Page Title: Forge Flow — From Phone to Shield
Summary: The Forge Flow describes how code moves from the Sovereign's phone and forge node (nexus-0) through GitLab on gate-vm, into CI, and finally onto shield-vm and lab nodes. It is the canonical "path of sovereign code".

Key Findings:
- Primary forge is nexus-0 (BlackArch), reachable via Tailscale from Android/laptop.
- vaultmesh repo lives on nexus-0 under `/root/work/vaultmesh`.
- Git remote points to GitLab on gate-vm (gitlab.mesh.local).
- GitLab CI handles lint → test → build → deploy.
- Production-like deployments land on shield-vm; experiments land on Lab HV nodes.

Forge Flow Diagram (Text):
```text
Android / Laptop
    ↓ (Tailscale SSH)
nexus-0 (BlackArch forge)
    ↓ (git push)
GitLab @ gate-vm (mesh-core-01)
    ↓ (CI: lint → test → build)
shield-vm (Shield / TEM) and Lab HV (phoenix-01, etc.)
```

Steps:

1. Inception (Connect to Forge)
   - From Android or laptop:
```bash
ssh VaultSovereign@100.67.39.1      # nexus-0 via Tailscale
tmux attach -t sovereign || tmux new -s sovereign
```

2. Forge (Edit & Test)
   - On nexus-0:
```bash
cd /root/work/vaultmesh
nvim .
python3 -m pytest tests/ -v
python3 cli/vm_cli.py guardian status
python3 cli/vm_cli.py console sessions
```

3. Transmit (Git Push to GitLab)
```bash
git add -A
git commit -m "feat(guardian): improve anchor receipts"
git push origin main   # or feature branch
```

4. Transform (GitLab CI on gate-vm)
   - .gitlab-ci.yml stages:
     - lint – style and basic checks.
     - test – pytest and CLI tests.
     - build – container/image build.
     - deploy – optional manual or automatic deployment.

5. Manifest (Deploy to Shield or Lab)
   - CI deploy job:
     - For main: deploy to shield-vm (production-like).
     - For lab branches: deploy to lab-mesh-01 / phoenix-01.
   - Manual deploy (fallback):
```bash
ssh shield-vm
cd /opt/vaultmesh
git pull
sudo systemctl restart vaultmesh-mcp vaultmesh-tem
```

6. Observe (Metrics & Proofs)
   - Grafana dashboards (gate-vm) for system and proof metrics.
   - Guardian CLI for roots and scrolls.
   - Lawchain/oracle dashboards for compliance view.

Infrastructure Roles in the Flow:
- nexus-0 → live forge, fast iteration, experiments.
- gate-vm → GitLab + CI + registry + observability.
- shield-vm → OffSec/TEM node and primary runtime for security engines.
- Lab HV → ephemeral experimentation environment.

Security Notes:
- SSH access to nexus-0 and shield-vm uses per-node ed25519 keys.
- GitLab access uses HTTPS with tokens or SSH keys.
- Deploy stage should be limited to trusted runners/tags.

Linked Assets:
- vaultmesh/.gitlab-ci.yml (CI pipeline).
- VAULTMESH-INFRA-OVERVIEW style documents.