Brief — trust.ucca.online Step 2¶

Worker + Document Hashing + Print CSS + Chain Events¶

Date: 13 March 2026¶

SURFACE: trust.ucca.online (ucca-trust repo) + ucca-trust Worker (new)

DO NOT TOUCH: ucca-engine, ucca-keys, ucca.online, rtopacks.com.au, any existing Workers

Part 1 — Home Page Restructure¶

The home page is the hero. Document listing moves off it entirely.

Home page contains: - Animated UCCA mark (already built — keep exactly as is) - Compliance & Governance Record text block (already built — keep exactly as is) - Footer at bottom of home page only:

Privacy Policy · Terms of Service · Jurisdiction & Governing Law
trust.ucca.online

Those three footer links go directly to the Level 0 documents.

Document listing moves to: - Legal & Compliance tab → shows all Level 0 docs with green checkmarks - Data Governance tab → shows all Level 1-4 docs with lock icons + level numbers

Home page scrolls to footer. That's it. Nothing else on the home page.

Part 2 — ucca-trust Worker¶

New Worker: ucca-trust

Sits in front of every page request to trust.ucca.online. Two jobs:

Job 1 — Access control

Every document has trust_level in its frontmatter. Worker reads it.

No auth → trust level 0 → Level 0 docs serve, everything else returns lock screen
Authenticated contact → Worker checks trust level in engine-db against document trust_level
Sufficient → serve document, append document_viewed chain event
Insufficient → serve lock screen

Lock screen content:

This document is available at Trust Level [X].

Current level: [Y] — [Level Name]

[REGISTER AT IR.UCCA.ONLINE]    [I'M ALREADY VERIFIED — LOG IN]

If logged in but wrong level:

This document requires Trust Level [X].
You're currently at Trust Level [Y] — [Name].

To progress, request access. A member of the
UCCA team will review your record and be in touch.

[REQUEST ACCESS]

REQUEST ACCESS: - Appends access_requested chain event (document slug, timestamp) - Notifies ops console - No form — just the event

Job 2 — Document hash verification

GET /verify/doc/:slug - Retrieves stored hash from engine-db for that document slug - Recomputes SHA-256 hash of current document content - Returns: MATCH (green ✓) or MISMATCH (red ✗) + stored hash + computed hash + publish timestamp

Part 3 — Document Hashing¶

Every document gets a cryptographic hash at publish time.

On publish/update: - Compute SHA-256 of document markdown content - Store in engine-db: { slug, hash, published_at, version } - Append document_published chain event to UCCA system chain (not contact chain) - Generate QR code encoding https://trust.ucca.online/verify/doc/:slug - Embed QR in document page footer

QR placement on every document page: Bottom of page, after content, before print footer:

────────────────────────────────────────

DOCUMENT HASH
[32-char SHA-256 truncated for display]

[QR CODE]

Scan to verify document integrity at trust.ucca.online
Published: [date] · Version: [version]

Verification page (trust.ucca.online/verify/doc/:slug):

UCCA TRUST
────────────────────────────────────────

DOCUMENT VERIFICATION

Document:   [title]
Slug:       [slug]
Published:  [date]
Version:    [version]

Stored hash:    [hash]
Current hash:   [hash]

STATUS      MATCH ✓

────────────────────────────────────────
UCCA INC · WILMINGTON · DELAWARE

Green MATCH or red MISMATCH. No ambiguity.

Part 4 — Chain Events (document interactions)¶

Every authenticated contact interaction with a document fires a chain event.

Events to fire:

Action	Event type	Data
Document viewed	`document_viewed`	slug, title, trust_level, timestamp
Document downloaded (PDF)	`document_downloaded`	slug, title, timestamp
Document printed	`document_printed`	slug, title, timestamp
QR scanned / hash verified	`document_verified`	slug, verifier (third party), timestamp
Access requested	`access_requested`	slug, current_level, requested_level, timestamp

In the contact's VCC ledger these appear as:

a9c33d12  13 Mar 2026  viewed: Privacy Policy →
b7e44f21  13 Mar 2026  viewed: Data Governance Framework v1.0 →

The → is a link. Tapping it opens that document at trust.ucca.online. If trust level is still sufficient — opens. If not — lock screen.

Unauthenticated views (Level 0 public docs): No chain event — contact unknown. Just serve the document.

Part 5 — Print CSS¶

MkDocs Material has base print CSS. Extend it with trust-specific print layout.

Every printed document includes:

Header (top of first page):

[UCCA LOGO — black, no animation]
COMPLIANCE & GOVERNANCE RECORD
United Community Colleges of America Inc · Wilmington · Delaware

Document metadata block (below header):

Document:   [title]
Version:    [version]
Published:  [date]
Hash:       [full SHA-256]
Trust Level required: [X]

Footer (every page):

Page [X] of [Y]    trust.ucca.online    [document slug]

Back page / final page disclaimer:

────────────────────────────────────────
PRINTED COPY — UNVERIFIED

Once printed this document leaves the verified chain.
Its provenance cannot be authenticated in this form.

To verify the original:
Visit trust.ucca.online or scan the QR code below.
Compare the hash on this document against the live record.
If they match — this copy reflects the current published version.
If they don't — this copy has been altered or superseded.

Hash at time of print: [SHA-256]
Printed by: [contact name if authenticated, "Unauthenticated" if not]
Printed at: [timestamp]

[QR CODE — large, centred, scannable]

UCCA INC · WILMINGTON · DELAWARE
DE File No. 7824354 · D-U-N-S 119-199-377
USPTO Reg. No. 7,619,705 · EIN 84-4522608
────────────────────────────────────────

Print CSS rules: - Hide nav, search, theme toggle, sidebar - Show logo, metadata block, disclaimer, QR - Black text on white — no dark mode in print - IBM Plex Mono for all metadata and hash values - QR code renders at minimum 3cm × 3cm for scannability - No colour except UCCA green on checkmarks and hash MATCH status

Part 6 — Intent Declaration (Trust Level 1 → 2)¶

When a Level 1 contact tries to access a Level 2 document, before the lock screen show the intent declaration:

You're verified. Thank you.

To access detailed compliance documentation
we'd like to understand what brings you here.

This isn't a filter. It's a conversation starter.
Your response becomes part of your verified record.

What are you looking to understand about UCCA?

[                                              ]

[SUBMIT AND CONTINUE]

On submit: - Appends intent_declared chain event with their text - Trust level updates to 2 - Document unlocks immediately - They never see this screen again

⚠️ CSS/Layout note¶

Print CSS is surgical. Do not touch existing screen CSS when adding print styles. All print rules go in a dedicated print.css loaded with @media print. Test print preview in Chrome before committing. One wrong display: none can wipe the whole document from print output.

Build sequence¶

Home page restructure — Tim reviews before anything else
Document hashing — hash all existing docs, store in engine-db
ucca-trust Worker — access control first, verification endpoint second
Chain events — wire document_viewed etc after Worker is stable
Print CSS — last, after everything else is confirmed working

Stop after each step and confirm with Tim.

Ready Alex?