Skip to main content
Evidence exports are backend-built ZIP artifacts. They are designed for large workspaces where a single JSON file would be slow, memory-heavy, and hard to verify.

Package layout

lodger-evidence/manifest.json
lodger-evidence/records/batch_000001.ndjson
lodger-evidence/receipts/batch_000001.ndjson
lodger-evidence/consents/batch_000001.ndjson
lodger-evidence/policy.json
lodger-evidence/README.txt
Records, receipts, and consent rows are split into NDJSON batches. The manifest records each batch path, event count, receipt count, sequence range, head hash, batch hash, and storage classes.

Export scope

Exports can cover all retained project records or a narrower review scope:
  • from
  • to
  • lanes: security, data, policy, operations
The exported scope is stored in the manifest so a verifier can confirm which records were included.

Archive behavior

Lodger creates package metadata from the durable receipt index, then queues one export job per package. The job reads current hot rows and archived batches, streams NDJSON into a ZIP, and writes the completed artifact to durable object storage. Downloads are served from the stored artifact after it is ready. Dashboard users and read-capable API keys can mint scoped evidence links for one package. Evidence links open /evidence/verify, download only that package, and can live-check private receipts included in the package. The verifier processes the package locally instead of asking the backend to check every event. The verifier checks the ZIP manifest and batch hashes first. The log explorer loads record batches only when opened so large packages are not rendered into the browser by default.

Developer plan watermark

Developer workspaces can export evidence for testing, but packages are watermarked as non-production evidence.