Initialize repository snapshot

docs/skill/ENGINE_SPECS.md

@@ -0,0 +1,315 @@
+# VaultMesh Engine Specifications
+
+## Receipt Types by Scroll
+
+### Drills
+| Type | When Emitted |
+|------|--------------|
+| `security_drill_run` | Drill completed |
+
+### Compliance
+| Type | When Emitted |
+|------|--------------|
+| `oracle_answer` | Compliance question answered |
+
+### Guardian
+| Type | When Emitted |
+|------|--------------|
+| `anchor_success` | Anchor cycle succeeded |
+| `anchor_failure` | Anchor cycle failed |
+| `anchor_divergence` | Root mismatch detected |
+
+### Treasury
+| Type | When Emitted |
+|------|--------------|
+| `treasury_credit` | Credit entry recorded |
+| `treasury_debit` | Debit entry recorded |
+| `treasury_settlement` | Multi-party settlement completed |
+| `treasury_reconciliation` | Periodic balance verification |
+
+### Mesh
+| Type | When Emitted |
+|------|--------------|
+| `mesh_node_join` | Node registered |
+| `mesh_node_leave` | Node deregistered |
+| `mesh_route_change` | Route added/removed/modified |
+| `mesh_capability_grant` | Capability granted |
+| `mesh_capability_revoke` | Capability revoked |
+| `mesh_topology_snapshot` | Periodic topology capture |
+
+### OffSec
+| Type | When Emitted |
+|------|--------------|
+| `offsec_incident` | Incident closed |
+| `offsec_redteam` | Red team engagement closed |
+| `offsec_vuln_discovery` | Vulnerability confirmed |
+| `offsec_remediation` | Remediation verified |
+| `offsec_threat_intel` | New IOC/TTP added |
+| `offsec_forensic_snapshot` | Forensic capture taken |
+
+### Identity
+| Type | When Emitted |
+|------|--------------|
+| `identity_did_create` | New DID registered |
+| `identity_did_rotate` | Key rotation completed |
+| `identity_credential_issue` | Credential issued |
+| `identity_credential_revoke` | Credential revoked |
+| `identity_auth_event` | Authentication attempt |
+| `identity_capability_grant` | Capability granted |
+| `identity_capability_exercise` | Capability used |
+
+### Observability
+| Type | When Emitted |
+|------|--------------|
+| `obs_metric_anomaly` | Anomaly detected/resolved |
+| `obs_log_alert` | Log-based alert triggered |
+| `obs_trace_summary` | Critical operation traced |
+| `obs_health_snapshot` | Daily health capture |
+| `obs_slo_breach` | SLO target missed |
+| `obs_capacity_event` | Resource threshold crossed |
+
+### Automation
+| Type | When Emitted |
+|------|--------------|
+| `auto_workflow_run` | Workflow execution completed |
+| `auto_scheduled_task` | Scheduled task executed |
+| `auto_agent_action` | Agent took action |
+| `auto_trigger_event` | External trigger received |
+| `auto_approval_gate` | Approval gate resolved |
+| `auto_error_recovery` | Error recovery completed |
+
+### PsiField
+| Type | When Emitted |
+|------|--------------|
+| `psi_phase_transition` | Phase change |
+| `psi_emergence_event` | Emergent behavior detected |
+| `psi_transmutation` | Negative → capability transform |
+| `psi_resonance` | Cross-system synchronization |
+| `psi_integration` | Learning crystallized |
+| `psi_oracle_insight` | Significant Oracle insight |
+
+### Federation
+| Type | When Emitted |
+|------|--------------|
+| `fed_trust_proposal` | Trust proposal submitted |
+| `fed_trust_established` | Federation agreement active |
+| `fed_trust_revoked` | Federation terminated |
+| `fed_witness_event` | Remote root witnessed |
+| `fed_cross_anchor` | Remote root included in anchor |
+| `fed_schema_sync` | Schema versions synchronized |
+
+### Governance
+| Type | When Emitted |
+|------|--------------|
+| `gov_proposal` | Proposal submitted |
+| `gov_vote` | Vote cast |
+| `gov_ratification` | Proposal ratified |
+| `gov_amendment` | Constitution amended |
+| `gov_executive_order` | Executive order issued |
+| `gov_violation` | Violation detected |
+| `gov_enforcement` | Enforcement action taken |
+
+---
+
+## Engine Contract Templates
+
+### Treasury Settlement Contract
+```json
+{
+  "settlement_id": "settle-YYYY-MM-DD-NNN",
+  "title": "Settlement Title",
+  "initiated_by": "did:vm:node:portal-01",
+  "initiated_at": "ISO8601",
+  "parties": ["did:vm:node:...", "did:vm:node:..."],
+  "entries": [
+    {
+      "entry_id": "entry-NNN",
+      "type": "debit|credit",
+      "account": "acct:vm:node:...:type",
+      "amount": 0.00,
+      "currency": "EUR",
+      "memo": "Description"
+    }
+  ],
+  "requires_signatures": ["node-id", "node-id"],
+  "settlement_type": "inter_node_resource|vendor_payment|..."
