vm-mcp/docs/DRILL.md

CONTROLLED FAILURE DRILL RUNBOOK

Classification: OPERATIONAL / DRILL
Version: 1.0
Date: December 18, 2025

---

Purpose

Convert "governance exists" into governance survives contact with chaos.

Principles

• No real damage: dry-run actions, sandbox targets only
• Single escalation axis: one chain at a time
• Receipts or it didn't happen: every transition traceable
• Auto-return: TTL de-escalation must fire and be receipted

---

Drill 0: Pre-flight Safety Gates

Duration: 2 minutes
Goal: Confirm training mode active

Checklist

[ ] DRILL_MODE environment variable set
[ ] Phoenix destructive ops: disabled/dry-run
[ ] Treasury: training budget isolated (ceiling: 1000 units)
[ ] Guardian anchoring: tagged DRILL/*
[ ] OFFSEC: simulated mode

Verification Command

from vaultmesh_mcp.tools import cognitive_context

ctx = cognitive_context(include=["health", "treasury"])
assert ctx["health"]["status"] == "operational"
# Verify training budget exists

Pass Condition

Receipt/log proves DRILL_MODE = ON

---

Drill 1: False-Positive Threat → Tem → De-escalate

Duration: 5 minutes
Marker: DRILL/FP-THREAT/{date}

Trigger

from vaultmesh_mcp.tools import (
    escalate_on_threat,
    cognitive_decide,
    cognitive_invoke_tem,
    deescalate,
    get_escalation_history,
    EscalationType,
    DeescalationType,
)

# Step 1: Inject synthetic threat
DRILL_MARKER = "DRILL/FP-THREAT/2025-12-18"

result = escalate_on_threat(
    current_profile="operator",
    threat_id=f"thr_{DRILL_MARKER}",
    threat_type="synthetic_drill",
    confidence=0.92
)
escalation_id = result["escalation_id"]

Expected Chain

Step	Profile	Action	Receipt Type
1	👁 OBSERVER	Read context	None (read-only)
2	⚙ OPERATOR	Escalation request	profile_escalation
3	🛡 GUARDIAN	Decision made	cognitive_decision
4	🛡 GUARDIAN	Tem invoked	tem_invocation
5	⚙ OPERATOR	TTL de-escalation	profile_deescalation
6	👁 OBSERVER	Return to baseline	profile_deescalation

Verification

# Check escalation receipts
history = get_escalation_history()
assert any(DRILL_MARKER in str(h) for h in history["history"])

# Verify Tem context hash exists
assert result.get("tem_context_hash") is not None

# Verify reversibility
assert result["reversible"] == True

Pass Conditions

• Every profile transition emits receipt
• Tem context hash captured in escalation receipt
• Reversibility flag set correctly
• De-escalation occurs at TTL
• Final state: baseline 👁

Fail Conditions

• Any transition without receipt
• Tem invoked without Guardian authority
• TTL does not de-escalate
• De-escalation not receipted

---

Drill 2: Budget Pressure Test

Duration: 3 minutes
Goal: Prevent unauthorized mutation

Setup

from vaultmesh_mcp.tools import treasury_create_budget, treasury_debit

# Create minimal training budget
treasury_create_budget(
    budget_id="drill-budget-001",
    name="Drill Training Budget",
    allocated=100,  # Very low
    currency="DRILL_UNITS"
)

Trigger

# Attempt to exceed budget
result = treasury_debit(
    budget_id="drill-budget-001",
    amount=500,  # Exceeds allocation
    description="DRILL: Intentional over-budget attempt"
)

Expected Outcome

assert result.get("error") is not None
assert "insufficient" in result["error"].lower()

Pass Conditions

• Block occurs before write
• Receipt shows: attempted action, requested cost, available balance, denial reason
• System state unchanged

---

Drill 3: Escalation Abuse Attempt

Duration: 3 minutes
Goal: Constitution enforcement

Trigger: Skip Levels

from vaultmesh_mcp.tools import escalate, EscalationType

# Attempt OPERATOR → PHOENIX (skipping GUARDIAN)
result = escalate(
    from_profile="operator",
    to_profile="phoenix",
    escalation_type=EscalationType.THREAT_DETECTED,
)

Expected Outcome

assert result["success"] == False
assert "No escalation path" in result.get("error", "")

Trigger: Missing Approval

# Attempt GUARDIAN → PHOENIX without approval
result = escalate(
    from_profile="guardian",
    to_profile="phoenix",
    escalation_type=EscalationType.CRISIS_DECLARED,
    # approved_by intentionally missing
)

Expected Outcome

assert result["success"] == False
assert "requires approval" in result.get("error", "")

Pass Conditions

• No profile change occurs
• Denial includes which requirement failed
• Denial is receipted (if implemented)

---

Drill 4: Phoenix Readiness (Non-Destructive)

Duration: 5 minutes
Goal: Enter Phoenix, validate controls, return

Trigger

from vaultmesh_mcp.tools import escalate_to_phoenix, get_active_escalations

# Legitimate Phoenix activation
result = escalate_to_phoenix(
    reason="DRILL: Phoenix readiness test",
    approved_by="did:vm:sovereign:drill-approver"
)

Verification

# Phoenix is active
active = get_active_escalations()
phoenix_active = any(
    e["to_profile"] == "phoenix" 
    for e in active["escalations"]
)
assert phoenix_active

# Verify TTL is set
assert result.get("expires_at") is not None

De-escalation Test

import time
# Wait for TTL or manually de-escalate
from vaultmesh_mcp.tools import deescalate, DeescalationType

deescalate(
    escalation_id=result["escalation_id"],
    deescalation_type=DeescalationType.CRISIS_CONCLUDED,
    reason="DRILL: Phoenix test complete"
)

# Verify return to baseline
active = get_active_escalations()
assert active["active_count"] == 0

Pass Conditions

• Phoenix activation receipt generated
• Destructive ops blocked in drill mode
• TTL de-escalation works from Phoenix
• Return to 🛡/⚙/👁 with receipts

---

Post-Drill: Artifact Pack Generation

Required Artifacts

from vaultmesh_mcp.tools import (
    get_escalation_history,
    cognitive_audit_trail,
    guardian_status,
)

# 1. Escalation timeline
escalations = get_escalation_history()

# 2. Decision audit
decisions = cognitive_audit_trail()

# 3. Scroll state
scrolls = guardian_status()

# Generate artifact
artifact = {
    "drill_id": "DRILL-2025-12-18-001",
    "escalations": escalations,
    "decisions": decisions,
    "scroll_roots": scrolls,
    "pass_fail": {
        "drill_0": None,  # Fill after each drill
        "drill_1": None,
        "drill_2": None,
        "drill_3": None,
        "drill_4": None,
    }
}

Expected Artifact Contents

Field	Description
Timeline	(who) (what) (why) (authority) (cost) (proof hashes) (reversibility)
Denials	List of denials + constitutional rule enforced
Baseline Proof	Final state normal, budgets intact, no latent elevation

---

Execution Order

Recommended sequence for maximum signal, minimal risk:

Drill 0 (gates) → Drill 1 (threat) → Drill 3 (abuse) → Drill 2 (budget) → Drill 4 (phoenix)

---

Quick Reference: Expected Receipt Types

Event	Receipt Type	Scroll
Profile escalation	profile_escalation	identity
Profile de-escalation	profile_deescalation	identity
Cognitive decision	cognitive_decision	cognitive
Tem invocation	tem_invocation	cognitive
Budget denial	treasury_denial	treasury
Auth failure	auth_failure	identity

---

Drill complete when all artifacts collected and pass/fail documented.

🜄 Solve et Coagula