init: vaultmesh mcp server

.github/workflows/governance.yml

@@ -0,0 +1,108 @@
+name: Governance CI
+
+on:
+  push:
+    branches: [main, master]
+    paths:
+      - 'docs/MCP-CONSTITUTION.md'
+      - 'governance/**'
+      - 'packages/vaultmesh_mcp/**'
+      - 'tests/governance/**'
+  pull_request:
+    branches: [main, master]
+
+env:
+  VAULTMESH_ROOT: ${{ github.workspace }}
+  PYTHONPATH: ${{ github.workspace }}/packages
+
+jobs:
+  constitution-gate:
+    name: Constitution Hash Gate
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install dependencies
+        run: pip install blake3 pytest
+      
+      - name: Verify Constitution Hash
+        run: |
+          python -c "
+          import blake3
+          from pathlib import Path
+          
+          content = Path('docs/MCP-CONSTITUTION.md').read_text()
+          lines = content.split('\n')
+          
+          lock = {}
+          for line in Path('governance/constitution.lock').read_text().split('\n'):
+              if '=' in line and not line.startswith('#'):
+                  k, v = line.split('=', 1)
+                  lock[k.strip()] = v.strip()
+          
+          hash_lines = int(lock.get('hash_lines', 288))
+          hashable = '\n'.join(lines[:hash_lines])
+          computed = f'blake3:{blake3.blake3(hashable.encode()).hexdigest()}'
+          
+          if computed != lock['hash']:
+              print(f'CONSTITUTION HASH MISMATCH')
+              print(f'Computed: {computed}')
+              print(f'Locked:   {lock[\"hash\"]}')
+              exit(1)
+          
+          print(f'Constitution v{lock[\"version\"]} verified')
+          "
+
+  governance-tests:
+    name: Governance Tests
+    runs-on: ubuntu-latest
+    needs: constitution-gate
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install dependencies
+        run: pip install blake3 pytest pytest-timeout
+      
+      - name: Run Governance Tests
+        run: pytest tests/governance/ -v --tb=short --ignore=tests/governance/test_golden_drill_mini.py
+
+  golden-drill:
+    name: Golden Drill Mini
+    runs-on: ubuntu-latest
+    needs: governance-tests
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install dependencies
+        run: pip install blake3 pytest pytest-timeout
+      
+      - name: Setup directories
+        run: |
+          mkdir -p receipts/{cognitive,identity,guardian,mesh,treasury}
+          mkdir -p realms/cognitive/memory
+      
+      - name: Run Golden Drill
+        timeout-minutes: 2
+        run: pytest tests/governance/test_golden_drill_mini.py -v --timeout=30
+      
+      - name: Upload Artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: drill-receipts
+          path: receipts/