Commons SOP
The Commons: Opplet Commons Operations
You're reading the public edition of Commons SOP. The working source — drafts, change discussion, and member resources — lives in the community library.
Purpose and Scope
The operational mechanics of the commons — what the Commons Doctrine describes, made concrete. Custodian-tunable (Constitution §13B).
1. Gate 1 Intake — Candidate, then Member
- A registrant submits at
commit.opplet.com; Opplet IAM provisions an LDAP-Betacandidateaccount, assigns a callsign (§3), and drops them into Welcome to Opplet Commons (the Moodle orientation course). A candidate may authenticate only to take it. - On completing Welcome to Opplet Commons at 100%, Moodle fires an encrypted webhook to n8n-Alpha.
- n8n-Alpha promotes
candidate→member(Zone 4 standing). - SSO opens the member bundle: Moodle (every course — Welcome, the member-open Organizer course, Enclave Bootcamp, the Opplet-thematic / tool courses, and the WiseNxt Orientation; §9), HumHub (the ungated member spaces — Town Square, Job Seekers, Base Camp; the Organizer-gated and Permit-gated spaces open later, §7A, §9), BookStack-Beta member shelves, and Jitsi. (The free community forge is not in the bundle — it is the Climb’s, on the Range; §9, Commons Doctrine §6.)
Gate 1 is the only public flow that creates an identity (Constitution §11.1, §14); fully automated.
2. The 72-Hour Calibration Clock
A candidate has 72 hours to graduate Welcome to Opplet Commons; the clock is Gate-1-only and never applies to a member.
- Trigger: candidate provisioning. Reminders: at 24h and 6h remaining (Moodle + email). Expiry: at T+72, n8n-Alpha deletes the account, quarantines the callsign (§3), cleans Moodle state. No cooldown: re-register immediately for a fresh clock and callsign.
3. Callsign Generation
A two-word callsign (Word1-Word2) is minted at registration (candidate state), Custodian-controlled wordlist in BookStack-Alpha, collision-checked, 30-day quarantine on purge, PG/non-controversial. Permanent, no rank prefix or suffix.
4. Member-Organized Activity
Community life — talks, study groups, demos, onboarding, interest and working spaces — is member-organized, not run from a chartered room. (There is no Learning Commons; its function lives with members.)
- Types. Talks, workshops, hands-on sessions, study groups, demos, office hours, and the persistent spaces that host them.
- Hosting — any member. Any member may propose or host an event (ephemeral). Jitsi is the live venue; events are surfaced on the member calendar (§5), and recordings/materials archive to a BookStack-Beta member shelf with notice.
- Persistent spaces — organizers. A persistent community space is created and owned by an organizer — a member who has completed the member-open Organizer course (§9) and so holds the
organizergroup’s scoped space-creation right. Organizers coordinate, hand off recurring programs, and surface their work in the Community Organizers space (§7A). Organizer rights are space-scoped (HumHub content-container level) and never application admin — application admin is the operator role (§7). - Public tier. A public stream may run on the CNMCyber.com front (public-anonymous, Constitution §7), funnelling to Commit; interactive participation is member-gated. (A public interactive room must reuse the existing public-front Authentik category — no new exception, or it is a §17 amendment.)
- Climb signal. Member-organizing always earns visibility toward cohort selection, and can rise to an exemplar when it is a wanted, durable Commons improvement — judged at the climb’s bar through the climb’s existing doors, not here (WiseNxt SOP §3, §6). It is not a shortcut: curation rewards substance, not volume.
5. The Events Calendar and Member Landing
The member-facing calendar draws from: member-organized events (§4), standing Jitsi calls, and climb cohort windows (surfaced as “next opens in N days,” WiseNxt SOP §4). Surfaced on the member landing; public events also on CNMCyber.com.
6. Moderation Procedures
Exception-escalation along the operator ladder (WiseNxt Doctrine §4), across spaces and events: automated first pass; L2 routine exceptions and live-event first-line; L3 authority (removal, timeouts, space/event management); L4 the deepest non-root; Custodian only beyond application-layer authority. All actions logged (Pillar 4); operators act under callsign. Member-organized spaces (§4) fall under this procedure, not under charter — moderation governs them, the SOP does not name them.
