Release v1.3

# Added

- **SpecEngine dependency content fingerprint** (`docs/specs/SpecEngine/c5fingerprint.py`): new SpecEngine module that computes per-file SHA-256 hashes over the contents of every file listed in a Doorstop item's `references:` field and stores a `references_content_fingerprint` block (combined hash + per-file breakdown) in each item's YAML frontmatter, enabling dependency-aware impact analysis across all Doorstop documents (MRS, SRS, ARC, SWD, TCS, TRP); items whose referenced files have changed since the last run are flagged as `[STALE]` and have their stored fingerprint updated in-place; supports `--dry-run` (compute only, no writes), `--check` (exit code 1 on stale, for use as a CI gate), and `--verbose` (per-file hash detail) flags; automatically registers the `references_content_fingerprint: {}` attribute default in the `.doorstop.yml` of every document that contains references-bearing items; integrated into `publish.sh` as the final step (after all undo/restore steps)

- **DocEngine standalone mode** (`c5dec docengine <type> -n <name> --standalone`): `create_docengine_template()` accepts a new `standalone` boolean argument; when set, the command additionally copies the `.devcontainer` folder, `docEngine.Dockerfile`, `poetry.lock`, and `pyproject.toml` from the repository root into the generated template destination, enabling users to open and use DocEngine directly in VS Code without the rest of the C5-DEC environment; `--standalone` flag added to the `docengine` CLI argument parser

- **End-user DocEngine manual package** (`docs/manual/docengine-manual/`): added a user-oriented manual authored as a DocEngine report template, including chapters, figures, Quarto configuration, and helper scripts, together with a compiled PDF output artifact for immediate consumption by end users

## Modified

- Migrated the DocEngine user manual from the SSDLC page to a dedicated and more detailed `docengine.md` page under `docs/manual`
- Updated manual entry README and other relevant docs to reflect the DocEngine documentation update

## Fixed

- Bug preventing the Ubuntu font from being used by DocEngine

Author: CryptographySandbox

CHANGELOG.md

@@ -1,3 +1,28 @@
+# 1.3 (2026-03-23)
+
+## Added
+
+- **SpecEngine dependency content fingerprint** (`docs/specs/SpecEngine/c5fingerprint.py`): new SpecEngine module that computes per-file SHA-256 hashes over the contents of every file listed in a Doorstop item's `references:` field and stores a `references_content_fingerprint` block (combined hash + per-file breakdown) in each item's YAML frontmatter, enabling dependency-aware impact analysis across all Doorstop documents (MRS, SRS, ARC, SWD, TCS, TRP); items whose referenced files have changed since the last run are flagged as `[STALE]` and have their stored fingerprint updated in-place; supports `--dry-run` (compute only, no writes), `--check` (exit code 1 on stale, for use as a CI gate), and `--verbose` (per-file hash detail) flags; automatically registers the `references_content_fingerprint: {}` attribute default in the `.doorstop.yml` of every document that contains references-bearing items; integrated into `publish.sh` as the final step (after all undo/restore steps)
+
+- **DocEngine standalone mode** (`c5dec docengine <type> -n <name> --standalone`): `create_docengine_template()` accepts a new `standalone` boolean argument; when set, the command additionally copies the `.devcontainer` folder, `docEngine.Dockerfile`, `poetry.lock`, and `pyproject.toml` from the repository root into the generated template destination, enabling users to open and use DocEngine directly in VS Code without the rest of the C5-DEC environment; `--standalone` flag added to the `docengine` CLI argument parser
+
+- **End-user DocEngine manual package** (`docs/manual/docengine-manual/`): added a user-oriented manual authored as a DocEngine report template, including chapters, figures, Quarto configuration, and helper scripts, together with a compiled PDF output artifact for immediate consumption by end users
+
+## Modified
+
+- Migrated the DocEngine user manual from the SSDLC page to a dedicated and more detailed `docengine.md` page under `docs/manual`
+- Updated manual entry README and other relevant docs to reflect the DocEngine documentation update
+
+## Fixed
+
+- Bug preventing the Ubuntu font from being used by DocEngine
+
+# 1.2.4 (2026-03-11)
+
+## Fixed
+
+- Image path bug in product webpage
+
 # 1.2.3 (2026-03-11)
 
 ## Added

README.md

@@ -4,9 +4,9 @@ C5-DEC, short for "Common Criteria for Cybersecurity, Cryptography, Clouds – D
 
