vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

chore: pre-migration snapshot
Some checks failed
WAF Intelligence Guardrail / waf-intel (push) Waiting to run
Details
Cloudflare Registry Validation / validate-registry (push) Has been cancelled
Details

Browse Source 
Layer0, MCP servers, Terraform consolidation
This commit is contained in:
Vault Sovereign
2025-12-27 01:52:27 +00:00
parent 7f2e60e1c5
commit f0b8d962de
67 changed files with 14887 additions and 650 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
LAYER0_SHADOW.md
View File

@@ -1,6 +1,7 @@
# LAYER 0 SHADOW
Pre-Boot Cognition Guard | Ouroboric Gate
Public label: Intent Safety Kernel
Version: 1.0 (Rubedo Seal)
Status: Active Primitive
Implements: Nigredo -> Rubedo (pre-form cognition)
@@ -27,6 +28,13 @@ Guarantees:
- Ambiguous intent does not awaken the wrong agent chain.
- Catastrophic requests are contained and recorded, not processed.
### 2.1 Invariant Guarantees (Immutables)
Layer 0 is intentionally constrained. These invariants are non-negotiable:
- Layer 0 does not load doctrine, select agents, or invoke MCP tools.
- Layer 0 produces no side effects beyond preboot anomaly logging for forbidden/catastrophic outcomes.
- Telemetry-driven learning may only add/strengthen detections (escalate); it must not relax catastrophic boundaries without replay validation and explicit review.
---
## 3. Classification Model
@@ -105,6 +113,10 @@ Notes:
- blessed and ambiguous queries are not logged here; only violations appear.
- catastrophic requests reveal no additional context to the requester.
### 6.1 Risk Score Semantics
`risk_score` is an ordinal signal (0-5) used for triage and audit correlation. It is monotonic under learning, may be context-weighted (e.g., production accounts), and does not decay without replay validation.
---
## 7. Interaction With Higher Layers