Red Stet
← Back to Help
Help · For self-directed writers · Provenance

Exporting a portable recording

A .red.md is a markdown file with your full writing recording baked in — every session, every keystroke summary, the signed chain that proves nothing's been altered. Hand it to a client, publisher, or admissions reader; they verify it on their own machine with no Red Stet account. The artifact that turns "I wrote it" into evidence.

The file looks like ordinary markdown, opens in any text editor, and carries its own proof — a sealed envelope you can open without breaking the seal.

In this doc
  1. What a .red.md actually is
  2. When to export one
  3. How to export
  4. What recipients see
  5. The signature chain
  6. The standalone verifier
  7. Updating an exported recording
  8. What travels with the file, what doesn't
  9. Case: a freelance client wants proof
  10. Case: a college admissions reader

What a .red.md actually is red-stet:v1

Open one in TextEdit, VS Code, or any markdown viewer and you see your finished piece — clean markdown, the same text you'd paste anywhere. At the bottom, an HTML comment:

<!-- red-stet:v1 { "version": 1, "marks": […], "provenanceBundle": {…}, "__signature__": {…} } -->

Invisible to readers and renderers. Inside: every session manifest, the chain head, a body hash, an ES256 signature over the payload. Body and evidence travel as one file — email attachments, Dropbox, Google Drive all preserve it.

Still a real markdown file. Strip the trailing comment and you have plain prose. Pandoc, Obsidian, Notion, GitHub all read it.
# The Sale of
the Century

It was an
unseasonably…

<!-- red-stet:v1
{"version":1,
"marks":[…],
"prov…
sale-century.red.md
48 KB · markdown
One file. Body on top, recording sealed into the comment block at the end.

When to export one

Most days you don't. Red Stet records in the background; the recording is safe in your Writing Profile. The export is for when someone else has reason to look.

Concrete moments

  • Freelance client questions whether you wrote the deliverable. Attach the .red.md, point them at /verify/, walk away.
  • Publisher requests provenance with the submission. Magazines and journals are starting to ask. .red.md alongside the manuscript answers it.
  • College or graduate program wants a writing sample with assurance. Personal statement, supplementary essay, portfolio piece — the recording goes with it.
  • Public portfolio. Each piece has a sibling .red.md on the same server, linked from the piece, available on demand.
  • Priority claim. Two people claim authorship. The deeper, earlier recording wins.
  • Personal archive. No recipient — you finished something you're proud of and want a sealed copy on your own drive.

The export is the artifact that lets your evidence leave Red Stet. Inside the app, the recording is always there. Outside, it travels as a file.

Freelance
Client suspects AI
Reply with the .red.md attached. Two-line message: "Here's the recording. Drop it at red-stet.com/verify — it'll all play back."
Submission
Journal wants provenance
Upload the .red.md as a supplementary file. Editors verify offline; the standalone tool runs in their browser.
Portfolio
"Verify this piece" link
Drop the .red.md beside the article on your site. Add a one-line link: "How I wrote this."

How to export downloadAnnotatedMdForSlug

Two surfaces produce a .red.md:

From the open document

The export menu has a Download annotated .md action. Bundles the current body + live recording + fresh signature. Filename: <slug>.red.md.

From the Writing Profile · Archive tab

Every recorded document shows up in the Archive tab. Each row has a .red.md download button. Use this when the doc isn't open, when sending last quarter's portfolio piece, or for a batch.

Both paths produce the same file.

Auto-save is separate. If you opened the document from a folder on disk (directory picker), Red Stet is already writing a .red.md next to it on every change. Click "Download" only when you need to send, not to keep a copy.
The Sale of the Century
4 sessions · 11h 23m · last edit Apr 12
↓ .red.md
A Letter to My Father
2 sessions · 3h 18m · last edit Mar 31
↓ .red.md
Personal statement — Reed
9 sessions · 24h 02m · last edit Jan 14
↓ .red.md
Writing Profile → Archive. One row per document; one button each.

What recipients see when they open it

Depends on the tool:

In any text editor or markdown viewer

The piece. Headings, paragraphs, italics, links — the document as you wrote it. The trailing <!-- red-stet:v1 … --> renders as nothing in Marked, Bear, Obsidian, GitHub. The recipient reads your work without knowing the recording is there.

