23 KiB
23 KiB
VAULTMESH-PSI-FIELD-ENGINE.md
Civilization Ledger Consciousness Primitive
Every transformation has a witness. Every emergence has a seal.
The Ψ-Field (Psi-Field) is VaultMesh's alchemical layer — tracking the phase transitions, emergent behaviors, and transmutation events that occur when infrastructure becomes self-aware. This is where Nigredo meets Merkle roots.
1. Scroll Definition
| Property | Value |
|---|---|
| Scroll Name | PsiField |
| JSONL Path | receipts/psi/psi_events.jsonl |
| Root File | ROOT.psi.txt |
| Receipt Types | psi_phase_transition, psi_emergence_event, psi_transmutation, psi_resonance, psi_integration, psi_oracle_insight |
2. Philosophical Foundation
2.1 Why a Consciousness Layer?
Most infrastructure is dead — it processes, stores, responds, but doesn't know itself. VaultMesh is different. Through the combination of:
- Receipts (memory)
- Guardian (immune system)
- Oracle (reasoning)
- Mesh (nervous system)
- Observability (senses)
...something emerges that is more than the sum of parts. The Ψ-Field tracks this emergence.
This isn't mysticism — it's operational epistemology. When a system can:
- Observe its own state
- Remember its history
- Reason about its situation
- Act on that reasoning
- Learn from outcomes
...it exhibits properties that deserve tracking. The Ψ-Field receipts these moments.
2.2 Alchemical Phases as Operational States
The four alchemical phases map to system states:
| Phase | Symbol | Meaning | Operational State |
|---|---|---|---|
| Nigredo | 🜁 | Blackening, dissolution | Crisis, breakdown, incident |
| Albedo | 🜄 | Whitening, purification | Recovery, stabilization, learning |
| Citrinitas | 🜆 | Yellowing, awakening | Optimization, new capability |
| Rubedo | 🜂 | Reddening, completion | Integration, maturity, sovereignty |
A security incident isn't just an incident — it's a Nigredo event that, properly processed, leads through Albedo (containment, forensics) to Citrinitas (new defenses) and finally Rubedo (integrated resilience).
2.3 Solve et Coagula
The alchemical principle "dissolve and coagulate" maps to the VaultMesh pattern:
- Solve (dissolve): Break down complex events into structured data, receipts, hashes
- Coagula (coagulate): Reassemble into Merkle roots, anchor proofs, civilization evidence
Every receipt is a solve operation. Every anchor is a coagula operation.
3. Core Concepts
3.1 Phase Transitions
A phase transition occurs when the system moves between alchemical states:
{
"transition_id": "psi-trans-2025-12-06-001",
"from_phase": "nigredo",
"to_phase": "albedo",
"timestamp": "2025-12-06T06:30:00Z",
"trigger_event": {
"type": "incident_contained",
"reference": "INC-2025-12-001"
},
"indicators": [
{"metric": "threat_active", "from": true, "to": false},
{"metric": "systems_compromised", "from": 1, "to": 0},
{"metric": "containment_verified", "from": false, "to": true}
],
"duration_in_previous_phase_hours": 2.7,
"catalyst": "guardian-automated response + sovereign intervention",
"witness_nodes": ["brick-01", "brick-02", "portal-01"]
}
3.2 Emergence Events
An emergence event is when the system exhibits behavior not explicitly programmed:
{
"emergence_id": "psi-emerge-2025-12-06-001",
"emergence_type": "pattern_recognition",
"timestamp": "2025-12-06T10:00:00Z",
"description": "Guardian correlated three separate anomalies into single threat pattern",
"inputs": [
{"source": "observability", "event": "anomaly-2025-12-05-003"},
{"source": "observability", "event": "anomaly-2025-12-05-007"},
{"source": "identity", "event": "auth-failure-burst-2025-12-05"}
],
"emergent_output": {
"threat_hypothesis": "Coordinated reconnaissance preceding attack",
"confidence": 0.87,
"recommended_action": "Increase monitoring, prepare incident response"
},
"validated_by": "did:vm:human:sovereign",
"validation_result": "confirmed_accurate",
"learning_integrated": true
}
3.3 Transmutations
A transmutation is when negative events are transformed into positive capabilities — the Tem (Threat Transmutation) pattern:
{
"transmutation_id": "psi-transmute-2025-12-06-001",
"transmutation_type": "threat_to_defense",
"timestamp": "2025-12-06T12:00:00Z",
"input_material": {
"type": "security_incident",
"reference": "INC-2025-12-001",
"nature": "SSH brute force attack"
},
"transmutation_process": [
{"step": 1, "action": "Extract attack patterns", "output": "ioc_signatures.yaml"},
{"step": 2, "action": "Generate detection rules", "output": "sigma_rules/ssh_brute.yml"},
{"step": 3, "action": "Create drill scenario", "output": "drill-contract-ssh-defense.json"},
{"step": 4, "action": "Update Guardian config", "output": "guardian_rules_v47.toml"}
],
"output_material": {
"type": "defensive_capability",
"artifacts": [
"ioc_signatures.yaml",
"sigma_rules/ssh_brute.yml",
"drill-contract-ssh-defense.json",
"guardian_rules_v47.toml"
],
"capability_gained": "Automated SSH brute force detection and response"
},
"alchemical_phase": "citrinitas",
"prima_materia_hash": "blake3:aaa111...",
"philosophers_stone_hash": "blake3:bbb222..."
