Exports & Provenance¶
CalcBridge's export system enables workbook data extraction in multiple formats with optional cryptographic provenance signing for audit trails and data integrity verification.
Overview¶
The export pipeline transforms workbook data into downloadable files with these key capabilities:
- Multi-Format Output: Export to XLSX, CSV, PDF, or JSON
- Cryptographic Provenance: HMAC-SHA256 signing embedded in XLSX Custom XML Parts
- Security First: Zip bomb detection, PII redaction, antivirus validation
- Async Processing: Large exports run as background jobs with progress tracking
flowchart LR
subgraph Input
WB["Workbook Data"]
end
subgraph Pipeline["Export Pipeline"]
FMT["Format\nConverter"]
PROV["Provenance\nSigner"]
SEC["Security\nValidator"]
end
subgraph Output
FILE["Export File"]
MANIFEST["Provenance\nManifest"]
end
WB --> FMT
FMT --> PROV
PROV --> SEC
SEC --> FILE
PROV --> MANIFEST
style PROV fill:#DCFCE7,stroke:#22C55E
style SEC fill:#FEF3C7,stroke:#F59E0BSupported Formats¶
| Format | Extension | Provenance | Password | Use Case |
|---|---|---|---|---|
| XLSX | .xlsx | Yes | Yes | Full workbook with formulas and metadata |
| CSV | .csv | No | No | Flat data for external tools |
.pdf | No | Yes | Read-only reports and presentations | |
| JSON | .json | No | No | API integrations and data pipelines |
Export Workflow¶
- Request: Create an export job specifying format and options
- Processing: System converts data and applies security checks
- Signing: For XLSX, compute canonical hash and HMAC signature
- Download: Retrieve the completed export file
Key Concepts¶
Provenance Signing¶
Every XLSX export can include a cryptographic provenance manifest that:
- Computes a canonical hash (SHA-256) of every cell value
- Signs the hash with HMAC-SHA256 using a server-side secret
- Embeds the manifest as a Custom XML Part in the XLSX file
- Enables downstream verification that data has not been tampered with
See Provenance for technical details.
Security¶
Exports include multiple security layers:
- Zip Bomb Protection: Archive validation before processing
- PII Redaction: Optional removal of personally identifiable information
- Password Protection: Encrypt XLSX and PDF exports
- File Expiration: Exports auto-expire after a configurable period
See Security for details.
Quick Links¶
| Page | Description |
|---|---|
| Formats | Detailed format-specific options and behavior |
| Provenance | Canonical hashing, HMAC signing, manifest structure |
| Security | PII redaction, zip bomb protection, file validation |
API Reference¶
- Exports API - REST endpoint documentation
- Export Models - Data model reference
Related Documentation¶
- Workbooks - Source data management
- WebSocket API - Real-time export progress tracking