At red-stet.com/verify/

The standalone verifier — drop the file, get a four-row verdict in under a second (see below). No login, no network call.

Re-opened in Red Stet

If your recipient is also a Red Stet user, they drop the .red.md into the app and the recording rehydrates — the full timeline plays back, every session, every gap. For a co-author or editor who wants the process, not just the verdict.

OK

Verified — file integrity intact

4 of 4 checks passed

+
Bundle seal — recording is unaltered since export
+
Session chain — 4 sessions link end-to-end
+
Document body hash — text matches recorded hash
+
Manifest integrity — chainHeads match content
What a recipient sees at /verify/ — clean verdict, four checks, no jargon required to read it.

The signature chain — what makes this evidence-grade __signature__

Two interlocking mechanisms make a .red.md hard to forge:

1. Internal chain — tamper-evidence

Each session produces a manifest with a chainHead. Every new manifest includes the previous session's chainHead in its inputs, forming a linked list. Edit a session's contents after the fact and its chainHead stops matching — and so does every later prevChainHead. One pass surfaces the break.

Around the whole bundle sits a bundleSeal — one final hash over the packaged recording. Edit the file at all (a keystroke count, a date, anything) and the seal stops matching.

2. External signature — authenticity

On export, Red Stet's server signs the manifest with an ES256 JWT — elliptic-curve, the algorithm used by Apple Pay and modern OAuth. The signature is over the SHA-256 of the canonical (RFC-8785) JSON. The verifier holds the public key, checks the signature, and confirms both: Red Stet signed this, and nothing's been altered since.

Internal chain: the recording is internally consistent. External signature: it came from the real Red Stet pipeline.

If signing isn't configured on a deployment, the file still exports — without the external signature. The internal chain still holds. The verifier surfaces the missing signature rather than faking one.
// inside the .red.md, trailing comment { "version": 1, "marks": [ … ], "provenanceBundle": { "schema": "red-stet/provenance-bundle/v1", "sessionCount": 4, "chainHead": "a3b7-c812-7f0e", "bodyHash": "1f9c-8c01-d3a4", "bundleSeal": "4b2f-91c8-e771", "manifests": [ … 4 … ], "events": [ … 187 … ] }, "__signature__": { "jws": "eyJhbGciOi…", "kid": "rm-2026-04", "alg": "ES256", "hash": "7e2d-9af1-c016" } }
The two layers — chain + signature — packaged inside the trailing comment.

The standalone verifier — /verify/

Live at red-stet.com/verify/. A single static HTML page with inline JavaScript. Drag a .red.md onto the drop zone, get a verdict in under half a second.

Four checks:

  1. Bundle seal — re-hash the recording (minus the seal field) and compare. Catches any post-export edit to events, manifests, or metadata.
  2. Session chain — walk the manifests; each prevChainHead must match the previous chainHead. Catches inserted, removed, or altered sessions.
  3. Document body hash — hash the body, compare to the recorded hash. Catches post-export edits to the text.
  4. Manifest integrity — recompute each session's chainHead from its contents and confirm. Catches tampering inside a session manifest.

All four pass: Verified — file integrity intact. Any failure produces a "what broke and where" message. Nothing is uploaded; works offline, works on a plane.

.red.md

Drop a .red.md file here, or click to choose

The file stays on your computer. Verification happens locally.

red-stet.com/verify/ — single page, no account, works offline once loaded.

Updating an exported recording

You finished a piece, exported it, sent it — and now you've revised. What happens to the old .red.md?

Re-export. Same path.

The new export contains every session, old and new, chained in order. Body hash reflects the revised text. chainHead advances. The old sessions haven't changed; they're still verifiable, just no longer at the end of the chain.

Send the new file. Tell the recipient which version to trust. Verify the old and the new — each passes on its own terms. Two valid snapshots of the same evolving recording. There's no "invalidation" — the earlier export remains a true snapshot of what existed then.

