Commons SOP

The Commons: Opplet Commons Operations

Version 2.2 · DRAFT (reconciles to Constitution v12.8) · Tier 2 · part of Charter Release 2026.3 · effective 2026-06-16

Re-issue note. v2.2 reconciles to Constitution v12.8. The orientation is Welcome to Opplet Commons; the Permit course is Enclave Bootcamp (the Enclave domain’s — the Commons issues the Permit on completion, §9); the climb is entered through the WiseNxt Orientation (§8); the free community forge is settled on the Range (the Climb’s, WiseNxt-operated); the CNMCyber domain is renamed Commons (CNMCyber remains the team/brand). The v2.1 “ahead of the keystone / pending v12.3” framing is retired — the keystone caught up at v12.5.

Purpose and Scope

The operational mechanics of the commons — what the Commons Doctrine describes, made concrete. Custodian-tunable (Constitution §13B).

1. Gate 1 Intake — Candidate, then Member

1. A registrant submits at commit.opplet.com; Opplet IAM provisions an LDAP-Beta candidate account, assigns a callsign (§3), and drops them into Welcome to Opplet Commons (the Moodle orientation course). A candidate may authenticate only to take it.
2. On completing Welcome to Opplet Commons at 100%, Moodle fires an encrypted webhook to n8n-Alpha.
3. n8n-Alpha promotes candidate → member (Zone 4 standing).
4. SSO opens the member bundle: Moodle (every course — Welcome, Enclave Bootcamp, the Opplet-thematic / tool courses, and the WiseNxt Orientation; §9), HumHub (town square), BookStack-Beta member shelves, and Jitsi. (The free community forge is not in the bundle — it is the Climb’s, on the Range; §9, Commons Doctrine §6.)

Gate 1 is the only public flow that creates an identity (Constitution §11.1, §14); fully automated.

2. The 72-Hour Calibration Clock

A candidate has 72 hours to graduate Welcome to Opplet Commons; the clock is Gate-1-only and never applies to a member.

• Trigger: candidate provisioning. Reminders: at 24h and 6h remaining (Moodle + email). Expiry: at T+72, n8n-Alpha deletes the account, quarantines the callsign (§3), cleans Moodle state. No cooldown: re-register immediately for a fresh clock and callsign.

3. Callsign Generation

A two-word callsign (Word1-Word2) is minted at registration (candidate state), Custodian-controlled wordlist in BookStack-Alpha, collision-checked, 30-day quarantine on purge, PG/non-controversial. Permanent, no rank prefix or suffix.

4. Learning Events

• Types. Talks, workshops, hands-on sessions, study groups, demos, office hours; event records on a BookStack-Beta member shelf.
• Venue. Jitsi is the live-event venue. Hands-on events use Lounge resources (Jitsi demos, library materials); the climb’s sandboxes are WiseNxt’s, on the Range (§9, Doctrine §1).
• Hosting. Any member may propose or host; recurring/flagship events coordinated by Lounge operators (Logistics focus).
• Public tier. A public stream may run on the CNMCyber.com front (public-anonymous, Constitution §7), funnelling to Commit; interactive participation is member-gated. (A public interactive room must reuse the existing public-front Authentik category — no new exception, or it is a §17 amendment.)
• Recording. With notice, recordings/materials archive to the Common Library shelf.

5. The Events Calendar and Member Landing

The member-facing calendar draws from: community events (§4), standing Jitsi calls, and climb cohort windows (surfaced as “next opens in N days,” WiseNxt SOP §4). Surfaced on the member landing; public events also on CNMCyber.com.

6. Moderation Procedures

Exception-escalation along the operator ladder (WiseNxt Doctrine §4), across spaces and events: automated first pass; L2 routine exceptions and live-event first-line; L3 authority (removal, timeouts, space/event management); L4 the deepest non-root; Custodian only beyond application-layer authority. All actions logged (Pillar 4); operators act under callsign.

[TBD] The substantive conduct standard is owned by Commons Doctrine §8 and unwritten.

