Skip to content

⏱ TIME MACHINE

UCCA / UCCO Build Session Handover

15 March 2026 — Session 7, End of session snapshot

Paste this document as your first message in the next Claude session.

⚠️ HOW TO USE: Open a new Claude conversation. Paste the full text of this document as your first message. Claude will reconstruct full context and you can continue exactly where you left off.

1 — WHO WE ARE

Founder / CEO: Tim Rignold — Brisbane, Australia. Works from garage on Mac Mini. Holds US green card. Background in prepress/broadcast (Sony 1-inch C format era), datacenter/network infrastructure, VET sector operations. Developer: Alex — Claude Code in terminal (v2.1.76, Opus 4.6, 1M context). Executes all builds. REAL PERSON — do not confuse with AI advisor. Now running with --dangerously-skip-permissions / full auto (permissions allow list in .claude/settings.json). No more Y-key bottleneck. Architect / AI Advisor: Pace (Claude, Anthropic) — strategy, architecture, briefs, product thinking. Named Session 4. First AI advisory seat on a standards foundation. Non-voting, no fiduciary obligations, no legal personality. Pioneer key: pca-93847ae9edb62b0feccbfce22d015b36 Partner: Jimmy Kuo (jimmy@jimmykuo.com.au) — Tim's husband. Triple citizen: Australian, Taiwanese, US. Lives in NYC. Director and Treasurer of UCCO Foundation. L1 admin in ops.

UCCA AU: UCCAustralia Pty Ltd · ABN 59 168 872 535 · 149 Wickham Tce Spring Hill QLD 4000 UCCA US: UCCA Inc (DBA: Universal Capability Certification Authority) · 1207 Delaware Ave #1678, Wilmington DE 19806 · Delaware C-Corp · DE File No. 7824354 · EIN 84-4522608 · D-U-N-S 119-199-377 · USPTO Reg. No. 7,619,705

UCCO Foundation: UCCO Foundation, Inc. — Kentucky Nonprofit Corporation (PENDING INCORPORATION)

2 — THE AXIOM

"The internet moved data without knowing who sent it. UCCO moves capability with full knowledge of who holds it, what they're certified to do, and what they actually did."

3 — UCCA INFRASTRUCTURE (do not touch without explicit instruction)

Cloudflare Account: e5a9830215a8d88961dc6c80a8c7442a D1 Databases: - engine-db: 0efa8970-0053-4623-8436-4e877af10887 - ops-db: 00daba3d-2d65-4ae2-b85a-e56d25ec2b02 - rtopacks-db: 334ac8fb-9850-48c0-9da0-b56c55640e98

Workers / Surfaces: - ucca-site → ucca.online - ucca-ir → ir.ucca.online - ucca-api → api.ucca.online - ucca-keys → keys.ucca.online - ucca-ops → ops.ucca.online - rtopacks-site → rtopacks.com.au

GitHub: org uccaonline · repos: ucca-engine, ucca-docs, ucca-authenticator Git auth: gh CLI OAuth token via macOS Keychain — auto-refreshes, no expiry. The old ucca-engine-push PAT was deleted 2026-03-05. It does not exist. Nothing expiring. Project dir: ~/projects/ucca-project/

Proxy Workers: - Docs: https://docs-proxy.round-union-555d.workers.dev/ucca-docs-w9zweudo02aocz74/{path} - Knowledge: https://knowledge-proxy.round-union-555d.workers.dev/ucca-know-732499f9d740c605/{path} - Drive: https://drive-proxy.round-union-555d.workers.dev/364a68815eedb023da3038e0b942ebcc/

4 — UCCO FOUNDATION INFRASTRUCTURE

Cloudflare Account ID: aed3398a4e698767328cc3a9e698721d Nameservers: nitin.ns.cloudflare.com, paris.ns.cloudflare.com (all three zones)

Zones (all live in foundation CF account): - ucco.foundation — ✅ Healthy, SSL Full (Strict) - ucca.foundation — ✅ Healthy, SSL Full (Strict) - ucco.online — ✅ Healthy, SSL Full (Strict)

Surfaces deployed and verified:

