ZDDC dc7bf8ab04 docs(zddc): tighten inherit/strict-mode docstrings + AllowedAtLevel deprecation ... Address two follow-ups from the security review of feat/zddc-inherit-directive: 1. file.go's Inherit docstring previously claimed "the internal decider treats it as inherit:true and emits a warning at evaluation time" — the decider does the first part but the warning was never wired up. Strike the over-promise; point operators at the cascade tracer (`/.profile/effective-policy`) which surfaces both `cascade_mode` and `chain.visible_start` so a fenced configuration that's being ignored under strict mode is visible. 2. AllowedAtLevel hardcodes ModeDelegated. Safe today (1-level synthetic chain, no ancestors) but a footgun if anyone migrates the shim to a real PolicyChain later. Add a `// Deprecated:` marker pointing at GrantedVerbsAtLevel for fence-aware paths. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-05-07 11:10:31 -05:00
..
apps	feat(zddc)!: per-party WORM + auto-own; case-fold tool availability	2026-05-07 09:14:19 -05:00
archive	refactor(archive): use shared zddc.ParseTransmittalFolder	2026-05-07 09:14:19 -05:00
config	feat(archive): periodic rescan + admin reindex endpoint	2026-05-06 08:50:51 -05:00
fs	feat(fs): synthesise per-user virtual home in working/ listings	2026-05-07 09:20:25 -05:00
handler	feat(handler): expose inherit fence in /.profile/effective-policy	2026-05-07 11:02:33 -05:00
jsonschema	feat: form-data system v0 (sixth tool + zddc-server endpoints)	2026-05-02 20:12:16 -05:00
listing	feat(fs): synthesise per-user virtual home in working/ listings	2026-05-07 09:20:25 -05:00
policy	feat(server): authenticated CRUD + verb-based RBAC with WORM archive folders	2026-05-05 15:58:04 -05:00
tlsutil	feat(server): TLS hardening per NIST SP 800-52 Rev. 2 + HSTS	2026-05-04 17:55:52 -05:00
zddc	docs(zddc): tighten inherit/strict-mode docstrings + AllowedAtLevel deprecation	2026-05-07 11:10:31 -05:00