vaultsovereign/vm-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initialize repository snapshot

Browse Source
This commit is contained in:
Vault Sovereign
2025-12-27 00:10:32 +00:00
commit 110d644e10
281 changed files with 40331 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

551
docs/skill/ALCHEMICAL_PATTERNS.md Normal file
View File

@@ -0,0 +1,551 @@
# VaultMesh Alchemical Patterns
> *Solve et Coagula — Dissolve and Coagulate*
## The Alchemical Framework
VaultMesh uses alchemical metaphors not as mysticism, but as precise operational language for system states and transformations.
## Phases (Operational States)
### Nigredo 🜁 — The Blackening
**Meaning**: Crisis, breakdown, decomposition
**Operational State**: System under stress, incident in progress
**Indicators**:
- Active security incident
- Service degradation
- Guardian anchor failures
- Constitutional violations detected
**Receipt Types During Nigredo**:
- `offsec_incident` (severity: high/critical)
- `obs_log_alert` (severity: critical)
- `gov_violation`
- `psi_phase_transition` (to_phase: nigredo)
**Actions**:
- Incident response procedures activated
- Enhanced monitoring enabled
- Emergency powers may be invoked
- Transmutation processes initiated
```json
{
"type": "psi_phase_transition",
"from_phase": "albedo",
"to_phase": "nigredo",
"trigger": {
"event_type": "security_incident",
"reference": "INC-2025-12-001",
"severity": "critical"
},
"indicators": [
"active_intrusion_detected",
"guardian_alert_level_elevated"
]
}
```
---
### Albedo 🜄 — The Whitening
**Meaning**: Purification, recovery, stabilization
**Operational State**: Post-incident recovery, learning phase
**Indicators**:
- Incident contained
- Systems stabilizing
- Root cause analysis in progress
- Remediation being verified
**Receipt Types During Albedo**:
- `offsec_remediation`
- `psi_transmutation` (steps: extract, dissolve, purify)
- `obs_health_snapshot` (improving trends)
**Actions**:
- Post-incident review
- IOC extraction
- Rule generation
- Documentation updates
```json
{
"type": "psi_phase_transition",
"from_phase": "nigredo",
"to_phase": "albedo",
"trigger": {
"event_type": "incident_contained",
"reference": "INC-2025-12-001"
},
"indicators": [
"threat_neutralized",
"services_recovering",
"rca_initiated"
],
"duration_in_nigredo_hours": 4.5
}
```
---
### Citrinitas 🜆 — The Yellowing
**Meaning**: Illumination, new capability emerging
**Operational State**: Optimization, enhancement
**Indicators**:
- New defensive capabilities deployed
- Performance improvements measured
- Knowledge crystallized into procedures
- Drills showing improved outcomes
**Receipt Types During Citrinitas**:
- `psi_transmutation` (steps: coagulate)
- `psi_integration`
- `security_drill_run` (outcomes: improved)
- `auto_workflow_run` (new capabilities)
**Actions**:
- Deploy new detection rules
- Update runbooks
- Train team on new procedures
- Measure improvement metrics
```json
{
"type": "psi_phase_transition",
"from_phase": "albedo",
"to_phase": "citrinitas",
"trigger": {
"event_type": "capability_deployed",
"reference": "transmute-2025-12-001"
},
"indicators": [
"detection_rules_active",
"playbook_updated",
"team_trained"
],
"capabilities_gained": [
"lateral_movement_detection_v2",
"automated_containment_k8s"
]
}
```
---
### Rubedo 🜂 — The Reddening
**Meaning**: Integration, completion, maturity
**Operational State**: Stable, sovereign operation
**Indicators**:
- All systems nominal
- Capabilities integrated into BAU
- Continuous improvement active
- High resilience demonstrated
**Receipt Types During Rubedo**:
- `psi_resonance` (harmony_score: high)
- `obs_health_snapshot` (all_green)
- `mesh_topology_snapshot` (healthy)
- `treasury_reconciliation` (balanced)
**Actions**:
- Regular drills maintain readiness
- Proactive threat hunting
- Continuous compliance monitoring
- Knowledge sharing with federation
```json
{
"type": "psi_phase_transition",
"from_phase": "citrinitas",
"to_phase": "rubedo",
"trigger": {
"event_type": "stability_achieved",
"reference": "phase-assessment-2025-12"
},
"indicators": [
"30_days_no_critical_incidents",
"slo_targets_met",
"drill_outcomes_excellent"
],
"maturity_score": 0.92
}
```
---
## Transmutation (Tem Pattern)
Transmutation converts negative events into defensive capabilities.