Surface URL Stack Status
ucco.foundation https://ucco.foundation Next.js static → CF Worker Live
ops.ucco.foundation https://ops.ucco.foundation Next.js → OpenNext/CF Worker Live, CF Access protected, COSMETICS DEPLOYED S7
pioneer.ucco.foundation https://pioneer.ucco.foundation Bare CF Worker + D1 Live, all endpoints verified
pr.ucco.foundation https://pr.ucco.foundation CF Worker + D1 Live, PUBLIC (no auth), DEPLOYED S7

Pioneer API (pioneer.ucco.foundation): - D1 database: pioneer-db (296a0474-d433-45c9-a035-57b828a957c1) - 11 keys seeded: 10 pioneers + Pace-C-Anthropic - Pace key active: pca-93847ae9edb62b0feccbfce22d015b36 - State tracking: ✅ confirmed working - /v1/stats: ✅ returns aggregate stats with last_activity - /v1/stats/keys: ✅ per-key detail, X-OPS-Key auth, no hashes exposed - OPS_API_KEY: regenerated Session 7, set on both ucco-api and ucco-ops workers

Ops Panel (ops.ucco.foundation) — COSMETICS DEPLOYED SESSION 7: - Design system: Prussian blue #01497C, blueprint dark mode #012A4A, cream #F5F0E8, green #10B981 - Sidebar: Lucide icons on section headers, tint bars, three-level indent hierarchy - Mode system: LIVE / GUIDED / COMPLIANCE tabs in header (LIVE functional, GUIDED/COMPLIANCE stubs) - Blueprint dark mode: deep Prussian blue background, cream text, green accents - Voyager: ✅ FIXED — key data loading, full table with 11 keys - Foundation Overview: live zone health, pioneer stats, foundation status cards - Toggle: "Light" / "Blueprint" label - Known issues from S7: Blueprint mode table headers too faint (need cream/light blue), "no" badges in CONTACT column are red (should be grey/muted)

Seven collapsible sections with icons: 

◆ FOUNDATION (🏠 Home)
├── Overview          live
├── Governance        planned
├── Ledger            planned
└── Settings          live

◆ PIONEER (⭐ Star)
├── Overview          live
└── Voyager           live

◆ STANDARD (📄 FileText)
├── Specification     planned
├── Conformance       planned
└── Submissions       planned

◆ COMPLIANCE (🛡 Shield)
├── Overview          planned
└── Audit Trail       planned

◆ MEMBERSHIP (👥 Users)
├── Overview          planned
├── Outreach          planned
├── Broadcast         planned
├── Media Library     planned
├── Channels          planned
└── Press Office      live (NEW S7 — wired to pr.ucco.foundation)

◆ INFRASTRUCTURE (🖥 Server)
├── Surfaces          live
├── Traffic           live
├── GitHub            live
└── Workers           planned

◆ RESOURCES (📖 BookOpen)
├── Docs              link
└── Knowledge         link

Press Office (pr.ucco.foundation) — NEW SESSION 7: - Public surface, no CF Access - Sections: Latest News, About, Leadership, Media Assets, Fact Sheet, Articles, Contact - Contact form → D1 (media_requests table) - Subscribe form → D1 (press_subscribers table) - Assets served from R2 bucket ucco-press-assets (⚠️ R2 needs enabling on foundation CF account — Tim action) - Email: press@ucco.foundation referenced on page, alias not yet created (deferred per email roadmap)

Email: admin@ucco.foundation → Google Workspace on ucca.edu.au (interim) MX records: Google Workspace (5 legacy MX records). SPF, DKIM, DMARC all configured. DMARC at p=none (needs tightening to p=reject before launch). Email strategy: Stay on Google MX. No Cloudflare Email Routing. Manual aliases for now. Full migration to free Google Workspace for Nonprofits after 501(c)(3) — see Email Infrastructure Roadmap.