 <img src="./docs/manual/_figures/CyFORT-C5CEC-logo.png" alt="cyfort_logo" width="500"/>
 
-[![Version](https://img.shields.io/badge/version-1.2-blue)](CHANGELOG.md) [![License: AGPL v3](https://img.shields.io/badge/license-AGPL--v3-brightgreen)](LICENSE) [![Python](https://img.shields.io/badge/python-3.8--3.11-blue)](pyproject.toml)
+[![Version](https://img.shields.io/badge/version-1.3-blue)](CHANGELOG.md) [![License: AGPL v3](https://img.shields.io/badge/license-AGPL--v3-brightgreen)](LICENSE) [![Python](https://img.shields.io/badge/python-3.8--3.11-blue)](pyproject.toml)
 
-C5-DEC CAD is the software component of C5-DEC: an [AI-enabled](./docs/manual/ssdlc.md#ai-enabled-design-specification-development-and-testing) toolkit for secure system design, development, and evaluation across [CLI/TUI/GUI and VS Code](#usage). It combines [CCT](./docs/manual/cct.md), [SSDLC](./docs/manual/ssdlc.md) with [SpecEngine](./docs/specs/SpecEngine/README.md) and [DocEngine](./docs/manual/ssdlc.md#c5-dec-docengine-for-report-generation), [CRA](./docs/manual/cra.md), [SBOM](./docs/manual/sbom.md), [CPSSA](./docs/manual/cpssa.md), [cryptography](./docs/manual/cryptography.md), and [project management](./docs/manual/pm.md) in one traceable, open-format (Markdown/YAML) workflow.
+C5-DEC CAD is the software component of C5-DEC: an [AI-enabled](./docs/manual/ssdlc.md#ai-enabled-design-specification-development-and-testing) toolkit for secure system design, development, and evaluation across [CLI/TUI/GUI and VS Code](#usage). It combines [CCT](./docs/manual/cct.md), [SSDLC](./docs/manual/ssdlc.md) with [SpecEngine](./docs/specs/SpecEngine/README.md), [DocEngine](./docs/manual/docengine.md), [CRA](./docs/manual/cra.md), [SBOM](./docs/manual/sbom.md), [CPSSA](./docs/manual/cpssa.md), [cryptography](./docs/manual/cryptography.md), and [project management](./docs/manual/pm.md) in one traceable, open-format (Markdown/YAML) workflow.
 
 This repository contains the C5-DEC CAD source code plus full documentation, including requirements, design artifacts, the [user manual](./docs/manual/README.md), and test specifications/reports; live traceability is published on the [technical specification web site](https://abstractionslab.github.io/c5dec/traceability/index.html).
 
@@ -30,7 +30,7 @@ For a visual stakeholder-oriented tour of C5-DEC CAD, visit the **[product prese
 
 ## Overview
 
-C5-DEC CAD assists system/software designers, developers, testers and security analysts with building and evaluating secure software systems. It integrates SSDLC, SVV, and CPSSA within the Common Criteria framework, providing full artifact traceability across the entire development life cycle, along with cryptographic checks, threat modelling, quantitative risk analysis, Cyber Resilience Act (CRA) compliance support, and SBOM lifecycle management. Its DocEngine, built on Quarto with custom LaTeX enhancements and pre/post-render scripting, enables smart document authoring, scientific and technical publishing across report, presentation, and CRA technical documentation templates.
+C5-DEC CAD assists system/software designers, developers, testers and security analysts with building and evaluating secure software systems. It integrates SSDLC, SVV, and CPSSA within the Common Criteria framework, providing full artifact traceability across the entire development life cycle, along with cryptographic checks, threat modelling, quantitative risk analysis, Cyber Resilience Act (CRA) compliance support, and SBOM lifecycle management. Its [DocEngine](./docs/manual/docengine.md), built on Quarto with custom LaTeX enhancements and pre/post-render scripting, enables smart document authoring and scientific and technical publishing across report, presentation, and CRA technical documentation templates.
 
