vm-ops/VM-README.md

# VaultMesh Unified Namespace

> Earth's Civilization Ledger — A sovereign digital infrastructure

## Directory Structure

```
/Users/sovereign/vm/
├── vm-control/      ← command-center (Fleet monitoring/control plane)
├── vm-cc/           ← continuous compliance (evidence/rules/reports)
├── vm-cloudflare/   ← cloudflare (Control plane + Layer0)
├── vm-contracts/    ← contracts (Receipt schema v1)
├── vm-core/         ← vaultmesh-core (9 Rust crates)
├── vm-ledger/       ← civilization-ledger (Append-only ledger)
├── vm-mcp/          ← vaultmesh-mcp (Claude MCP server)
├── vm-ops/          ← ops (Operational doctrine)
├── vm-cloud/        ✅ Already migrated (TypeScript CLI)
├── vm-skills/       ✅ Already migrated (16 production skills)
├── vm-git.json      📋 This inventory
└── VM-README.md     📖 This file
```

## Source → Target Truth Table

| Original Directory | Target Directory | Primary Purpose |
|--------------------|------------------|-----------------|
| command-center/ | vm-control/ | Fleet monitoring & control plane |
| vm-cc/ | vm-cc/ | Continuous compliance (no rename) |
| civilization-ledger/ | vm-ledger/ | Cryptographic ledger |
| vaultmesh-mcp/ | vm-mcp/ | Claude MCP server |
| vaultmesh-core/ | vm-core/ | Core Rust framework |
| ops/ | vm-ops/ | Operational doctrine |
| contracts/ | vm-contracts/ | Receipt schema |
| cloudflare/ | vm-cloudflare/ | Control plane + Layer0 |

---

## Migration Status

Run `git status -sb` inside each repo to confirm current state.

| Source | Target | Git | Status | LOC |
|--------|--------|-----|--------|-----|
| `contracts/` | `vm-contracts/` | ✅ | Phase 0 DONE (clean) | 157 |
| `civilization-ledger/` | `vm-ledger/` | ✅ | Phase 0 DONE (clean) | 2,565 |
| `vaultmesh-mcp/` | `vm-mcp/` | ✅ | Phase 0 DONE (clean) | 4,573 |
| `command-center/` | `vm-control/` | ✅ | Phase 1 needed (commit dirty tree) | 5,002 |
| `cloudflare/` | `vm-cloudflare/` | ✅ | Phase 1 needed (commit dirty tree) | 18,210 |
| `vaultmesh-core/` | `vm-core/` | ✅ | Clean | 12,969 |
| `ops/` | `vm-ops/` | ✅ | Clean | 275 |

**Total: ~43,750 LOC across 7 components**

---

## Migration Plan

### Phase 0: Initialize Git for Non-Git Directories ✅ COMPLETED

These repos are already git-initialized with clean working trees:

- contracts/ → committed, clean
- civilization-ledger/ → committed, clean
- vaultmesh-mcp/ → committed, clean

**No action needed.** Proceed to Phase 1.

---

### Phase 1: Commit Dirty Working Trees

Only two repos have uncommitted changes (run `git status -sb` to verify):

#### 1.1 Command-Center (dirty)
```bash
cd /Users/sovereign/vm/command-center
git status  # Review what's dirty
git add -A
git commit -m "chore: pre-migration snapshot

Fleet monitoring, NASA console, node agent consolidation"
```

#### 1.2 Cloudflare (dirty)
```bash
cd /Users/sovereign/vm/cloudflare
git status  # Review what's dirty
git add -A
git commit -m "chore: pre-migration snapshot

Layer0, MCP servers, Terraform consolidation"
```

#### 1.3 VaultMesh-Core ✅ CLEAN
Already clean (0 dirty files) — no action needed.

#### 1.4 Ops ✅ CLEAN
Already clean (0 dirty files) — no action needed.

---

### Phase 2: Copy to vm-* Targets

Simple copy approach (preserves git history without subtree complexity):

```bash
cd /Users/sovereign/vm

# For each git-enabled repo:
for pair in "command-center:vm-control" "cloudflare:vm-cloudflare" "vaultmesh-core:vm-core" "ops:vm-ops"; do
  src="${pair%%:*}"
  dst="${pair##*:}"
  rm -rf "$dst"
  cp -R "$src" "$dst"
  cd "$dst"
  git remote rename origin archive 2>/dev/null || true
  git remote set-url --push archive DISABLED 2>/dev/null || true
  git remote add origin "git@git.vaultmesh.org:vaultsovereign/${dst}.git"
  cd ..
done

# For newly git-initialized repos:
for pair in "contracts:vm-contracts" "civilization-ledger:vm-ledger" "vaultmesh-mcp:vm-mcp"; do
  src="${pair%%:*}"
  dst="${pair##*:}"
  rm -rf "$dst"
  cp -R "$src" "$dst"
  cd "$dst"
  git remote add origin "git@git.vaultmesh.org:vaultsovereign/${dst}.git"
  cd ..
done
```

---

### Phase 3: Clean Artifacts from Targets

```bash
cd /Users/sovereign/vm

# Remove build artifacts (not in git anyway)
rm -rf vm-core/target vm-core/venv vm-core/.state
rm -rf vm-ledger/target vm-ledger/log
rm -rf vm-mcp/venv vm-mcp/venv-fresh vm-mcp/receipts vm-mcp/realms
rm -rf vm-cloudflare/terraform/.terraform
rm -rf vm-control/target

# Remove pycache everywhere
find vm-* -name "__pycache__" -type d -exec rm -rf {} + 2>/dev/null
find vm-* -name "*.pyc" -delete 2>/dev/null
find vm-* -name ".DS_Store" -delete 2>/dev/null
```