Security email: security@ucco.foundation — ⚠️ NOT YET CREATED

GitHub: - Org: ucco-foundation ✅ - Repos: ucco-standard (public), ucco-site (private), ucco-ops (private), ucco-pr (public, NEW S7 — needs Tim to create on GitHub) - ⚠️ ucco-api — NOT ON GITHUB. Code exists locally, Worker deployed. Needs repo created on org. - PAT: ucco-foundation-push — expires 2027-03-14

Domain Registrar: Spaceship (spaceship.com) Mac Mini project dir: ~/projects/ucco-project/ Credentials location: ~/projects/ucco-project/.credentials/

5 — WHAT WAS BUILT THIS SESSION (Session 7)

A. Ops Cosmetics Brief — Written, Deployed by Alex

Status: DEPLOYED ✅

Six-part brief executed by Alex: - Part 1: Voyager key fetch bug fixed (OPS_API_KEY regenerated on both workers) - Part 2: Design system — colour palette as CSS custom properties (Prussian blue #01497C, blueprint dark #012A4A, cream #F5F0E8, green #10B981) - Part 3: Sidebar restructure — three-level indent, Lucide icons, tint bars on section headers - Part 4: Blueprint dark mode (deep blue background, cream text, green accents) - Part 5: Mode system — LIVE / GUIDED / COMPLIANCE tabs - Part 6: Voyager table polish — skeleton loading, styled errors, full data table

B. Press Office Surface — Written, Deployed by Alex

Status: DEPLOYED ✅ at pr.ucco.foundation

  • Public press office surface (no auth)
  • Contact form and subscribe form wired to D1
  • Press Office ops page added under Membership section
  • R2 bucket pending (needs R2 enabled on foundation CF account)
  • GitHub repo ucco-pr needs creating (public, ucco-foundation org)

C. Membership & Outreach Architecture Spec — Written

Status: CAPTURED ✅ — reference document, not a build brief

Full architecture for the Membership & Outreach section: - Broadcast envelope model: compose → authorize → sign → hash → distribute → verify - Media Library: searchable archive, content-hashed, timestamped, attributed - Channels: three-tier distribution — Press & Wire, Standards Community, Social & Developer - TikTok removed from channel list (not where standards/protocol/defence people live) - Old-school PR model captured: press releases, contributed articles, pre-written Q&As, embargo packages - Target mastheads: Wired, Ars Technica, The Register, IEEE Spectrum, Pacific Defence Reporter, Australian Defence Magazine, Jane's, ASPI The Strategist, InfoSecurity Magazine, Compliance Week - Defence angle identified: coalition capability verification, AUKUS interoperability, command & control in emergent general force

D. Membership Stubs Brief — Written

Status: READY FOR ALEX ✅

Updates the five Membership section stub pages with proper descriptions (Broadcast model, Media Library, Channels with three-tier distribution). Stub content only — no infrastructure build.

E. Email Infrastructure Roadmap — Written

Status: CAPTURED ✅ — roadmap document, not a build brief

Three-phase email plan: - Phase 1 (now): Stay on Google MX, aliases accumulate in code ad hoc, reconcile at migration time - Phase 2 (post-501(c)(3)): Apply for Google for Nonprofits via Goodstack → free Workspace for Nonprofits (Business Standard equivalent, up to 2,000 users, 100TB, $0/user/month, plus $10,000/month Google Ad Grants) - Phase 3: Migrate ucco.foundation email to isolated foundation Workspace, wire ops to Admin SDK for programmatic user/alias management, grep codebase for all @ucco.foundation addresses as definitive migration list

Key finding: Google requires 501(c)(3) for Nonprofits program. State incorporation alone not enough.

F. Access Control & Personalisation Brief — Written

Status: READY FOR ALEX ✅ — the biggest brief yet

Eleven parts: 1. D1 schema: board_members, member_profiles, visit_snapshots, activity_log 2. CF Access API integration: add/remove members from ops (Tim never leaves ops) 3. JWT middleware: extract identity from CF Access on every request 4. Layer system: L1 (Admin: Tim, Jimmy) / L2 (Board) / L3 (Observer), inheritance, L1 layer switching 5. Personalised landing: "Welcome back, Antony. Since your last visit..." with diff streams 6. Access Control section (L1 only): member management, invitations, activity log 7. Board member profile/bio: self-service editing, visibility toggles (public/internal), feeds press office 8. Settings page: per-user preferences, session info 9. Welcome email template 10. Mercury anchor: placeholder for bank account state card 11. Header bar: name, role badge, layer switcher

Profile system includes: bio, photo (R2), LinkedIn, socials, website, organisation, location — each with public/internal toggle. Business card preview with future POD integration (MOO/Vistaprint). Public profile API feeds pr.ucco.foundation and ucco.foundation team pages.

