Re-issue note. v2.0 redevelops the former Opplet Boot Camp / enclave-boot-camp into the full Moodle course, reconciled to Constitution v12.8. The course is the Enclave domain’s — the Enclave triad’s learning material (Constitution §13; Enclave Doctrine v1.2 §2); its content and grading are the Enclave Doctrine’s, and the Commons issues the Opplet Learner Permit on completion (Commons SOP §9). Earlier drafts homed it in the CNMCyber/Commons domain — corrected. Renamed Enclave Bootcamp (id enclave-bootcamp). It is opt-in theory, not an undertaking to operate. The Permit’s grants are stated per Constitution §11.3; “the Foundation” → the Climb; Paid Workforce → the Real-Identity Workplace; CNMCyber/KenyaX are teams.

PART 1 — SYLLABUS

Purpose and Scope

The opt-in theory of how a working Opplet instance runs. Open to any member of the Volunteer Commons; completing it earns the Opplet Learner Permit. It is conceptual, not hands-on — the theory the Climb’s practice later builds on (the hands-on deploy is the WiseNxt Climb, not this).

This is a syllabus. That Enclave Bootcamp is the Climb’s theory prerequisite, and that the Permit gates progression, are the Constitution’s (§11.3, §17). Its content and grading are the Enclave Doctrine’s; the credential is issued by the Commons (Commons SOP §9). Part 2 carries the copy.

What it grants

The Opplet Learner Permit — a certified-member credential. Per Constitution §11.3 the Permit grants:

(a) read-only Range review of the free community forge (the source of truth and work exemplars), reached as a web service — not the right to operate on the Range;
(b) the Opplet-thematic courses; and
(c) the WiseNxt Orientation (the Climb’s on-ramp).

At the commons level it also opens the product/Developer working spaces and the certified-member Developer-space vote (Commons Doctrine §7). It is not an undertaking to operate — many Permit-holders take it for access and never climb. Operating is licensed later, at Gate 2, by the Operator License (WiseNxt Doctrine §5).

Modules

The four faces of a working instance — Infrastructure (Engineering), Books (Finance), Logistics, and the Public front (Marketing).
How the instance hangs together — the zones, the edge, the lifecycle, and the four domains.
The two worlds — the pseudonymous Volunteer Commons and the Real-Identity Workplace, and the line between them (Constitution §3, §15E).
The four pillars — what each means for how Opplet behaves.

Delivery and grading

Open Moodle (Lounge), self-paced, no clock. 100% to earn the Permit (Commons SOP §9). Retries and threshold mechanics are the SOP’s.

Outcome and handoff

On completion: the Opplet Learner Permit and its §11.3 grants. The holder may stop here indefinitely. One who wishes to climb opts into the WiseNxt Orientation, whose capstone produces their first exemplar (WiseNxt Doctrine v4.4 §2; SOP v1.4 §1).

PART 2 — COURSE CONTENT (Moodle copy-paste)

Section 1 — The Four Faces

Lesson 1.1 — The Four Faces of a Working Instance

Content Page 1.1 A whole running Opplet shows four faces — four kinds of work that compose into one live instance:

Infrastructure (Engineering) — the machines, the network, the identity systems, the services that must come up and stay up.
Books (Finance) — the ledger and finance that keep the operation honest and solvent.
Logistics — bringing services up in the right order, coordinating people and process, handling the exceptions automation can’t.
Public front (Marketing) — the live public sites and the message they carry.

These same four faces are what the Climb later grades you on, in a sealed practice copy. So think of this course as the map, and the Climb as the territory: learn the four faces here, run them there.

Content button: Verify The Four Faces → Next page

Question Page 1.1 (Multiple Choice) — Verify: The Four Faces The four faces of a working instance are:

(Correct) Infrastructure (Engineering), Books (Finance), Logistics, and the Public front (Marketing). — Jump: End of lesson · Score: 1
(Incorrect) Sales, Support, HR, and Legal. — Jump: This page · Score: 0
(Incorrect) Candidate, Member, Operator, and Partner. — Jump: This page · Score: 0

Section 2 — How the Instance Hangs Together

Lesson 2.1 — The Zones

Content Page 2.1 Opplet runs on several machines, divided into six zones, each with a purpose and an access policy:

Basement (0) — the root of the system; the Custodian only.
Den (1) — the Custodian’s private life infrastructure, off the enclave entirely.
Office (2) and Kitchen (3) — the Real-Identity Workplace zones, where confidential and commercial work is done under a real name.
Lounge (4) — the community’s home; where you live as a member.
Range (5) — the network-isolated practice ground and the Climb’s infrastructure (the forge, the tracker, the practice forks), reached only through the Air-Lock or, for the forge, as a read-only web service.

As a member you live in the Lounge. The confidential zones are not yours to enter — by design, not a slight.

Content button: Verify The Zones → Next page

Question Page 2.1 (Multiple Choice) — Verify: The Zones Which zone is the community’s home?

(Correct) The Lounge (Zone 4). — Jump: End of lesson · Score: 1
(Incorrect) The Basement (Zone 0). — Jump: This page · Score: 0
(Incorrect) The Kitchen (Zone 3). — Jump: This page · Score: 0

Lesson 2.2 — The Four Domains

Content Page 2.2 You will meet four names; they are all one project, organized as four domains (each a doctrine, an operations guide, and a course):

Enclave — the platform itself: the substrate, the network, the identity systems. This course is the Enclave domain’s.
Commons — the volunteer community and the Lounge, run day-to-day by the CNMCyber team.
WiseNxt — the optional Climb that develops operators and the Range it runs on.
Workplace — the real-identity, funded work, run by the KenyaX team.

