vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vm-skills/README.md
Vault Sovereign 009e93a80b docs: add vm-skills README
2025-12-27 00:43:40 +00:00

2.2 KiB
Raw Permalink Blame History

vm-skills

Production-grade operational skill library (16 skills) following a gated plan → apply → proof → verify → report model with cryptographic evidence.

Role

  • Acts as the capability layer Claude invokes through vm-mcp tools
  • Emits BLAKE3 receipts and reports consumable by vm-ledger and vm-cc
  • Enforces governance via REQUIRE_CONFIRM and DRY_RUN defaults

Skill Catalog (16)

  • backup-sovereign — encrypted backups + restore drill
  • btc-anchor — Bitcoin anchoring
  • cloudflare-tunnel-manager — Cloudflare tunnel lifecycle
  • container-registry — registry operations
  • disaster-recovery — DR orchestration
  • dns-sovereign — DNS management
  • eth-anchor — Ethereum anchoring
  • gitea-bootstrap — Git server setup
  • hetzner-bootstrap — Hetzner provisioning
  • merkle-forest — Merkle tree ops and proof verification
  • node-hardening — node security hardening
  • operator-bootstrap — operator initialization
  • proof-verifier — cryptographic proof verification
  • rfc3161-anchor — RFC3161 legal timestamping
  • secrets-vault — secrets management
  • root-coordinator — master coordinator/composer

Execution Model

  • preflight: environment and tool checks
  • plan: dry-run steps (DRY_RUN=1 default)
  • apply: gated by REQUIRE_CONFIRM + CONFIRM_PHRASE
  • proof: generate BLAKE3 receipt (when defined)
  • verify: assert success (includes restore drills where applicable)
  • report: produce audit/compliance output (99_report.sh)

Safety & Compliance

  • Confirmation required for mutations; DRY_RUN-first workflow
  • Receipts chain via BLAKE3; restore drill mandatory for backup-sovereign
  • EU/GDPR metadata present in configs (data_residency, jurisdiction, gdpr_applicable)

Integration via vm-mcp

  • Claude → cognitive_invoke_skill → config.json phases → scripts
  • Outputs flow to vm-ledger (receipts) and vm-cc (evidence aggregation)

Quickstart

cd vm-skills/<skill>/scripts
./00_preflight.sh
./10_*_plan.sh
./11_*_apply.sh   # requires confirmation
./30_generate_proof.sh  # when present
./50_restore_drill.sh   # backup-sovereign
./90_verify.sh && ./99_report.sh

Reports & Evidence

  • Reports live alongside scripts as 99_report.sh outputs
  • BLAKE3 receipts accompany mutations; suitable for vm-cc ingestion
Reference in New Issue View Git Blame Copy Permalink