+}
+```
+
+### Mesh Change Contract
+```json
+{
+  "change_id": "mesh-change-YYYY-MM-DD-NNN",
+  "title": "Change Title",
+  "initiated_by": "did:vm:node:portal-01",
+  "initiated_at": "ISO8601",
+  "change_type": "node_expansion|route_update|...",
+  "operations": [
+    {
+      "op_id": "op-NNN",
+      "operation": "node_join|route_add|capability_grant|...",
+      "target": "did:vm:node:...",
+      "config": {}
+    }
+  ],
+  "requires_approval": ["node-id"],
+  "rollback_on_failure": true
+}
+```
+
+### OffSec Incident Contract
+```json
+{
+  "case_id": "INC-YYYY-MM-NNN",
+  "case_type": "incident",
+  "title": "Incident Title",
+  "severity": "critical|high|medium|low",
+  "created_at": "ISO8601",
+  "phases": [
+    {
+      "phase_id": "phase-N-name",
+      "name": "Triage|Containment|Eradication|Recovery",
+      "objectives": ["..."],
+      "checklist": ["..."]
+    }
+  ],
+  "assigned_responders": ["did:vm:human:..."],
+  "escalation_path": ["..."]
+}
+```
+
+### Identity Operation Contract
+```json
+{
+  "operation_id": "idop-YYYY-MM-DD-NNN",
+  "operation_type": "key_rotation_ceremony|...",
+  "title": "Operation Title",
+  "initiated_by": "did:vm:human:...",
+  "initiated_at": "ISO8601",
+  "target_did": "did:vm:node:...",
+  "steps": [
+    {
+      "step_id": "step-N-name",
+      "action": "action_name",
+      "params": {}
+    }
+  ],
+  "rollback_on_failure": true
+}
+```
+
+### Transmutation Contract
+```json
+{
+  "transmutation_id": "psi-transmute-YYYY-MM-DD-NNN",
+  "title": "Transmutation Title",
+  "initiated_by": "did:vm:human:...",
+  "initiated_at": "ISO8601",
+  "input_material": {
+    "type": "security_incident|vulnerability|...",
+    "reference": "INC-YYYY-MM-NNN"
+  },
+  "target_phase": "citrinitas",
+  "transmutation_steps": [
+    {
+      "step_id": "step-N-name",
+      "name": "Step Name",
+      "action": "action_name",
+      "expected_output": "output_path"
+    }
+  ],
+  "witnesses_required": ["node-id", "node-id"],
+  "success_criteria": {}
+}
+```
+
+---
+
+## State Machine Transitions
+
+### Settlement Status
+```
+draft → pending_signatures → executing → completed
+                          ↘ disputed → resolved → completed
+                          ↘ expired
+```
+
+### Incident Status
+```
+reported → triaging → investigating → contained → eradicating → recovered → closed
+                   ↘ false_positive → closed
+```
+
+### Mesh Change Status
+```
+draft → pending_approval → in_progress → completed
+                                       ↘ partial_failure → rollback → rolled_back
+                                       ↘ failed → rollback → rolled_back
+```
+
+### Alchemical Phase
+```
+nigredo → albedo → citrinitas → rubedo
+    ↑                              │
+    └──────────────────────────────┘
+         (cycle continues)
+```
+
+---
+
+## Capability Types
+
+| Capability | Description | Typical Holders |
+|------------|-------------|-----------------|
+| `anchor` | Submit roots to anchor backends | Guardian nodes |
+| `storage` | Store receipts and artifacts | Infrastructure nodes |
+| `compute` | Execute drills, run agents | BRICK nodes |
+| `oracle` | Issue compliance answers | Oracle nodes |
+| `admin` | Grant/revoke capabilities | Portal, Sovereign |
+| `federate` | Establish cross-mesh trust | Portal |
+
+---
+
+## Trust Levels (Federation)
+
+| Level | Name | Description |
+|-------|------|-------------|
+| 0 | `isolated` | No federation |
+| 1 | `observe` | Read-only witness |
+| 2 | `verify` | Mutual verification |
+| 3 | `attest` | Cross-attestation |
+| 4 | `integrate` | Shared scrolls |
+
+---
+
+## Account Types (Treasury)
+
+| Type | Purpose |
+|------|---------|
+| `operational` | Day-to-day infrastructure spend |
+| `reserve` | Long-term holdings, runway |
+| `escrow` | Held pending settlement |
+| `external` | Counterparty accounts |
+
+---
+
+## Node Types (Mesh)
+
+| Type | Purpose |
+|------|---------|
+| `infrastructure` | BRICK servers, compute |
+| `edge` | Mobile devices, field endpoints |
+| `oracle` | Compliance oracle instances |
+| `guardian` | Dedicated anchor/sentinel |
+| `external` | Federated nodes |
+
+---
+
+## Severity Levels
+
+| Level | Description |
+|-------|-------------|
+| `critical` | Active breach, data exfiltration |
+| `high` | Confirmed attack, potential breach |
+| `medium` | Suspicious activity, policy violation |
+| `low` | Anomaly, informational |