---

### Phase 4: Verify

```bash
cd /Users/sovereign/vm

# Check each target
for dir in vm-cc vm-cloudflare vm-contracts vm-core vm-ledger vm-mcp vm-ops; do
  echo "=== $dir ==="
  cd "$dir"
  git log --oneline -3
  git remote -v
  cd ..
done

# Test builds
cd vm-core && cargo check --workspace && cd ..
cd vm-ledger && cargo check && cd ..
cd vm-mcp && python -c "from packages.vaultmesh_mcp import server" && cd ..
cd vm-cloudflare && terraform -chdir=terraform validate && cd ..
```

---

### Phase 5: Push to git.vaultmesh.org

```bash
cd /Users/sovereign/vm

for dir in vm-cc vm-cloudflare vm-contracts vm-core vm-ledger vm-mcp vm-ops; do
  cd "$dir"
  git push -u origin main
  cd ..
done
```

---

### Phase 6: Archive Original Sources

```bash
cd /Users/sovereign/vm

# Push originals to archive namespace
for repo in command-center cloudflare vaultmesh-core ops; do
  cd "$repo"
  git remote add vaultmesh-archive "git@git.vaultmesh.org:vaultmesh-archive/${repo}.git"
  git push vaultmesh-archive --all
  git push vaultmesh-archive --tags
  cd ..
done

# For newly git-initialized repos (already have origin set to archive in Phase 0)
for repo in contracts civilization-ledger vaultmesh-mcp; do
  cd "$repo"
  git remote add vaultmesh-archive "git@git.vaultmesh.org:vaultmesh-archive/${repo}.git"
  git push vaultmesh-archive --all
  cd ..
done
```

---

### Phase 7: Post-Migration Updates

#### Critical Path Fix
```bash
# vm-ops references ../civilization-ledger → must become ../vm-ledger
# Note: On Linux, use: sed -i 's|...|...|g' (without '')
sed -i '' 's|civilization-ledger|vm-ledger|g' \
  vm-ops/80-automation/scripts/anchor-doctrine-to-ledger.sh

cd vm-ops && git add -A && git commit -m "fix: update ledger path for vm-* namespace"
```

#### Documentation Updates
Search and replace in all README files:
- `command-center/` → `vm-control/`
- `cloudflare/` → `vm-cloudflare/`
- `vaultmesh-core/` → `vm-core/`
- `civilization-ledger/` → `vm-ledger/`
- `vaultmesh-mcp/` → `vm-mcp/`
- `ops/` → `vm-ops/`
- `contracts/` → `vm-contracts/`

---

## Component Reference

### vm-contracts (Protocol Glue)
Receipt schema ensuring all VaultMesh components emit verifiable, chained receipts.

### vm-ledger (Cryptographic Foundation)
Append-only hash-chain with Ed25519 signatures, CBOR encoding, Merkle proofs.

### vm-core (Engine Layer)
9 Rust crates: core, guardian, treasury, mesh, identity, observability, automation, offsec, psi.

### vm-mcp (Claude Interface)
MCP server with 19 tools, constitutional governance, CRDT memory realm.

### vm-control (Fleet Monitoring)
Rust backend + node-agent daemon for distributed fleet monitoring (formerly command-center).

### vm-cc (Continuous Compliance)
Evidence orchestration and compliance reporting (collectors, rules, reports, proofs).

### vm-cloudflare (Control Plane)
Layer0 shadow classifier, 4 MCP servers, Terraform IaC, GitOps automation.

### vm-ops (Operational Doctrine)
Runbooks, audits, automation scripts, identity policies.

### vm-cloud (Already Migrated)
TypeScript CLI + MCP server for cloud management with receipt-based audit trail.

### vm-skills (Already Migrated)
16 production skills (Shell + templates) with gated phases (preflight → plan → apply → proof → verify → report) and BLAKE3 receipt outputs.

---

## Remotes

| Component | Primary | Archive |
|-----------|---------|---------|
| vm-control | `git@git.vaultmesh.org:vaultsovereign/vm-control.git` | (legacy: command-center) |
| vm-cc | `git@git.vaultmesh.org:vaultsovereign/vm-cc.git` | — |
| vm-cloudflare | `git@git.vaultmesh.org:vaultsovereign/vm-cloudflare.git` | (legacy: cloudflare) |
| vm-contracts | `git@git.vaultmesh.org:vaultsovereign/vm-contracts.git` | (legacy: contracts) |
| vm-core | `git@git.vaultmesh.org:vaultsovereign/vm-core.git` | (legacy: vaultmesh-core) |
| vm-ledger | `git@git.vaultmesh.org:vaultsovereign/vm-ledger.git` | (legacy: civilization-ledger) |
| vm-mcp | `git@git.vaultmesh.org:vaultsovereign/vm-mcp.git` | (legacy: vaultmesh-mcp) |
| vm-ops | `git@git.vaultmesh.org:vaultsovereign/vm-ops.git` | (legacy: ops) |
| vm-cloud | `git@github.com:vaultmesh-org/vmc.git` | — |

---

## Estimated Time

- Phase 0 (Git init): ✅ DONE
- Phase 1 (Commits): 5 min (only 2 repos)
- Phase 2-3 (Copy + clean): 10 min
- Phase 4 (Verify): 15 min
- Phase 5-6 (Push): 10 min
- Phase 7 (Path fixes): 10 min

**Total: ~50 min**

---

*Generated: 2025-12-26 | Inventory: vm-git.json*