Add getting-started dir, fix all links, etc

Author: crandmck

README.md

@@ -1,20 +1,19 @@
 # opensource.contentauth.org
 
-[![Netlify Status](https://api.netlify.com/api/v1/badges/c2fe0e49-4596-48e8-8e1a-9cf62d56bca2/deploy-status)](https://app.netlify.com/sites/contentauth/deploys)
+[![Netlify Status](https://api.netlify.com/api/v1/badges/c2fe0e49-4596-48e8-8e1a-9cf62d56bca2/deploy-status)](https://app.netlify.com/sites/cai-open-source/deploys)
 
 ## Overview
 
-This repo contains the source code and content to generate the <https://opensource.contentauthenticity.org/> website.  This site is built using [Docusaurus 2](https://docusaurus.io/), a modern static site generator, and deployed on [Netlify](https://www.netlify.com/).
+This repo contains the source code and content to generate the <https://opensource.contentauthenticity.org/> website.  This site is built using [Docusaurus 3](https://docusaurus.io/), a modern static site generator, and deployed on [Netlify](https://www.netlify.com/).
 
 ### Directory structure
 
 The `docs` sub-directory contains documentation content (in markdown or `.mdx` format) in the following sub-directories:
-- [`js-sdk/api`](./docs/js-sdk/api): [API documentation](https://opensource.contentauthenticity.org/docs/js-sdk/api/) for the JavaScript library generated from the source code; see [Generating JavaScript API docs](#generating-javascript-sdk-api-docs).
-- [`js-sdk`](./docs/js-sdk/): [Other documentation](https://opensource.contentauthenticity.org/docs/js-sdk/getting-started/overview) for the JavaScript library.
-(./scripts/generate-api-docs/index.js)
+
 - `includes`: Markdown content imported (transcluded) into other files.
-- `manifest`: Content for the [Understanding manifests](https://opensource.contentauthenticity.org/docs/manifest/understanding-manifest) section.
 - `static`: Additional assets such as images.
+- `manifest`: Content for the [Understanding manifests](https://opensource.contentauthenticity.org/docs/manifest/understanding-manifest) section.
+- Various other sub-directories for content sections, e.g. `durable-cr`, `manifest`, `signing`, etc.
 
 Additionally, the [scripts/fetch-readme.js](./scripts/fetch-readme.js) script dynamically downloads documentation files (sometimes just the `README.md` but often other markdown files, too) from other repos in the SDK. See [Running the fetch script](#running-fetch-script).
 
@@ -23,17 +22,16 @@ This table summarizes the content that this script fetches from other repos.
 | Sub-directory | Content fetched from... | Description | 
 |-----------|-------------------------|-------------|
 | `c2pa-c` | [c2pa-c](https://github.com/contentauth/c2pa-c) | C library docs. |
-| `c2pa-min` | [c2pa-min](https://github.com/contentauth/c2pa-min) | Minimal Rust example app. |
-| `c2pa-node` | [c2pa-node](https://github.com/contentauth/c2pa-node) | Node library docs. |
+| `c2pa-ios` | [c2pa-ios](https://github.com/contentauth/c2pa-ios) | Mobile iOS library docs. |
+| `c2pa-android` | [c2pa-android](https://github.com/contentauth/c2pa-android) | Android library docs. | 
+| `c2pa-node-v2` | [c2pa-node](https://github.com/contentauth/c2pa-node-v2) | Node library docs. |
 | `c2pa-node-example`  | [c2pa-node-example](https://github.com/contentauth/c2pa-node-example) | Node example app.|
 | `c2pa-python` | [c2pa-python](https://github.com/contentauth/c2pa-python) | Python library docs. |
 | `c2pa-python example` | [c2pa-python-example](https://github.com/contentauth/c2pa-python-example) | Python example app. |
-| `c2pa-service-example` | [c2patool-service-example](https://github.com/contentauth/c2patool-service-example) | C2PA Tool service example app. |
 | `c2patool` | [c2pa-rs cli directory](https://github.com/contentauth/c2pa-rs/cli) | C2PA Tool docs. |
 | `js-sdk` | [c2pa-js](https://github.com/contentauth/c2pa-js) | JavaScript library docs. |
 | `rust-sdk` | [c2pa-rs](https://github.com/contentauth/c2pa-rs) | Rust library docs. |
-
-The [Manifest store reference](https://opensource.contentauthenticity.org/docs/manifest/manifest-ref) is an HTML file generated by the  [json-manifest-reference](https://github.com/contentauth/json-manifest-reference) repository and imported manually.
+| `trustmark` | [adobe/trustmark](https://github.com/adobe/trustmark/) | Trustmark docs |
 