Note the distinction you’ll need later: a domain is a unit of governance; a team (CNMCyber, KenyaX) is who runs it; a zone is where it runs. The Commons isn’t the Lounge, and the Workplace isn’t the Kitchen — they run them.

Content button: Verify The Four Domains → Next page

Question Page 2.2 (Multiple Choice) — Verify: The Four Domains Which statement is accurate?

(Correct) A domain is governance, a team runs it, a zone is where it runs — e.g. the CNMCyber team runs the Commons’ Lounge. — Jump: End of lesson · Score: 1
(Incorrect) CNMCyber and KenyaX are governance domains, not teams. — Jump: This page · Score: 0
(Incorrect) Each domain owns exactly one zone and nothing else. — Jump: This page · Score: 0

Lesson 2.3 — How It Comes Up and Stays Up

Content Page 2.3 Conceptually, a working instance hangs together like this. An edge router guards the boundary and is the first thing back after any failure. Identity (the directories, single sign-on) lets every service know who you are. Automation runs the routine lifecycle — provisioning, suspensions, backups — and observability watches it all, alerting a human only on the exceptions. Backups cross a one-way bridge to protected storage, so state survives a node loss.

You don’t operate any of this yet. The point of the theory is that when you later stand up a miniature Opplet in the Climb, you already understand the shape: edge first, then identity, then the services, watched and backed up throughout.

Content button: Verify The Lifecycle → Next page

Question Page 2.3 (Multiple Choice) — Verify: The Lifecycle In a working instance, what comes back first after a failure?

(Correct) The edge router / network boundary — then identity, then the services. — Jump: End of lesson · Score: 1
(Incorrect) The public marketing site, before anything else. — Jump: This page · Score: 0
(Incorrect) Nothing — recovery is fully manual with no order. — Jump: This page · Score: 0

Section 3 — The Two Worlds

Lesson 3.1 — Commons and Workplace

Content Page 3.1 Two worlds, governed in opposite ways. The Volunteer Commons (LDAP-Beta) is pseudonymous, automated, and unpaid — it selects for objective skill a machine can grade. The Real-Identity Workplace (LDAP-Alpha) is real-name, human-recruited, and funded — it selects for trust with confidential things, which only a human can judge.

The line is legal accountability. Work that enters a legal field — privacy, security, or contract — must be done under a real name, so it belongs to the Workplace. Whether work is funded is a separate decision made by the Tech Board; and because pay legally requires a real name, all funded work lands on real identities. You can hold both: a callsign in the Commons and, if recruited, a real identity in the Workplace, the link kept private.

Content button: Verify The Two Worlds → Next page

Question Page 3.1 (Multiple Choice) — Verify: The Two Worlds What draws the line into the Real-Identity Workplace?

(Correct) A legal field — privacy, security, or contract — that requires answering under a real name. — Jump: End of lesson · Score: 1
(Incorrect) Seniority alone — enough time served promotes you automatically. — Jump: This page · Score: 0
(Incorrect) A popularity vote in the community spaces. — Jump: This page · Score: 0

Section 4 — The Four Pillars

Lesson 4.1 — The Four Pillars

Content Page 4.1 Everything you’ve read rests on four pillars:

Identity is sovereign — control of the root credential is the only true ownership; identity is earned through participation, never granted on request.
Code is law — policy is enforced by firewalls, pipelines, and automation, not by memos.
Automation is the manager — the machine governs the routine; the human governs the exception.
Observation is truth — trust is a vulnerability; we verify through logs, metrics, and immutable audit trails.

Understanding these is the whole point of the theory. When you finish, you’ll have earned the Opplet Learner Permit — which opens read-review of the forge, the Opplet-thematic courses, and the door to the Climb’s on-ramp, the WiseNxt Orientation. None of it obliges you to climb.

Content button: Complete Bootcamp → Next page

Question Page 4.1 (Multiple Choice) — Verify: The Four Pillars “Automation is the manager” means:

(Correct) The machine governs the routine; humans step in for the exceptions. — Jump: End of lesson · Score: 1
(Incorrect) Humans manually run every routine task by hand. — Jump: This page · Score: 0
(Incorrect) There are no humans involved in anything, ever. — Jump: This page · Score: 0

Changelog

v2.0 (2026-06-16) — Full redevelopment; reconcile to Constitution v12.8

Redeveloped into the complete Moodle course (Part 1 syllabus + Part 2 content). Renamed Enclave Bootcamp; id standardized to enclave-bootcamp.
Re-homed to the Enclave domain (content/grading the Enclave Doctrine’s; Permit issued by the Commons — Constitution §13, §11.3). Earlier “CNMCyber-domain” framing corrected.
Permit grants stated per §11.3 (Range-review / Opplet-thematic courses / WiseNxt Orientation). Content aligned to the syllabus modules (four faces, the instance, the two worlds, the four pillars); the off-scope “climb / pay / doors” content of the v1.1 draft removed (it belongs to the WiseNxt Orientation).
Terminology: Real-Identity Workplace (not Paid Workforce); CNMCyber/KenyaX as teams; “the Climb” (not “the Foundation”).

v1.1 (2026-06-15) — Domain home settled; PROVISIONAL lifted (superseded)

Confirmed as the theory course earning the Permit. (The “CNMCyber domain” home and “Opplet Boot Camp” name are superseded by v2.0.)

END OF DOCUMENT

Enclave Bootcamp