Initial commit - combined iTerm2 scripts

Contains:
- 1m-brag
- tem
- VaultMesh_Catalog_v1
- VAULTMESH-ETERNAL-PATTERN

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

VaultMesh_Catalog_v1/pages/page7-oracle-shield.md

@@ -0,0 +1,83 @@
+Page Title: Oracle Engine & Shield Defense (TEM Stack)
+Summary: The Oracle Engine provides structured reason → decide → act chains, while Shield and TEM form the defensive veil. Together they detect threats, log them to the proof system, and (optionally) orchestrate responses across shield-vm, lab nodes, and the wider mesh.
+
+Key Findings:
+- Oracle chains decisions through explicit reasoning steps, not opaque actions.
+- Every significant decision can emit receipts into the proof spine.
+- Shield monitors multiple vectors (network, process, file, device, etc.).
+- Response levels span from passive logging to active isolation or countermeasures.
+- Agent tasks allow scheduled or triggered operations (e.g., periodic scans).
+
+Components:
+- Oracle Reasoning Engine.
+- Oracle Decision System.
+- Tactical Chain Executor.
+- Shield Monitor (sensors).
+- Shield Responder (actions).
+- TEM daemon (threat transmutation logic).
+- Agent Task Scheduler.
+
+Oracle Tools:
+| Tool                   | Purpose                              |
+|------------------------|--------------------------------------|
+| oracle_status          | Node status and capabilities         |
+| oracle_reason          | Analyze situation, propose actions   |
+| oracle_decide          | Make autonomous decision             |
+| oracle_tactical_chain  | Full reason → decide → act chain     |
+
+Oracle Tactical Chain Flow:
+1. **Context**: Collect current state (logs, metrics, alerts, lawchain state).
+2. **Reason**: `oracle_reason` produces candidate actions with justifications.
+3. **Decide**: `oracle_decide` selects an action based on risk tolerance and constraints.
+4. **Act**: Execute playbooks, or keep in dry-run mode for simulation.
+5. **Prove**: Generate a receipt and anchor via proof system (optional but recommended).
+
+Shield Monitor Vectors:
+| Vector    | Detection Capability           |
+|-----------|--------------------------------|
+| network   | Port scans, unusual flows      |
+| wifi      | Rogue APs, deauth attempts     |
+| bluetooth | Device enumeration/anomalies   |
+| usb       | Storage/HID abuse              |
+| process   | Suspicious binaries, behavior  |
+| file      | Unauthorized modifications     |
+
+Shield Response Levels:
+| Level   | Action                                 |
+|---------|----------------------------------------|
+| log     | Record event only                      |
+| alert   | Notify operator (Slack/email/etc.)     |
+| block   | Prevent connection/action              |
+| isolate | Quarantine node/container/service      |
+| counter | Active response (e.g., honeypots)      |
+
+Agent Tasks:
+```json
+{
+  "name": "scheduled_scan",
+  "trigger": {
+    "type": "schedule",
+    "config": {"cron": "0 */6 * * *"}
+  },
+  "actions": [
+    {"tool": "shield_monitor", "args": {"vectors": ["network", "wifi"]}},
+    {"tool": "oracle_tactical_chain", "args": {"dry_run": true}}
+  ],
+  "on_complete": "mesh_broadcast"
+}
+```
+
+Security Notes:
+- Dry-run mode is default for dangerous operations; production actions require explicit opt-in.
+- Risk tolerance levels gate what Shield/TEM may do without human approval.
+- All automated decisions can be bound to receipts for post-incident audit.
+
+MCP / Mesh Tools:
+- oracle_status, oracle_reason, oracle_decide, oracle_tactical_chain
+- shield_status, shield_monitor, shield_respond
+- Agent task management: agent_task, agent_list, agent_cancel
+
+Dependencies:
+- OffSec MCP server running on shield-vm/lab nodes.
+- Proof system enabled for Oracle and Shield receipts.
+- Integrations with metrics (Prometheus) and observability (Grafana).