docs: add vm-skills README
This commit is contained in:
Vault Sovereign
58
README.md
Normal file
58
README.md
Normal file
@@ -0,0 +1,58 @@
|
|||||||
|
# vm-skills
|
||||||
|
|
||||||
|
Production-grade operational skill library (16 skills) following a gated plan → apply → proof → verify → report model with cryptographic evidence.
|
||||||
|
|
||||||
|
## Role
|
||||||
|
- Acts as the capability layer Claude invokes through vm-mcp tools
|
||||||
|
- Emits BLAKE3 receipts and reports consumable by vm-ledger and vm-cc
|
||||||
|
- Enforces governance via REQUIRE_CONFIRM and DRY_RUN defaults
|
||||||
|
|
||||||
|
## Skill Catalog (16)
|
||||||
|
- backup-sovereign — encrypted backups + restore drill
|
||||||
|
- btc-anchor — Bitcoin anchoring
|
||||||
|
- cloudflare-tunnel-manager — Cloudflare tunnel lifecycle
|
||||||
|
- container-registry — registry operations
|
||||||
|
- disaster-recovery — DR orchestration
|
||||||
|
- dns-sovereign — DNS management
|
||||||
|
- eth-anchor — Ethereum anchoring
|
||||||
|
- gitea-bootstrap — Git server setup
|
||||||
|
- hetzner-bootstrap — Hetzner provisioning
|
||||||
|
- merkle-forest — Merkle tree ops and proof verification
|
||||||
|
- node-hardening — node security hardening
|
||||||
|
- operator-bootstrap — operator initialization
|
||||||
|
- proof-verifier — cryptographic proof verification
|
||||||
|
- rfc3161-anchor — RFC3161 legal timestamping
|
||||||
|
- secrets-vault — secrets management
|
||||||
|
- root-coordinator — master coordinator/composer
|
||||||
|
|
||||||
|
## Execution Model
|
||||||
|
- preflight: environment and tool checks
|
||||||
|
- plan: dry-run steps (DRY_RUN=1 default)
|
||||||
|
- apply: gated by REQUIRE_CONFIRM + CONFIRM_PHRASE
|
||||||
|
- proof: generate BLAKE3 receipt (when defined)
|
||||||
|
- verify: assert success (includes restore drills where applicable)
|
||||||
|
- report: produce audit/compliance output (99_report.sh)
|
||||||
|
|
||||||
|
## Safety & Compliance
|
||||||
|
- Confirmation required for mutations; DRY_RUN-first workflow
|
||||||
|
- Receipts chain via BLAKE3; restore drill mandatory for backup-sovereign
|
||||||
|
- EU/GDPR metadata present in configs (data_residency, jurisdiction, gdpr_applicable)
|
||||||
|
|
||||||
|
## Integration via vm-mcp
|
||||||
|
- Claude → cognitive_invoke_skill → config.json phases → scripts
|
||||||
|
- Outputs flow to vm-ledger (receipts) and vm-cc (evidence aggregation)
|
||||||
|
|
||||||
|
## Quickstart
|
||||||
|
```bash
|
||||||
|
cd vm-skills/<skill>/scripts
|
||||||
|
./00_preflight.sh
|
||||||
|
./10_*_plan.sh
|
||||||
|
./11_*_apply.sh # requires confirmation
|
||||||
|
./30_generate_proof.sh # when present
|
||||||
|
./50_restore_drill.sh # backup-sovereign
|
||||||
|
./90_verify.sh && ./99_report.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
## Reports & Evidence
|
||||||
|
- Reports live alongside scripts as 99_report.sh outputs
|
||||||
|
- BLAKE3 receipts accompany mutations; suitable for vm-cc ingestion
|
||||||
Reference in New Issue
Block a user