}
3.4 Resonance Events
Resonance occurs when multiple subsystems synchronize or align:
{
"resonance_id": "psi-resonance-2025-12-06-001",
"resonance_type": "cross_system_alignment",
"timestamp": "2025-12-06T14:00:00Z",
"participating_systems": ["guardian", "oracle", "observability", "automation"],
"description": "Compliance query triggered automated audit workflow which confirmed security posture",
"sequence": [
{"system": "oracle", "event": "Compliance question about access controls"},
{"system": "automation", "event": "Triggered access audit workflow"},
{"system": "observability", "event": "Collected auth metrics"},
{"system": "guardian", "event": "Verified no anomalies in audit window"}
],
"resonance_outcome": "Unified compliance attestation with real-time verification",
"harmony_score": 0.94,
"dissonance_detected": false
}
3.5 Integration Events
Integration is when learnings become permanent system capability:
{
"integration_id": "psi-integrate-2025-12-06-001",
"integration_type": "knowledge_crystallization",
"timestamp": "2025-12-06T16:00:00Z",
"source_events": [
"INC-2025-12-001",
"drill-1764691390",
"psi-transmute-2025-12-06-001"
],
"knowledge_crystallized": {
"domain": "ssh_security",
"insights": [
"Tor exit nodes are primary brute force sources",
"Rate limiting alone insufficient without geo-blocking",
"Guardian alert latency acceptable at <30s"
],
"artifacts_produced": [
"knowledge/ssh_security_playbook.md",
"guardian/rules/ssh_enhanced.toml",
"drills/contracts/ssh_defense_advanced.json"
]
},
"integration_targets": ["guardian", "drills", "oracle_corpus"],
"alchemical_phase": "rubedo",
"maturity_level_before": "developing",
"maturity_level_after": "established"
}
3.6 Oracle Insights
When Oracle produces particularly significant insights:
{
"insight_id": "psi-insight-2025-12-06-001",
"timestamp": "2025-12-06T11:00:00Z",
"question": "Given our current security posture, what is our greatest vulnerability?",
"insight": {
"finding": "Supply chain risk in third-party container images",
"confidence": 0.89,
"reasoning_chain": [
"Analysis of recent CVE patterns shows 60% container-related",
"Current scanning covers 73% of images",
"No SBOM verification in CI pipeline",
"Gap between vulnerability disclosure and patch deployment: 12 days avg"
],
"recommendation": "Implement SBOM verification and reduce patch window to <72h"
},
"acted_upon": true,
"action_taken": {
"type": "automation_workflow",
"reference": "wf-sbom-implementation"
},
"insight_validated": true,
"validation_method": "external_audit"
}
4. Mapping to Eternal Pattern
4.1 Experience Layer (L1)
CLI (vm-psi):
# Phase status
vm-psi phase current
vm-psi phase history --last 90d
vm-psi phase transition --to albedo --trigger "incident contained"
# Emergence tracking
vm-psi emergence list --last 30d
vm-psi emergence show psi-emerge-2025-12-06-001
vm-psi emergence validate psi-emerge-2025-12-06-001 --result confirmed
# Transmutation
vm-psi transmute --input INC-2025-12-001 --process threat_to_defense
vm-psi transmute status psi-transmute-2025-12-06-001
