Add a "zddc-server defaults" callout to §3 (Tracking numbers): the
reference implementation ships the Basic schema + optional [suffix],
binds originator to the party folder (read-only, folder is the source
of truth), and ships phase/area off by default (project-wide, enabled
per project via .zddc). The universal convention is unchanged — this
just clarifies what the server does out of the box so readers don't
conflate the spec with the default deployment.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Catches the website up to the v0.0.21 server contract:
- Project structure (reference.html §9): archive/ is the only
physical project-root directory; the in-flight lifecycle
(working/staging/reviewing) now lives PER-PARTY under
archive/<party>/. Six top-level URLs (ssr/mdl/rsk/working/
staging/reviewing) are virtual aggregators synthesised from
each party's content.
- Retired the staging↔working mirror language — drafting a
response transmittal now walks the in-flight ratchet through
Plan Review's scaffold at archive/<party>/reviewing/<tracking>/.
- Role descriptions (§10): document_controller is no longer
subtree-admin anywhere. Authority cascades from the auto-own
.zddc written at each archive/<party>/ folder, which grants
both the creator email AND the document_controller role
`rwcda` (via auto_own_roles in the defaults). Multi-DC
deployments work without admin status because the role itself
is named in every party's auto-own grant.
- Added the `observer` role (third standard role) with a
pure-read-only intent for external auditors.
- Documented the in-flight ratchet (working → staging → issued)
as a one-way handoff that downgrades the prior role's modify
rights at each step.
- Clarified that the `a` verb is the .zddc-edit verb, distinct
from the elevation-bypass sudo channel (root admins: list).
- Dropped `on_plan_review:` from the cascade-keys reference (the
key was retired when Plan Review hardcoded the scaffold
convention); added `auto_own_roles:` and `auto_own_fenced:`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Match the May 2026 ZDDC simplification — channel mirrors (_stable,
_beta, _alpha) and partial-version pins (_v<X.Y>, _v<X>) are gone.
Each tool has one canonical URL (<tool>.html, symlink → current
stable) and a set of immutable per-version files.
index.html:
- Remove .channel-row CSS
- Replace the per-tool 3-channel row with one card linking to the
canonical <tool>.html; cards are now clickable
- Drop "Each tool is published in three channels" paragraph; replace
with "tracks current stable; pin on the releases page for
reproducibility"
- Update apps: example to use 'stable' or 'v0.0.4' (drop beta/alpha
and partial-pin options)
- Update header dropdown links + "Local: just download" links to
canonical URLs
- Drop "channel build" wording in the "All releases" footer link
reference.html:
- Update hardcoded header dropdown links + Section 11 tool cards from
archive_stable.html / browse_stable.html to archive.html / browse.html
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
A fresh deployment grants no access to anyone until the operator
populates the root /.zddc (admins) and per-project /<project>/.zddc
(role members). Without them the server runs but every request
returns 403 — the embedded defaults intentionally ship with empty
role members so deployments must opt-in to authorize anyone.
The new section walks operators through:
- Step 1: root /.zddc with `admins:` only.
- Step 2: per-project .zddc populating `document_controller` and
`project_team` role members.
- Schema essentials (admins/acl/roles/title, permission bits,
principal forms).
- The `acl: { allow: [...] }` footgun — silently dropped because
ACLRules only reads `permissions:`.
- The startup warning to watch for and `zddc-server show-defaults`
as the full schema reference.
Renumbered "Tools" from 10 to 11 and updated the sidebar TOC to
match. Mirrors the new sections added to the main repo's README.md
and AGENTS.md.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
We're consolidating ZDDC functionality into two tools rather than
the four previously advertised. Transmittal Creator, Document
Classifier, and Markdown Editor are removed from the public site;
their workflows are absorbed into Browse (file-tree navigator with
in-place markdown editing, on-demand DOCX/HTML/PDF download, file
management surface for classification and transmittal preparation).
Changes:
- Dropdown menu (both index + reference): two entries (Archive
Browser, Browse).
- index.html "Try the tools": two tool cards. Hero + intro copy
reflect the two-tool framing.
- index.html "Install on your server": baked-in tool list collapses
to archive + browse + index; the slash/no-slash routing
convention is referenced rather than re-listing per-folder
tool mappings.
