocalSystem service runs collection and supervises a per-session helper it launches with the signed-in user's own token — Session 0 cannot see the desktop, so the helper does.

Sampling collectors

Active window, idle state, browser URL by UI Automation, app usage, a screenshot each minute, and input counts — sampled every 10 seconds, with a process snapshot every 60.

Counts only, TLS upload

Input is counted, never keylogged. Every batch is posted to the API over TLS each minute with retry and backoff, so a dropped connection never loses a day.

~60s
From RMM push to first data in the dashboard
10s
Activity, idle, URL and input sampling interval
60s
Batch upload to the API, with retry and backoff
37
Default classification rules seeded per new tenant

What you see

Visibility and analytics.

Raw endpoint activity, reconciled to one clock, then turned into the reports a customer's manager will actually read.

Visibility

13 capabilities

Active-window timeline

The foreground process, window title and user, sampled about every 10 seconds into a continuous timeline.

Idle vs active detection

GetLastInputInfo separates idle from active, so idle minutes are never credited to whatever app was on top.

Browser URL capture without an extension

Reads the address bar through UI Automation across Chromium and Gecko browsers. Host and path only; query strings and OAuth tokens are stripped on the endpoint.

Screenshot timeline

One JPEG a minute at quality 70, perceptual-hash deduped and skipped while idle. Kept hot for 30 days, cold through day 365, then hard-deleted.

Multi-monitor capture

Captures the full virtual-screen rectangle, so a second or third monitor is never a blind spot.

Input metrics, counts only

Keystroke, mouse-click and mouse-distance totals. Never the keys or content typed.

Per-user attribution

Activity is tied to the foreground owner's SID, with RDP and fast-user-switching sessions tracked separately.

Right Now live board

A standalone board and a tenant-home strip that auto-refresh every 30 seconds with active, idle, away or offline status, current app or URL, and today's productive split.

Organization overview

A super-admin home that rolls activity up across every tenant in one view.

Tenant home glance dashboard

A KPI strip, a 7-day trend, top users, apps, sites and categories, and a pending-review counter on one screen.

Endpoint Activity Log

The raw event feed, filterable by user, executable, category or idle state, cursor-paginated and exportable to CSV.

Screenshot history grid

Browse captures by date and user in a grid, with a lightbox for any frame.

Per-user detail timeline

A single person's multi-day timeline with the activity behind every hour.

Productivity

8 capabilities

Productive, neutral, unproductive classification

Every app and site scores from sensible defaults, overridable per tenant by executable or URL host, with cascading, tenant-scoped rules.

Per-tenant classification rules UI

Add and edit those overrides in the dashboard, without touching config or the database.

Uncategorized review queue

Surfaces the highest-volume unclassified apps and sites first, so the long tail gets sorted in one place.

Summary report

Company, team, user or custom scope with top apps, sites and categories, physical-input totals, a peak-hour insight and a Microsoft 365 off-device card. Exports to PDF.

Attendance and daily work-metrics grid

A heat-map of users by day, each cell shaded by productive minutes.

Category trends chart

A stacked-area view of productive, neutral and unproductive time over any date range.

Work Hours report with shift adherence

Hours worked measured against each person's shift, with a PDF export.

Goals and benchmarks

Per-tenant targets that show distance-to-goal, not just raw minutes.

App and website usage

3 capabilities

Applications usage report

Top executables with productivity badges, sortable and filterable, with drill-down to the users behind each and CSV export.

Websites usage report

Top URL hosts with host-level classification, drill-down and CSV export.

Categories usage report

Usage rolled up into the catalog's category groups.

AI usage

1 capability

AI assistant usage tracking

A dedicated page for time in Claude, ChatGPT, Copilot, Cursor and more, matched by app and URL host, per user and per tenant.

How you run it

The MSP platform.

The controls that make one login work across every client tenant — teams, alarms, deployment, billing, reporting and the integrations that carry it all.

Team and manager

9 capabilities

Team Health

A per-team read on how a group is trending.

Team Compare

Users or groups placed side by side.

Workload balance

Flags who is over- or under-loaded by productive hours per day.

Coaching opportunities

Rule-based per-user flags with plain-language advice a manager can act on.

Managers and multi-tenant logins

Admins see every tenant; managers see the one or more tenants you assign them.

Roles and access

Manage or view-only, with writes rejected at the auth chokepoint for view-only accounts.

Users and groups

Named cohorts that roll up across every report and the Right Now board.

Users and Devices console

One roster and fleet view with health chips, agent freshness, group membership, M365 match and per-user shift editing.

Per-user monitoring on or off

Turn collection off for a session and the agent stops capturing, while existing history is kept.

Alerts and compliance

4 capabilities

Activity alarm rules

Rules for agent-not-reporting, denied-app use, off-hours activity, idle-during-schedule and idle-SLA, routed to NotifyBell or an HTTPS webhook.

