LRL Associates · FieldLog

Field documentation
that just works.

Mobile-first capture. Office-secure data. Multi-party workflows that don't require a CAD seat or a SaaS subscription.

Stakeholder briefing · v2026.04

1

The problem

Field data lives everywhere except where you need it.

Paper notebooks

Photos on the inspector's phone. Forms on a clipboard. Notes in three apps. The PM rebuilds it on Monday morning from screenshots and texts.

SaaS lock-in

Plenty of platforms exist. Most charge per-seat, host your photos in the US, and put a vendor between you and your data.

No audit trail

Who signed what, when? Inspectors forget. Files move. Schedules slip. By the time it matters (warranty, dispute, litigation) — it's gone.

2

What FieldLog is

One platform. Capture on phone. Sync to office. Generate output. Audit everything.

412

backend tests

27

themed forms shipped

18

field types

0

inbound office ports open

Built for AEC professionals on Ontario projects. Self-hosted on your infrastructure. No vendor lock-in. No per-seat fees. PIPEDA-compliant by design.

3

How it's built

Two apps. One channel. Zero attack surface on your office network.

In the field

Inspectors

Phones, tablets, contractor browsers. Public internet.

→public HTTPS

Public VPS

Edge

Token-scoped routes, offline queue, no admin UI, no master DB.

←HMAC sync

Office LAN

Core

Master DB, admin UI, AI, SMTP, all secrets. Outbound traffic only.

Core initiates 100% of network traffic. Edge accepts public requests and queues them. If Edge is breached, the blast radius is one VPS — not your office, not your data, not your secrets.

4

The inspector experience

Phone-first.
Offline-safe.

PWA install — add to home screen on iOS / Android, no app store
Offline queue — IndexedDB holds submissions until network returns
Voice memos — auto-transcribed via Whisper or Claude
Plan-pin capture — drop a photo on a marked location
Auto-attached weather + GPS trail — proves you were on site, when
QR / barcode field — equipment tags, serial numbers, room IDs

Daily Site Report

📍 Site: Fairview-A

📷 4 photos captured

🎤 1 voice memo (45s)

🌤️ 18°C, light breeze

📡 GPS trail: 14 points

Submit

5

The admin experience

Build a form once. Send it however you need. Watch the output land.

📐 Form builder

Drag-drop field palette. JSON-driven schemas — versioned, AI-composable, themeable. 27 showcase forms ship pre-built; clone any to start.

📨 Requests & routing

Send a form to anyone via signed token URL. Multi-signer chains, fan-out to N reviewers, recurring schedules, magic-link external signers.

📂 Submissions & output

Every submission lands in Data/submissions/ with photos and audio. Auto-generates PDF / DOCX / JSON / archive bundle per form definition.

/admin/                     Form builder & theme picker
/admin/submissions           Submission browser + detail
/admin/projects              Project hubs (counts, recent activity)
/admin/chains                Cross-chain orchestration dashboard
/admin/access/registrations  Pending account requests + approvals
/admin/access/approvals-log  Append-only audit ledger

6

Forms — the engine

JSON-driven. Versioned. AI-composable.

Every form is a JSON file. The mobile renderer, the desktop renderer, and the output pipeline all read from the same schema.

Field types: text / number / date / select / multiselect / checkbox / rating / slider / signature / drawing / photo / audio / plan_pins / file_attachment / signoff / repeating_group / capture_strip / qr_scan

Field flags: required, copyable, autocomplete_history, assigned_user_id, assigned_signer_email, validation

Themes: 7 bundled (default, document, meeting-paper, field-safety, contract, memo, warning, welcome) + per-deployment custom CSS.

{
  "id": "daily-site-report",
  "title": "Daily Site Report",
  "theme": { "preset": "field-safety" },
  "fields": [
    { "id": "project_number", "type": "text",
      "required": true,
      "validation": { "pattern": "^\\d{4,10}$" } },
    { "id": "weather", "type": "text",
      "autocomplete_history": true },
    { "id": "captures", "type": "capture_strip",
      "plan_mode": "auto" },
    { "id": "site_signoff", "type": "signature",
      "assigned_user_id": 7 }
  ],
  "pipeline": [
    { "kind": "pdf_report", "id": "main" },
    { "kind": "save_to_folder",
      "path": "C:/Archive/{project_number}/" }
  ]
}

7

Capture-time enrichments

Six things that just happen — no extra clicks.

🌤️ Weather lookup

OpenWeather snapshot at submit. Temperature, wind, precipitation, conditions — attached to the submission manifest automatically.

📡 GPS breadcrumb trail

Optional watchPosition trail during the session. Throttled to 1 point per 15s, 5m dedup. Proves site-attendance duration.

🚧 Geofence gate

Per-form polygon or circle. Submissions outside the rule return 403 — no accidental data from the wrong site.

