vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add vm-skills README

Browse Source
This commit is contained in:
Vault Sovereign
2025-12-27 00:43:40 +00:00
parent eac77ef7b4
commit 009e93a80b
1 changed files with 58 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
README.md Normal file
View File

@@ -0,0 +1,58 @@
# vm-skills
Production-grade operational skill library (16 skills) following a gated plan → apply → proof → verify → report model with cryptographic evidence.
## Role
- Acts as the capability layer Claude invokes through vm-mcp tools
- Emits BLAKE3 receipts and reports consumable by vm-ledger and vm-cc
- Enforces governance via REQUIRE_CONFIRM and DRY_RUN defaults
## Skill Catalog (16)
- backup-sovereign — encrypted backups + restore drill
- btc-anchor — Bitcoin anchoring
- cloudflare-tunnel-manager — Cloudflare tunnel lifecycle
- container-registry — registry operations
- disaster-recovery — DR orchestration
- dns-sovereign — DNS management
- eth-anchor — Ethereum anchoring
- gitea-bootstrap — Git server setup
- hetzner-bootstrap — Hetzner provisioning
- merkle-forest — Merkle tree ops and proof verification
- node-hardening — node security hardening
- operator-bootstrap — operator initialization
- proof-verifier — cryptographic proof verification
- rfc3161-anchor — RFC3161 legal timestamping
- secrets-vault — secrets management
- root-coordinator — master coordinator/composer
## Execution Model
- preflight: environment and tool checks
- plan: dry-run steps (DRY_RUN=1 default)
- apply: gated by REQUIRE_CONFIRM + CONFIRM_PHRASE
- proof: generate BLAKE3 receipt (when defined)
- verify: assert success (includes restore drills where applicable)
- report: produce audit/compliance output (99_report.sh)
## Safety & Compliance
- Confirmation required for mutations; DRY_RUN-first workflow
- Receipts chain via BLAKE3; restore drill mandatory for backup-sovereign
- EU/GDPR metadata present in configs (data_residency, jurisdiction, gdpr_applicable)
## Integration via vm-mcp
- Claude → cognitive_invoke_skill → config.json phases → scripts
- Outputs flow to vm-ledger (receipts) and vm-cc (evidence aggregation)
## Quickstart
```bash
cd vm-skills/<skill>/scripts
./00_preflight.sh
./10_*_plan.sh
./11_*_apply.sh # requires confirmation
./30_generate_proof.sh # when present
./50_restore_drill.sh # backup-sovereign
./90_verify.sh && ./99_report.sh
```
## Reports & Evidence
- Reports live alongside scripts as 99_report.sh outputs
- BLAKE3 receipts accompany mutations; suitable for vm-cc ingestion