Alarm log

Every fired alarm with its full payload and acknowledge state.

Schedule adherence

Per-user and per-tenant shifts, defaulting to Monday to Friday, 08:00 to 17:00.

SOC 2 audit log and viewer

An append-only log of actor, IP, user-agent, target and outcome, with a viewer, a JSON API, CSV export and three-year retention.

MSP platform

16 capabilities

Website blocking

Per-group deny-lists enforced on the endpoint through the hosts file, failing safe, with control-plane hosts protected.

Signed auto-update

Updates verify the Authenticode publisher, a SHA-256 hash and a signed manifest, run only when no one is signed in, and refuse downgrades.

Code-signed MSI

A WiX 4 installer with all three executables signed by Azure Trusted Signing as CN=Shield Management Inc, RFC3161-timestamped.

Per-tenant RMM deploy bundles

A .ps1 or .cmd script with the tenant ID and fleet key already baked in.

Fleet enrollment keys with rotation

Keys you can rotate, protected by a row lock and a partial unique index.

Multi-tenant isolation

A tenant ID on every row, tenant-prefixed object keys, scope-checked APIs, and a 404 on any cross-tenant request.

Microsoft Entra SSO

PKCE and RS256 sign-in bound to an immutable object ID on first login, with no self-provisioning and local passwords removed in v0.3.

Tenant onboarding wizard

Three steps: create the tenant, provision SSO admins, mint a key.

Manage Tenants and deletion

A type-the-slug purge of endpoint data that retains audit and financial records.

White-label branding

Per-tenant name, accent and sanitized logo across the dashboard shell, the suspended page and invoice PDFs.

Announcements

Global or per-tenant notices with active-window scheduling.

Weekly digest email

Preview and send a weekly customer digest on demand.

Monitoring settings

Per-tenant capture and branding controls in one place.

Microsoft 365 off-device analytics

App-only Graph pulls Entra sign-ins with device, OS and location, Teams and Outlook usage by device class, the mobile-vs-computer split, and directory names and photos.

M365 self-service admin consent

A signed-state consent link and callback for a customer Global Admin, or for an MSP acting through GDAP.

OS edition and build reporting

Records each device's Windows edition and build at enrollment, for example Windows 11 Pro 25H2 (26200.2033).

Support desk

1 capability

Support ticket desk

A per-tenant customer portal and a super-admin staff queue, with needs-reply highlighting, assignment, internal notes, priorities and NotifyBell.

Billing

5 capabilities

Account subscription

$100 a month per active Admin or Manager seat. Endpoints, users and tenants are unlimited and never billed.

Automatic anniversary invoicing

Bills monthly on your signup day-of-month, idempotently, with invoice numbers like SN-YYYY-NNNNNN and no tax added.

Stripe card-on-file and auto-pay

Stripe-hosted checkout keeps the card off our server and charges it off-session on the due date. Paying the last overdue invoice reactivates a suspended account.

Invoice detail, Pay-now and branded PDF

Every invoice has a detail view, a pay-now action and a branded PDF.

Dunning and auto-suspend

Reminders on day 1, day 7 and every 7 days overdue, with optional auto-suspend past a roughly 14-day grace window. Suspension blocks only the dashboard, never data collection, and support stays reachable.

Reports and API

5 capabilities

JSON dashboard and audit API

/v1/dashboard/* and /v1/audit, cursor-paginated, authenticated by cookie or bearer.

Scoped API keys

Read-only, tenant-scoped or super-admin keys.

CSV exports

Activity, audit and usage exports, with spreadsheet formula-injection neutralized.

PDF exports

Summary, Work Hours and invoice PDFs.

Per-admin display timezone

Each admin reads the data in their own timezone.

Integrations

10 capabilities

RMM push

Ships through NinjaOne, Datto RMM, ConnectWise, Kaseya and N-able.

Microsoft Intune and Group Policy

Deploy the same bundle through Intune or GPO.

Microsoft Entra SSO

Admin sign-in through Microsoft Entra.

Microsoft 365 Graph

App-only Graph access for off-device M365 analytics.

Stripe

Card-on-file, hosted checkout and off-session billing.

NotifyBell alerting

Routes alarms and ticket events to NotifyBell.

SMTP relay

Sends dunning reminders and invoice email.

Outbound alarm webhooks

HMAC-signed with X-SnitchOS-Signature, SSRF-guarded and HTTPS-only.

Azure Trusted Signing

Signs the MSI and every agent binary.

Cloudflare DNS and Let's Encrypt

DNS records and automatic TLS certificates.

Every capability above is in production today. Items still being built are listed on the roadmap, and the data-handling posture behind these features is documented in the Trust Center.

See it in action

See it running on your own fleet.

Book a walk-through or start a 30-day pilot with a per-tenant installer. One endpoint, one hour, and you will know whether it fits.