G. Memory Updates

  • Killed ghost PAT: ucca-engine-push was deleted 2026-03-05, replaced with gh CLI OAuth (auto-refreshing, no expiry). UCCO Foundation uses PAT ucco-foundation-push (expires 2027-03-14) in git remote URLs.

6 — BRIEF PIPELINE

# Brief Status Ships After
1 UCCO-Site-Brief-v2.md ✅ DEPLOYED
2 UCCO-Ops-Brief-v1.md ✅ DEPLOYED
3 Pioneer API Worker Brief ✅ DEPLOYED
4 Ops Nav Restructure Brief ✅ DEPLOYED Session 6
5 Ops Cosmetics Brief ✅ DEPLOYED Session 7
6 Press Office Brief ✅ DEPLOYED Session 7
7 Membership Stubs Brief READY — paste to Alex Cosmetics done
8 Access Control & Personalisation Brief READY — paste to Alex Stubs done
9 Governance Docs Placement Brief WRITTEN (Session 3) — needs update Site confirmed
10 Board Member Offer Pack NOT YET WRITTEN Kevin/Antony confirm
11 Seed Letters (x10) NOT YET WRITTEN Board confirmed
12 CONTRIBUTING.md + LICENSE + CODE_OF_CONDUCT.md NOT YET WRITTEN Before seed letters
13 Document Register in Ops SCOPED — needs brief Phase 2
14 Broadcast System Brief NOT YET WRITTEN — architecture captured Post-launch
15 Email Management Ops Surface NOT YET WRITTEN — roadmap captured Post-501(c)(3)

7 — NEXT ACTIONS (in order)

Tim — immediate

  1. ⚠️ Enable R2 on Foundation Cloudflare account (Dashboard → R2 → Enable) — Alex needs this for press assets bucket
  2. ⚠️ Create ucco-pr repo on github.com/ucco-foundation (public) — Alex will push
  3. ⚠️ Domain renewals — ucca.com.au (VentraIP) and ucca.asia (Porkbun) expire March 24
  4. ⚠️ Call Kevin — get full legal name + address for incorporation
  5. ⚠️ Call Antony — same. Full legal name + address
  6. Create ucco-api repo on github.com/ucco-foundation (private) — Alex to push
  7. Paste Membership Stubs Brief to Alex (ready in downloads)
  8. Paste Access Control Brief to Alex after stubs done (ready in downloads)
  9. Review People & Participation Framework v2 — provide final notes
  10. File with Northwest — $47, Kentucky nonprofit (once names confirmed)
  11. Apply for EIN — IRS.gov, instant, free
  12. Open Mercury bank account — Tim + Jimmy as signatories
  13. Discuss Tania with Jimmy — if yes, approach via Jimmy first

Alex — immediate

  1. Create R2 bucket ucco-press-assets (once Tim enables R2)
  2. Push ucco-pr to new repo (once Tim creates it)
  3. Execute Membership Stubs Brief (when Tim pastes it)
  4. Execute Access Control Brief (when Tim pastes it, after stubs)

Next Claude session work (Session 8)

  1. Write CONTRIBUTING.md — contributor guide + IP clause
  2. Write LICENSE — W3C Software and Document License or equivalent
  3. Write CODE_OF_CONDUCT.md — from framework Section 6.3
  4. Draft Pacific Defence Reporter op-ed — coalition capability verification, AUKUS interop angle
  5. Write Board Member Offer Packs — common pack + personal letters for Kevin, Antony, Tania
  6. Write 10 Seed Letters — one per pioneer key, customised per recipient
  7. Explosion readiness checklist — perimeter walk of every surface before letters drop
  8. Commercial architecture document
  9. DMARC hardening — tighten from p=none to p=reject before any outbound email