 ## Installation
 
@@ -46,17 +44,11 @@ $ npm install
 
 ## Local development
 
-**Prerequisite**: To build the site locally, you must first check out the JavaScript library in a sibling directory and build the API docs there.  In the parent directory of the `opensource.contentauth.org` directory, enter these commands:
+Build the site locally:
 
 ```
 $ git clone [email protected]:contentauth/c2pa-js.git
 $ cd opensource.contentauth.org
-$ npm run docs:generate-api-docs 
-```
-
-Then you can build and run the doc site with this command:
-
-```
 $ npm start
 ```
 
@@ -72,14 +64,6 @@ npm run docs:fetch-readme
 
 NOTE: If you need to get markdown files from a **new** repo that you added, then you need to manually add the sub-directory, add a `.gitkeep` file to it, and then commit it to this repository.
 
-### Generating JavaScript SDK API docs
-
-The `/scripts/generate-api-docs/index.js` script generates API docs for the JS SDK (assuming you've checked it out in a sibling directory). To run this script for local build, enter this command:
-
-```
-npm run docs:generate-api-docs
-```
-
 ### Building
 
 ```

docs/community.md

@@ -29,7 +29,7 @@ Participants are required to follow the [Adobe Code of Conduct](https://github.c
 
 ### Verify
 
-The code for the [C2PA Verify website](https://verify.contentauthenticity.org/) is open source.  For general information on using it, see [Using the Verify tool](verify.mdx).
+The code for the [C2PA Verify website](https://verify.contentauthenticity.org/) is open source.  For general information on using it, see [Using the Verify tool](getting-started/verify.mdx).
 
 ### Related projects
 
@@ -55,8 +55,8 @@ The CAI maintains a [Discord server](https://discord.gg/CAI) for open technical
 ## Other resources
 
 - **Read the [CAI blog](https://contentauthenticity.org/blog)** to get the latest news and updates about CAI.
-- **Follow [CAI on Twitter](https://twitter.com/ContentAuth)** for the latest general announcements and information.
-- **[The FAQ](./faqs)** address a number of high-level questions.
+- **Follow [CAI on X](https://twitter.com/ContentAuth)** for the latest general announcements and information.
+- **[The FAQs](getting-started/faqs.mdx)** address a number of high-level questions.
 
 ## Developer survey
 

docs/conformance.mdx

@@ -49,7 +49,7 @@ For more information, see [C2PA Conformance Program Documents](https://github.co
 
 #### Preliminary certificate check
 
-To confirm all the settings in your signing certificate, you can follow the [preliminary certificate check](trust-list.mdx#checking-your-certificate) for the interim trust list to help ensure everything is as expected.
+To confirm all the settings in your signing certificate, you can follow the [preliminary certificate check](getting-started/trust-list.mdx#checking-your-certificate) for the interim trust list to help ensure everything is as expected.
 
 #### Security requirements
 
@@ -85,9 +85,9 @@ C2PA maintains two trust lists:
 
 ### Interim trust list retirement
 
-With the introduction of the C2PA trust list, the existing [interim (temporary) trust list](trust-list.mdx) is being retired on the following timeline:
+With the introduction of the C2PA trust list, the existing [interim (temporary) trust list](getting-started/trust-list.mdx) is being retired on the following timeline:
 
-- **Through December 31, 2025**: The [interim trust list](trust-list.mdx) will remain operational. During this time:
+- **Through December 31, 2025**: The [interim trust list](getting-started/trust-list.mdx) will remain operational. During this time:
   - The [Verify site](https://verify.contentauthenticity.org) will continue to display manifests signed by certificates on the interim trust list as trusted, but with a disclaimer that the manifests were made with an older version of the trust model.
   - New certificates will continue to be added to the interim trust list when requested.
