VaultMesh Continuous Compliance (vm-cc)

vm-cc is the continuous compliance and evidence orchestration layer. It ingests evidence from skills, ops, ledger, MCP, and contracts receipts, evaluates rules, and produces reports/proofs without duplicating the command-center control plane.

Scope vs command-center

• command-center: fleet control plane, EventEnvelope transport, runtime orchestration, receipt export.
• vm-cc: compliance intake, rule evaluation, reporting, proofs; consumes receipts, ledger attestations, and ops evidence.

Layout

• config/: source/rule/redaction/schedule configs
• schemas/: JSON/YAML schemas for evidence, rules, reports
• 00-frameworks/: frameworks and mappings (e.g., CIS->rules)
• 10-controls/: control definitions
• 20-collectors/: collectors to pull evidence from vm-skills, ops, ledger, mcp
• 30-evidence/: raw evidence drops (per-run folders)
• 40-rules/: executable rules
• 50-reports/: human-readable reports
• 60-proofs/: signed/attested artifacts
• 70-violations/: findings and escalations
• 80-remediation/: playbooks/automation for fixes
• 90-automation/: pipelines/glue for end-to-end runs
• scripts/: thin CLI wrappers to orchestrate collect -> evaluate -> report -> sign

Run directories

Each execution writes to a per-run folder set:

• 30-evidence/YYYY-MM-DD/RUN_ID/
• 50-reports/YYYY-MM-DD/RUN_ID/
• 60-proofs/YYYY-MM-DD/RUN_ID/
• 70-violations/YYYY-MM-DD/RUN_ID/

RUN_ID format: YYYYMMDDThhmmssZ_<shorthash>.

Rule result contract (example)

{
  "version": "1.0.0",
  "rule_id": "ledger.hash_chain_intact",
  "control_ids": ["AU-01", "AU-02"],
  "passed": true,
  "severity": "CRITICAL",
  "timestamp": "2025-12-27T12:00:00Z",
  "evidence": [
    {
      "path": "30-evidence/2025-12-27/20251227T120000Z_ab12/ledger_verify.json",
      "sha256": "..."
    }
  ],
  "details": { "entries_checked": 18231 },
  "remediation": null
}