VARASYS/ZDDC-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ZDDC-website/index.html
ZDDC 90aca07539 docs: federal compliance page (federal.html) + home-page cross-links 
A non-technical entry point for federal evaluators answering "can this
go in our environment, and what would need to be added during ATO?" —
the question that today only has an answer buried in the engineering
README.

Six sections, written for the procurement / decision-maker audience
with engineers as the secondary reader:

  1. Hero: ZDDC is designed to be deployed in regulated environments.
  2. What's already in place — hardened TLS posture, pluggable OPA
     policy engine, federal-mode strict-least-privilege Rego, audit
     logging, vulnerability-disclosure policy, documented access-
     control model with a 5-minute verify-it recipe.
  3. Supported deployment shape — diagram showing zddc-server on
     loopback behind a TLS-terminating proxy on a RHEL/UBI base.
  4. What you'd add for full ATO — table of five integration items
     (FIPS-validated crypto, authenticated proxy↔server channel, RBAC,
     policy export, code-signed tool fetches) with plain-language
     summaries.
  5. The two-track build plan — explains why the standard binary
     stays pure-Go and a parallel zddc-server-fips build is the right
     answer for federal customers.
  6. Engineering reference — links into the in-repo gap analysis,
     ARCHITECTURE.md security section, and access-control reference
     for implementors.

Linked from index.html in two places: a new feature bullet on the
zddc-server (optional) section pointing at the page, and a "For
federal evaluators" entry in the Learn-more list at the bottom.

No engineering content here — federal.html is the procurement entry
point. The deeper detail (NIST control numbers, library choices,
effort estimates) lives in zddc/README.md § Federal-readiness gap
analysis where engineers will look for it.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 21:33:16 -05:00

250 lines
19 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>ZDDC — Zero Day Document Control</title>
<meta name="description" content="A file-naming convention and a small set of single-file HTML tools for managing project deliverables. Self-contained, offline-capable, dependency-free.">
<meta property="og:type" content="website">
<meta property="og:url" content="https://zddc.varasys.io/">
<meta property="og:title" content="ZDDC — Zero Day Document Control">
<meta property="og:description" content="A file-naming convention and a small set of single-file HTML tools for managing project deliverables. Self-contained, offline-capable, dependency-free.">
<meta name="theme-color" content="#2a5a8a">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap" rel="stylesheet">
<link rel="stylesheet" href="css/style.css">
<style>
.channel-row { display: flex; flex-wrap: wrap; gap: 0.5rem; margin-top: 0.75rem; font-size: 0.9rem; }
.channel-row a { display: inline-block; padding: 0.25rem 0.625rem; border-radius: 999px; text-decoration: none; border: 1px solid var(--color-border); color: var(--color-text); }
.channel-row a:hover { background: var(--color-bg-subtle); }
.channel-row .channel-stable { border-color: var(--color-accent); color: var(--color-accent); font-weight: 600; }
.channel-row .channel-beta, .channel-row .channel-alpha { color: var(--color-text-muted); }
.install-grid { display: grid; grid-template-columns: 1fr; gap: var(--spacing-md); margin-top: var(--spacing-md); }
.install-card { padding: var(--spacing-md); border: 1px solid var(--color-border); border-radius: 8px; background: var(--color-bg-subtle); }
.install-card h3 { margin-top: 0; margin-bottom: 0.25rem; }
.install-card .when { color: var(--color-text-muted); font-size: 0.92em; margin: 0.1rem 0 0.6rem 0; }
