Follow-up to c3ba81a, which deleted federal.html but missed the file
edits (the prior git add aborted on a pathspec error). This commit
carries the real changes: remove the zddc-server + install sections and
all server discussion from the landing page; lead with "runs in your
browser, files never leave your machine, start with Browse now"; give
each tool card a bulleted feature list; lay the three cards out
all-across or all-stacked via a shared .tools-grid. In the reference,
remove Section 10 (server bootstrap), renumber Tools to 10, and
de-couple Section 9's layout/workflow from server machinery.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Reshape the landing page around three tools with Browse as the hero —
it needs nothing to run; .zddc files only add labels, per-folder tools,
permissions, and transmittal actions. Surface Classify (assign tracking
numbers, build transmittals) as its own tool; keep Archive as the
read-only access UI. Condense the zddc-server section and reword it as
an optional web-server app.
reference.html: list all three tools (Section 11) and document the TBD
status code (in shared/zddc.js, used for forecast/planned folders) in
the ABNF grammar and the status table.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Catches the website up to the v0.0.21 server contract:
- Project structure (reference.html §9): archive/ is the only
physical project-root directory; the in-flight lifecycle
(working/staging/reviewing) now lives PER-PARTY under
archive/<party>/. Six top-level URLs (ssr/mdl/rsk/working/
staging/reviewing) are virtual aggregators synthesised from
each party's content.
- Retired the staging↔working mirror language — drafting a
response transmittal now walks the in-flight ratchet through
Plan Review's scaffold at archive/<party>/reviewing/<tracking>/.
- Role descriptions (§10): document_controller is no longer
subtree-admin anywhere. Authority cascades from the auto-own
.zddc written at each archive/<party>/ folder, which grants
both the creator email AND the document_controller role
`rwcda` (via auto_own_roles in the defaults). Multi-DC
deployments work without admin status because the role itself
is named in every party's auto-own grant.
- Added the `observer` role (third standard role) with a
pure-read-only intent for external auditors.
- Documented the in-flight ratchet (working → staging → issued)
as a one-way handoff that downgrades the prior role's modify
rights at each step.
- Clarified that the `a` verb is the .zddc-edit verb, distinct
from the elevation-bypass sudo channel (root admins: list).
- Dropped `on_plan_review:` from the cascade-keys reference (the
key was retired when Plan Review hardcoded the scaffold
convention); added `auto_own_roles:` and `auto_own_fenced:`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Match the May 2026 ZDDC simplification — channel mirrors (_stable,
_beta, _alpha) and partial-version pins (_v<X.Y>, _v<X>) are gone.
Each tool has one canonical URL (<tool>.html, symlink → current
stable) and a set of immutable per-version files.
index.html:
- Remove .channel-row CSS
- Replace the per-tool 3-channel row with one card linking to the
canonical <tool>.html; cards are now clickable
- Drop "Each tool is published in three channels" paragraph; replace
with "tracks current stable; pin on the releases page for
reproducibility"
- Update apps: example to use 'stable' or 'v0.0.4' (drop beta/alpha
and partial-pin options)
- Update header dropdown links + "Local: just download" links to
canonical URLs
- Drop "channel build" wording in the "All releases" footer link
reference.html:
- Update hardcoded header dropdown links + Section 11 tool cards from
archive_stable.html / browse_stable.html to archive.html / browse.html
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
We're consolidating ZDDC functionality into two tools rather than
the four previously advertised. Transmittal Creator, Document
Classifier, and Markdown Editor are removed from the public site;
their workflows are absorbed into Browse (file-tree navigator with
in-place markdown editing, on-demand DOCX/HTML/PDF download, file
management surface for classification and transmittal preparation).
Changes:
- Dropdown menu (both index + reference): two entries (Archive
Browser, Browse).
- index.html "Try the tools": two tool cards. Hero + intro copy
reflect the two-tool framing.
- index.html "Install on your server": baked-in tool list collapses
to archive + browse + index; the slash/no-slash routing
convention is referenced rather than re-listing per-folder
tool mappings.
- index.html "Local: just download": two download links.
- reference.html § 1 intro: "two tools" wording.
- reference.html § 9 project layout: working/ description now
points at the browse tool for markdown editing rather than the
retired mdedit.
- reference.html § 10 Tools: two cards with refreshed descriptions
that match the consolidated scope.
- README.md: tool list updated for new contributors.
federal.html, css/, and js/ have no tool-product references to
update; their "transmittal" mentions are the document-flow concept
and stay as-is.
index.html: extend the access-control bullet to mention the
inherit:false directive as the "complete reset" knob for vendor and
regulated subtrees.
federal.html: note in the strict-Rego bullet that inherit:false is
intentionally refused under strict cascade mode (NIST AC-6 invariant)
so federal-track operators understand the directive is a commercial-
mode tool, not part of the federal posture.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Re-sort the zddc-server feature list so the most-immediately-useful
behaviours (lazy folder creation, virtual .archive URLs, basic ACL,
roles, WORM, cascade tracer) come first, then the operational table
stakes (per-request logging, TLS hygiene), and the federal/regulated
bullets (OPA decider, designed-for-regulated-environments) last. Within
each tier the simpler item leads.
