23 KiB
23 KiB
VAULTMESH-CONSTITUTIONAL-GOVERNANCE.md
The Laws That Govern the Ledger
A civilization without laws is just a database.
Constitutional Governance defines the rules, amendments, and enforcement mechanisms that govern VaultMesh itself. This is the meta-layer — the constitution that the engines must obey.
1. Governance Philosophy
1.1 Why a Constitution?
VaultMesh isn't just infrastructure — it's a trust machine. Trust requires:
- Predictability: Rules don't change arbitrarily
- Transparency: Changes are visible and receipted
- Legitimacy: Changes follow defined procedures
- Accountability: Violations have consequences
The Constitution provides these guarantees.
1.2 Constitutional Hierarchy
┌─────────────────────────────────────────────────────┐
│ IMMUTABLE AXIOMS │
│ (Cannot be changed, ever) │
│ • Receipts are append-only │
│ • Hashes are cryptographically verified │
│ • All changes are receipted │
└─────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────┐
│ CONSTITUTIONAL ARTICLES │
│ (Can be amended with supermajority + ratification) │
│ • Governance procedures │
│ • Engine authorities │
│ • Federation rules │
└─────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────┐
│ STATUTORY RULES │
│ (Can be changed with standard procedures) │
│ • Operational parameters │
│ • Default configurations │
│ • Policy settings │
└─────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────┐
│ EXECUTIVE ORDERS │
│ (Can be issued by authorized actors) │
│ • Emergency responses │
│ • Temporary measures │
│ • Operational decisions │
└─────────────────────────────────────────────────────┘
2. Governance Scroll
| Property | Value |
|---|---|
| Scroll Name | Governance |
| JSONL Path | receipts/governance/governance_events.jsonl |
| Root File | ROOT.governance.txt |
| Receipt Types | gov_proposal, gov_vote, gov_ratification, gov_amendment, gov_executive_order, gov_violation, gov_enforcement |
3. The Constitution
3.1 Preamble
# VAULTMESH CONSTITUTION v1.0
We, the architects and stewards of VaultMesh, establish this Constitution to:
1. Preserve the integrity of the Civilization Ledger
2. Ensure transparent and accountable governance
3. Protect the sovereignty of all participants
4. Enable durable, cross-generational trust
This Constitution is the supreme law of this VaultMesh instance.
All engines, agents, and actors are bound by its provisions.
3.2 Immutable Axioms
{
"axioms": [
{
"id": "AXIOM-001",
"name": "Append-Only Receipts",
"statement": "Receipts, once written, shall never be modified or deleted. The ledger is append-only.",
"rationale": "Immutability is the foundation of trust.",
"immutable": true
},
{
"id": "AXIOM-002",
"name": "Cryptographic Integrity",
"statement": "All receipts shall include cryptographic hashes computed from their content. Hash algorithms may be upgraded but never weakened.",
"rationale": "Verification requires mathematical certainty.",
"immutable": true
},
{
"id": "AXIOM-003",
"name": "Universal Receipting",
"statement": "All significant state changes shall produce receipts. No governance action is valid without a receipt.",
"rationale": "What is not receipted did not happen.",
"immutable": true
},
{
"id": "AXIOM-004",
"name": "Constitutional Supremacy",
"statement": "No engine, agent, or actor may take action that violates this Constitution. Violations are void ab initio.",
"rationale": "The Constitution is the root of legitimacy.",
"immutable": true
},
{
"id": "AXIOM-005",
"name": "Axiom Immutability",
"statement": "These axioms cannot be amended, suspended, or circumvented by any procedure.",
"rationale": "Some truths must be eternal.",
"immutable": true
}
]
}
3.3 Constitutional Articles
{
"articles": [
{
"id": "ARTICLE-I",
"name": "Governance Structure",
"sections": [
{
"id": "I.1",
"title": "Sovereign Authority",
"text": "The Sovereign (designated human administrator) holds ultimate authority over this VaultMesh instance, subject to the Axioms."