.install-card pre { background: var(--color-bg); border: 1px solid var(--color-border); border-radius: 6px; padding: 0.6rem 0.8rem; overflow-x: auto; font-size: 0.82em; line-height: 1.45; margin: 0; }
.install-card pre code { font-family: "SF Mono", Menlo, Consolas, monospace; }
.install-points { margin: 0.4rem 0 0.4rem 1.4rem; padding: 0; line-height: 1.65; }
.install-points li { margin-bottom: 0.15rem; }
.mode-grid { display: grid; grid-template-columns: 1fr; gap: var(--spacing-md); margin-top: var(--spacing-md); }
@media (min-width: 720px) { .mode-grid { grid-template-columns: 1fr 1fr; } }
.mode-card { padding: var(--spacing-md); border: 1px solid var(--color-border); border-radius: 8px; }
.mode-card h3 { margin-top: 0; }
code.inline { background: var(--color-bg-subtle); padding: 0.1rem 0.35rem; border-radius: 4px; font-size: 0.9em; }
.feature-list { line-height: 1.8; padding-left: 1.5rem; color: var(--color-text); }
.feature-list li { margin-bottom: 0.4rem; }
</style>
</head>
<body>
<!-- Header -->
<header class="site-header">
<div class="container header-content">
<a href="/" class="brand">
<svg class="brand-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" aria-hidden="true">
<rect width="64" height="64" rx="12" fill="#1e3a5f"/>
<g fill="#fff">
<rect x="14" y="18" width="36" height="7"/>
<polygon points="43,25 50,25 21,43 14,43"/>
<rect x="14" y="43" width="36" height="7"/>
</g>
</svg>
<span class="brand-name">ZDDC</span>
</a>
<nav class="header-nav">
<div class="dropdown">
<button class="dropdown-toggle" type="button" aria-haspopup="true">
<span>Tools</span>
<svg viewBox="0 0 24 24" style="width: 14px; height: 14px; fill: currentColor;">
<path d="M7 10l5 5 5-5z"/>
</svg>
</button>
<div class="dropdown-menu">
<div class="dropdown-menu__inner">
<a href="releases/archive_stable.html">
<svg class="dropdown-menu-icon" viewBox="0 0 24 24"><path d="M20 6H4a2 2 0 00-2 2v10a2 2 0 002 2h16a2 2 0 002-2V8a2 2 0 00-2-2zm0 12H4V8h16v10zM4 2h16v2H4z"/></svg>
Archive Browser
</a>
<a href="releases/transmittal_stable.html">
<svg class="dropdown-menu-icon" viewBox="0 0 24 24"><path d="M20 4H4c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V6c0-1.1-.9-2-2-2zm0 4l-8 5-8-5V6l8 5 8-5v2z"/></svg>
Transmittal Creator
</a>
<a href="releases/classifier_stable.html">
<svg class="dropdown-menu-icon" viewBox="0 0 24 24"><path d="M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z"/></svg>
Document Classifier
</a>
<a href="releases/mdedit_stable.html">
<svg class="dropdown-menu-icon" viewBox="0 0 24 24"><path d="M3 17.25V21h3.75L17.81 9.94l-3.75-3.75L3 17.25zM20.71 7.04a1 1 0 000-1.41l-2.34-2.34a1 1 0 00-1.41 0l-1.83 1.83 3.75 3.75 1.83-1.83z"/></svg>
Markdown Editor
</a>
</div>
</div>
</div>
<a href="reference.html" class="nav-link">Docs</a>
<a href="releases/" class="nav-link">Releases</a>
</nav>
</div>
</header>
<!-- Hero -->
<section class="hero">
<div class="container">
<h1>Zero Day Document Control</h1>
<p class="hero-subtitle">A file-naming convention and a small set of single-file HTML tools for managing project deliverables. Self-contained, offline-capable, dependency-free.</p>
</div>
</section>
<main class="container" style="margin-bottom: var(--spacing-2xl);">
<section style="margin-top: var(--spacing-xl);">
<h2>What is it?</h2>
<p>ZDDC is a convention, not a platform. Every deliverable's filename encodes its tracking number, revision, status, and title; every transmittal folder is date-prefixed and self-describing. A plain shared folder becomes a fully searchable, auditable information-management system — no server, no database, no software required to read the archive.</p>
<p>The four tools below are <em>optional</em> interfaces around this structure. Each is a single self-contained HTML file that works two ways: open it locally and point it at a folder on your disk, or put it behind any web server (including the optional <code class="inline">zddc-server</code> described below) and use it over the network. Same on-disk layout either way.</p>