Strip the explicit ZDDC_ROOT=/srv/zddc from the run example. The binary
defaults to the current working directory, so for a quick start
"./zddc-server" is all that's needed. Add a follow-on note that the
listener defaults to https://localhost:8443/ with a self-signed cert
and that --root / --addr / --tls-* override the defaults.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Update reference.html § 9 (transmittal workflow): replace the legacy
per-party tree (project/{party-name}/{incoming,received,issued}) with
the current canonical layout — project root has working/, staging/,
reviewing/, archive/, and per-party folders sit under
archive/<party>/{mdl,incoming,received,issued}/. Note lazy creation,
case-fold matching, the per-user virtual <viewer-email>/ entry, mdl
opening the table editor, and the staging↔working drafting mirror.
Add a "Drafting a response transmittal" subsection describing how
inbound submittals (-SUB- @ IFR/IFA) flow through staging→working
into archive/<party>/issued/ as RS* responses.
Update index.html "Access control via .zddc files" bullet to describe
what the server actually does today: cascade direction, the five
verbs (r/w/c/d/a), explicit deny via empty grant, and the
X-Auth-Request-Email convention. Add new bullets for roles (with a
short YAML example), WORM archive folders + drop-in producer pattern,
lazy folder creation + case-fold matching, the cascade tracer
admin endpoint, and an expanded OPA paragraph (input shape, cache
TTL, fail-open flag, --print-rego=federal). Update the install card's
tool-folder list to use lowercase canonical names, mention browse,
and add mdl.table.html as the per-party MDL view.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
A non-technical entry point for federal evaluators answering "can this
go in our environment, and what would need to be added during ATO?" —
the question that today only has an answer buried in the engineering
README.
Six sections, written for the procurement / decision-maker audience
with engineers as the secondary reader:
1. Hero: ZDDC is designed to be deployed in regulated environments.
2. What's already in place — hardened TLS posture, pluggable OPA
policy engine, federal-mode strict-least-privilege Rego, audit
logging, vulnerability-disclosure policy, documented access-
control model with a 5-minute verify-it recipe.
3. Supported deployment shape — diagram showing zddc-server on
loopback behind a TLS-terminating proxy on a RHEL/UBI base.
4. What you'd add for full ATO — table of five integration items
(FIPS-validated crypto, authenticated proxy↔server channel, RBAC,
policy export, code-signed tool fetches) with plain-language
summaries.
5. The two-track build plan — explains why the standard binary
stays pure-Go and a parallel zddc-server-fips build is the right
answer for federal customers.
6. Engineering reference — links into the in-repo gap analysis,
ARCHITECTURE.md security section, and access-control reference
for implementors.
Linked from index.html in two places: a new feature bullet on the
zddc-server (optional) section pointing at the page, and a "For
federal evaluators" entry in the Learn-more list at the bottom.
No engineering content here — federal.html is the procurement entry
point. The deeper detail (NIST control numbers, library choices,
effort estimates) lives in zddc/README.md § Federal-readiness gap
analysis where engineers will look for it.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- New zddc-server feature bullet for OPA-compatible policy decider:
ZDDC_OPA_URL flips to external Rego with the same .zddc files as input
- Access-control bullet now links to the cascade reference (worked
examples for paired open/closed + third-party-vendor layouts)
- Access-logging bullet covers stdout-as-canonical and the file-tee
fallback so orchestrator-pipeline deployments aren't surprised
- New Learn-more link to the access-control reference (cascade rules,
anti-patterns, five-minute verify recipe, federal-readiness gap
analysis with NIST control refs)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- index.html: stable channel chip referenced --color-primary, which
is undefined; falling back to the browser-default visited-link color
rendered it purple. Switch to the actually-defined --color-accent.
- css/style.css: lift dark-mode pill backgrounds (--color-accent-soft,
--color-Tracking, --color-Title) so pills have a visible edge against
the near-black page bg (~1.5:1 → ~2.2:1 adjacency contrast). Accent
text on the lighter pills stays at 3.6:1, fine for short labels.
- css/style.css: brand-logo's navy <rect> blends into the page bg in
dark mode; override its fill to a lighter steel-blue so the rounded
square stays visible.
Light mode is untouched.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Seeded from the website branch's working tree as of zddc@76e1e78.
Release artifacts (HTML tool builds + zddc-server binaries) live on
the deploy host under /srv/zddc/releases/; they are reproducible
from <tool>-vX.Y.Z tags on https://codeberg.org/VARASYS/ZDDC.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