[TBD] The substantive conduct standard is owned by Commons Doctrine §8 and unwritten.
7. Lounge Service Operation
Volunteer operators administer the Lounge services at the application layer via LDAP-Beta-mapped admin — operational admin held in Beta (Constitution §2, the Re-anchored Override Rule). An operator holds admin or power-user rights across one or more apps; this is distinct from an organizer, whose rights are scoped to the spaces they own (§4). The services: HumHub (arena.cnmcyber.com), BookStack-Beta, Jitsi, and Moodle. (The free community forge is not a Lounge service — it is the Climb’s, on the Range; §9.) No operator holds root or Basement access; service cadences are the Enclave SOP’s. Operators are provisioned by the Lounge Gate 2 (WiseNxt SOP §7).
7A. HumHub Spaces — Charter and Standing
HumHub the service is in every member’s bundle (§1.4); the spaces inside it sort on two independent axes — who charters the space (the authority that defines it) and standing to join (the gate to enter). A member signs in to HumHub freely; a given space opens at its required standing.
Charter authority — two sources:
- Commons-chartered. Every standing space here — the community scaffold and the product sounding boards alike — is defined in this SOP (Custodian-tunable, §13B) and run by CNMCyber. The product / Developer sounding-board spaces are a chartered class with a funding trigger: a product earns a board because the Tech Board funded that product (Constitution §16), so the boards track the funded products. But the funding decision is the Tech Board’s only — the Commons charters and runs the board, and per §15C what the community says in it is not editorial-controlled by who pays the hosting bill. Funding opens the room; it does not own the voice inside it (Commons Doctrine §7).
- Member-organized. Emergent spaces created by organizers (§4). Governed by moderation (§6), not by charter; they are born and retired by members, not mandated.
The spaces:
| Space | Charter | Standing to join | Function |
|---|---|---|---|
| Town Square | Commons | member (ungated) | The commons floor: announcements (read-mostly), general discussion, networking, routing, ongoing help. Absorbs the former Help Desk. |
| Job Seekers | Commons | member (ungated) | The honest path stated plainly — no application, no hiring desk; paid work is recruited from Range work — plus where a member’s record is shown to be found. |
| Base Camp | Commons | member (ungated) | Staging for the climb: what Bootcamp and the Range involve, the entry-vacancy surface (WiseNxt SOP §6, §9), and where members weighing the climb and Permit-holders awaiting a cohort gather. |
| Community Organizers | Commons | organizer (member-open course, §9) | Back-office for members running member-organized spaces (§4): coordination, recurring-program handoff, and surfacing organizing work for curation. |
| Product / Developer working spaces (per product — Moodle, HumHub, BookStack, Jitsi, the Platform) | Commons (funded-product trigger, §16) | certified (Permit, §9) | The sounding board realized per product: each space is its own sounding board, where proposals to the Platform are carried by Developer-space vote (a certified-member act; Constitution §15C). |
| Deployers | Commons | certified (Permit, §9) | Notes and support for members running their own fork. Pairs with the forge read-review (§9, §11.3). |
| Member-organized spaces (study groups, interest/working spaces, cohort-in-waiting) | Member-organized (§4, §6) | owner-set | Created and owned by organizers; the lived community activity. Usually host the events any member may run. |
The forge itself is Range-review (read-only), reached via the Permit — it is not a HumHub space (§7, §9, §11.3).
Outside HumHub — always open, no account or Permit required: the Deploy door (public repositories / GitLab — anyone may clone or fork; the act is never gated; only the support, the Deployers space, is earned) and the Sync door (follow along; public-anonymous, Constitution §7).
8. The Climb Doorway Hand-off
When a member enters the climb (Commons Doctrine §5), the hand-off passes to the WiseNxt SOP:
- The Opplet Learner Permit is earned by completing Enclave Bootcamp (the Enclave domain’s theory course, §9), taken in Moodle. This is not a hand-off: the Commons issues and records the Permit, the way it records orientation completion. The Commons records certifications; it does not track a climb.