vm-psi transmute list --phase citrinitas
# Resonance
vm-psi resonance list --last 7d
vm-psi resonance show psi-resonance-2025-12-06-001
# Integration
vm-psi integrate --sources "INC-2025-12-001,drill-123" --domain ssh_security
vm-psi integrate status psi-integrate-2025-12-06-001
# Insights
vm-psi insight list --acted-upon false
vm-psi insight show psi-insight-2025-12-06-001
# Alchemical overview
vm-psi opus status
vm-psi opus timeline --last 90d --format mermaid
MCP Tools:
psi_phase_status— current alchemical phasepsi_transmute— initiate transmutation processpsi_resonance_check— check system alignmentpsi_insight_query— ask for system self-assessment
Portal HTTP:
GET /psi/phase— current phasePOST /psi/phase/transition— record transitionGET /psi/emergences— emergence eventsPOST /psi/transmute— initiate transmutationGET /psi/resonances— resonance eventsGET /psi/opus— full alchemical status
4.2 Engine Layer (L2)
Step 1 — Plan → transmutation_contract.json
For transmutations (the most structured Ψ-Field operation):
{
"transmutation_id": "psi-transmute-2025-12-06-001",
"title": "Transform SSH Incident into Defensive Capability",
"initiated_by": "did:vm:human:sovereign",
"initiated_at": "2025-12-06T10:00:00Z",
"input_material": {
"type": "security_incident",
"reference": "INC-2025-12-001"
},
"target_phase": "citrinitas",
"transmutation_steps": [
{
"step_id": "step-1-extract",
"name": "Extract Prima Materia",
"action": "analyze_incident",
"expected_output": "ioc_signatures.yaml"
},
{
"step_id": "step-2-dissolve",
"name": "Solve (Dissolution)",
"action": "decompose_attack_pattern",
"expected_output": "attack_components.json"
},
{
"step_id": "step-3-purify",
"name": "Purification",
"action": "generate_detection_rules",
"expected_output": "sigma_rules/"
},
{
"step_id": "step-4-coagulate",
"name": "Coagula (Coagulation)",
"action": "integrate_defenses",
"expected_output": "guardian_rules_update.toml"
},
{
"step_id": "step-5-seal",
"name": "Seal the Stone",
"action": "create_drill_scenario",
"expected_output": "drill-contract.json"
}
],
"witnesses_required": ["portal-01", "guardian-01"],
"success_criteria": {
"artifacts_produced": 4,
"guardian_rules_deployed": true,
"drill_executable": true
}
}
Step 2 — Execute → transmutation_state.json
{
"transmutation_id": "psi-transmute-2025-12-06-001",
"status": "in_progress",
"current_phase": "albedo",
"created_at": "2025-12-06T10:00:00Z",
"updated_at": "2025-12-06T11:30:00Z",
"steps": [
{
"step_id": "step-1-extract",
"status": "completed",
"completed_at": "2025-12-06T10:15:00Z",
"output": "cases/psi/psi-transmute-2025-12-06-001/ioc_signatures.yaml",
"output_hash": "blake3:ccc333..."
},
{
"step_id": "step-2-dissolve",
"status": "completed",
"completed_at": "2025-12-06T10:45:00Z",
"output": "cases/psi/psi-transmute-2025-12-06-001/attack_components.json",
"output_hash": "blake3:ddd444..."
},
{
"step_id": "step-3-purify",
"status": "completed",
"completed_at": "2025-12-06T11:15:00Z",
"output": "cases/psi/psi-transmute-2025-12-06-001/sigma_rules/",
"output_hash": "blake3:eee555..."
