Scans & retention

A scan is one execution of the Opsis loop: import the newest sessions from your connected source — PostHog, Sentry, the Opsis SDK, Datadog, Amplitude, LogRocket, or Clarity — analyze them, prove new bugs with Playwright, and notify you about anything new. This page explains when scans run, what the dashboard shows about them, how email digests are deduplicated, and how long proof evidence is kept.

Manual vs scheduled scans

• Manual scans always work. Scan now on the project overview starts a scan immediately. A duplicate-scan lock prevents two scans from running on the same project at once.
• Scheduled scans are operator-enabled. They run only when the deployment's operator has turned the scheduled-scan engine on. When active, each connected project is scanned on a fixed interval (every 6 hours by default).

Scan history & the status strip

Every scan — manual or scheduled — is recorded as a history entry with its trigger, status, how many sessions it imported, how many automatic Playwright proofs it ran, and how many new findings it surfaced. The always-visible strip at the top of the project overview shows connection · last scan · next scan · Scan now, derived entirely from those records — so it stays correct across restarts. When scheduled scans are off, “Next scan” honestly reads on demand. A failed scan surfaces its error right below the strip instead of failing silently.

Activity feed

The Activity card is the project's heartbeat: scans, proof runs, and new findings in one stream. It is derived entirely from existing records — nothing writes separate “activity events”, so the feed can't drift from what actually happened.

Email digests & dedup

• Digests are per project: toggle “Email me when a scan finds new bugs.” in Settings → Notifications.
• One digest per scan — the scan's new meaningful findings (open suspected or verified bugs) are batched into a single email, never one email per finding. Low-signal statuses like needs_more_data are never emailed.
• A finding is emailed at most once. Each finding is stamped when it is included in a digest; re-running scans never re-emails old findings. Both manual and scheduled scans notify — new bugs matter regardless of who triggered the scan.
• The sample project never sends email.

Evidence retention — 30 days, with a fix-evidence grace

Playwright proof artifacts (video, trace, screenshots, console and network logs) are kept for 30 days by default, then removed by an automatic retention sweep. One deliberate exception:

What “evidence expired” means

When a run's artifacts have passed retention, the finding and run pages show an honest “evidence has expired” notice instead of broken links. The finding itself — title, status, history, affected sessions — is kept; only the heavy proof files are removed. Re-running verification regenerates proof: a new run produces fresh video, trace, and logs against your app's current state. See Playwright Proof for what each run records.

Related

• Quickstart — the full journey, including running your first scan.
• Privacy & Redaction — redaction, pseudonymization, and deletion requests.