- The opt-in/enrollment runs through the WiseNxt Orientation: a Permit-holder enters it, and enrollment fires when its capstone — a nominated exemplar — is produced (Constitution §11.3). Enrollment requires standing membership and the Permit. From nomination onward, the WiseNxt tracker holds the record (WiseNxt SOP §1); the forge and sandboxes the climber uses are WiseNxt’s, on the Range.
9. The Learner Permit, the Organizer Course, and Course-Gated Tools
Issuing a credential off course completion is commons plumbing — one pattern, reused: Moodle (100%) → encrypted webhook → n8n-Alpha → LDAP-Beta group → Authentik passes the group on login → the consuming app enforces access off it. Three credentials run on this rail.
The Opplet Learner Permit (certified). The commons’ competency credential, earned by completing Enclave Bootcamp — the theory of how Opplet runs, the Enclave domain’s course (its content and grading are the Enclave Doctrine’s), delivered as an open Moodle course in the Lounge.
- A member completes Enclave Bootcamp in Moodle (open to any member; self-paced; 100% to pass — graded per the Enclave Doctrine).
- Moodle → n8n-Alpha (webhook); n8n-Alpha adds the member to the
certifiedgroup in LDAP-Beta — same callsign, no directory change. - Authentik passes the
certifiedgroup on login; HumHub maps it to a HumHub group and restricts the product/Developer working spaces, Developer-space voting, and the Deployers space to it (§7A). (Authentik authorizes reaching the app and carries the group; the per-space restriction is HumHub’s, enforced off the synced group — not Authentik’s.) - The Permit also carries the Constitution §11.3 grants: Range-review of the forge (read-only), the Opplet-thematic courses, and access to the WiseNxt Orientation; the
certifiedflag is the eligibility floor for the climb (§8).
The Organizer course (organizer) — member-open. Same rail, no Permit prerequisite: any member may take it. On completion, n8n-Alpha adds the member to the organizer group, which carries the HumHub space-creation permission (scoped — see below) and joins the Community Organizers space (§7A). The course teaches the moderation and substance-not-volume norms before granting the power to create spaces.
Space-creation is scoped, not default. HumHub grants new groups space-creation liberally out of the box; that default is disabled, and the permission is granted only to the organizer group — private/sub-spaces under a member-creatable category. This contains creation to trained organizers and keeps it at the content-container level, never application admin.
Tier-gating by category (implementation). Spaces are filed into HumHub categories mapped to groups (the Groups associated with Space Categories pattern): a Member category (the ungated three) → the member group; an Organizer category → organizer; a Certified category (product/Developer spaces, Deployers) → certified. The tier is gated, so a new product space inherits its gate just by being filed in the category — no per-space wiring.
Course-gated tools (the general pattern). Any tool with a learning curve may sit behind its own short Moodle course, gated by the same rail; these Opplet-thematic / tool courses are the Commons’ (Constitution §13). Intuitive tools (HumHub, BookStack, Moodle) are open to members and need no course — note this is the tool, not the certified working spaces within it (§7A). (Enclave Bootcamp uses the same plumbing but is the Enclave domain’s course; the climb’s own tools and any forge course belong to WiseNxt.)
Credentials and tool courses are authorizations, not ranks — invisible on the callsign (Doctrine §9).
END OF DOCUMENT
All charter documents
- Tier 0 — Keystone: Opplet Constitution
- Tier 1 — Doctrine & Architecture: Enclave Doctrine, Commons Doctrine, WiseNxt Doctrine, Workplace Doctrine
- Tier 2 — Manifests & Reports: Software Stack, Hardware Manifest, URL Nomenclature, Opplet.Com Website
- Tier 3 — Operations & Learning: Commons SOP (this document), Enclave SOP, Enclave Bootcamp, Commons Welcome, Space Organizer, WiseNxt SOP, WiseNxt Orientation, Workplace SOP, Website SOP
- Tier 4 — Zone Projects: Den Migration