feat: add collectors and rules

config/rules.yaml

@@ -1,24 +1,23 @@
-# Rule registry. Each entry binds a rule id to a source and evaluation script.
-# Keep rule definitions in 40-rules/; this file ties them to schedules and severity.
+version: "1.0.0"
 
 rules:
-  - id: authority-hierarchy
-    severity: HIGH
-    entry: "40-rules/authority_hierarchy.yaml"
+  - rule_id: "ledger.hash_chain_intact"
+    severity: "CRITICAL"
+    script: "40-rules/ledger_hash_chain_intact.sh"
     evidence:
-      - vm_mcp
-      - vm_ledger
+      - "ledger_verify.json"
+    controls: ["AU-01", "AU-02"]
 
-  - id: skills-health
-    severity: MEDIUM
-    entry: "40-rules/skills_health.yaml"
+  - rule_id: "governance.constitution_pinned"
+    severity: "HIGH"
+    script: "40-rules/governance_constitution_pinned.sh"
     evidence:
-      - vm_skills
-      - ops
+      - "constitution_hash.json"
+    controls: ["GV-01"]
 
-  - id: receipts-schema
-    severity: HIGH
-    entry: "40-rules/receipts_schema.yaml"
+  - rule_id: "backup.restore_drill_recent"
+    severity: "MEDIUM"
+    script: "40-rules/backup_restore_drill_recent.sh"
     evidence:
-      - vm_contracts
-      - vm_ledger
+      - "backup_restore_drill.json"
+    controls: ["BC-01"]

config/schedules.yaml

@@ -1,13 +1,10 @@
-# Schedules for rule execution. Cron-like or duration strings.
+version: "1.0.0"
 
 schedules:
-  - name: hourly-critical
-    every: "1h"
-    rules:
-      - authority-hierarchy
-      - receipts-schema
+  - name: "hourly"
+    cadence: "0 * * * *"
+    run: ["collect", "evaluate", "report", "sign"]
 
-  - name: daily-health
-    every: "24h"
-    rules:
-      - skills-health
+  - name: "daily"
+    cadence: "0 20 * * *"
+    run: ["collect", "evaluate", "report", "sign", "anchor"]

config/sources.yaml

@@ -10,7 +10,7 @@ vm_skills:
     - "*/outputs/ROOT.txt"
 
 ops:
-  path: "../ops"
+  path: "../vm-ops"
   evidence:
     - "20-identity/**"
     - "60-backups/**"