Court-ready evidence bundle, E2E case sharing, and repair-request letters#16
Open
ChelseaKR wants to merge 3 commits into
Open
Court-ready evidence bundle, E2E case sharing, and repair-request letters#16ChelseaKR wants to merge 3 commits into
ChelseaKR wants to merge 3 commits into
Conversation
…ganizer Add `habitable share` / `receive` so a tenant can hand a case — or a chosen subset of issues, optionally with the unit label redacted — to a tenant-union organizer who was not previously on the case, preserving end-to-end encryption. Reuses the existing primitives unchanged: the payload is a CRDT *subset* (new `CaseDocument.subset_state`, a well-formed subset state that is still a valid commutative/idempotent join) plus the sealed originals and RFC 3161 tokens for the selected captures, signed by the tenant's device key and sealed to the organizer's X25519 public key. A relay or courier sees only ciphertext; a wrong recipient opens nothing; a share for a different case is rejected (`import_messages` gains a `require_case_id` guard); re-import is idempotent. Trust is direct and out-of-band (verify the short fingerprint), with no key directory — documented in docs/sharing-trust-model.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…etter Two recipient-facing features that build on the signed bundle and the logged evidence: Court-ready bundle. Every exported packet.html and packet.pdf now opens with a cover sheet (case, scope, counts, producer device, date range), a single chronological evidence timeline interleaving logged notes and captured photos across all issues, and a chain-of-custody / integrity summary (per-item content hashes, RFC 3161 timestamp authorities and archive counts, the append-only custody-chain head). A new pure `bundleview` module derives all three views from the existing, already-signed bundle.json — no schema change, no packet_version bump, golden packets unaffected — so the HTML and PDF cannot drift. The accessible HTML stays the conformant rendering (ADR 0004) and passes the axe-core gate with the new sections. Repair-request letter. `habitable letter` turns the logged evidence into a dated repair-request / notice letter to the landlord, rendered as an accessible HTML letter (axe-clean) and a PDF. Jurisdiction-awareness is framing-only: built-in profiles (generic, us_habitability) make no statute-specific claim and are overridable via a new [letter] config block; a standing "not legal advice" disclaimer travels with every letter. Assumptions documented in docs/letter-generator.md. Adds tests for the views, both renderings, the letter, sharing CLI wiring, and the letter CLI. make verify green (ruff + mypy strict + pytest, 87% coverage); axe-core a11y gate green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…e claims The no-hard-coded-statute contract covers the whole built-in profile, but the guard only scanned legal_reference. Iterate all PROFILES and assert no § / U.S.C. (and spaced variant) in label, framing, and legal_reference — the framing string also renders into the letter a recipient reads. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Three recipient-facing features for getting documented habitability evidence in front of a court, an organizer, or a landlord — built on the existing crypto + CRDT primitives, preserving the offline-first and end-to-end-encryption guarantees. No bundle-schema change, no
packet_versionbump; the golden-packet corpus is unaffected.1. Court-ready PDF evidence bundle export
packet.htmlandpacket.pdfnow open with a cover sheet (case, scope, counts, producer device, date range), a single chronological evidence timeline interleaving logged notes with captured photos across every issue in time order, and a chain-of-custody / integrity summary (per-item content hashes, RFC 3161 timestamp authorities + archive counts, the append-only custody-chain head).bundleviewmodule derives all three views from the already-signedbundle.json, so the HTML and PDF cannot drift and the views are as reproducible as the bundle.2. E2E-encrypted, redactable case sharing with an organizer
New
habitable share/receive: a tenant hands a case — or a chosen subset of issues, optionally with the unit label redacted — to an organizer who was not on the case.CaseDocument.subset_state) plus the sealed originals/tokens for the selected captures, signed by the tenant and sealed to the organizer's X25519 public key. A relay/courier sees only ciphertext; a wrong recipient opens nothing; a share for a different case is rejected; re-import is idempotent.docs/sharing-trust-model.md.3. Repair-request letter generator
New
habitable letterturns the logged evidence into a dated repair-request / notice letter to the landlord, as an accessible HTML letter (axe-clean) and a PDF.generic,us_habitability) make no statute-specific claim (a test guards against§/U.S.Ccreeping in), overridable via a new[letter]config block; a standing "not legal advice" disclaimer travels with every letter. Assumptions indocs/letter-generator.md.Verification
make verifygreen: ruff + mypy --strict + pytest with coverage 87% (floor 85).For human review
[letter]config, never hard-coded.🤖 Generated with Claude Code