Unified surfaces
10 public touchpoints share one navigation bar, health probes, and deployment pipeline.
Status, docs, social, API, mail, demo, test, and admin all rebuild via make + Taskfile targets with guardrails baked in.
AI + human autopilot
Operators and copilots ship every guardrail together.
Unified navigation, docs, and automation runbooks stay current because humans review the playbooks while AI copilots compile data, rebuild bundles, and broadcast the story on every surface.
- Docs families
- 9
- Runbooks
- Priorities synced via docs/status/priorities.docs.json
- Guardrails
- Health matrix pending
AI + human collaboration
Everything we have shipped works together, end to end.
Automation delivers the telemetry, AI copilots stitch the story, and humans sign off. The cards below capture what is live today across navigation, documentation, and guardrails.
Documentation engine
9 documentation families covering 203 curated entries power both AI copilots and human runbooks.
Docs index JSON feeds the MCP gateway, breadcrumbs keep contributors oriented, and link_scout verifies every deep link automatically.
Automation guardrails
Health matrix pending with ACME guardrails active ensure deploys stay transparent while humans approve the narrative.
ops/checks.sh, health-matrix snapshots, and social dispatches publish the same data so nothing drifts between tooling and reality.
Live surfaces
Active subdomains, kept current by guardrails
Health probes, docs compilers, and QA prep jobs run on schedules. Pick a surface to review the latest output.
Community dispatch Deploy pending 20 hours ago · 17 Oct 2025, 06:04 · Priorities synced via docs/status/priorities.docs.json Status dashboard Health matrix pending Run make health-matrix Documentation portal 9 documentation families 20 hours ago · 17 Oct 2025, 06:04 API gateway Health pending OpenAPI UI and /health heartbeat Identity hub Provisioning window Enable the idp profile and publish onboarding notes MCP gateway OPA guarded · 20 hours ago · 17 Oct 2025, 06:04 OPA policies route MCP access; add health probes next Test lab Workspace prep pending Shopware fixtures pending · Readonly mounts pending Demo stage Deploy pending Review owner-ops log Mail ingress Honeypot shielded Login page guarded; use for trapping unsolicited traffic
What we ship
Ops automation that still feels handcrafted
Orchestrate infrastructure, workflows, and AI assistance with human-first checkpoints and auditable outputs.
Wallet-first identity
MetaMask and zenctl flows ride the same SIWE + forward-auth policies so CLI and web access stay in lockstep.
Explainable guardrails
Status dashboards, ZenControl runbooks, and ops checks ship together so humans can audit every automation step.
Docs for humans & agents
Compiled docs/index JSON feeds the public portal, ZenControl TUI, and MCP tools without diverging copies.
Operational posture
Hardening, hygiene, and ready-to-run playbooks
ZenControl snapshots, rollout drills, Git-backed policies—and newly landed health + TLS guardrails—keep production predictable.
Live stack
- FastAPI API, RQ workers, Postgres, Traefik, Redis
- Static docs + ZenControl TUI for read-only access
- Nightly health-matrix JSON and backup timer status under zenpower/docs/status
Recent wins
- ops/checks.sh now enforces TLS issuers, Traefik middleware, compose profiles, and admin forward-auth
- make health-matrix / health-matrix-soft probe admin/API/worker plus backup timers
- make github-audit-personal wraps gitleaks + owner patterns for pre-PR sweeps
- status/demo/test/odoo.* subdomains now point to live landing content with shared TLS
Next up
- Finalize SMTP honeypot base image and event sink scaffolding
- Promote DNS stack with IPv6 coverage + registrar DS submission checklist
- Stand up dedicated docs/status/test/demo content beyond landing placeholders
See docs/ops/priorities.md for the full roadmap.
Security & privacy first
Continuous threat modelling beats afterthought pen-tests
Secure defaults land with every service, from container hardening to secrets rotation.
Zero trust defaults
Services run with no-new-privileges, minimum volumes, and SOPS-managed secrets. SSH and TLS pinning enforced.
Transparent supply chain
Digest-pinned containers, SBOMs, provenance metadata, and secrets scanning guard every build.
Respectful data handling
Privacy policy live, /security.txt published, and local-only AI flows avoid third-party data transfer.
Documentation matrix
All documentation, synchronised for humans & agents
The docs index compiles into JSON for ZenControl, the admin console, and this landing page so everyone navigates with the same map.
Applications & Services
Guides for the API, admin console, workers, and domain-specific modules.
Planning & Strategy
Architecture reviews, priorities, and roadmap decisions across programmes.
AI & Persona Playbooks
Prompt libraries, persona briefs, and ethos guardrails for copilots.
Developer Tooling & Guides
Environment bring-up, testing playbooks, and modular stack references.
Operations & Runbooks
Deployment runbooks, ZenControl execution flows, and postmortem playbooks.
Security & Compliance
Policy canon, risk tracking, and threat modelling references.
Status & Reporting
Latest health snapshots, op notes, and owner-ops agendas.
Releases & Change History
Release notes, changelog, and rollout annotations.
Additional References
Expanded standards and templates spanning the wider programmes.
Stay in the loop
We announce sparingly — only after major drills or policy shifts
Drop an email to hear about rollout milestones or when MCP profiles open for pilots.
No spam. Export + deletion honoured on request.
Admin console
Role-based access with MFA and signed sessions
Authorised operators land in Zenpower admin with ZenControl audit trails, guardrails, and rollback prompts.
Need help? Ping the ops-duty channel or open a ticket in ZenControl.