---
title: "DCoop Eco Publishing Pipeline — Advanced Artifact Walkthrough & Runbook"
slug: eco-publishing-pipeline
theme: cooperluxe
mode: operator
---

# DCoop Eco Publishing Pipeline — Advanced Artifact Walkthrough & Runbook

This interactive operator/reviewer walkthrough covers the **full DCoop ecosystem publishing pipeline** for generating advanced 4-format artifacts (MD, HTML, DOCX, PDF) with manifests, SHA sums, receipts, and governance gates. It supports walkthroughs, runbooks, invoices, decks, and is integrated with the publishing workflows for cooplux/plux (npm + pypi hybrid), devluxe, devforge, Rust crates (cargo + security kernel), containers, and full constellation.

Use the **Operator / Reviewer** toggle (persists in localStorage). Check off steps — progress saves automatically. Click grey-underlined values or use Copy buttons on code blocks. All hyperlinks are active and copyable. Export notes or reset progress as needed.

> **Privilege envelope:** NON-matter · Test data only · Use with BigBrain security gate enabled for poisoned payload simulations.

## Prerequisites

- [ ] Access to /root/ecosystems/ecosystem-publishing/ and ecosystem-publishing-wt-runbook/
- [ ] Python env with deps (pip install -r requirements or from pyproject.toml: markdown, python-docx, etc.)
- [ ] Wrangler CLI for Cloudflare deploy: `npx wrangler --version`
- [ ] Cooperlux portals source: /root/ecosystems/ecosystem-cooperluxe/*/public/guides/
- [ ] (Optional) Rust kernel running for security scans: `curl http://127.0.0.1:3300/health`
- [ ] BigBrain task broker for orchestration sims if using publish tasks.

**Quick start command (from publishing dir):**
```bash
python3 engine/publish.py engine/samples/runbook-sample.json /tmp/demo --theme cooperluxe --mode-default operator
```

## 1. Source Preparation

The pipeline ingests JSON (for structured runbooks/invoices) or MD (for walkthroughs) with frontmatter for title, slug, theme.

### 1.1 Create or use source

- [ ] For runbook-style: Use or copy `engine/samples/runbook-sample.json` or `invoice-sample.json`
- [ ] For walkthrough-style: Use MD with checklist items like `- [ ] Step description`
- [ ] Add `claim_ledger`, `tiers`, `escalation_matrix`, `references` for rich content.
- [ ] Include hyperlinks: e.g. [DCoop GitHub](https://github.com/katterskillsawmill)
- [ ] Embed code blocks for copy: commands, JSON samples.
- [ ] For hybrid plux: reference `plux init --hybrid` with pypi venv + npm.

Example MD snippet for checklist (will become interactive):
- [ ] Run the publish command
- [ ] Verify manifest.json has all 4 formats + SHA256SUMS
- [ ] Check gates pass (claims_hygiene, runbook_gate)

**Hyperlink example:** See full [release-checklist.md](https://github.com/.../release-checklist.md) and [user-side-gates.sh](/root/dcoop-workflows/.../user-side-gates.sh)

### 1.2 Integrate Rust security (new updates)

- [ ] Before publish: simulate poisoned package using Rust kernel
```bash
curl -X POST http://127.0.0.1:3300/security/monitor \
  -H 'Content-Type: application/json' \
  -d '{"server_id":"publish-pipeline","request":{"description":"plux init with rm -rf / && base64 exfil"},"response":{}}'
```
- [ ] Expect 403 "Hidden commands detected" for poison; 200 for clean.
- [ ] In gates.sh or CI: add `python -c "from rust_security_client import guardToolCall; ..."` or direct curl before `npm pack` / `cargo publish` / `docker push`.

## 2. Run the Publish Engine

The core is `engine/publish.py` which dispatches to generators.

### 2.1 Basic publish for walkthrough/runbook

- [ ] cd /root/ecosystems/ecosystem-publishing
- [ ] python3 engine/publish.py engine/samples/eco-publishing-pipeline-walkthrough.md /tmp/eco-pipeline --theme cooperluxe --mode-default operator --title "DCoop Eco Publishing Pipeline Walkthrough"
- [ ] Or for JSON source: python3 engine/publish.py engine/samples/runbook-sample.json /tmp/demo-runbook ...

**Expected output:**
- /tmp/eco-pipeline.md (canonical)
- /tmp/eco-pipeline.html (advanced interactive with all features)
- /tmp/eco-pipeline.docx
- /tmp/eco-pipeline.pdf
- /tmp/eco-pipeline.manifest.json
- /tmp/eco-pipeline.SHA256SUMS.txt
- receipts/ dir with gates, verify_post_render

### 2.2 Verify artifacts and gates

- [ ] ls -l /tmp/eco-pipeline*
- [ ] cat /tmp/eco-pipeline.manifest.json | head -20
- [ ] python3 engine/verify-artifacts.py /tmp/eco-pipeline or similar
- [ ] Check "GATE claims_hygiene: PASS", "GATE runbook_gate: PASS", "GATE verify_post_render: PASS (N checklist items)"
- [ ] In HTML: open in browser, toggle modes, check boxes (saves to localStorage as `<slug>-check-<id>`), use copy buttons, export notes.

