Reorders the optional [phase] field to follow project in both the field list
and the "With Phases" schema. Replaces the illustrative discipline table with
the canonical 18-code list and the per-discipline type matrix with the
canonical 65-code flat list. Updates in-document examples (EL-ARR → EL-ELY,
PM-MLT → PM-LST, QC-PROC → QC-PRO) so they stay consistent with the new lists.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Phase field listed before project in the tracking-number field order;
example phase codes updated to ECI/EPC.
- Corporate placeholder rule clarified: 000000 is not mandatory — any
easily recognizable, non-confusable value (e.g., CORP, HQ) works.
- Type codes shown as a discipline×type matrix for at-a-glance
applicability instead of a stacked rowspan list.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
reference.html § 9: rewrite the canonical-folder tree so each line leads
with what the folder is FOR (drafting space, "about to issue" lane,
permanent record per counterparty, planned deliverables list, review
queue) rather than mechanics. The lifecycle stage of a document is now
visible from its location alone. Mechanics (lazy creation, case-fold
matching, virtual user home, paired delete on issue) demoted to a
single trailing paragraph so a reader can grasp the layout without
needing to track them.
federal.html: surface the access-control features that landed since the
page was written —
- Role-based access control as a first-class shipped feature, with the
AC-2 / AC-3(7) mapping called out.
- Verb-based least privilege (r/w/c/d/a) under AC-6, with the rc
shape used by immutable archives flagged explicitly.
- WORM enforcement on archive/<party>/{received,issued}/ under AU-9
and MP-5, including the at-the-WORM-folder grant pattern that lets
doc controllers drop transmittals without giving them overwrite.
- Cascade tracer (/.profile/effective-policy) under AC-3 reviewability.
- OPA wire-format detail (input shape + cache TTL + fail-open).
Move "Role-based access control" out of the "what you'd add for ATO"
table now that it's shipped; replace with "Identity-provider role
sync" — the integrator's job is wiring AD/Okta/EntraID groups into
the existing role members: list, not building RBAC from scratch.
Update "Policy export" to acknowledge the per-path tracer that already
ships and frames the missing piece as the batch-export companion.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Update reference.html § 9 (transmittal workflow): replace the legacy
per-party tree (project/{party-name}/{incoming,received,issued}) with
the current canonical layout — project root has working/, staging/,
reviewing/, archive/, and per-party folders sit under
archive/<party>/{mdl,incoming,received,issued}/. Note lazy creation,
case-fold matching, the per-user virtual <viewer-email>/ entry, mdl
opening the table editor, and the staging↔working drafting mirror.
Add a "Drafting a response transmittal" subsection describing how
inbound submittals (-SUB- @ IFR/IFA) flow through staging→working
into archive/<party>/issued/ as RS* responses.
Update index.html "Access control via .zddc files" bullet to describe
what the server actually does today: cascade direction, the five
verbs (r/w/c/d/a), explicit deny via empty grant, and the
X-Auth-Request-Email convention. Add new bullets for roles (with a
short YAML example), WORM archive folders + drop-in producer pattern,
lazy folder creation + case-fold matching, the cascade tracer
admin endpoint, and an expanded OPA paragraph (input shape, cache
TTL, fail-open flag, --print-rego=federal). Update the install card's
tool-folder list to use lowercase canonical names, mention browse,
and add mdl.table.html as the per-party MDL view.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Seeded from the website branch's working tree as of zddc@76e1e78.
Release artifacts (HTML tool builds + zddc-server binaries) live on
the deploy host under /srv/zddc/releases/; they are reproducible
from <tool>-vX.Y.Z tags on https://codeberg.org/VARASYS/ZDDC.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