If you edited outside Red Stet (another editor, then re-imported), the next session writes an external-edit event into the chain. The gap is visible and labeled, not hidden.
current
Apr 14 — final
4 sessions · chainHead a3b7-c812
2,418 words
v3
Apr 12 — sent to editor
3 sessions · chainHead 8e2d-71f9
2,402 words
v2
Apr 10 — second pass
2 sessions · chainHead 2c9a-44b6
2,387 words
v1
Apr 8 — first draft
1 session · chainHead 5f1e-c803
1,803 words
Every export is a snapshot. Older snapshots remain valid on their own terms.

What travels with the file, what doesn't

The recording proves this piece. It doesn't unlock your account, your other documents, or your private metadata.

In the file

  • The document body
  • The full provenance bundle — every session manifest, every event in the local ledger, the chain head, body hash, bundle seal
  • Marks and notes you applied (editors who reopen in Red Stet see them)
  • The ES256 signature attesting the manifest came from Red Stet's signing pipeline

NOT in the file

  • Your other documents
  • Your Writing Profile
  • Your account email, full name, or any credential
  • Discarded drafts of this document — only the body-as-of-export, not every intermediate save
  • Anything from a classroom (assignments, peer reviews, grades) — those live in their own scope

The author identity attached is the display identity you chose. If you wrote pseudonymously, the pseudonym is what gets signed. The signature attests "this recording came from a Red Stet pipeline with this author label", not "this is the writer's legal identity."

Sharing a .red.md is like sharing a sealed envelope. Recipient verifies the seal, reads what's inside, can't peek at your other envelopes.
Document body
In
Session manifests + chain
In
Event ledger (local)
In
ES256 signature
In
Marks + notes
In
Your other documents
Out
Account credentials
Out
Writing Profile metadata
Out
Discarded earlier drafts
Out

Case: a freelance client wants proof

You delivered a piece; the client (or their editor, or their legal) wants assurance the writing is yours. Their AI-detector pinged, their guidelines require it, or they're nervous.

Two sentences and an attachment:

"Attached is a portable recording of the piece. Drop it at red-stet.com/verify/ — it shows every session of writing plus a four-check integrity verdict. No login, runs in your browser."

What you've given them:

  • A signed, sealed record of every keystroke summary across every session
  • A tool to verify it themselves, offline, without learning anything else about you
  • A standing offer — open it in Red Stet and watch the writing happen

Stronger than "I promise I wrote it." Verification takes under a minute.

Email to client
"Provenance attached"
Hi Sarah,

Attached: sale-century.red.md — a portable recording of the piece I sent on Friday.

Drop it on red-stet.com/verify/ for an integrity check. It'll show four sessions of writing across the week — about 11.5 hours of real keystrokes — and confirm nothing's been altered since I exported it.

Happy to walk through the recording on a call if useful.
The verification is the recipient's, not yours. You just hand over the file.

Case: a college admissions reader

Admissions essays are where provenance is starting to matter most. A reader at a competitive college sees thousands of essays a season, suspects AI in many, and doesn't want to play forensic analyst on each.

A .red.md sidecar gives them a five-second-to-five-minute option:

  • Five seconds: verdict — "Verified, 9 sessions, 24h 02m." Move on.
  • One minute: session count and total time. Does it look like a 17-year-old wrote this? A long, distributed recording with revisions matches the human shape. A 12-minute single-session sprint to perfect prose does not.
  • Five minutes: open in Red Stet, scrub the timeline, watch the piece take shape. Rare but available.

The recording isn't graded. Long isn't proof of quality; short isn't proof of cheating. What the recording answers: did this person actually write this?

For applicants: don't game the recording. Long pauses, deletes, dictionary lookups, going back to add a line — normal. They make the recording more credible. Optimizing for "looking impressive" produces uncanny shapes.
OK

Verified — Personal statement

9 sessions · 24h 02m total · first keystroke Jan 04

+
9 sessions chain end-to-end
+
Body hash matches recorded hash
+
Bundle seal verified
+
Signed by Red Stet · kid rm-2026-01
A reader's verdict — five-second version. The shape of the recording does most of the talking.

Related

What's recorded — and what isn't — exactly which keystrokes, pauses, and metadata the session ledger captures.

Reading a Red Stet recording — for a recipient, what the four checks mean and how to read the rhythm of a session.

Data retention & deletion — how long the recording survives, what's deleted on request, where the file copy lives.

Back to the help library for the full index.

Missing something? Email feedback — this doc grows by use.