# `MailglassAdmin.Inbound.EvidenceCard`
[🔗](https://github.com/szTheory/mailglass/blob/v1.2.0/lib/mailglass_admin/inbound/evidence_card.ex#L1)

Evidence card (IADM-02 raw half) — raw provider source, default-redacted.

NET-NEW chrome reuse. PII handling is determined by the schema: `raw_payload`
and `raw_mime` are `redact: true` on `MailglassInbound.InboundRecords.InboundEvidence`
(T-48-12). This card NEVER renders those bytes by default — it shows
`verification_facts` plus a redacted summary (provider, payload byte size,
header count) and a masked placeholder for the raw body.

Revealing the raw payload requires the `:reveal_raw` capability (the same
`MailglassAdmin.Auth.authorize/3` seam as replay — no new auth surface, D-48-09).
The InboundLive owns the authorization decision and passes `reveal_state` here:

  - `:redacted` — default; raw bytes absent, redacted placeholder shown.
  - `:revealed` — capability granted; raw payload rendered in a read-only
    `<pre class="mono text-xs">` scroll region.
  - `:denied` — reveal attempted and denied; placeholder stays + brand-voice line.

Raw source, once revealed, is read-only and never editable.

# `evidence_card`

## Attributes

* `evidence` (`:map`) - Defaults to `nil`.
* `reveal_state` (`:atom`) - Defaults to `:redacted`.
* `can_reveal?` (`:boolean`) - Defaults to `true`.

---

*Consult [api-reference.md](api-reference.md) for complete listing*