vaultsovereign/vm-cc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: init vm-cc compliance scaffold

Browse Source
This commit is contained in:
Vault Sovereign
2025-12-27 00:44:38 +00:00
commit b654462586
18 changed files with 132 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
README.md Normal file
View File

@@ -0,0 +1,34 @@
# VaultMesh Continuous Compliance (vm-cc)
vm-cc is the continuous compliance and evidence orchestration layer. It ingests evidence from skills, ops, ledger, MCP, and contracts receipts, evaluates rules, and produces reports/proofs without duplicating the command-center control plane.
## Scope vs command-center
- command-center: fleet control plane, EventEnvelope transport, runtime orchestration, receipt export.
- vm-cc: compliance intake, rule evaluation, reporting, proofs; consumes receipts, ledger attestations, and ops evidence.
## Layout
- config/: source/rule/redaction/schedule configs
- schemas/: JSON/YAML schemas for evidence, rules, reports
- 00-frameworks/: frameworks and mappings (e.g., CIS→rules)
- 10-controls/: control definitions
- 20-collectors/: collectors to pull evidence from vm-skills, ops, ledger, mcp
- 30-evidence/: raw evidence drops (per-run folders)
- 40-rules/: executable rules
- 50-reports/: human-readable reports
- 60-proofs/: signed/attested artifacts
- 70-violations/: findings and escalations
- 80-remediation/: playbooks/automation for fixes
- 90-automation/: pipelines/glue for end-to-end runs
- scripts/: thin CLI wrappers to orchestrate collect → evaluate → report → sign
## Rule result contract (example)
```
{
"rule_id": "authority-hierarchy",
"passed": true,
"severity": "HIGH",
"timestamp": "2025-12-27T12:00:00Z",
"evidence": ["30-evidence/2025-12-27/authority.json"],
"details": { "checked_transitions": 42 }
}
```