<p style="margin-top: var(--spacing-md);"><a href="reference.html">Read the full specification →</a></p>
</section>
<section style="margin-top: var(--spacing-2xl);">
<h2>Try the tools</h2>
<p>Each tool is published in three channels. <strong>Stable</strong> is versioned and immutable; <strong>beta</strong> and <strong>alpha</strong> are mutable previews of in-flight work.</p>
<div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: var(--spacing-lg); margin-top: var(--spacing-lg);">
<div class="tool-card">
<div class="tool-card__title">Archive Browser</div>
<div class="tool-card__desc">Browse, search, and filter your project folder. Group by transmittal; filter by tracking number, revision, status, or free text. Export selections as ZIP.</div>
<div class="channel-row">
<a href="releases/archive_stable.html" class="channel-stable">stable</a>
<a href="releases/archive_beta.html" class="channel-beta">beta</a>
<a href="releases/archive_alpha.html" class="channel-alpha">alpha</a>
</div>
</div>
<div class="tool-card">
<div class="tool-card__title">Transmittal Creator</div>
<div class="tool-card__desc">Fill in metadata, drag in files, publish a self-contained HTML transmittal record with SHA-256 checksums. Optional digital signatures. The published file <em>is</em> the transmittal record.</div>
<div class="channel-row">
<a href="releases/transmittal_stable.html" class="channel-stable">stable</a>
<a href="releases/transmittal_beta.html" class="channel-beta">beta</a>
<a href="releases/transmittal_alpha.html" class="channel-alpha">alpha</a>
</div>
</div>
<div class="tool-card">
<div class="tool-card__title">Document Classifier</div>
<div class="tool-card__desc">Spreadsheet-like interface for bulk-renaming files into ZDDC format. Copy/paste with Excel. Point it at a folder, fill in the columns, save all at once.</div>
<div class="channel-row">
<a href="releases/classifier_stable.html" class="channel-stable">stable</a>
<a href="releases/classifier_beta.html" class="channel-beta">beta</a>
<a href="releases/classifier_alpha.html" class="channel-alpha">alpha</a>
</div>
</div>
<div class="tool-card">
<div class="tool-card__title">Markdown Editor</div>
<div class="tool-card__desc">Browser-based markdown editor with live preview, YAML front matter, and table of contents. Direct local file access via the File System Access API.</div>
<div class="channel-row">
<a href="releases/mdedit_stable.html" class="channel-stable">stable</a>
<a href="releases/mdedit_beta.html" class="channel-beta">beta</a>
<a href="releases/mdedit_alpha.html" class="channel-alpha">alpha</a>
</div>
</div>
</div>
<p style="margin-top: var(--spacing-lg); color: var(--color-text-muted);">Append <code class="inline">?v=alpha</code> (or <code class="inline">?v=0.0.4</code>, etc.) to any URL to switch versions for a single request — useful for sharing a link to an exact build. Direct local-folder access requires a Chromium-based browser (the File System Access API is unavailable in Firefox / Safari). <a href="releases/">Browse all versions →</a></p>
</section>
<!-- zddc-server (inline, replaces the previous separate page) -->
<section style="margin-top: var(--spacing-2xl);">
<h2>zddc-server (optional)</h2>
<p>The tools work two ways over the same on-disk archive. Pick whichever fits your team:</p>
<div class="mode-grid">
<div class="mode-card">
<h3>Local directory mode</h3>
<p>Open a tool, click <em>Add Directory</em>, point it at a folder. The tool reads files via the File System Access API. No upload, no server, no account.</p>
<p>Enough for individual users and small teams on a shared drive (network share, Dropbox, OneDrive, syncthing).</p>
</div>
<div class="mode-card">
<h3>Online mode</h3>
