.dnm format
The native, portable, enterprise-ready file format for Donum reports. Layout, data schema, permissions, audit log, and version history — in one signed archive.
.dnm stands for Donum Narrative Manifest. It is the native file format of Donum — analogous to .fig for Figma, .pbix for Power BI, or .sketch for Sketch.
Every report created in Donum can be exported as a .dnm file and imported back — on any account, any workspace, any device — with pixel-perfect fidelity. The format is lossless, self-contained, and inspectable without proprietary tooling.
File variants
A single .dnm extension covers three distinct use cases, distinguished by flags inside manifest.json:
- Full report
- format_variant: "full"
- The default. Contains everything: layout, data schema, cached snapshots, design system, version history, audit log, permissions, and assets.
- Template
- is_template: true
- Layout and design system intact, live data stripped and replaced with placeholders. Variables let recipients fill in their own data sources on import.
- Style patch
- is_override_only: true
- Contains only overrides.json and design-system.json. Apply to an existing report to update its visual style without modifying content or data.
What's inside
A .dnm file is a structured ZIP archive containing your report's layout, theme, data schema, permissions, and history — all in one portable file. Self-contained and lossless. Credentials are never stored.
Schema reference
Field-by-field reference for every file in the archive. All JSON examples are valid, complete, and copy-pasteable.
manifest.json
The identity card for the archive. Metadata, format flags, integrity seal.
{
"dnm_version": "2.0.0",
"format_variant": "full",
"is_template": false,
"report_id": "rpt_4Xk9mN2pQr7vLwE1",
"report_name": "Q1 2026 Investor Update",
"page_count": 3,
"tile_count": 24,
"has_live_data": true,
"data_sources": ["stripe", "hubspot", "google_analytics"],
"design_system_id": "ds_brand_acme_v3",
"checksum": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
}- dnm_versionRequired
- string
- Format version of this archive.
- format_variantRequired
- enum
- "full" | "template" | "override_only".
- report_idRequired
- string
- Source report identifier.
- report_nameRequired
- string
- Report display name.
- page_countRequired
- number
- Number of pages in the report.
- has_live_dataRequired
- boolean
- Whether the report has data connector bindings.
- data_sources
- string[]
- List of connector types used. Never contains credentials.
- checksumRequired
- string
- Integrity seal for tamper detection.
report.json
The full layout definition. Tabs, tiles, grid positions, data bindings, and display configuration.
{
"id": "rpt_4Xk9mN2pQr7vLwE1",
"name": "Q1 2026 Investor Update",
"tabs": [{
"id": "tab_overview",
"label": "Overview",
"tiles": [{
"id": "tile_mrr",
"type": "kpi",
"grid": { "col_start": 1, "col_span": 4, "row_start": 1, "row_span": 2 },
"data_binding": { "source": "stripe", "metric": "mrr", "period": "current_month" },
"display": { "label": "MRR", "format": "currency", "currency": "USD" }
}]
}]
}design-system.json
The complete theme contract. Color tokens, typography scale, spacing, shadows, chart palettes. Every tile derives its appearance from here.
permissions.json
Viewer access control and row-level security configuration. Present only when access restrictions are configured.
Import and export
Export from the report editor (⋯ menu → Export → .dnm) or via the API. Import via Reports → Import → Upload .dnm.
GET /api/v1/reports/{report_id}/export?format=dnm
&include_history=true
&embed_assets=true
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="q1-report.dnm"Security model
The .dnm format is designed so credentials are never written into the archive, regardless of what connectors the report uses.
| Concern | Approach |
|---|---|
| Credentials | Never embedded. Stored in the workspace and resolved at runtime. |
| Tamper detection | Layered integrity checks across all internal files and the archive. |
| Encryption | Optional at-rest encryption on export (enterprise plan). |
| Expiry | expiry_date in permissions.json makes the link inactive after a date. |
| Domain restriction | allowed_domains limits viewers by email domain. |
| Row-level security | Data filtered per viewer at query time. |
| Audit trail | Significant actions logged with timestamps. Exportable for compliance. |
| Credential scan | Files scanned on import. Rejected if credential-shaped content is found. |
Versioning
.dnm files include version history, allowing any prior state of the report to be restored. Snapshots are optional on export.
Format changelog
| Version | Date | Changes |
|---|---|---|
| 2.0.0 | Mar 2026 | Added refresh-policy.json, permissions.json with RLS, audit-log.json, publish/draft model, two-layer tamper detection, credential contamination scan on import. |
| 1.1.0 | Feb 2026 | Added overrides.json for user style customization, cadence.json for recurring delivery, typography contract in design-system.json. |
| 1.0.0 | Jan 2026 | Initial release. Core layout, design system, version history, binary asset embedding, per-file SHA-256 checksums. |
Related
PDF export
A fixed-layout, print-ready static document. Pixel-perfect snapshot, no live data, no interactivity.
PPTX export
Export slides for use in PowerPoint or Google Slides. Each report page becomes a slide. Partial fidelity — complex chart tiles may be rasterized.
JSON Schema
Raw machine-readable JSON Schema definitions for every internal file in the .dnm archive.