Reports and support

Prebuilt evidence views for operators

Reports are designed for real operating questions: what happened this week, where policy is stopping work, what an auditor needs, and what support context has been captured.

How reports work

Open Reports, choose a report card, accept the default range or use a shortcut, choose a machine scope when needed, and click Generate. The report renders a formatted view in the dashboard. Export JSON contains the report id, generated time, selected range, machine scope, summary fields, findings, and grouped rows. All report exports require operator authentication via license key, and every export is recorded in the governance chain. Reports use the unified multi-machine readout for governance records. Telemetry and trouble history intentionally read their separate local files.

Governance and audit reports

Governance Summary

Default range: last 7 days. Shows total records, ALLOW/DENY mix, most active actions, and activity categories.

Denial Patterns

Default range: last 30 days. Shows most denied actions, most denied rules, and users associated with denials.

User Comparison

Default range: last 30 days. Compares activity by user or agent identity, decision balance, and action distribution.

Audit Evidence Export

Default range: all time. Packages selected chain records into a concise evidence summary for external review.

Unusual Activity Detection

Default range: last 7 days. Highlights high-denial signals, low-frequency activity, and hourly concentration.

Machine scope

Governance and audit reports can cover all machines, only the primary, one machine, or selected machines. Remote records display both the event timestamp from the originating machine and the primary import timestamp. Report ordering is based on chain/import sequence, not on remote clocks.

Evidence exports include the selected machine scope, a machine registry snapshot, relevant import envelopes, and sidecar hashes so exported remote records remain tied to the material the primary verified.

Telemetry Transparency

Telemetry Transparency reads gov_runtime/LOGS/telemetry/summary.json, not the governance chain. It explains why Atested telemetry exists, the privacy model, and the categories that can leave the installation: UI interaction summaries, aggregate governance usage, Trouble submissions, system health, and machine coverage counts. On multi-machine installs, remotes sync summaries to the primary. Only the primary transmits externally.

Trouble button and Support Requests

The Trouble button lets an operator report an issue without explaining which screen they were on. Atested captures the current path, open window stack, breadcrumb, license label, active element summary, and selected report or activity context when available. The operator adds priority and description.

Trouble reports are written under gov_runtime/LOGS/trouble/ as support artifacts. They are not telemetry records and are not governance chain records. Support Requests reads that directory and shows what was submitted, when, at what priority, and what context was attached.