📷 QR / barcode scan

Native BarcodeDetector API. Scan equipment tags, room IDs, project stickers. Fallback to manual entry where unsupported.

🏷️ Inline photo tagging

Tap any captured photo to drop a quick tag (issue code, note). Carried through to TagAndReport handoff and admin views.

💡 Recent-values autocomplete

Fields opt-in to a per-user history. Site names, project numbers, common findings — suggested on focus.

8

Workflow — requests & chains

Send a form to anyone. Forward it through a sequence. Fan it out to many.

ADMIN INSPECTOR REVIEWER CLIENT ───── ───────── ──────── ────── Create Open token Forward via External request ─────► URL on phone ─────► /api/forward ─────► magic link (offline OK) (next hop) (no account) │ ▼ completed, Submitted + Watch on Recapture chain audit signed PDF + /admin/chains ◄───── available trail kept hash-verified at any hop

Linear chain

A → B → C. Each hop forwards partial data to the next. Recapture undoes downstream hops.

Concurrent fan-out

Send to N recipients in parallel. Three policies: wait_all / first_wins / manual. Per-recipient deadlines.

Per-field signers

One form, multiple signature fields, each assigned to a different person — internal user or external email. Chain rotates automatically.

9

Power-user orchestration

Desktop-class admin tools. Mobile-PWA stays untouched.

Multi-signer routing, fan-out review, chain forwarding — these aren't form-fill UX, they're orchestration. We built dedicated admin pages.

/admin/chains — live dashboard of every chain in the system. Filter by status, form, date. Progress bar per chain.
/admin/chains/<token> — tree view of one chain. Per-hop actions: Recapture, Revoke, Open, View response, Copy URL.
/admin/forms/<id>/signers — set per-field signers as form defaults. Bulk-assign visible. Apply or save as template.
/admin/signer-templates — reusable mappings. Apply "concrete pour" routing to any new form in one click.
Per-request overrides — change signers for a specific request without touching the form's defaults.

Step-builder fan-out

Fan-out policy: [Wait for all       ▼]

Recipients                  3 recipients
  Alice  <alice@co.example>  by 2026-05-01  ✕
  Bob    <bob@co.example>                   ✕
  Carol  <carol@co.example>  by 2026-05-03  ✕
  + Add recipient

Preview:
  • 4 hops in parallel
  • parent + 3 children
  • policy: wait_all
  • +per-recipient deadlines

10

Trust & access control

Configurable rigor. Admin tunes per deployment.

Capability tiers

Every gated action is a named capability with a min-tier. Admin tunes via Settings → Permissions.

ANONYMOUS → NAME_ONLY → NAME_PIN
       → LOCAL_USER → OAUTH_USER
       → OAUTH_ALLOWLISTED → ADMIN

7 trust toggles for self-serve registration

SMS OTP at submit
Verbal code at approve
SMS challenge at approve
Sponsor endorsement (magic link)
Email-domain auto-approve (after verify)
Admin-handshake echo
Password reprompt on promotion

Append-only audit ledger

Every approval, denial, force-approve, sponsor-endorse, SMS-challenge, admin-code-confirm — logged with actor, IP, user-agent, metadata.

action          | actor      | when     | meta
─────────────── | ────────── | ──────── | ────────
approved        | admin@x    | 14:32    | role:user
sponsor_sent    | system     | 14:30    | to:eli@…
admin_code_gen. | admin@x    | 14:31    | —
admin_code_conf | edge_echo  | 14:31:42 | —
approved        | admin@x    | 09:15    | role:user
denied          | admin@x    | 08:42    | reason:…
…

Read-only at /admin/access/approvals-log. Filter by action / request / date. No truncation API.

11

PDF signatures

DocuSign-style. Multi-signer. Hash-verified.

For paperwork that already exists as PDF — permits, contracts, change orders. Upload, drop tags at exact coordinates, route through signers.

5 tag types — signature, initial, date, text, checkbox
Sequential routing — one signer at a time, ordered by tag placement
External signers — magic link, no account required
SHA-256 pre-hash + post-hash embedded in PDF metadata
Certificate of completion — optional audit page appended
/verify/<id> — drift detection, hash compare

Admin Signer 1 Signer 2 ───── ──────── ──────── Upload ──────► Tags rendered ──► Other tags source PDF on PDF.js read-only, + drop tags viewer; only theirs editable theirs editable Submit │ ▼ ┌─────────────────┐ │ ReportLab │ │ overlay merge │ │ + SHA-256 hash │ │ + cert page │ └─────────────────┘ │ ▼ signed.pdf /verify/<id>

12

Output pipeline

Submit → artifacts → delivery. All async, all auditable.

Every form defines an ordered pipeline. A worker thread runs it after submission lands; the inspector's phone never waits.

