6th Street Morning Meeting

๐Ÿงช Protected Access Sandbox

A public-safe place to prepare future Cloudflare Access protection before any real protected workflow exists.

This is a public-safe sandbox route intended for future Cloudflare Access protection. It does not collect submissions, create accounts, or store identity information.

What Access Will Eventually Protect

Future protected workflows include community draft paths, staff review lanes, internal history views, participation analytics concepts, and role settings. Those workflows are not active in this build.

Protection planning Read-only Public-safe

Safe To Test Here

Sandbox check

Confirm Cloudflare Access can be pointed at a harmless route.

safe diagnostic

Sandbox check

Confirm diagnostics show only header-presence booleans.

safe diagnostic

Sandbox check

Confirm public pages still avoid forms, identity capture, and live community workflows.

safe diagnostic

Sandbox check

Confirm future protected routes remain planning records only.

safe diagnostic

Future Workflows That Require Protection

These routes are planning records only. They are not implemented, and this page does not grant access to them.

Future route Future role Access Status
/submit/ communityMember required not-implemented
/submit/announcement/ communityMember required not-implemented
/submit/pullup/ communityMember required not-implemented
/submit/pushup/ communityMember required not-implemented
/submit/proposal/ communityMember required not-implemented
/review/ staff required not-implemented
/review/queue/ staff required not-implemented
/review/submissions/ staff required not-implemented
/history/internal/ staff required not-implemented
/analytics/participation/ programDirector required not-implemented
/settings/roles/ programDirector required not-implemented

Diagnostic Endpoint

The safe diagnostic endpoint is /api/access/status. It is not an authorization system. It returns only booleans about whether Cloudflare Access-like headers are present and never returns identity values.

Use it to verify protection wiring later. Do not use it to grant access or identify a person.

Still Blocked

  • App-level login
  • Account creation
  • Identity capture
  • Live community drafts
  • Staff decision workflow
  • Attendance or participation tracking
  • Sensitive storage

Gates Before Live Protected Workflows

  • Cloudflare Access or equivalent protection selected and configured manually
  • Identity provider and group claims reviewed with 6th Street leadership
  • Future role model approved by staff ownership
  • D1 account/submission schema designed and reviewed before storage
  • Retention policy approved before collecting community content
  • Audit logging designed before staff-review workflows
  • Staff review procedure approved before user-submitted content reaches a packet
  • Privacy approval completed before resident/community information is collected

Cloudflare Access configuration remains manual. This sandbox does not create users, process community content, or persist protected data.