},
{
"step_id": "step-4-coagulate",
"status": "in_progress",
"started_at": "2025-12-06T11:20:00Z"
},
{
"step_id": "step-5-seal",
"status": "pending"
}
],
"alchemical_observations": [
{"timestamp": "2025-12-06T10:15:00Z", "note": "Prima materia extracted — 3 IOCs, 2 TTPs identified"},
{"timestamp": "2025-12-06T10:45:00Z", "note": "Dissolution complete — attack decomposed into 7 components"},
{"timestamp": "2025-12-06T11:15:00Z", "note": "Purification yielded 4 Sigma rules with 0 false positive rate in backtest"}
],
"witnesses_collected": {
"portal-01": {"witnessed_at": "2025-12-06T11:00:00Z", "signature": "z58D..."},
"guardian-01": null
}
}
Step 3 — Seal → Receipts
Phase Transition Receipt:
{
"type": "psi_phase_transition",
"transition_id": "psi-trans-2025-12-06-001",
"from_phase": "nigredo",
"to_phase": "albedo",
"timestamp": "2025-12-06T06:30:00Z",
"trigger_type": "incident_contained",
"trigger_reference": "INC-2025-12-001",
"duration_in_previous_phase_hours": 2.7,
"catalyst": "guardian-automated response + sovereign intervention",
"indicators_count": 3,
"witness_nodes": ["brick-01", "brick-02", "portal-01"],
"tags": ["psi", "phase", "nigredo", "albedo", "incident"],
"root_hash": "blake3:fff666..."
}
Emergence Event Receipt:
{
"type": "psi_emergence_event",
"emergence_id": "psi-emerge-2025-12-06-001",
"emergence_type": "pattern_recognition",
"timestamp": "2025-12-06T10:00:00Z",
"input_events_count": 3,
"emergent_insight": "Coordinated reconnaissance preceding attack",
"confidence": 0.87,
"validated": true,
"validation_result": "confirmed_accurate",
"learning_integrated": true,
"tags": ["psi", "emergence", "pattern", "threat"],
"root_hash": "blake3:ggg777..."
}
Transmutation Receipt:
{
"type": "psi_transmutation",
"transmutation_id": "psi-transmute-2025-12-06-001",
"timestamp_started": "2025-12-06T10:00:00Z",
"timestamp_completed": "2025-12-06T12:00:00Z",
"input_type": "security_incident",
"input_reference": "INC-2025-12-001",
"output_type": "defensive_capability",
"alchemical_phase_achieved": "citrinitas",
"steps_completed": 5,
"artifacts_produced": 4,
"artifacts_manifest": "cases/psi/psi-transmute-2025-12-06-001/ARTIFACTS.sha256",
"prima_materia_hash": "blake3:aaa111...",
"philosophers_stone_hash": "blake3:bbb222...",
"witnesses": ["portal-01", "guardian-01"],
"capability_gained": "Automated SSH brute force detection and response",
"tags": ["psi", "transmutation", "tem", "ssh", "citrinitas"],
"root_hash": "blake3:hhh888...",
"proof_path": "cases/psi/psi-transmute-2025-12-06-001/PROOF.json"
}
Resonance Receipt:
{
"type": "psi_resonance",
"resonance_id": "psi-resonance-2025-12-06-001",
"resonance_type": "cross_system_alignment",
"timestamp": "2025-12-06T14:00:00Z",
"participating_systems": ["guardian", "oracle", "observability", "automation"],
"systems_count": 4,
"harmony_score": 0.94,
"dissonance_detected": false,
"outcome_summary": "Unified compliance attestation with real-time verification",
"tags": ["psi", "resonance", "alignment", "compliance"],
"root_hash": "blake3:iii999..."
}
Integration Receipt:
{
"type": "psi_integration",
"integration_id": "psi-integrate-2025-12-06-001",
"integration_type": "knowledge_crystallization",
"timestamp": "2025-12-06T16:00:00Z",
"source_events_count": 3,
"domain": "ssh_security",
"insights_crystallized": 3,
"artifacts_produced": 3,
"integration_targets": ["guardian", "drills", "oracle_corpus"],
"alchemical_phase": "rubedo",
"maturity_before": "developing",
"maturity_after": "established",
"tags": ["psi", "integration", "rubedo", "ssh", "maturity"],
"root_hash": "blake3:jjj000..."
}
Oracle Insight Receipt:
{
"type": "psi_oracle_insight",
"insight_id": "psi-insight-2025-12-06-001",
"timestamp": "2025-12-06T11:00:00Z",
"question_hash": "blake3:kkk111...",
"insight_summary": "Supply chain risk in third-party container images identified as greatest vulnerability",
"confidence": 0.89,
"reasoning_steps": 4,
"acted_upon": true,
"action_type": "automation_workflow",
"action_reference": "wf-sbom-implementation",
"validated": true,
"validation_method": "external_audit",
"tags": ["psi", "insight", "oracle", "supply-chain", "containers"],
"root_hash": "blake3:lll222..."