 ### Knowledge base
 
@@ -53,9 +53,8 @@ C5-DEC ships two complementary knowledge bases:
 ### Secure software development life cycle (SSDLC)
 
 - [New C5-DEC project scaffolding](./docs/manual/ssdlc.md#c5-dec-project-creation) (`c5dec new`): containerized repository with dependencies, templates, DocEngine, SpecEngine, and Doorstop-based traceability, with an [AI-enabled](./docs/manual/ssdlc.md#ai-enabled-design-and-specification) approach for generating requirements, test cases, and technical reports;
-- [DocEngine](./docs/manual/ssdlc.md#c5-dec-docengine-for-report-generation) (`c5dec docengine`): Quarto-based publishing pipeline with LaTeX customizations and pre/post-render scripts; scaffolds three template types — `report`, `presentation` (Reveal.js and PowerPoint with ALab branding), and `cra-tech-doc` (CRA Annex VII technical documentation);
+- [SpecEngine](./docs/specs/SpecEngine/) toolkit for specification management following the [C5-DEC method](./docs/specs/README.md): `c5graph.py` (interactive Cytoscape.js traceability graph with dagre layout, expand/collapse, color-coded coverage), `c5mermaid.py` (Mermaid-to-SVG/PNG pre-processor with undo and dry-run, integrated into `publish.sh`), `c5browser.py` (standalone Bootstrap + DataTables HTML browser for Doorstop items with sortable/filterable per-document-type tables), `c5traceability.py` (configurable traceability matrix statistics with console and HTML report output, auto-discovery of document trees from `.doorstop.yml` files), `c5fingerprint.py` (dependency content fingerprinting — computes per-file SHA-256 hashes for files referenced in item `references:` lists and stores a combined digest in each item's YAML frontmatter; flags stale items when source files change, enabling dependency-aware impact analysis across the full specification tree; supports `--dry-run`, `--check` CI gate, and `--verbose` modes), `prune_bad_links.py` (Doorstop link pruning), and `doorstop_yml_to_md.py` (YAML-to-Markdown item migration);
 - [Transformer](./docs/manual/ssdlc.md#transformer): document transformation and format conversion using [Doorstop](https://github.com/doorstop-dev/doorstop), [Quarto](https://github.com/quarto-dev/quarto), [pandoc](https://pandoc.org/), and [organize](https://github.com/tfeldmann/organize);
-- [SpecEngine](./docs/specs/SpecEngine/) toolkit for specification management following the [C5-DEC method](./docs/specs/README.md): `c5graph.py` (interactive Cytoscape.js traceability graph with dagre layout, expand/collapse, color-coded coverage), `c5mermaid.py` (Mermaid-to-SVG/PNG pre-processor with undo and dry-run, integrated into `publish.sh`), `c5browser.py` (standalone Bootstrap + DataTables HTML browser for Doorstop items with sortable/filterable per-document-type tables), `c5traceability.py` (configurable traceability matrix statistics with console and HTML report output, auto-discovery of document trees from `.doorstop.yml` files), `prune_bad_links.py` (Doorstop link pruning), and `doorstop_yml_to_md.py` (YAML-to-Markdown item migration);
 - A [KB element](#knowledge-base) dedicated to software verification and validation (SVV).
 
 A view of the C5-DEC CAD specification browser:
@@ -70,6 +69,24 @@ A view of the C5-DEC CAD traceability statistics:
 
 ![C5-DEC CAD - traceability statistics](./docs/manual/_figures/c5dec-cad-traceability-stats.png)
 
+### DocEngine
+
+A Quarto-based document publishing engine ([full reference](./docs/manual/docengine.md)) for generating professional technical documents from Markdown source files:
+
+- Three ready-to-use template types scaffolded by `c5dec docengine <type> -n <name>`:
+    - `report` — full technical report with LaTeX cover page, chapter structure, custom headers/footers, bibliography, and DOCX reference template;
+    - `presentation` — Reveal.js (HTML) and PowerPoint slide deck with ALab branding;
+    - `cra-tech-doc` — CRA Annex VII seven-chapter compliance technical documentation, also available via `c5dec cra tech-doc`;
+- Supports PDF, HTML, and DOCX outputs from the same Markdown source;
+- Two configuration formats: `c5dec_config.yml` (v1, plain strings) and `c5dec_config_v2.yml` (v2, structured changelog entries, automatic LaTeX escaping);
+- Python pre/post-render scripts for cover page metadata injection, Doorstop-based table generation, and LaTeX file lifecycle management;
+- `--standalone` flag produces a self-contained template with its own devcontainer, enabling DocEngine use outside the main C5-DEC repository;
+- Integrated with the [CCT ETR generation pipeline](./docs/manual/cct.md#c5-dec-docengine-for-etr-generation) and the [CRA technical documentation workflow](./docs/manual/cra.md#2-cra-technical-documentation-generator).
+
+A view of a compiled DocEngine report:
+
+![C5-DEC CAD - DocEngine compiled report](./docs/manual/_figures/c5dec-cad-DocEngine-compiled-report.png)
+
 ### Common Criteria
 
