fix: [nomad-prep] P0 — rename lib/vault.sh + vault/ to action-vault namespace (#792)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

action-vault/examples/promote.toml

@@ -0,0 +1,21 @@
+# vault/examples/promote.toml
+# Example: Promote a build/artifact to production
+#
+# This vault action demonstrates promoting a built artifact to a
+# production environment with proper authentication.
+
+id = "promote-20260331"
+formula = "run-supervisor"
+context = "Promote build v1.2.3 to production environment"
+
+# Secrets to inject for deployment authentication
+secrets = ["DEPLOY_KEY", "DOCKER_HUB_TOKEN"]
+
+# Optional: use larger model for complex deployment logic
+model = "sonnet"
+
+# Optional: enable MCP tools for container operations
+tools = ["docker"]
+
+# Optional: deployments may take longer
+timeout_minutes = 45

action-vault/examples/publish.toml

@@ -0,0 +1,21 @@
+# vault/examples/publish.toml
+# Example: Publish a skill to ClawHub
+#
+# This vault action demonstrates publishing a skill to ClawHub
+# using the clawhub-publish formula.
+
+id = "publish-site-20260331"
+formula = "run-publish-site"
+context = "Publish updated site to production"
+
+# Secrets to inject (only these get passed to the container)
+secrets = ["DEPLOY_KEY"]
+
+# Optional: use sonnet model
+model = "sonnet"
+
+# Optional: enable MCP tools
+tools = []
+
+# Optional: 30 minute timeout
+timeout_minutes = 30

action-vault/examples/release.toml

@@ -0,0 +1,37 @@
+# vault/examples/release.toml
+# Example: Release vault item schema
+#
+# This example demonstrates the release vault item schema for creating
+# versioned releases with vault-gated approval.
+#
+# The release formula tags Forgejo main, pushes to mirrors, builds and
+# tags the agents Docker image, and restarts agent containers.
+#
+# Example vault item (auto-generated by `disinto release v1.2.0`):
+#
+#   id = "release-v120"
+#   formula = "release"
+#   context = "Release v1.2.0"
+#   secrets = []
+#   mounts = ["ssh"]
+#
+# Steps executed by the release formula:
+#   1. preflight - Validate prerequisites (version, FORGE_TOKEN, Docker)
+#   2. tag-main - Create tag on Forgejo main via API
+#   3. push-mirrors - Push tag to Codeberg and GitHub mirrors
+#   4. build-image - Build agents Docker image with --no-cache
+#   5. tag-image - Tag image with version (disinto-agents:v1.2.0)
+#   6. restart-agents - Restart agent containers with new image
+#   7. commit-result - Write release result to tracking file
+
+id = "release-v120"
+formula = "release"
+context = "Release v1.2.0 — includes vault redesign, .profile system, architect agent"
+secrets = ["GITHUB_TOKEN", "CODEBERG_TOKEN"]
+mounts = ["ssh"]
+
+# Optional: specify a larger model for complex release logic
+# model = "sonnet"
+
+# Optional: releases may take longer due to Docker builds
+# timeout_minutes = 60

action-vault/examples/webhook-call.toml

@@ -0,0 +1,21 @@
+# vault/examples/webhook-call.toml
+# Example: Call an external webhook with authentication
+#
+# This vault action demonstrates calling an external webhook endpoint
+# with proper authentication via injected secrets.
+
+id = "webhook-call-20260331"
+formula = "run-rent-a-human"
+context = "Notify Slack channel about deployment completion"
+
+# Secrets to inject (only these get passed to the container)
+secrets = ["DEPLOY_KEY"]
+
+# Optional: use sonnet model for this action
+model = "sonnet"
+
+# Optional: enable MCP tools
+tools = []
+
+# Optional: 30 minute timeout
+timeout_minutes = 30