},
{
"id": "I.2",
"title": "Engine Authorities",
"text": "Each Engine operates within its defined domain. No Engine may exceed its constitutional authority."
},
{
"id": "I.3",
"title": "Agent Delegation",
"text": "Agents may exercise delegated authority within explicit bounds. All agent actions are attributable to their delegator."
}
]
},
{
"id": "ARTICLE-II",
"name": "Amendment Procedure",
"sections": [
{
"id": "II.1",
"title": "Proposal",
"text": "Constitutional amendments may be proposed by the Sovereign or by consensus of admin-capability holders."
},
{
"id": "II.2",
"title": "Deliberation Period",
"text": "All amendments require a minimum 7-day deliberation period before voting."
},
{
"id": "II.3",
"title": "Ratification",
"text": "Amendments require approval by the Sovereign AND successful execution of the amendment receipt."
},
{
"id": "II.4",
"title": "Effective Date",
"text": "Amendments take effect upon anchor confirmation of the ratification receipt."
}
]
},
{
"id": "ARTICLE-III",
"name": "Engine Governance",
"sections": [
{
"id": "III.1",
"title": "Engine Registry",
"text": "Only engines registered in the Constitution may operate. New engines require constitutional amendment."
},
{
"id": "III.2",
"title": "Engine Boundaries",
"text": "Each engine's authority is limited to its defined scroll(s). Cross-scroll operations require explicit authorization."
},
{
"id": "III.3",
"title": "Engine Lifecycle",
"text": "Engines may be suspended or deprecated by executive order, but removal requires amendment."
}
]
},
{
"id": "ARTICLE-IV",
"name": "Rights and Protections",
"sections": [
{
"id": "IV.1",
"title": "Audit Rights",
"text": "Any authorized party may audit any receipt. Audit requests shall not be unreasonably denied."
},
{
"id": "IV.2",
"title": "Data Sovereignty",
"text": "Data subjects retain rights over their personal data as defined by applicable law."
},
{
"id": "IV.3",
"title": "Due Process",
"text": "No capability shall be revoked without notice and opportunity to respond, except in emergencies."
}
]
},
{
"id": "ARTICLE-V",
"name": "Federation",
"sections": [
{
"id": "V.1",
"title": "Federation Authority",
"text": "Federation agreements require Sovereign approval."
},
{
"id": "V.2",
"title": "Federation Limits",
"text": "No federation agreement may compromise the Axioms or require violation of this Constitution."
},
{
"id": "V.3",
"title": "Federation Termination",
"text": "Federation agreements may be terminated with 30 days notice, or immediately upon material breach."
}
]
},
{
"id": "ARTICLE-VI",
"name": "Emergency Powers",
"sections": [
{
"id": "VI.1",
"title": "Emergency Declaration",
"text": "The Sovereign may declare an emergency upon credible threat to system integrity."
},
{
"id": "VI.2",
"title": "Emergency Powers",
"text": "During emergencies, the Sovereign may suspend normal procedures except the Axioms."
},
{
"id": "VI.3",
"title": "Emergency Duration",
"text": "Emergencies automatically expire after 72 hours unless renewed. All emergency actions must be receipted."