 A comprehensive [Common Criteria Toolbox (CCT)](./docs/manual/cct.md) covering:

c5dec/assets/report/_quarto.yml

@@ -49,7 +49,7 @@ format:
     fig-pos: 'H'
     # geometry: "left=2.54cm,right=2.54cm,top=2.54cm,bottom=2.54cm"
     geometry: "left=2cm,right=2cm,top=2cm,bottom=2cm"
-    # mainfont: "Ubuntu"
+    mainfont: "Ubuntu"
     # mainfont: "Gill Sans"
     # sansfont: "Futura"
     # monofont: "Courier New"

c5dec/assets/report/tex/before-body-source.tex

@@ -77,7 +77,7 @@
 \vspace{1ex}
 
 \rowcolors{1}{white}{white} % override global table customization specified in tables.tex
-\begin{tabular}{ | p{0.08\textwidth}| p{0.12\textwidth}| p{0.2\textwidth}| p{0.48\textwidth}| } % Table start
+\begin{tabular}{ | p{0.12\textwidth}| p{0.12\textwidth}| p{0.2\textwidth}| p{0.44\textwidth}| } % Table start
     \hline
     \rowcolor{AlabTableColLightBlue}
     \textbf{Version} & \textbf{Date} & \textbf{Author} & \textbf{Modifications} \\

c5dec/assets/report/tex/before-body.tex

@@ -77,7 +77,7 @@
 \vspace{1ex}
 
 \rowcolors{1}{white}{white} % override global table customization specified in tables.tex
-\begin{tabular}{ | p{0.08\textwidth}| p{0.12\textwidth}| p{0.2\textwidth}| p{0.48\textwidth}| } % Table start
+\begin{tabular}{ | p{0.12\textwidth}| p{0.12\textwidth}| p{0.2\textwidth}| p{0.44\textwidth}| } % Table start
     \hline
     \rowcolor{AlabTableColLightBlue}
     \textbf{Version} & \textbf{Date} & \textbf{Author} & \textbf{Modifications} \\

c5dec/assets/templates/project/docEngine.Dockerfile

@@ -118,12 +118,16 @@ RUN ARCH=$(dpkg --print-architecture) && \
 ENV PATH="/usr/local/texlive/active-bin:$PATH"
 
 # Install the required fonts for Quarto and TeX Live
+# fc-cache updates the system font cache; luaotfload-tool rebuilds LuaTeX's own
+# font DB so that fontspec/luaotfload can resolve "Ubuntu" at render time.
 RUN cd /tmp && \
     wget https://assets.ubuntu.com/v1/0cef8205-ubuntu-font-family-0.83.zip && \
     unzip 0cef8205-ubuntu-font-family-0.83.zip -d ubuntu-fonts && \
     mkdir -p /usr/local/share/fonts/ubuntu && \
     cp ./ubuntu-fonts/ubuntu-font-family-0.83/*.ttf /usr/local/share/fonts/ubuntu/ && \
+    chmod 644 /usr/local/share/fonts/ubuntu/*.ttf && \
     fc-cache -fv && \
+    luaotfload-tool --update --force && \
     rm -rf /tmp/ubuntu-fonts /tmp/0cef8205-ubuntu-font-family-0.83.zip
 
 # Install Doorstop

c5dec/core/ssdlc.py

@@ -147,7 +147,7 @@ def create_new_c5dec_project(project="myproject", user="user"):
     zip_path = os.path.abspath(os.path.join(os.getcwd(), '..', f'{project}.zip'))
     log.info(f"Created ZIP archive at {zip_path}")
 
-def create_docengine_template(template_type, name, destination=None):
+def create_docengine_template(template_type, name, destination=None, standalone=False):
     """
     Create a new DocEngine report or presentation from templates.
 
