Add GET /<path>/.zddc?effective=1 returning JSON with the composed
ZddcFile across the full cascade plus a per-level source list. The
.zddc file itself still serves only what's defined at that level
(YAML, the source of truth); the new query is inspection-only
(JSON, never written back). The virtual .zddc body's header
comment already pointed at this URL — now it's live.
Wire shape:
{ url_path: "/Project-1/archive/Acme/working/",
merged: { …ZddcFile JSON, composed view… },
sources: [ { level: -1, url: "<embedded>",
contributed: ["roles", "available_tools", "paths"] },
{ level: 0, url: "/.zddc",
contributed: ["acl", "admins"] },
{ level: 4, url: "/Project-1/archive/Acme/working/.zddc",
contributed: ["default_tool", "auto_own", …] } ] }
New zddc.EffectiveZddc(chain) walks chain.Embedded then
chain.Levels[VisibleStart..leaf] through mergeOverlay, and folds the
cross-level Roles union (via the existing lookupRoleMembers,
matching the runtime ACL evaluator's semantics). Returns
([]SourceEntry) listing each contributing level with its non-zero
top-level fields. The handler maps SourceEntry.Level to a directory
URL: -1 → "<embedded>"; 0..n → "/<seg/seg/.../>.zddc".
ACL gate is the same as the YAML view (read on the directory).
X-ZDDC-Source: virtual:effective so clients can distinguish.
Four tests cover the contract:
- BasicCompose: alice's root grant + project_team baseline from
embedded + the project's title all surface in merged; sources
include -1 (embedded), 0 (root), 1 (project).
- InheritFence: top-level inherit:false on /Closed/.zddc drops
every ancestor including the embedded baseline from sources.
- RoleMemberUnion: document_controller declared at root and
project unions members in merged.roles (matches the runtime
cross-level union the ACL evaluator performs).
- existing virtual-body tests still pass — they hit the YAML path,
not the JSON branch.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ZDDC
b5a725e745