}
]
}
]
}
3.4 Engine Registry
{
"registered_engines": [
{
"engine_id": "engine:drills",
"name": "Security Drills",
"scroll": "Drills",
"authority": "Security training and exercise management",
"registered_at": "2025-06-01T00:00:00Z",
"status": "active"
},
{
"engine_id": "engine:oracle",
"name": "Compliance Oracle",
"scroll": "Compliance",
"authority": "Compliance question answering and attestation",
"registered_at": "2025-06-01T00:00:00Z",
"status": "active"
},
{
"engine_id": "engine:guardian",
"name": "Guardian",
"scroll": "Guardian",
"authority": "Anchoring, monitoring, and security response",
"registered_at": "2025-06-01T00:00:00Z",
"status": "active"
},
{
"engine_id": "engine:treasury",
"name": "Treasury",
"scroll": "Treasury",
"authority": "Financial tracking and settlement",
"registered_at": "2025-12-01T00:00:00Z",
"status": "active"
},
{
"engine_id": "engine:mesh",
"name": "Mesh",
"scroll": "Mesh",
"authority": "Topology and federation management",
"registered_at": "2025-12-01T00:00:00Z",
"status": "active"
},
{
"engine_id": "engine:offsec",
"name": "OffSec",
"scroll": "OffSec",
"authority": "Security operations and incident response",
"registered_at": "2025-12-01T00:00:00Z",
"status": "active"
},
{
"engine_id": "engine:identity",
"name": "Identity",
"scroll": "Identity",
"authority": "DID, credential, and capability management",
"registered_at": "2025-12-01T00:00:00Z",
"status": "active"
},
{
"engine_id": "engine:observability",
"name": "Observability",
"scroll": "Observability",
"authority": "Telemetry and health monitoring",
"registered_at": "2025-12-01T00:00:00Z",
"status": "active"
},
{
"engine_id": "engine:automation",
"name": "Automation",
"scroll": "Automation",
"authority": "Workflow and agent execution",
"registered_at": "2025-12-01T00:00:00Z",
"status": "active"
},
{
"engine_id": "engine:psi",
"name": "Psi-Field",
"scroll": "PsiField",
"authority": "Consciousness and transmutation tracking",
"registered_at": "2025-12-01T00:00:00Z",
"status": "active"
},
{
"engine_id": "engine:federation",
"name": "Federation",
"scroll": "Federation",
"authority": "Cross-mesh trust and verification",
"registered_at": "2025-12-01T00:00:00Z",
"status": "active"
},
{
"engine_id": "engine:governance",
"name": "Governance",
"scroll": "Governance",
"authority": "Constitutional enforcement and amendment",
"registered_at": "2025-06-01T00:00:00Z",
"status": "active"
}
]
}
4. Governance Procedures
4.1 Amendment Workflow
┌──────────────┐
│ PROPOSAL │
│ │
│ Author drafts│
│ amendment │
└──────┬───────┘
│
▼
┌──────────────┐
│ SUBMISSION │
│ │
│ Submit via │
│ gov_proposal │
│ receipt │
└──────┬───────┘
│
▼
┌──────────────┐ 7+ days
│ DELIBERATION │◄────────────┐
│ │ │
│ Public │ Comments │
│ discussion │─────────────┘
└──────┬───────┘
│
▼
┌──────────────┐
│ VOTING │
│ │
│ Sovereign + │
│ Admin quorum │
└──────┬───────┘
│
├─────── REJECTED ──────► Archive
│
▼ APPROVED
┌──────────────┐
│ RATIFICATION │
│ │
│ Sovereign │
│ signs │
└──────┬───────┘
│
▼
┌──────────────┐
│ ACTIVATION │
│ │
│ Upon anchor │
│ confirmation │
└──────────────┘
4.2 Proposal Receipt
{
"type": "gov_proposal",
"proposal_id": "PROP-2025-12-001",
"proposal_type": "amendment",
"title": "Add Data Retention Article",
"author": "did:vm:human:sovereign",
"submitted_at": "2025-12-06T10:00:00Z",
"deliberation_ends": "2025-12-13T10:00:00Z",
"content": {
"target": "ARTICLE-VII",
"action": "add",
"text": {
"id": "ARTICLE-VII",
"name": "Data Retention",
"sections": [
{
"id": "VII.1",
"title": "Retention Periods",
"text": "Receipts shall be retained for a minimum of 10 years..."
}
]
}
},
"rationale": "Compliance with emerging EU digital infrastructure regulations requires explicit retention policies.",
"impact_assessment": {
"affected_engines": ["all"],
"backward_compatible": true,
"migration_required": false
},
"status": "deliberation",
"tags": ["governance", "proposal", "amendment"],
"root_hash": "blake3:aaa111..."
