ZDDC
6aae181d19
All checks were successful
Deploy content to live site / deploy (push) Successful in 3s
reference.html § 9: rewrite the canonical-folder tree so each line leads
with what the folder is FOR (drafting space, "about to issue" lane,
permanent record per counterparty, planned deliverables list, review
queue) rather than mechanics. The lifecycle stage of a document is now
visible from its location alone. Mechanics (lazy creation, case-fold
matching, virtual user home, paired delete on issue) demoted to a
single trailing paragraph so a reader can grasp the layout without
needing to track them.
federal.html: surface the access-control features that landed since the
page was written —
- Role-based access control as a first-class shipped feature, with the
AC-2 / AC-3(7) mapping called out.
- Verb-based least privilege (r/w/c/d/a) under AC-6, with the rc
shape used by immutable archives flagged explicitly.
- WORM enforcement on archive/<party>/{received,issued}/ under AU-9
and MP-5, including the at-the-WORM-folder grant pattern that lets
doc controllers drop transmittals without giving them overwrite.
- Cascade tracer (/.profile/effective-policy) under AC-3 reviewability.
- OPA wire-format detail (input shape + cache TTL + fail-open).
Move "Role-based access control" out of the "what you'd add for ATO"
table now that it's shipped; replace with "Identity-provider role
sync" — the integrator's job is wiring AD/Okta/EntraID groups into
the existing role members: list, not building RBAC from scratch.
Update "Policy export" to acknowledge the per-path tracer that already
ships and frames the missing piece as the batch-export companion.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .forgejo/workflows | ||
| css | ||
| img | ||
| js | ||
| CLAUDE.md | ||
| federal.html | ||
| index.html | ||
| LICENSE | ||
| pubkey.pem | ||
| README.md | ||
| reference.html | ||
ZDDC website
Hand-edited content for zddc.varasys.io. Two files:
index.html— landing page + install snippets.reference.html— the ZDDC file-naming convention specification.
Plus css/, js/, img/ for shared styles and assets.
This repo intentionally does not contain release artifacts. The
ZDDC tools (archive, transmittal, classifier, mdedit,
landing) and the zddc-server binary are built from the source
repo at https://codeberg.org/VARASYS/ZDDC and deployed to the live
site by its build pipeline. They live on the deploy host under
/srv/zddc/releases/, never in this repo's git history.
Preview locally
git clone https://codeberg.org/VARASYS/ZDDC-website
cd ZDDC-website
python3 -m http.server 8000
# open http://localhost:8000/
The preview won't have a /releases/ directory unless you also have
the source repo and run its build pipeline. That's expected — the
two repos are intentionally decoupled.
Publishing
.forgejo/workflows/deploy-content.yml rsyncs the working tree into
/srv/zddc/ on the deploy host on every push to main. The rsync
uses --delete-after and excludes /releases/, /.git*,
/.forgejo*, /README.md, and /LICENSE — anything else added at
the repo root will be published.
Editing notes
js/layout.jsqueries the header for.header-nav,.dropdown,.dropdown-toggle,.dropdown-menu, and.theme-toggle. Both HTML pages need to keep those classes or the theme toggle and Tools dropdown silently break.- Page-specific CSS goes in an inline
<style>in<head>(seeindex.html); only shared rules go incss/style.css. Design tokens (--color-accent, spacing scale, etc.) live at the top ofcss/style.css— prefer those over hardcoded values.
Contributing
Issues + PRs welcome. For changes to the tool source code (not the website), file them at https://codeberg.org/VARASYS/ZDDC.