   - Product developers are strongly encouraged to apply to the C2PA conformance program and use the official C2PA trust list.

docs/faqs.mdx docs/getting-started/faqs.mdxdocs/faqs.mdx renamed to docs/getting-started/faqs.mdx

@@ -33,7 +33,7 @@ Notable implementations using blockchain:
 
 No; Content Credentials do not enforce permissions for access to content. In many cases, the name displayed on the [Verify website](https://verify.contentauthenticity.org) is the name of the exporter of the content, not the rights owner.
 
-The ["Produced by" section](verify.mdx#produced-by) in Verify refers to the name of the exporter. If the image was created with an Adobe Product such as Photoshop with Content Credentials (Beta) enabled, the "Produced by" section shows the name of the Adobe ID associated with the user who exported the image.
+The [Title and signgin information](verify.mdx#title-and-signing-information) in Verify refers to the name of the exporter. If the image was created with an Adobe Product such as Photoshop with Content Credentials (Beta) enabled, the "Produced by" section shows the name of the Adobe ID associated with the user who exported the image.
 
 ### Do Content Credentials indicate if an image is fake or altered?
 

docs/getting-started.mdx docs/getting-started/index.mdxdocs/getting-started.mdx renamed to docs/getting-started/index.mdx

@@ -1,13 +1,12 @@
 ---
-id: getting-started
 title: Getting started with Content Credentials
 ---
 
-import c2pa_terms from '../static/img/c2pa-terms.png';
-import cai_open_source from '../static/img/cai-open-source.jpg';
-import cai_os_tools_table from '../static/img/cai-os-tools-table.png';
-import cai_levels from '../static/img/cai-levels.png';
-import cr_pin from '../static/img/cr-pin.png';
+import c2pa_terms from '../../static/img/c2pa-terms.png';
+import cai_open_source from '../../static/img/cai-open-source.jpg';
+import cai_os_tools_table from '../../static/img/cai-os-tools-table.png';
+import cai_levels from '../../static/img/cai-levels.png';
+import cr_pin from '../../static/img/cr-pin.png';
 
 This is a technical introduction to the Content Authenticity Initiative (CAI) open-source SDK that provides initial context and an overview of the technical aspects of implementing CAI solutions.
 
@@ -29,7 +28,7 @@ Now, let's drill down a bit to clarify some of these terms.
 
 **Actor**: A human or hardware or software product. For example, a camera, image editing software, cloud service, or the person using such tools.
 
-**Asset**: A digital media file or stream of data of [certain specific image, video, or audio formats](rust-sdk/#supported-file-formats). In the future, the types of supported assets will expand. A _composed asset_ generalizes this concept, for example an image superimposed on top of another image.
+**Asset**: A digital media file or stream of data of [certain specific image, video, or audio formats](../rust-sdk/docs/supported-formats.md). A _composed asset_ generalizes this concept, for example an image superimposed on top of another image.
 
 **Action**: An operation that an _actor_ performs on an _asset._ For example, "create," "embed," or "change contrast."
 
@@ -92,7 +91,7 @@ For more information on getting and using certificates, see [Signing and certifi
 
 ### Verify trust list
 
-import verify_unknown_source from '../static/img/verify-cc-unknown-source.png';
+import verify_unknown_source from '../../static/img/verify-cc-unknown-source.png';
 
 The C2PA [Verify tool](https://verify.contentauthenticity.org) uses a list of _known certificates_ (sometimes referred to as a "trust list") to determine whether a Content Credential was issued by a known source. Currently, it uses the [interim trust list](verify-known-cert-list) but it will be updated soon to use the official [C2PA trust list](conformance.mdx#c2pa-trust-lists).
 

docs/trust-list.mdx docs/getting-started/trust-list.mdxdocs/trust-list.mdx renamed to docs/getting-started/trust-list.mdx

@@ -3,7 +3,7 @@ id: verify-known-cert-list