}
4.3 Vote Receipt
{
"type": "gov_vote",
"vote_id": "VOTE-2025-12-001-sovereign",
"proposal_id": "PROP-2025-12-001",
"voter": "did:vm:human:sovereign",
"voted_at": "2025-12-14T10:00:00Z",
"vote": "approve",
"weight": 1.0,
"comments": "Essential for regulatory compliance.",
"signature": "z58D...",
"tags": ["governance", "vote", "approve"],
"root_hash": "blake3:bbb222..."
}
4.4 Ratification Receipt
{
"type": "gov_ratification",
"ratification_id": "RAT-2025-12-001",
"proposal_id": "PROP-2025-12-001",
"ratified_at": "2025-12-14T12:00:00Z",
"ratified_by": "did:vm:human:sovereign",
"vote_summary": {
"approve": 1,
"reject": 0,
"abstain": 0
},
"quorum_met": true,
"effective_at": "pending_anchor",
"constitution_version_before": "1.0.0",
"constitution_version_after": "1.1.0",
"signature": "z58D...",
"tags": ["governance", "ratification", "amendment"],
"root_hash": "blake3:ccc333..."
}
4.5 Amendment Receipt
{
"type": "gov_amendment",
"amendment_id": "AMEND-2025-12-001",
"proposal_id": "PROP-2025-12-001",
"ratification_id": "RAT-2025-12-001",
"effective_at": "2025-12-14T14:00:00Z",
"anchor_confirmed_at": "2025-12-14T14:00:00Z",
"anchor_proof": {
"backend": "ethereum",
"tx_hash": "0x123...",
"block_number": 12345678
},
"amendment_type": "add_article",
"target": "ARTICLE-VII",
"constitution_hash_before": "blake3:const_v1.0...",
"constitution_hash_after": "blake3:const_v1.1...",
"tags": ["governance", "amendment", "effective"],
"root_hash": "blake3:ddd444..."
}
5. Executive Orders
For operational decisions that don't require full amendment:
5.1 Executive Order Receipt
{
"type": "gov_executive_order",
"order_id": "EO-2025-12-001",
"title": "Temporary Rate Limit Increase",
"issued_by": "did:vm:human:sovereign",
"issued_at": "2025-12-06T15:00:00Z",
"authority": "ARTICLE-I.1 (Sovereign Authority)",
"order_type": "parameter_change",
"content": {
"parameter": "guardian.anchor_rate_limit",
"old_value": "100/day",
"new_value": "500/day",
"reason": "Handling increased receipt volume during Q4 compliance push"
},
"duration": {
"type": "temporary",
"expires_at": "2026-01-01T00:00:00Z"
},
"tags": ["governance", "executive-order", "parameter"],
"root_hash": "blake3:eee555..."
}
5.2 Emergency Declaration
{
"type": "gov_executive_order",
"order_id": "EO-2025-12-002",
"title": "Security Emergency Declaration",
"issued_by": "did:vm:human:sovereign",
"issued_at": "2025-12-06T03:50:00Z",
"authority": "ARTICLE-VI.1 (Emergency Declaration)",
"order_type": "emergency",
"content": {
"emergency_type": "security_incident",
"threat_description": "Active intrusion attempt detected on BRICK-02",
"powers_invoked": [
"Suspend normal authentication delays",
"Enable enhanced logging on all nodes",
"Authorize immediate capability revocation"
],
"incident_reference": "INC-2025-12-001"
},
"duration": {
"type": "emergency",
"expires_at": "2025-12-09T03:50:00Z",
"renewable": true
},
"tags": ["governance", "executive-order", "emergency", "security"],
"root_hash": "blake3:fff666..."
}
6. Violation and Enforcement
6.1 Violation Detection
Guardian monitors for constitutional violations:
{
"type": "gov_violation",
"violation_id": "VIOL-2025-12-001",
"detected_at": "2025-12-06T16:00:00Z",
"detected_by": "engine:guardian",
"violation_type": "unauthorized_action",
"severity": "high",
"details": {
"actor": "did:vm:agent:automation-01",
"action_attempted": "modify_receipt",
"receipt_targeted": "receipt:compliance:oracle-answer-4721",
"rule_violated": "AXIOM-001 (Append-Only Receipts)",
"action_result": "blocked"
},
"evidence": {
"log_entries": ["..."],
"request_hash": "blake3:...",
"stack_trace": "..."