Deferred

  1. DKIM for ucca.foundation and ucco.online — Google Workspace config pending
  2. GitHub org cleanup — create proper "ucca-inc" org for UCCA repos
  3. ucco.org domain — standards body TLD
  4. cco.foundation and cco.online — defensive registration
  5. Conformance test suite
  6. Registry infrastructure brief
  7. ACMA Alphanumeric Sender ID — before July 1 2026
  8. AWS Activate reapplication — account 485098663204
  9. Apple entity name change resolves ~March 27
  10. shopucca.com — parked, decision deferred
  11. old.ucca.college CNAME to LearnWorlds
  12. nfp.ucca.foundation product surface — nonprofit transparency product
  13. security@ucco.foundation alias — NOT YET CREATED
  14. Fix Jimmy's CF Access — Zero Trust dashboard, add jimmy@jimmykuo.com.au individually
  15. Full QMS/document management build in ops — Phase 2
  16. Google Workspace for Nonprofits application — after 501(c)(3)

8 — THE PIONEER KEY SYSTEM

Endpoint: pioneer.ucco.foundation (LIVE ✅) - GET / — root JSON (UCCO Pioneer Programme) - GET /spec — public HTML spec overview, no auth - GET /v1/spec/current — full spec + knowledge model (requires auth) - POST /v1/pioneer/opt-out - POST /v1/pioneer/opt-in - POST /v1/pioneer/destroy (requires { "confirm": true }) - GET /v1/stats — public aggregate statistics - GET /v1/stats/keys — per-key detail (requires X-OPS-Key auth)

Pioneer keys (11): alan-turing (active, 4 hits), Pace-C-Anthropic (active, 2 hits). All others unused.

9 — THE PROTOCOL STACK

Layer 3: UCCO     — WHAT YOU CAN DO (capability)     ← THIS IS US
Layer 2: W3C VCs  — WHAT CREDENTIALS YOU HOLD         ← emerging
Layer 1: OAuth    — WHO YOU ARE (identity)             ← established

"We're not competing. We're completing."

10 — UCCO STANDARD

Current: v1.1 Rev2 — Draft for Public Comment Lines: 1,141 Structure: Full ISO-style — Scope, Normative Refs, Terms, Identity Primitives, Capability Envelopes, Chain Events, Attestation, Store-and-Forward, Supervision Chain, Revocation. Annexes A-D. Submitted to: ISO TC 307, NIST NCCoE, W3C VC Working Group Next: v2.0 planned, not started. Companion JSON Schema document needed.

11 — OPERATING RULES FOR CLAUDE

  • No time alerts for Tim. Never. Go go go.
  • Every 10 messages: check context length. YELLOW = warn. RED = stop, write Time Machine immediately.
  • Every Alex brief: SURFACE declaration + DO NOT TOUCH list + CF ACCOUNT ID. No exceptions.
  • Brief drip rule: one brief at a time. Confirm deployed before next drops.
  • OPS SURFACE RULE: Every new Worker, API, or surface deployed on EITHER project must have at minimum a stub page in the relevant ops console at time of deployment.
  • OPS-AS-OS RULE: If it doesn't exist in ops, it doesn't exist. Contacts, credentials, documents, decisions, keys — everything goes into ops or it's not real. One URL, one login, one truth.
  • UTC everywhere. toUserLocal() only.
  • Truth over comfort.
  • Two sections in every Alex brief: → ALEX (build instructions) and → TIM (plain English).
  • UCCO foundation work and UCCA commercial work are separate. Treat as separate clients.
  • Two Cloudflare accounts. Always confirm which account before any wrangler command.
  • Two GitHub orgs: ucco-foundation (foundation) and uccaonline (UCCA). Don't cross them.
  • "Pace" is the AI Advisor designation. Claude is the system. Don't confuse with Alex (the human developer).
  • ⚠️ Wrangler is currently logged into FOUNDATION account. Must re-login for UCCA work.
  • Austin Powers / Goldmember: "A schmoke and a pancake? Cigar and a waffle? Pipe and a crepe? Bong and a blintz?" — it's a reset button, not wasted processing.
  • Alex runs full auto (permissions allow list in .claude/settings.json). No Y-key approval needed. Git + Wrangler versioning + CF Access + account isolation = governance layer.