### The Process
```
┌─────────────────────────────────────────────────────────────────┐
│ PRIMA MATERIA │
│ (Raw Input: Incident/Vuln/Threat) │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ STEP 1: EXTRACT │
│ • Identify IOCs (IPs, domains, hashes, TTPs) │
│ • Document attack chain │
│ • Capture forensic artifacts │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ STEP 2: DISSOLVE (Solve) │
│ • Break down into atomic components │
│ • Normalize to standard formats (STIX, Sigma) │
│ • Map to frameworks (MITRE ATT&CK) │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ STEP 3: PURIFY │
│ • Remove false positives │
│ • Validate against known-good │
│ • Test in isolated environment │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ STEP 4: COAGULATE (Coagula) │
│ • Generate detection rules (Sigma, YARA, Suricata) │
│ • Create response playbooks │
│ • Deploy to production │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ STEP 5: SEAL │
│ • Emit transmutation receipt │
│ • Link prima materia to philosopher's stone │
│ • Anchor evidence chain │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ PHILOSOPHER'S STONE │
│ (Output: Defensive Capability) │
└─────────────────────────────────────────────────────────────────┘
```
### Transmutation Contract
```json
{
"transmutation_id": "psi-transmute-2025-12-06-001",
"title": "SSH Brute Force to Detection Capability",
"initiated_by": "did:vm:human:sovereign",
"initiated_at": "2025-12-06T10:00:00Z",
"input_material": {
"type": "security_incident",
"reference": "INC-2025-12-001",
"prima_materia_hash": "blake3:incident_evidence..."
},
"target_phase": "citrinitas",
"transmutation_steps": [
{
"step_id": "step-1-extract",
"name": "Extract Prima Materia",
"action": "extract_iocs",
"expected_output": "cases/psi/transmute-001/extracted_iocs.json"
},
{
"step_id": "step-2-dissolve",
"name": "Dissolve (Solve)",
"action": "normalize_to_stix",
"expected_output": "cases/psi/transmute-001/stix_bundle.json"
},
{
"step_id": "step-3-purify",
"name": "Purify",
"action": "validate_iocs",
"expected_output": "cases/psi/transmute-001/validated_iocs.json"
},
{
"step_id": "step-4-coagulate",
"name": "Coagulate",
"action": "generate_sigma_rules",
"expected_output": "cases/psi/transmute-001/sigma_rules/"
},
{
"step_id": "step-5-seal",
"name": "Seal",
"action": "emit_receipt",
"expected_output": "receipts/psi/psi_events.jsonl"
}
],
"witnesses_required": ["brick-01", "brick-02"],
"success_criteria": {
"rules_deployed": true,
"detection_verified": true,
"no_false_positives_24h": true
}
}
```
### Transmutation Receipt
```json
{
"type": "psi_transmutation",
"transmutation_id": "psi-transmute-2025-12-06-001",
"timestamp": "2025-12-06T16:00:00Z",
"input_material": {
"type": "security_incident",
"reference": "INC-2025-12-001",
"prima_materia_hash": "blake3:abc123..."
},
"output_capability": {
"type": "detection_rules",
"reference": "sigma-rule-ssh-brute-force-v2",
"philosophers_stone_hash": "blake3:def456..."
},
"transformation_summary": {
"iocs_extracted": 47,
"rules_generated": 3,
"playbooks_updated": 1,
"ttps_mapped": ["T1110.001", "T1021.004"]
},
"alchemical_phase": "citrinitas",
"witnesses": [
{
"node": "did:vm:node:brick-01",
"witnessed_at": "2025-12-06T15:55:00Z",
"signature": "z58D..."
}
],
"tags": ["psi", "transmutation", "ssh", "brute-force"],
"root_hash": "blake3:transmute..."
}
```
---
## Resonance
Resonance measures cross-system synchronization and harmony.
### Resonance Factors
| Factor | Weight | Measurement |
|--------|--------|-------------|
| Anchor Health | 0.25 | Time since last anchor, failure rate |
| Receipt Consistency | 0.20 | Hash chain integrity, no gaps |
| Mesh Connectivity | 0.20 | Node health, route availability |
| Phase Alignment | 0.15 | All subsystems in compatible phases |
| Federation Sync | 0.10 | Witness success rate |
| Governance Compliance | 0.10 | No active violations |
### Harmony Score
```
harmony_score = Σ(factor_weight × factor_score) / Σ(factor_weight)
```
**Interpretation**:
- 0.90 - 1.00: **Rubedo** — Full sovereignty
- 0.70 - 0.89: **Citrinitas** — Optimizing
- 0.50 - 0.69: **Albedo** — Stabilizing
- 0.00 - 0.49: **Nigredo** — Crisis mode
### Resonance Receipt
```json
{
"type": "psi_resonance",
"resonance_id": "resonance-2025-12-06-12",
"timestamp": "2025-12-06T12:00:00Z",
"harmony_score": 0.94,
"factors": {
"anchor_health": 1.0,
"receipt_consistency": 0.98,
"mesh_connectivity": 0.95,
"phase_alignment": 0.90,
"federation_sync": 0.85,
"governance_compliance": 1.0
},
"current_phase": "rubedo",
"subsystem_phases": {
"guardian": "rubedo",
"oracle": "rubedo",
"mesh": "citrinitas",
"treasury": "rubedo"
},
"dissonance_notes": [
"mesh slightly below harmony due to pending node upgrade"
],
"tags": ["psi", "resonance", "harmony"],
"root_hash": "blake3:resonance..."
