Loupe documentation.
Two halves. Flows walk through specific scenarios — how to configure Loupe to do a specific job. Technical details are the reference: every option, every format, every wire-level detail your security review will ask about.
Flows
How to configure Loupe for a specific job.
Install Loupe
Download, drag-to-Applications, first-run Gatekeeper, and activation via the email link. Three-minute setup.
Investigate a database outage
Multi-source RCA from web, syslog, app, and email. The canonical case Loupe was built for.
Diagnose a 5xx burst
Web server access logs + upstream syslog. Identify the upstream service that triggered the cascade.
Verify an export bundle (recipient)
You received a Loupe bundle. How to confirm hashes, re-derive findings, and trust the chain.
Hand a case off to an auditor
Package the right artifacts, redact what needs redacting, and produce a single signed bundle.
Technical details
Reference for engineers, auditors, and IT.
Developer-level documentation: every option, every format, every guarantee — written for someone reviewing whether Loupe fits in their stack.
Hardware requirements
macOS version, Apple silicon, signing details, entitlements, optional dependencies.
Supported log formats
Eight parsers: syslog 5424/3164, nginx CLF/Combined, JSONL, RFC 5322 email, macOS unified log, libpcap.
Export bundle anatomy
What ships in a Loupe bundle: PDF, IODEF XML, CSV, source originals, hash-chained audit log, Hashes.txt.
Audit log format
Hash-chained mutation history. The schema, the verification recipe, and what each event records.
Activation envelope wire format
The Ed25519-signed JSON that activates Loupe.app. Schema, signature scheme, and verification.
Settings reference
Every knob in Settings → General, Privacy, Diagnostics — with defaults and where state lives.
Release notes
What ships in each release. v1.0 today, plus the v1.x and v2 candidates already on the workbench.