 title: The interim trust list
 ---
 
-import verify_unknown_source from '../static/img/verify-cc-unknown-source.png';
+import verify_unknown_source from '../../static/img/verify-cc-unknown-source.png';
 
 :::warning Warning
 The process described on this page is deprecated. The C2PA has released its official trust lists, and Verify will be updated to use them soon. See [Deprecation timeline](#deprecation-timeline) for more information.
@@ -37,7 +37,7 @@ For more information about conformance, see [C2PA conformance program](conforman
 The Verify site hosts the following files that it uses to [validate signing certificates](https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_c2pa_signers). Together, these files form the _interim known certificate list_:
 
 - [**The interim end-entity certificate list**](https://github.com/contentauth/verify-site/blob/main/static/trust/allowed.pem) consists of end-entity certificates. If the certificate is on this list, it is considered "known." To reduce bandwidth consumption, a version with SHA-256 hashes of the certificates is also available.
-- [**The interim known anchor list**](https://github.com/contentauth/verify-site/blob/main/static/trust/anchors.pem) contains the list of known anchor certificates. If an end-entity [certificate's chain](getting-started.mdx#signing-and-certificates) can be traced back to an anchor certificate on this list, the certificate is considered "known."
+- [**The interim known anchor list**](https://github.com/contentauth/verify-site/blob/main/static/trust/anchors.pem) contains the list of known anchor certificates. If an end-entity [certificate's chain](index.mdx#signing-and-certificates) can be traced back to an anchor certificate on this list, the certificate is considered "known."
 - [**The configuration file**](https://github.com/contentauth/verify-site/blob/main/static/trust/store.cfg) specifies the [Extended Key Usage (EKU)](https://datatracker.ietf.org/doc/html/rfc9336) values accepted for end-entity certificates. An end-entity certificate must have at least one of the EKUs in this list to be valid.
 
 ## Checking your certificate

docs/verify.mdx docs/getting-started/verify.mdxdocs/verify.mdx renamed to docs/getting-started/verify.mdx

@@ -3,7 +3,7 @@ id: verify
 title: Using the Verify tool
 ---
 
-import verify_site from '../static/img/verify.png';
+import verify_site from '../../static/img/verify.png';
 
 The C2PA **[Verify tool](https://verify.contentauthenticity.org)** (often referred to as simply "Verify") is useful both for consumers and for CAI application developers.
 
@@ -54,7 +54,7 @@ To use Verify on an asset URL, the URL must not require any authentication and t
 
 ### Example assets
 
-The [example-assets](https://contentauth.github.io/example-assets/) repository contains some sample assets that demonstrate Content Credentials, including links to view the corresponding manifest reports from the [C2PA Tool](c2patool) and to inspect the assets using Verify. See [the README as rendered in GitHub Pages](https://contentauth.github.io/example-assets/).
+The [example-assets](https://contentauth.github.io/example-assets/) repository contains some sample assets that demonstrate Content Credentials, including links to view the corresponding manifest reports from the [C2PA Tool](../c2patool/readme.md) and to inspect the assets using Verify. See [the README as rendered in GitHub Pages](https://contentauth.github.io/example-assets/).
 
 ### Source code
 
@@ -71,7 +71,7 @@ Once you've uploaded an asset or entered an asset URL, if the asset:
 - Does not have an associated manifest store, Verify displays the message **No Content Credential**.
 - Does have an associated manifest store, Verify displays information from it in the three vertical panels, for example as shown below.
 
-import verify_sections from '../static/img/verify-sections.png';
+import verify_sections from '../../static/img/verify-sections.png';
 
