vaultsovereign/vm-cc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add collectors and rules

Browse Source
This commit is contained in:
Vault Sovereign
2025-12-27 00:59:13 +00:00
parent b654462586
commit d1980ec714
14 changed files with 493 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
scripts/vmcc Executable file
View File

@@ -0,0 +1,64 @@
#!/usr/bin/env bash
set -euo pipefail
source "$(dirname "$0")/lib/common.sh"
ROOT="$(vmcc_root)"
CMD="${1:-}"
RUN_ID="${VMCC_RUN_ID:-$(run_id)}"
DAY="$(date -u "+%Y-%m-%d")"
EVID_DIR="$ROOT/30-evidence/$DAY/$RUN_ID"
RULE_DIR="$ROOT/50-reports/$DAY/$RUN_ID/rules"
REP_DIR="$ROOT/50-reports/$DAY/$RUN_ID"
mkdir -p "$EVID_DIR" "$RULE_DIR" "$REP_DIR"
case "$CMD" in
collect)
echo "[vmcc] run_id=$RUN_ID"
echo "[vmcc] collecting evidence -> $EVID_DIR"
"$ROOT/20-collectors/collect_ledger_verify.sh" "$EVID_DIR"
"$ROOT/20-collectors/collect_constitution_hash.sh" "$EVID_DIR"
"$ROOT/20-collectors/collect_backup_restore_drill.sh" "$EVID_DIR"
;;
evaluate)
echo "[vmcc] evaluating rules -> $RULE_DIR"
"$ROOT/40-rules/ledger_hash_chain_intact.sh" "$EVID_DIR" > "$RULE_DIR/ledger.hash_chain_intact.json"
"$ROOT/40-rules/governance_constitution_pinned.sh" "$EVID_DIR" > "$RULE_DIR/governance.constitution_pinned.json"
"$ROOT/40-rules/backup_restore_drill_recent.sh" "$EVID_DIR" > "$RULE_DIR/backup.restore_drill_recent.json"
;;
report)
require_cmd jq
echo "[vmcc] assembling report -> $REP_DIR/report.json"
TS="$(iso_utc_now)"
PASSED_COUNT="$(jq -s '[.[] | select(.passed==true)] | length' "$RULE_DIR"/*.json)"
FAILED_COUNT="$(jq -s '[.[] | select(.passed==false)] | length' "$RULE_DIR"/*.json)"
jq -n \
--arg version "1.0.0" \
--arg timestamp "$TS" \
--arg run_id "$RUN_ID" \
--arg day "$DAY" \
--slurpfile rules <(cat "$RULE_DIR"/*.json) \
--argjson passed "$PASSED_COUNT" \
--argjson failed "$FAILED_COUNT" \
'{
version: $version,
timestamp: $timestamp,
period: "run",
run_id: $run_id,
day: $day,
summary: {
rules_passed: $passed,
rules_failed: $failed,
status: (if $failed == 0 then "COMPLIANT" else "NONCOMPLIANT" end)
},
rules: $rules
}' > "$REP_DIR/report.json"
;;
*)
echo "Usage: $0 {collect|evaluate|report}" >&2
exit 1
;;
esac