Skip to content
YantrikDB

Legal Discovery: Testimony vs Machine Logs

He said he never touched the repo. Badge, VPN, and git all say he did.

A fictional trade-secrets matter inspired by patterns documented in public trade-secret litigation (Waymo v. Uber and others). All names and events are invented. The reconstruction pattern is real.

This is the legal discovery showcase — demonstrating how YantrikDB treats sworn testimony and machine evidence as coexisting claims, with automatic contradiction detection at the (subject, relation, object) level.

The matter

Section titled “The matter”

Summit Atlas, Inc. v. Polaris Robotics. Summit alleges that Priya Ramanathan, a former senior engineer, downloaded proprietary LIDAR firmware before joining competitor Polaris.

At deposition (2026-08-15), Ramanathan denies everything. The forensic record tells a different story.

Sources

Section titled “Sources”
SourceAuthorityContent
deposition.ramanathanSworn testimonyDirect denials under oath
system.badgeKastle access logsBuilding/floor entry timestamps
system.vpnCorporate VPN logsRemote session records
system.gitGitLab server logsClone/download events per user
system.dlpEndpoint DLP (CrowdStrike)USB attach/write audit
system.emailPreserved email archivePre-departure correspondence

What the engine produced

Section titled “What the engine produced”

Phase 3: Polarity contradictions

Section titled “Phase 3: Polarity contradictions”
[1] Ramanathan --accessed--> lidar_firmware_repo
    (deposition.ramanathan) CLAIMS NO
    (system.git)            CLAIMS YES at 2026-05-18 23:02
    (system.git)            CLAIMS YES at 2026-05-24 22:08


[2] Ramanathan --copied_to--> removable_media
    (deposition.ramanathan) CLAIMS NO
    (system.dlp)            CLAIMS YES at 2026-05-24 22:47

Two sworn denials, two polarity contradictions, four forensic sources backing the opposite. Each side coexists in the claims ledger with its own provenance.

Phase 4: Temporal query — “what did discovery know on 2026-05-25?”

Section titled “Phase 4: Temporal query — “what did discovery know on 2026-05-25?””
[system.dlp]   YES  Ramanathan --copied_to--> removable_media       (22:47–22:51)
[system.git]   YES  Ramanathan --accessed--> lidar_firmware_repo    (22:08–22:10)
[system.vpn]   YES  Ramanathan --accessed--> SummitAtlas_network    (22:41–23:55)
[system.badge] YES  Ramanathan --was_at--> SummitAtlas_R&D_wing     (20:47–23:12)


[deposition.ramanathan] NO  Ramanathan --copied_to--> removable_media
[deposition.ramanathan] NO  Ramanathan --accessed--> lidar_firmware_repo

Every machine source agrees; the sworn denial from three months later sits alongside them. Discovery counsel can literally query the database for “the state of the factual record as of May 25” — and get a structured answer with full provenance.

Phase 5: The recall chain pins the “smoking email”

Section titled “Phase 5: The recall chain pins the “smoking email””

Within the top 8 recall results, the database surfaces:

[system.dlp]              2026-05-24 22:47 Samsung T7 SSD attached, 2.8 GB written
[deposition.ramanathan]   "Absolutely not. That would have violated my NDA."
[system.git]              2026-05-18 23:02 cloned lidar-firmware/titan-v3 (2.4 GB)
[system.email]            2026-05-02 "I'll have a small package ready to bring over"
[system.git]              2026-05-24 22:08 downloaded ZIP snapshot
[system.badge]            entered R&D wing 20:47
[system.badge]            exited R&D wing 23:12

The denial, the clone, the copy, the badge session, and the pre-departure email to the competitor’s recruiter — all ranked together because they all matter to the same question.

Why couldn’t Postgres + embeddings + a dashboard do this?

Section titled “Why couldn’t Postgres + embeddings + a dashboard do this?”

Most legal-tech tools do retrieval or timeline generation. They find documents that match keywords, or order events by timestamp. None of them treat “Ramanathan says she didn’t access the repo” and “the git server says she did” as two coexisting structured claims on the same (subject, relation, object) tuple, with opposite polarity, source attribution, validity windows, and automatic contradiction detection.

A SQL database would force one value to overwrite the other. A vector database would return both as “similar” with no notion that they contradict. A graph database could model the people and events but has no polarity on its edges — it can’t distinguish “A claims X” from “X is true”.

That’s what YantrikDB does. That’s the category.

What this unlocks

Section titled “What this unlocks”

The pattern generalizes to every matter where sworn statements must be reconciled against documentary and machine evidence:

  • Trade secrets / IP theft — the scenario above
  • Employment disputes — testimony vs HR logs, Slack, email
  • Financial fraud — depositions vs transaction records
  • Antitrust — executive testimony vs internal communications
  • Regulatory enforcement — sworn filings vs operational data
  • Whistleblower cases — company statements vs internal records

Every one of these becomes the same kind of structured contradiction reconstruction. The evidence chain is the query result.

Run it yourself

Section titled “Run it yourself”
Terminal window
git clone https://github.com/yantrikos/yantrikdb-server
python yantrikdb-server/docs/showcase/legal_discovery_engine.py \
    ydb_your_token \
    http://your-cluster:7438

Requires yantrikdb-server v0.7.2+ and yantrikdb v0.6.1+.

Full script: legal_discovery_engine.py

Sworn testimony and machine logs, in the same database, as coexisting contradictory claims. That’s what discovery actually needs.