<p>Take the same local directory and put it behind any web server (nginx, Caddy, Apache, or <code class="inline">zddc-server</code>). The Archive Browser tool talks to the server's directory listings instead of the local filesystem — read-only, works in any browser.</p>
</div>
</div>
<p style="margin-top: var(--spacing-md);"><strong><code class="inline">zddc-server</code></strong> is a small Go binary purpose-built to serve ZDDC archives. <em>Any</em> web server gives you online mode; <code class="inline">zddc-server</code> adds things a generic web server can't:</p>
<ul class="feature-list">
<li><strong>Access control via <code class="inline">.zddc</code> files.</strong> Behind a reverse proxy that authenticates users and sets an <code class="inline">X-Auth-Request-Email</code> request header, <code class="inline">zddc-server</code> consults YAML <code class="inline">.zddc</code> files in directories — cascading bottom-up; deeper rules override. Common shapes (paired open/closed projects + third-party-restricted vendor folders) are documented with worked examples in the <a href="https://codeberg.org/VARASYS/ZDDC/src/branch/main/zddc/README.md#access-control-the-zddc-cascade">access-control reference</a>. No database, no admin UI.</li>
<li><strong>OPA-compatible policy decider.</strong> Federal and other regulated customers can swap the built-in evaluator for an external <a href="https://www.openpolicyagent.org/" rel="noopener">Open Policy Agent</a> server with their own audited Rego policies — set <code class="inline">ZDDC_OPA_URL</code> and the same <code class="inline">.zddc</code> files become inputs to your engine instead of ours. Wire format is OPA-canonical (<code class="inline">POST /v1/data/zddc/access/allow</code>). Default mode adds zero new dependencies; external mode is a configuration flip.</li>
<li><strong>Designed for regulated environments.</strong> Hardened TLS (NIST SP 800-52 Rev. 2 cipher allowlist + HSTS), pluggable policy engine, federal-mode strict-least-privilege Rego shipping out of the box, structured audit logging, documented vulnerability-disclosure process. Specific federal-track work (FIPS-validated build, signed-token proxy↔server channel, code-signed tool fetches) is on a clear roadmap — see the <a href="federal.html">federal compliance page</a> for the supported deployment shape and what an integrator adds during ATO.</li>
<li><strong>Virtual <code class="inline">.archive</code> URL space.</strong> <code class="inline">GET /Project/.archive/123-XYZ.html</code> resolves to the canonical revision file at request time. Computed from filenames; no cache, no separate index file.</li>
<li><strong>Per-request access logging</strong> keyed to the authenticated user; conservative HTTP timeouts; optional file-tee for offline audit (production deployments typically leave logs on stdout for the orchestrator's pipeline to handle).</li>
<li><strong>TLS, ETags, conditional GET, CORS, autoindex.</strong> The mundane glue.</li>
</ul>
<p style="margin-top: var(--spacing-md);">The on-disk layout is the same in both modes. Stop the server and the directory is still a perfectly valid ZDDC archive that opens in local-directory mode. <strong>The server is convenience, not lock-in.</strong></p>
<p style="margin-top: var(--spacing-md);">Source, environment-variable contract, and ACL syntax: <a href="https://codeberg.org/VARASYS/ZDDC/src/branch/main/zddc">codeberg.org/VARASYS/ZDDC <code class="inline">zddc/</code></a>. Pre-built binaries are published as Codeberg release assets; example Helm charts (production + dev) live under <code class="inline">helm/</code> in the repo and compile from source at deploy time.</p>
</section>
<section style="margin-top: var(--spacing-2xl);">
<h2>Install on your server</h2>
<p>Two paths, no install scripts. The server has built-in fetch-and-cache for the tool HTMLs; the local-file path needs nothing more than a download.</p>
<div class="install-grid">
<div class="install-card">
<h3>Server: just run zddc-server</h3>