 <img src={verify_sections} style={{ width: '800px', marginBottom: '20px' }} />
 
@@ -149,7 +149,7 @@ import verify_sections from '../static/img/verify-sections.png';
 
 ### Title and signing information
 
-import verify_title_date from '../static/img/verify-title-date.png';
+import verify_title_date from '../../static/img/verify-title-date.png';
 
 <img
   src={verify_title_date}
@@ -176,7 +176,7 @@ For example, suppose you downloaded a file from Adobe Stock and renamed it `my_s
 
 If the Content Credential was signed by a certificate that is NOT on the [known certificate list](verify-known-cert-list), such as one of the SDK's [test certificates](signing/test-certs.md), then Verify displays "Unrecognized" at the top of this section with this notice:
 
-import verify_unknown_source from '../static/img/verify-cc-unknown-source.png';
+import verify_unknown_source from '../../static/img/verify-cc-unknown-source.png';
 
 <img
   src={verify_unknown_source}
@@ -205,7 +205,7 @@ If the issuer string is too long, then the date might be truncated or not shown
 
 If the manifest has [validation errors](manifest/reading/validation.md), then Verify displays this notice:
 
-import verify_validation_error from '../static/img/verify-validation-error.png';
+import verify_validation_error from '../../static/img/verify-validation-error.png';
 
 <img
   src={verify_validation_error}
@@ -259,11 +259,11 @@ The **Process** section displays information about the process used to create th
 - [App or device used](#app-or-device-used)
 - [Actions](#actions)
 - [Ingredients](#ingredients)
-- [AI-generated content](#ai-generated-content) (if the active manifest includes a [generative AI action](manifest/assertions-actions#generative-ai-action))
+- [AI-generated content](#ai-generated-content) (if the active manifest includes a [generative AI action](../manifest/writing/assertions-actions.md#generative-ai-action))
 
 For example:
 
-import verify_process from '../static/img/verify-process.png';
+import verify_process from '../../static/img/verify-process.png';
 
 <img src={verify_process} style={{ width: '600px' }} />
 
@@ -329,21 +329,21 @@ The **Actions** subsection lists [actions](https://opensource.contentauthenticit
 
 #### AI-generated content
 
-import verify_process_ai from '../static/img/verify-process-ai.png';
+import verify_process_ai from '../../static/img/verify-process-ai.png';
 
 <img src={verify_process_ai} style={{ width: '250px' }} />
 
-If one or more of the asset's ingredients was generated by artificial intelligence, as specified by the [generative AI action](manifest/assertions-actions#generative-ai-action), then a **Content summary** is shown and the **Process** section will also show the **AI tool used**, as shown in the example above.
+If one or more of the asset's ingredients was generated by artificial intelligence, as specified by the [generative AI action](../manifest/writing/assertions-actions.md#generative-ai-action), then a **Content summary** is shown and the **Process** section will also show the **AI tool used**, as shown in the example above.
 
 ### About this Content Credential
 
 This section displays the same information as described in [Title and singing information](#title-and-signing-information).
 
 ### Camera capture details
 
-If the active manifest includes [Exif metadata assertions](manifest/assertions-actions#exif-assertion), then an additional **Camera capture details** section shows information about the device used to create the asset, as illustrated below:
+If the active manifest includes [Exif metadata assertions](../manifest/writing/assertions-actions.md#cawg-metadata-assertions), then an additional **Camera capture details** section shows information about the device used to create the asset, as illustrated below:
 
-import verify_exif from '../static/img/verify-exif.png';
+import verify_exif from '../../static/img/verify-exif.png';
 
 <img src={verify_exif} style={{ width: '500px' }} />