@@ -157,11 +157,15 @@ def create_docengine_template(template_type, name, destination=None):
     3. Updates configuration files with the specified project name and current date.
     4. Generates a ZIP archive of the created template.
     5. Keeps both the working folder and ZIP archive.
+    6. If standalone=True, also copies the .devcontainer folder, docEngine.Dockerfile,
+       poetry.lock, and pyproject.toml so the template can be used independently in VS Code.
 
     Args:
         template_type (str): Type of template to create ("report" or "presentation").
         name (str): The name of the new template instance.
         destination (str, optional): Override default destination path. Defaults to ./docengine/{name}/.
+        standalone (bool): If True, copies DevContainer, Dockerfile, and Poetry artifacts
+            to the destination so DocEngine can be used without the full C5-DEC environment.
 
     Returns:
         None: The function logs the progress and creates both folder and ZIP archive.
@@ -253,6 +257,28 @@ def create_docengine_template(template_type, name, destination=None):
         else:
             log.warning(f"{filename} not found in {destination_path}")
 
+    # Copy standalone artifacts if requested
+    if standalone:
+        root_path = str(c5settings.PROJECT_ROOT_PATH)
+        standalone_items = [
+            (os.path.join(root_path, '.devcontainer'), os.path.join(destination_path, '.devcontainer')),
+            (os.path.join(root_path, 'docEngine.Dockerfile'), os.path.join(destination_path, 'docEngine.Dockerfile')),
+            (os.path.join(root_path, 'poetry.lock'), os.path.join(destination_path, 'poetry.lock')),
+            (os.path.join(root_path, 'pyproject.toml'), os.path.join(destination_path, 'pyproject.toml')),
+        ]
+        for src, dst in standalone_items:
+            if os.path.exists(src):
+                try:
+                    if os.path.isdir(src):
+                        shutil.copytree(src, dst)
+                    else:
+                        shutil.copy2(src, dst)
+                    log.info(f"Copied standalone artifact: {src} -> {dst}")
+                except Exception as e:
+                    log.warning(f"Could not copy standalone artifact {src}: {e}")
+            else:
+                log.warning(f"Standalone artifact not found: {src}")
+
     # Create ZIP archive (keep both folder and archive)
     zip_base_path = os.path.join(os.path.dirname(destination_path), name)
     try:

c5dec/frontend/cli/commands.py

@@ -90,7 +90,8 @@ def run_docengine(args, cwd, _, catch=True):
         success = ssdlc.create_docengine_template(
             template_type=args.template_type,
             name=args.name,
-            destination=args.destination
+            destination=args.destination,
+            standalone=getattr(args, 'standalone', False)
         )
         return success if success is not None else True
     except Exception as e:

c5dec/frontend/cli/main.py

@@ -126,6 +126,8 @@ def _docengine(subs):
                      help="Name of the template instance")
     sub.add_argument("-d", "--destination", 
                      help="Override default destination path (default: ./docengine/<name>/)")
+    sub.add_argument("--standalone", action="store_true", default=False,
+                     help="Also copy .devcontainer, docEngine.Dockerfile, and Poetry artifacts (poetry.lock, pyproject.toml) for standalone VS Code usage")
 
 @common.feature_flag("ON")
 def _timerep(subs):

docEngine.Dockerfile

@@ -118,12 +118,16 @@ RUN ARCH=$(dpkg --print-architecture) && \
 ENV PATH="/usr/local/texlive/active-bin:$PATH"
 
 # Install the required fonts for Quarto and TeX Live
+# fc-cache updates the system font cache; luaotfload-tool rebuilds LuaTeX's own
+# font DB so that fontspec/luaotfload can resolve "Ubuntu" at render time.
 RUN cd /tmp && \
     wget https://assets.ubuntu.com/v1/0cef8205-ubuntu-font-family-0.83.zip && \
     unzip 0cef8205-ubuntu-font-family-0.83.zip -d ubuntu-fonts && \
     mkdir -p /usr/local/share/fonts/ubuntu && \
     cp ./ubuntu-fonts/ubuntu-font-family-0.83/*.ttf /usr/local/share/fonts/ubuntu/ && \
+    chmod 644 /usr/local/share/fonts/ubuntu/*.ttf && \
     fc-cache -fv && \
+    luaotfload-tool --update --force && \
     rm -rf /tmp/ubuntu-fonts /tmp/0cef8205-ubuntu-font-family-0.83.zip
 
 # Install Doorstop