VARASYS/ZDDC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ZDDC/zddc/internal/zddc
History
ZDDC fb50bb5ef6 feat(roles): add observer standard role 
A third standard role for auditors, regulators, and external
read-only viewers. Like project_team it gets project-wide `r`, but
unlike project_team the role itself carries no `c` anywhere — so an
observer can't bring a working/<email>/ home into existence under
auto-own, even though the auto-own mechanism is path-keyed rather
than role-keyed.

Approver-by-design: the role audit explicitly rejects a separate
`approver` role. Plan-Review approval stays with document_controller;
two-person sign-off, when needed, is expressed via per-folder `.zddc`
overrides rather than baked-in roles. Comments in defaults.zddc.yaml
and ARCHITECTURE.md call this out so future role audits don't
reopen the question.

TestStandardRoles_ObserverReadOnlyEverywhere locks the invariants:
project-wide r, no c at archive/incoming/working/staging/reviewing,
WORM zones read-only (no worm-create), and not subtree-admin
anywhere even when notionally elevated.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 07:59:44 -05:00
..
acl.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
acl_test.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
admin.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
admin_test.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
cascade.go feat(zddc-server): server-stamped audit + history for record YAMLs 2026-05-19 09:48:58 -05:00
cascade_test.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
defaults.go feat(zddc): Phase 1 — embedded defaults.zddc + inherit + show-defaults 2026-05-11 14:46:51 -05:00
defaults.zddc.yaml feat(roles): add observer standard role 2026-05-21 07:59:44 -05:00
defaults_test.go feat(zddc): Phase 1 — embedded defaults.zddc + inherit + show-defaults 2026-05-11 14:46:51 -05:00
ensure.go refactor: nest lifecycle slots per-party + add virtual top-level aggregators 2026-05-21 07:57:45 -05:00
ensure_test.go refactor: nest lifecycle slots per-party + add virtual top-level aggregators 2026-05-21 07:57:45 -05:00
field_codes.go feat(zddc-server): server-stamped audit + history for record YAMLs 2026-05-19 09:48:58 -05:00
file.go refactor: nest lifecycle slots per-party + add virtual top-level aggregators 2026-05-21 07:57:45 -05:00
file_test.go feat(zddc): inherit:false fence + strict-mode refusal 2026-05-07 10:59:20 -05:00
folder.go feat(zddc): MD→{docx,html,pdf} server-side conversion via stock pandoc + chromium containers 2026-05-13 10:33:56 -05:00
folder_test.go feat(zddc): add ParseTransmittalFolder + IsTrnOrSubTracking helpers 2026-05-07 09:14:19 -05:00
inherit_test.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
lookups.go refactor: nest lifecycle slots per-party + add virtual top-level aggregators 2026-05-21 07:57:45 -05:00
lookups_test.go refactor: nest lifecycle slots per-party + add virtual top-level aggregators 2026-05-21 07:57:45 -05:00
roles.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
roles_test.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
scan.go feat: lockstep release infra + cascade/.archive fixes + profile perf + page redesign 2026-05-01 20:11:38 -05:00
scan_test.go feat: lockstep release infra + cascade/.archive fixes + profile perf + page redesign 2026-05-01 20:11:38 -05:00
special.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
special_test.go chore(zddc): migrate mkdir auto-own hook to the cascade, drop dead predicates 2026-05-12 10:42:49 -05:00
standardroles_test.go feat(roles): add observer standard role 2026-05-21 07:59:44 -05:00
validate.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
validate_test.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
virtualreceived.go refactor: nest lifecycle slots per-party + add virtual top-level aggregators 2026-05-21 07:57:45 -05:00
virtualviews.go refactor: nest lifecycle slots per-party + add virtual top-level aggregators 2026-05-21 07:57:45 -05:00
virtualviews_test.go refactor: nest lifecycle slots per-party + add virtual top-level aggregators 2026-05-21 07:57:45 -05:00
walker.go refactor: nest lifecycle slots per-party + add virtual top-level aggregators 2026-05-21 07:57:45 -05:00
walker_test.go feat(zddc): Phase 2 — paths: walker, recursive cascade 2026-05-11 14:55:12 -05:00
worm.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
worm_test.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00
writer.go feat: form-data system v0 (sixth tool + zddc-server endpoints) 2026-05-02 20:12:16 -05:00
writer_test.go refactor(audit): pre-release cleanup pass 2026-05-18 16:28:07 -05:00