<p class="when">The binary has the current-stable build of all five tools baked in at compile time. They appear automatically at the right paths under <code class="inline">ZDDC_ROOT</code>:</p>
<ul class="install-points">
<li><strong>archive.html</strong> at every level (root, project, archive, vendor)</li>
<li><strong>classifier.html</strong> in any <code class="inline">Incoming</code>, <code class="inline">Working</code>, or <code class="inline">Staging</code> directory and its subtree</li>
<li><strong>mdedit.html</strong> in any <code class="inline">Working</code> directory and its subtree</li>
<li><strong>transmittal.html</strong> in any <code class="inline">Staging</code> directory and its subtree</li>
<li><strong>index.html</strong> (the project picker) at the deployment root</li>
</ul>
<pre><code>ZDDC_ROOT=/srv/zddc ./zddc-server</code></pre>
<p class="when" style="margin-top: 0.6rem;"><strong>To override a tool</strong> at any path: drop a real <code class="inline">.html</code> file there — that file wins over the baked-in version. <strong>To pin a different version</strong>, write an <code class="inline">apps:</code> entry in any <code class="inline">.zddc</code> file along the path:</p>
<pre><code># &lt;project&gt;/.zddc
apps:
classifier: stable # or beta / alpha / v0.0.4 / v0.0 / v0
archive: https://my-fork.example/archive.html</code></pre>
<p class="when" style="margin-top: 0.6rem;">URL sources are fetched once and cached in <code class="inline">&lt;ZDDC_ROOT&gt;/_app/</code>. To force a re-fetch, delete the cache file. Closer-to-leaf <code class="inline">.zddc</code> entries override parent ones.</p>
</div>
<div class="install-card">
<h3>Local: just download the .html file</h3>
<p class="when">No server, no install — open in any modern browser.</p>
<ul class="install-points">
<li><a href="releases/archive_stable.html">archive.html</a></li>
<li><a href="releases/transmittal_stable.html">transmittal.html</a></li>
<li><a href="releases/classifier_stable.html">classifier.html</a></li>
<li><a href="releases/mdedit_stable.html">mdedit.html</a></li>
</ul>
<p class="when" style="margin-top: 0.6rem;">Right-click → Save As. Each tool is a self-contained HTML file with everything inlined; works from <code class="inline">file://</code> or any static host.</p>
</div>
</div>
</section>
<section style="margin-top: var(--spacing-2xl);">
<h2>Learn more</h2>
<ul style="line-height: 1.9;">
<li><a href="reference.html">Technical Reference</a> — the full ZDDC convention: filename format, tracking numbers, revisions, status codes, folder naming, transmittal workflow.</li>
<li><a href="https://codeberg.org/VARASYS/ZDDC/src/branch/main/zddc/README.md#access-control-the-zddc-cascade">Access control reference</a> — cascade rules, common deployment shapes (paired open/closed projects + third-party-vendor folders), anti-patterns, a five-minute verify-it-works recipe, the federal-readiness gap analysis with NIST control references, and the OPA-compatible decider configuration.</li>
<li><a href="federal.html">For federal evaluators</a> — non-technical walk-through of what's already in place, the supported deployment shape, what an integrator adds during ATO, and the two-track build plan. Procurement-friendly entry point that links back to engineering detail.</li>
<li><a href="releases/">All releases</a> — every version and channel build of every tool, with per-version pin URLs.</li>
<li><a href="https://codeberg.org/VARASYS/ZDDC">codeberg.org/VARASYS/ZDDC</a> — source code, issue tracker, contributor docs.</li>
</ul>
</section>
</main>
<footer class="site-footer">
<div class="container footer-content">
<span>ZDDC is open source — <a href="https://codeberg.org/VARASYS/ZDDC">codeberg.org/VARASYS/ZDDC</a></span>
</div>
</footer>
<script src="js/layout.js"></script>
</body>
</html>
Reference in a new issue View git blame Copy permalink