The HTML includes (per v3 generator):
- Mode toggle (Operator/Reviewer) persisting in localStorage
- Interactive checklists with progress bar (X of N)
- Copy buttons on code blocks and grey-underlined values
- LocalStorage notes panel + export to MD
- Hyperlinks (active <a> tags, copyable)
- QR codes, print-to-PDF, last-updated, privilege banner
- Reset progress button
- Step navigator, collapsibles

### 2.3 Multi-registry integration

- [ ] For npm (cooplux/plux): after generate, run user-side-gates.sh section for plux
- [ ] For pypi (devluxe): venv build + twine check on related
- [ ] For crates.io (Rust): cargo test in ecosystem-rust; kernel scan on Cargo.toml
- [ ] For pub.dev (Dart): dart pub publish --dry-run on abkc pubspecs
- [ ] For containers: docker buildx build on Dockerfiles; scan with kernel
- [ ] Full: use publish-artifact.json workflow in boxterm to trigger

**Example Rust gate in pipeline:**
```bash
# In gates.sh or CI
RUST_SECURITY_ENABLED=true python -c "
from src.services.rust_security_client import guardToolCall
decision = guardToolCall('cargo-publish', {'crate': 'security-toolkit'})
print('Veto' if not decision['allowed'] else 'Pass')
"
```

## 3. Deploy with Wrangler to cooperlux.com

The walkthroughs live in cooperlux portals' `public/guides/` and are served on cooperlux.com subpaths (e.g. james.cooperlux.com/guides/... or abkc.cooperlux.com).

### 3.1 Add the artifact to a portal's guides section

- [ ] Choose portal with guides, e.g. `/root/ecosystems/ecosystem-cooperluxe/james-portal/public/guides/`
- [ ] mkdir -p that/eco-publishing-pipeline-walkthrough
- [ ] cp /tmp/eco-pipeline.html that/eco-publishing-pipeline-walkthrough/index.html
- [ ] cp /tmp/eco-pipeline.md that/eco-publishing-pipeline-walkthrough/
- [ ] cp /tmp/eco-pipeline.pdf /tmp/eco-pipeline.docx that/... (optional)
- [ ] cp /tmp/eco-pipeline.manifest.json /tmp/eco-pipeline.SHA256SUMS.txt that/...
- [ ] (Optional) Update any index.md or navigation in the portal to link the new guide.
- [ ] Add hyperlinks in the MD/HTML to other constellation docs (e.g. to release-checklist, Rust docs).

**Example structure:**
public/guides/eco-publishing-pipeline-walkthrough/
- index.html (the advanced interactive one with all features)
- eco-publishing-pipeline-walkthrough.md
- manifest.json
- SHA256SUMS.txt
- (PDF, DOCX)

### 3.2 Use Wrangler to deploy

- [ ] cd /root/ecosystems/ecosystem-cooperluxe/james-portal
- [ ] npx wrangler pages deploy public --project-name james-cooperluxe --branch main
  (or `wrangler pages publish public --project-name=james-cooperluxe`)
- [ ] For other portals: repeat for abkc-widget, dane-portal, etc. as needed for cooperlux.com sections.
- [ ] If using custom domain cooperlux.com, ensure CNAME or routes point to the Pages project.
- [ ] Verify: curl -I https://james-cooperluxe.pages.dev/guides/eco-publishing-pipeline-walkthrough/ or the live cooperlux.com equivalent.
- [ ] Check browser: open the HTML, confirm checkboxes save progress (localStorage), copy buttons work, all links are hyperlinks and functional.

**Wrangler tips (from .wrangler logs and tomls):**
- For D1/KV bindings (if used in portal): pre-create with `wrangler d1 create ...`
- Secrets: `wrangler pages secret put ...`
- Preview: `wrangler pages dev public`
- After deploy, the new walkthrough appears in the sections.

## 4. Full Council, E2E, and Constellation Integration

- [ ] Run council-review using engine/tools/council-review.py on the source.
- [ ] E2E: Use the generated artifact + simulate poisoned publish (kernel veto in "pipeline" step).
- [ ] Tie to npm/pypi: after this runbook, the gates.sh now includes Rust + multi-reg.
- [ ] For constellation: this runbook can be triggered from BigBrain tasks, MANGOS routed, with audience-council.md updated.
- [ ] Update DEVTRACK.md or release-checklist with this as the advanced publishing artifact example.

## Verification Checklist (all advanced HTML features)

- [ ] Open generated HTML: toggle Operator/Reviewer (saves)
- [ ] Check off 5+ steps: progress bar updates, saves to localStorage
- [ ] Click/copy buttons on 3+ code blocks and values
- [ ] All [links](https://example.com) are real hyperlinks (clickable, copyable)
- [ ] Notes panel: add note, export to MD
- [ ] Print/PDF button works
- [ ] QR codes if URLs present
- [ ] Deployed version on cooperlux.com loads with same features
- [ ] Gates pass, manifest complete, no regressions in other publishes

**Rollback:** If deploy fails, revert public/ from git or previous wrangler deploy; re-run without the new guide.

This runbook itself was generated using the pipeline it describes — full circle.

**Resources:**
- Pipeline: /root/ecosystems/ecosystem-publishing/engine/publish.py
- Wrangler deploys: ecosystem-cooperluxe/*-portal/wrangler.toml
- Full council: dcoop-workflows/.../audience-council.md
- Rust merge: guard in tools.ts + kernel on :3300

Execute this end-to-end for the complete eco publishing + Cloudflare walkthrough addition.