- index.html "Local: just download": two download links.
- reference.html § 1 intro: "two tools" wording.
- reference.html § 9 project layout: working/ description now
points at the browse tool for markdown editing rather than the
retired mdedit.
- reference.html § 10 Tools: two cards with refreshed descriptions
that match the consolidated scope.
- README.md: tool list updated for new contributors.
federal.html, css/, and js/ have no tool-product references to
update; their "transmittal" mentions are the document-flow concept
and stay as-is.
Reorders the optional [phase] field to follow project in both the field list
and the "With Phases" schema. Replaces the illustrative discipline table with
the canonical 18-code list and the per-discipline type matrix with the
canonical 65-code flat list. Updates in-document examples (EL-ARR → EL-ELY,
PM-MLT → PM-LST, QC-PROC → QC-PRO) so they stay consistent with the new lists.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Phase field listed before project in the tracking-number field order;
example phase codes updated to ECI/EPC.
- Corporate placeholder rule clarified: 000000 is not mandatory — any
easily recognizable, non-confusable value (e.g., CORP, HQ) works.
- Type codes shown as a discipline×type matrix for at-a-glance
applicability instead of a stacked rowspan list.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
reference.html § 9: rewrite the canonical-folder tree so each line leads
with what the folder is FOR (drafting space, "about to issue" lane,
permanent record per counterparty, planned deliverables list, review
queue) rather than mechanics. The lifecycle stage of a document is now
visible from its location alone. Mechanics (lazy creation, case-fold
matching, virtual user home, paired delete on issue) demoted to a
single trailing paragraph so a reader can grasp the layout without
needing to track them.
federal.html: surface the access-control features that landed since the
page was written —
- Role-based access control as a first-class shipped feature, with the
AC-2 / AC-3(7) mapping called out.
- Verb-based least privilege (r/w/c/d/a) under AC-6, with the rc
shape used by immutable archives flagged explicitly.
- WORM enforcement on archive/<party>/{received,issued}/ under AU-9
and MP-5, including the at-the-WORM-folder grant pattern that lets
doc controllers drop transmittals without giving them overwrite.
- Cascade tracer (/.profile/effective-policy) under AC-3 reviewability.
- OPA wire-format detail (input shape + cache TTL + fail-open).
Move "Role-based access control" out of the "what you'd add for ATO"
table now that it's shipped; replace with "Identity-provider role
sync" — the integrator's job is wiring AD/Okta/EntraID groups into
the existing role members: list, not building RBAC from scratch.
Update "Policy export" to acknowledge the per-path tracer that already
ships and frames the missing piece as the batch-export companion.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Update reference.html § 9 (transmittal workflow): replace the legacy
per-party tree (project/{party-name}/{incoming,received,issued}) with
the current canonical layout — project root has working/, staging/,
reviewing/, archive/, and per-party folders sit under
archive/<party>/{mdl,incoming,received,issued}/. Note lazy creation,
case-fold matching, the per-user virtual <viewer-email>/ entry, mdl
opening the table editor, and the staging↔working drafting mirror.
Add a "Drafting a response transmittal" subsection describing how
inbound submittals (-SUB- @ IFR/IFA) flow through staging→working
into archive/<party>/issued/ as RS* responses.
Update index.html "Access control via .zddc files" bullet to describe
what the server actually does today: cascade direction, the five
verbs (r/w/c/d/a), explicit deny via empty grant, and the
X-Auth-Request-Email convention. Add new bullets for roles (with a
short YAML example), WORM archive folders + drop-in producer pattern,
lazy folder creation + case-fold matching, the cascade tracer
admin endpoint, and an expanded OPA paragraph (input shape, cache
TTL, fail-open flag, --print-rego=federal). Update the install card's
tool-folder list to use lowercase canonical names, mention browse,
and add mdl.table.html as the per-party MDL view.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Seeded from the website branch's working tree as of zddc@76e1e78.
Release artifacts (HTML tool builds + zddc-server binaries) live on
the deploy host under /srv/zddc/releases/; they are reproducible
from <tool>-vX.Y.Z tags on https://codeberg.org/VARASYS/ZDDC.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