GENERATORS ARTIFACTS DELIVERERS ────────── ───────── ────────── pdf_report ─┐ ┌─► save_to_folder html_report ─┤ ├─► email docx_report ─┼─► Data/artifacts/ ───┼─► webhook json_export ─┤ ├─► TagAndReport handoff raw_bundle ─┤ └─► ... csv_row ─┘

Templated paths

{project_number}, {site_id}, {inspector}, {form_id}, plus any field id.

Custom templates

HTML and DOCX templates per-deployment. Drop into Data/templates/; pick from the form builder.

Retry & visibility

/admin/outputs shows every task. Failed step? Click Retry — picks up where it stopped.

13

Integrations

Talks to what you already have.

📨 Webhooks

Per-form rules; HMAC-signed payloads on every submission landing.

📧 SMTP

Invite emails, password reset, sponsor / verify magic links, output delivery.

📱 Twilio

SMS OTP at registration. SMS challenge at approval.

🌤️ OpenWeather

Auto-attached weather snapshot at submit time, when GPS is present.

🏷️ TagAndReport

Signed deep-link handoff. TAR opens the folder in place.

🔐 OAuth

Microsoft / Google. Allow-list tier above plain OAuth.

🤖 AI providers

Claude / OpenAI / Gemini / Ollama. Form & theme compose, voice cleanup.

🔑 Edge ↔ Core sync

HMAC-signed protocol. Bootstrap, rotate, push-all, reconcile.

14

Why this design

🔒 Security model

Office firewall blocks all inbound. Edge runs on a VPS that's compromise-recoverable in minutes (DELETE edge.db; re-bootstrap; push-all). Core stays untouchable.

Argon2id hashes. HMAC-signed sync with replay protection. Append-only audit ledger. Capability tiers. Idempotent migrations.

🏠 Data sovereignty

Everything lives on your hardware. SQLite + flat files under Data/. Hourly hot snapshots, nightly cold backups — no vendor, no per-seat fees, no jurisdictional surprises.

Photos in your OneDrive / SharePoint / SMB share via save_to_folder.

📱 Mobile-first

Inspectors are the primary users. Add to home screen. Works offline. Voice + photo + plan + signature all native. Service Worker keeps things working in basements.

🔓 Open-by-default

No proprietary file format. JSON form schemas. Standard SQLite. Standard PDF/DOCX/JSON outputs. CSV exports. Stdlib HTTP — no Anthropic SDK dependency, no AWS lock-in.

Walk away with all your data, in formats anyone can read.

15

Live demo path

15-minute walkthrough.

Run python tools/seed_demo.py first. Five demo projects, nine users, twenty workflows in different states.

Inspector flow (5 min)

Open /?ui=mobile on a phone
Sign in as alice@demo.fieldlog.local / demo1234
Pick "Daily Site Report" — fill, capture photos, add voice memo
Toggle airplane mode — show offline queue
Reconnect — submission auto-syncs
Show /my/requests — assigned tokens inbox

Power-user flow (5 min)

/admin/chains — point at the in-progress 3-hop RFI
Drill in → recapture, revoke, open, copy URL
/admin/forms/rfi/signers — apply a template
Create a fan-out: 3 reviewers, wait_all, deadlines

Admin oversight (5 min)

/admin/projects — five demo projects, distinct activity profiles
Drill into Fairview Tower — recent submissions, requests, contractors
/admin/access/registrations — five pending requests, every trust state
Approve one with a verbal code — show the modal flow
/admin/access/approvals-log — 31 audit entries, filter by action
/admin/stats — date-range filter across 90 days

Clean up:

python tools/clear_demo.py

16

Status & trajectory

Shipped

Mobile + desktop PWA
Form builder + 27 themed forms
Multi-signer chains + fan-out
PDF-signature subsystem
Output pipeline (PDF/HTML/DOCX/JSON/ZIP)
Trust options (7 toggles + audit ledger)
Orchestration suite (chains/templates/overrides)
Field capture (weather/GPS/geofence/QR/tagging)
Edge ↔ Core sync (HMAC, replay-protected)

In progress

Real-device iOS E2E testing
Integration tests for trust options
Operator-facing deployment automation

412 backend tests + 79 edge tests passing.

Roadmap

Native desktop renderer (replace iframe)
Office file-server sync target
SLA escalation on per-recipient deadlines
Pen-test + security review
Multi-tenant deployment story

17

Pilot it.

4–6 week pilot on one friendly project. We deploy on your hardware. Your data, your firewall, your workflow. We tune the trust toggles and forms to match.

Pilot lead

Elliott Smith

elliott@lrl.ca · LRL Associates

Repo & docs

FieldLog/

docs/USER_GUIDE.md · OPERATOR.md

Press P to print this deck.

18