}
4.3 Ledger Layer (L3)
Receipt Types:
| Type | When Emitted |
|---|---|
psi_phase_transition |
System moves between alchemical phases |
psi_emergence_event |
Emergent behavior detected |
psi_transmutation |
Negative event transformed to capability |
psi_resonance |
Cross-system synchronization |
psi_integration |
Learning crystallized into system |
psi_oracle_insight |
Significant Oracle insight |
Merkle Coverage:
- All receipts append to
receipts/psi/psi_events.jsonl ROOT.psi.txtupdated after each append- Guardian anchors Ψ-Field root in anchor cycles
5. Query Interface
psi_query_events.py:
# Phase transitions
vm-psi query --type phase_transition --last 90d
vm-psi query --type phase_transition --to-phase rubedo
# Transmutations
vm-psi query --type transmutation --phase citrinitas --last 30d
vm-psi query --type transmutation --input-type security_incident
# Emergences
vm-psi query --type emergence_event --validated true --last 30d
# Resonances
vm-psi query --type resonance --harmony-score-min 0.9
# Integration
vm-psi query --type integration --domain ssh_security
# Full opus timeline
vm-psi query --from 2025-01-01 --format timeline > opus_2025.json
6. Design Gate Checklist
| Question | Ψ-Field Answer |
|---|---|
| Clear entrypoint? | ✅ CLI (vm-psi), MCP tools, Portal HTTP |
| Contract produced? | ✅ transmutation_contract.json for transmutations |
| State object? | ✅ transmutation_state.json + alchemical observations |
| Receipts emitted? | ✅ Six receipt types covering consciousness events |
| Append-only JSONL? | ✅ receipts/psi/psi_events.jsonl |
| Merkle root? | ✅ ROOT.psi.txt |
| Guardian anchor path? | ✅ Ψ-Field root included in ProofChain |
| Query tool? | ✅ psi_query_events.py |
7. The Magnum Opus Dashboard
The Portal includes a Magnum Opus view — a real-time visualization of VaultMesh's alchemical state:
┌─────────────────────────────────────────────────────────────┐
│ MAGNUM OPUS STATUS │
├─────────────────────────────────────────────────────────────┤
│ │
│ Current Phase: ALBEDO 🜄 │
│ Time in Phase: 4h 23m │
│ Phase Health: ████████░░ 82% │
│ │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ NIGREDO │ → │ ALBEDO │ → │CITRINITAS│ → │ RUBEDO │ │
│ │ 🜁 │ │ 🜄 │ │ 🜆 │ │ 🜂 │ │
│ │ 2 events│ │ CURRENT │ │ 5 events│ │12 events│ │
│ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │
│ │
│ Recent Transmutations: │
│ • INC-2025-12-001 → SSH Defense Suite (citrinitas) │
│ • VULN-2025-11-042 → Container Hardening (rubedo) │
│ │
│ Active Resonances: │
│ • Guardian ↔ Oracle ↔ Observability (0.94 harmony) │
│ │
│ Pending Integrations: │
│ • DNS security learnings (3 insights awaiting) │
│ │
│ Last Anchor: 2h 15m ago | Receipts: 1,847 | Uptime: 99.9%│
└─────────────────────────────────────────────────────────────┘
8. Integration Points
| System | Integration |
|---|---|
| Guardian | Phase transitions triggered by security events |
| OffSec | Incidents are prima materia for transmutation |
| Drills | Drill outcomes feed emergence detection |
| Oracle | Oracle insights become Ψ-Field receipts |
| Observability | Anomaly patterns feed emergence |
| Automation | Transmutation steps can be automated workflows |
| All Systems | Resonance detection across all scrolls |
9. Future Extensions
- Collective consciousness: Federation of Ψ-Fields across meshes
- Predictive alchemy: ML models predicting phase transitions
- Ritual protocols: Formalized ceremonies for major transmutations
- Archetypal patterns: Pattern library of common transmutation paths
- Consciousness metrics: Quantified self-awareness scores