Generate evidence
Export consent publish or rights deletion packages.
Generate evidence
Source: app_docs/guide/evidence.md, app_docs/evidence.md, app_docs/api.md.
Goal
Download an evidence package for a consent publish or a rights case.
What Evidence is
| Term | Meaning |
|---|---|
| Evidence | Exportable proof package (JSON / CSV / report) |
| Activity | In-console event timeline (not a portable package) |
Evidence answers: Can I prove what happened?
It is not logging, analytics, or debugging.
Packages are assembled on read from existing domain data—not a separate write pipeline and not a separate EvidencePackage table. Package id is deterministic (e.g. rights_deletion:{caseId}, consent_publish:{versionId}).
Package shape (schemaVersion: 1)
| Field | Purpose |
|---|---|
id | Deterministic id for the package |
product | rights | anumati |
kind | rights_deletion | consent_publish |
status | complete / failed / partial / in_progress / cancelled / open |
steps[] | Lifecycle report steps with honest status |
facts | Header key-values for audit |
sources | Pointers to underlying rows (no secret material) |
Rights lifecycle steps (documented)
- Request received
- Identity verified
- Identifiers matched
- Systems selected
- Connector execution
- Per-system outcome (one step per connector metric prefix)
- Completion
- Evidence generated
Partial connector failures surface as failed system steps even when overall case state differs.
Anumati publish steps (documented)
- Version published
- Published by (not stored on version row in schema v1 — marked not_applicable honestly)
- Publish timestamp
- Configuration snapshot (reuses
snapshotJson— not copied) - Consent receipt linkage (counts + latest receipt id)
- Evidence generated
When to use it
- Export after Rights COMPLETED / FAILED / CANCELLED
- Export after consent publish for “what was live”
- Attach to internal compliance reviews
Rights deletion (console + API)
- Open the case (
#/rights/:caseId). - Open Evidence (
#/rights/:caseId/evidence). - Export JSON, CSV, or report.
API (session):
| Method | Path |
|---|---|
GET | /api/platform/orgs/:orgId/rights/cases/:caseId/evidence |
GET | same ?format=json|csv|report&download=1 |
Built from the Rights request + Activity events (created, verification, job enqueued/completed/failed, status). Includes System-level outcomes when present in job payloads.
Consent publish (console + API)
- After publish, open project publish evidence UI.
- Export as needed.
API (session):
| Method | Path |
|---|---|
GET | /api/platform/projects/:projectId/evidence/publish |
GET | /api/platform/projects/:projectId/evidence/publish/:versionId |
GET | same ?format=…&download=1 |
Built from published version snapshot + receipt counts for that version.
Retention
Evidence is derived from primary data. Retention = retention of Cases, events, versions, and receipts.
There is no separate “evidence store” TTL in Beta.
Limits
- Not a SIEM
- Not a raw application log dump
- Not a cryptographically sealed legal WORM archive (Beta)
- Not proof that a third-party system you never connected deleted data