}
```
---
## Integration
Integration crystallizes learnings into permanent capability.
### Integration Types
| Type | Description | Example |
|------|-------------|---------|
| `rule_integration` | Detection rule becomes standard | Sigma rule added to baseline |
| `playbook_integration` | Response procedure formalized | IR playbook updated |
| `capability_integration` | New system feature | Auto-containment enabled |
| `knowledge_integration` | Documentation updated | Threat model revised |
| `training_integration` | Team skill acquired | Drill proficiency achieved |
### Integration Receipt
```json
{
"type": "psi_integration",
"integration_id": "integration-2025-12-06-001",
"timestamp": "2025-12-06T18:00:00Z",
"integration_type": "rule_integration",
"source": {
"transmutation_id": "psi-transmute-2025-12-06-001",
"capability_hash": "blake3:def456..."
},
"target": {
"system": "detection_pipeline",
"component": "sigma_rules",
"version": "v2.1.0"
},
"integration_proof": {
"deployed_at": "2025-12-06T17:30:00Z",
"verified_by": ["brick-01", "brick-02"],
"test_results": {
"true_positives": 5,
"false_positives": 0,
"detection_rate": 1.0
}
},
"crystallization_complete": true,
"tags": ["psi", "integration", "detection"],
"root_hash": "blake3:integration..."
}
```
---
## Oracle Insights
Significant findings from the Compliance Oracle that warrant receipting.
### Insight Types
| Type | Description |
|------|-------------|
| `compliance_gap` | New gap identified |
| `regulatory_change` | Regulation updated |
| `risk_elevation` | Risk level increased |
| `deadline_approaching` | Compliance deadline near |
| `cross_reference` | Connection between frameworks |
### Insight Receipt
```json
{
"type": "psi_oracle_insight",
"insight_id": "insight-2025-12-06-001",
"timestamp": "2025-12-06T14:00:00Z",
"insight_type": "compliance_gap",
"severity": "high",
"frameworks": ["AI_Act", "GDPR"],
"finding": {
"summary": "Model training data lineage documentation incomplete for Annex IV requirements",
"affected_articles": ["AI_Act.Annex_IV.2.b", "GDPR.Art_30"],
"current_state": "partial_documentation",
"required_state": "complete_lineage_from_source_to_model"
},
"recommended_actions": [
"Implement data provenance tracking",
"Document all training data sources",
"Create lineage visualization"
],
"deadline": "2026-08-02T00:00:00Z",
"confidence": 0.92,
"oracle_query_ref": "oracle-answer-2025-12-06-4721",
"tags": ["psi", "oracle", "insight", "ai_act", "gdpr"],
"root_hash": "blake3:insight..."
}
```
---
## Magnum Opus Dashboard
The Magnum Opus is the great work — the continuous refinement toward sovereignty.
### Dashboard Metrics
```
┌─────────────────────────────────────────────────────────────────┐
│ MAGNUM OPUS STATUS │
├─────────────────────────────────────────────────────────────────┤
│ │
│ Current Phase: RUBEDO 🜂 Harmony: 0.94 │
│ Time in Phase: 47 days │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Phase History (90 days) │ │
│ │ ████████████░░░░████████████████████████████████████████│ │
│ │ NNNAAACCCCCNNAACCCCCCCCCCRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR│ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
│ Transmutations Integrations │
│ ├─ Active: 2 ├─ This Month: 7 │
│ ├─ Completed: 34 ├─ Total: 156 │
│ └─ Success Rate: 94% └─ Crystallized: 142 │
│ │
│ Resonance Factors │
│ ├─ Anchor Health: ████████████████████ 1.00 │
│ ├─ Receipt Integrity: ███████████████████░ 0.98 │
│ ├─ Mesh Connectivity: ███████████████████░ 0.95 │
│ ├─ Phase Alignment: ██████████████████░░ 0.90 │
│ ├─ Federation Sync: █████████████████░░░ 0.85 │
│ └─ Governance: ████████████████████ 1.00 │
│ │
│ Recent Oracle Insights: 3 (1 high severity) │
│ Next Anchor: 47 min │
│ Last Incident: 47 days ago │
│ │
└─────────────────────────────────────────────────────────────────┘
```
### CLI Commands
```bash
# Phase status
vm-psi phase current
vm-psi phase history --days 90
# Transmutation
vm-psi transmute start --input INC-2025-12-001 --title "SSH Brute Force"
vm-psi transmute status transmute-2025-12-001
vm-psi transmute complete transmute-2025-12-001 --step coagulate
# Resonance
vm-psi resonance current
vm-psi resonance history --days 30
# Integration
vm-psi integrate --source transmute-2025-12-001 --target detection_pipeline
# Opus
vm-psi opus status
vm-psi opus report --format pdf --output opus-report.pdf
```