7. Lounge Service Operation

Volunteer operators administer the Lounge services at the application layer via LDAP-Beta-mapped admin — operational admin held in Beta (Constitution §2, the Re-anchored Override Rule). The services: HumHub (arena.cnmcyber.com), BookStack-Beta, Jitsi, and Moodle. (The free community forge is not a Lounge service — it is the Climb’s, on the Range; §9.) No operator holds root or Basement access; service cadences are the Enclave SOP’s.

8. The Climb Doorway Hand-off

When a member enters the climb (Commons Doctrine §5), the hand-off passes to the WiseNxt SOP:

• The Opplet Learner Permit is earned by completing Enclave Bootcamp (the Enclave domain’s theory course, §9), taken in Moodle. This is not a hand-off: the Commons issues and records the Permit, the way it records orientation completion. The Commons records certifications; it does not track a climb.
• The opt-in/enrollment runs through the WiseNxt Orientation: a Permit-holder enters it, and enrollment fires when its capstone — a nominated exemplar — is produced (Constitution §11.3). Enrollment requires standing membership and the Permit. From nomination onward, the WiseNxt tracker holds the record (WiseNxt SOP §1); the forge and sandboxes the climber uses are WiseNxt’s, on the Range.

9. The Opplet Learner Permit and Course-Gated Tools

The Opplet Learner Permit is the commons’ competency credential, earned by completing Enclave Bootcamp — the theory of how Opplet runs, the Enclave domain’s course (its content and grading are the Enclave Doctrine’s), delivered as an open Moodle course in the Lounge. Issuing the Permit is commons plumbing, the same shape as Gate 1:

1. A member completes Enclave Bootcamp in Moodle (open to any member; self-paced; 100% to pass — graded per the Enclave Doctrine).
2. Moodle fires an encrypted webhook to n8n-Alpha.
3. n8n-Alpha adds the member to a certified group in LDAP-Beta — same callsign, no directory change.
4. Authentik then authorizes the product/Developer working spaces and Developer-space voting (HumHub), and the certified flag is the eligibility floor for the climb (§8). The Permit also carries the Constitution §11.3 grants: Range-review of the forge (read-only), the Opplet-thematic courses, and access to the WiseNxt Orientation.

Course-gated tools (the general pattern). Any tool with a learning curve may sit behind its own short Moodle course, gated by the same Moodle → n8n → group → Authentik path; these Opplet-thematic / tool courses are the Commons’ (Constitution §13). Intuitive tools (HumHub, BookStack, Moodle) are open to members and need no course. (Enclave Bootcamp uses the same plumbing but is the Enclave domain’s course; the climb’s own tools and any forge course belong to WiseNxt.)

The credential and any tool courses are authorizations, not ranks — invisible on the callsign (Doctrine §9).

Changelog

v2.2 (2026-06-16) — Reconcile to Constitution v12.8

• Orientation is Welcome to Opplet Commons (§1, §2); the Permit course is Enclave Bootcamp (the Enclave domain’s), with the Commons issuing the Permit on completion (§8, §9).
• Climb entry through the WiseNxt Orientation (§8); the §11.3 Permit grants recorded (§9).
• CNMCyber domain → Commons (team/brand unchanged); internal refs re-pointed.
• Forge settled on the Range; dropped from the member bundle and the Lounge services (§1, §7). The “pending v12.3” framing retired.

v2.1 (2026-06-14) — Opplet Learner Permit, course-gated tools, forge out

• §9 added the Permit mechanic and the course-gated-tool pattern; §1/§7 dropped the forge; §8 renamed. (The “pending Constitution v12.3” forward-reference is now resolved.)

END OF DOCUMENT

• Tier 0 — Keystone: Opplet Constitution
• Tier 1 — Doctrine & Architecture: Enclave Doctrine, Commons Doctrine, WiseNxt Doctrine, Workplace Doctrine
• Tier 2 — Operations & Learning: Enclave SOP, Enclave Bootcamp, Commons SOP (this document), Commons Welcome, WiseNxt SOP, WiseNxt Orientation, Workplace SOP
• Tier 3 — Manifests & Reports: Software Stack, Hardware Manifest, URL Nomenclature, Opplet.Com Website
• Tier 4 — Zone Projects: Den Migration