Skip to main content
Every entity and record is fully traceable. This page explains the three layers of traceability and how to use them in compliance and evidentiary contexts.

1. Source attribution

Every record carries provenance that records where it came from and how it was created. The lineage system tracks:
  • Origin: Where the record originated (origin_feature, origin_source_id, source_details).
  • Transforms: Each transform that produced or enriched the record, including transform_name, connector_name, and executed_by. This links each piece of data to the connector that produced it.
Use GET /api/provenance/{id}/lineage for a single record’s origin, transforms, transitions, and updates. Use GET /api/provenance/{id}/full-lineage for the complete ancestry chain from root to current record, including a unified timeline of all events.

2. Lineage chain and integrity

The full lineage response includes:
  • chain: Ordered list of records from root (oldest ancestor) to current. Each step contains its events (origin, transforms, transitions, updates, deduplication, merges) in chronological order.
  • timeline: Unified list of all events across the chain, sorted by timestamp.
  • merge_history: Records of merge operations that contributed to this entity.

3. Export provenance

PDF exports can include provenance metadata when include_provenance is enabled. The export records:
FieldDescription
exported_atUTC timestamp when the export was generated
exported_byUser ID who triggered the export
export_configThe resolved export options
data_fingerprintsSHA-256 hash of each section’s data at export time
truncation_summaryCounts when data was truncated
The fingerprints enable verification that the exported data matches what was in the report at the time of export. Recomputing the hash of the same data should yield the same fingerprint.

4. Audit and accountability

The lineage timeline attributes every event to a user or system:
  • created_by / created_by_name: Who created the record (origin events)
  • executed_by / executed_by_name: Who ran the transform
  • updated_by / updated_by_name: Who modified fields (update events)
Field updates record field_path, old_value, new_value, and source. Transitions record when data moved between features with from_feature, to_feature, and trigger_type.

PDF export

Report PDF exports can include:
  • Report content
  • Export provenance section (when include_provenance is true): exported_at, exported_by, export config
  • Dataset fingerprints: SHA-256 hashes for integrity verification
  • Truncation summary when data was paginated
The PDF is suitable for submission as a supporting document in legal, regulatory, or law enforcement proceedings. The fingerprints allow recipients to verify that the exported data has not been altered since the export was generated.