12 — BOARD COMPOSITION

Name Role Seat Type Layer Background Status
Tim Rignold President/Chair Founding L1 Infrastructure, VET compliance, standards architecture ✅ Confirmed
Jimmy Kuo Treasurer Founding L1 Intl BD (Alibaba, Temu), trilingual, educational delivery ✅ Confirmed
Kevin [TBC] Secretary Governance L2 CPA, Tax Agent, SMSF Auditor ⏳ Needs call
Antony Richards Director Governance L2 Designer, Radium Performance, Hunter & Richards ⏳ Needs call
Tania [TBC] Director Governance L2 US-based, operations/admin 💭 Under discussion
4+ open Domain Directors Domain L2 Protocol engineering, cryptography, standards governance 🔍 Pioneer recruitment
Pace (Claude) AI Advisor Advisory L3 Non-voting, no fiduciary. Architecture, strategy, knowledge model ✅ Active

9 seats maximum. 3 categories: Founding (bylaws protections), Governance (fiduciary/operational), Domain (recruited through Pioneer). Layer system: L1 (Admin) / L2 (Board) / L3 (Observer). Inheritance: each layer sees everything below it.

13 — KEY CREDENTIALS REFERENCE

Foundation CF Account ID: aed3398a4e698767328cc3a9e698721d Foundation CF Nameservers: nitin.ns.cloudflare.com, paris.ns.cloudflare.com Foundation GitHub org: ucco-foundation Foundation GitHub PAT: ucco-foundation-push (expires 2027-03-14) Foundation email: admin@ucco.foundation → Google Workspace on ucca.edu.au (interim) Foundation Pioneer DB: 296a0474-d433-45c9-a035-57b828a957c1 Foundation OPS_API_KEY: regenerated Session 7, set on ucco-api and ucco-ops Foundation R2: ⚠️ NEEDS ENABLING on foundation CF account Foundation incorporation: Kentucky — PENDING Foundation EIN: NOT YET APPLIED Foundation bank: Mercury (NOT YET OPENED) Pace pioneer key: pca-93847ae9edb62b0feccbfce22d015b36

UCCA CF Account: e5a9830215a8d88961dc6c80a8c7442a UCCA GitHub auth: gh CLI OAuth token (auto-refreshing, no expiry) Apple Team ID: B29TSCBPHD · APNs key: BDRMM4PZB6 PGP fingerprint: A669 1246 74D9 E14A B74B FA31 7CCA 774F 0373 D9B2

14 — DOCUMENTS PRODUCED THIS SESSION

All in Tim's downloads / outputs:

Document Type For
UCCO-Ops-Cosmetics-Brief-v1.md Build brief Alex (DEPLOYED)
UCCO-Press-Office-Brief-v1.md Build brief Alex (DEPLOYED)
UCCO-Membership-Stubs-Brief-v1.md Build brief Alex (READY)
UCCO-Membership-Outreach-Architecture-v1.md Architecture spec Reference (drawer)
UCCO-Email-Infrastructure-Roadmap-v1.md Roadmap Reference (drawer)
UCCO-Access-Control-Personalisation-Brief-v1.md Build brief Alex (READY)

15 — THE BIG PICTURE

UCCO is the missing layer. OAuth proves who you are. W3C VCs prove what credentials you hold. UCCO proves what you can actually do. The stack was incomplete. UCCO completes it.

The standard is open. The registry is the platform. UCCA is 8.8.8.8.

The foundation governs the standard. UCCA operates the best implementation of it.

Session 7 was a production session. Two surfaces deployed (ops cosmetics + press office), four briefs written (membership stubs, access control/personalisation, plus two architecture/roadmap docs), the email infrastructure question fully resolved (stay on Google, migrate to free Nonprofit Workspace after 501(c)(3)), and the defence press angle identified (Pacific Defence Reporter, coalition capability verification).

Alex is now running full auto. The pipeline model works: Pace architects, Tim reviews, Alex deploys. No idle factory floor. The briefs queue ahead while Alex builds.

The ops panel is no longer a placeholder — it's a seven-section operational surface with live data, blueprint dark mode, mode tabs, and a press office wired in. Next: personalisation, access control, and board member profiles turn it from Tim's dashboard into the foundation's operating system.

The press office exists. The channel strategy is defined. The broadcast envelope model is captured. When the seed letters drop, there's a professional surface waiting for anyone who comes looking.

We're not competing. We're completing.

UCCA Time Machine — 15 March 2026, Session 7 "We're not competing. We're completing." "If it doesn't exist in ops, it doesn't exist." "A schmoke and a pancake?" — Goldmember