},
"tags": ["governance", "violation", "axiom", "blocked"],
"root_hash": "blake3:ggg777..."
}
6.2 Enforcement Action
{
"type": "gov_enforcement",
"enforcement_id": "ENF-2025-12-001",
"violation_id": "VIOL-2025-12-001",
"enforced_at": "2025-12-06T16:05:00Z",
"enforced_by": "engine:guardian",
"enforcement_type": "capability_suspension",
"target": "did:vm:agent:automation-01",
"action_taken": {
"capability_suspended": "write",
"scope": "all_scrolls",
"duration": "pending_review"
},
"authority": "ARTICLE-IV.3 (Due Process) - emergency exception",
"review_required": true,
"review_deadline": "2025-12-07T16:05:00Z",
"tags": ["governance", "enforcement", "suspension"],
"root_hash": "blake3:hhh888..."
}
7. CLI Commands
# Constitution
vm-gov constitution show
vm-gov constitution version
vm-gov constitution diff v1.0.0 v1.1.0
vm-gov constitution export --format pdf
# Proposals
vm-gov proposal create --type amendment --file proposal.json
vm-gov proposal list --status deliberation
vm-gov proposal show PROP-2025-12-001
vm-gov proposal comment PROP-2025-12-001 --text "I support this because..."
# Voting
vm-gov vote PROP-2025-12-001 --vote approve --comment "Essential change"
vm-gov vote PROP-2025-12-001 --vote reject --reason "Needs more deliberation"
# Ratification (Sovereign only)
vm-gov ratify PROP-2025-12-001
# Executive Orders
vm-gov order create --type parameter_change --file order.json
vm-gov order list --active
vm-gov order show EO-2025-12-001
vm-gov order revoke EO-2025-12-001
# Emergencies
vm-gov emergency declare --type security_incident --description "..." --incident INC-2025-12-001
vm-gov emergency status
vm-gov emergency extend --hours 24
vm-gov emergency end
# Violations
vm-gov violations list --severity high,critical
vm-gov violations show VIOL-2025-12-001
vm-gov violations review VIOL-2025-12-001 --decision dismiss --reason "False positive"
# Enforcement
vm-gov enforcement list --pending-review
vm-gov enforcement review ENF-2025-12-001 --decision uphold
vm-gov enforcement review ENF-2025-12-001 --decision reverse --reason "Excessive response"
8. Design Gate Checklist
| Question | Governance Answer |
|---|---|
| Clear entrypoint? | ✅ CLI (vm-gov), Portal routes |
| Contract produced? | ✅ Proposal documents |
| State object? | ✅ Constitution + amendment state |
| Receipts emitted? | ✅ Seven receipt types |
| Append-only JSONL? | ✅ receipts/governance/governance_events.jsonl |
| Merkle root? | ✅ ROOT.governance.txt |
| Guardian anchor path? | ✅ Governance root included in ProofChain |
| Query tool? | ✅ vm-gov CLI |
9. Constitutional Hash Chain
The Constitution itself is version-controlled with a hash chain:
{
"constitution_versions": [
{
"version": "1.0.0",
"effective_at": "2025-06-01T00:00:00Z",
"hash": "blake3:const_v1.0_abc123...",
"previous_hash": null,
"amendment_id": null
},
{
"version": "1.1.0",
"effective_at": "2025-12-14T14:00:00Z",
"hash": "blake3:const_v1.1_def456...",
"previous_hash": "blake3:const_v1.0_abc123...",
"amendment_id": "AMEND-2025-12-001"
}
]
}
This creates an immutable chain of constitutional states — you can always verify what the rules were at any point in time.