disinto/vault/AGENTS.md

<!-- last-reviewed: f32707ba659de278a3af434e3549fb8a8dce9d3a -->
# Vault Agent

**Role**: Three-pipeline gate — action safety classification, resource procurement, and human-action drafting.

**Pipeline A — Action Gating (*.json)**: Actions enter a pending queue and are
classified by Claude via `vault-agent.sh`, which can auto-approve (call
`vault-fire.sh` directly), auto-reject (call `vault-reject.sh`), or escalate
to a human by writing `PHASE:escalate` to a phase file — using the same
unified escalation path as dev/action agents.

**Pipeline B — Procurement (*.md)**: The planner files resource requests as
markdown files in `vault/pending/`. `vault-poll.sh` notifies the human via
vault/forge. The human fulfills the request (creates accounts, provisions infra,
adds secrets to `.env`) and moves the file to `vault/approved/`.
`vault-fire.sh` then extracts the proposed entry and appends it to
`RESOURCES.md`.

**Pipeline C — Rent-a-Human (outreach drafts)**: Any agent can dispatch the
`run-rent-a-human` formula (via an `action` issue) when a task requires a human
touch — posting on Reddit, commenting on HN, signing up for a service, etc.
Claude drafts copy-paste-ready content to `vault/outreach/{platform}/drafts/`
and notifies the human via vault/forge for one-click execution. No vault approval
needed — the human reviews and publishes directly.

**Trigger**: `vault-poll.sh` runs every 30 min via cron.

**Key files**:
- `vault/vault-poll.sh` — Processes pending items: retry approved, auto-reject after 48h timeout, invoke vault-agent for JSON actions, notify human for procurement requests
- `vault/vault-agent.sh` — Classifies and routes pending JSON actions via `claude -p`: auto-approve, auto-reject, or escalate to human
- `vault/vault-env.sh` — Shared env setup for vault sub-scripts: sources `lib/env.sh`, overrides `FORGE_TOKEN` with `FORGE_VAULT_TOKEN`, sets `VAULT_TOKEN` for vault-runner container
- `vault/PROMPT.md` — System prompt for the vault agent's Claude invocation
- `vault/vault-fire.sh` — Executes an approved action (JSON) in an **ephemeral Docker container** with vault-only secrets injected (GITHUB_TOKEN, CLAWHUB_TOKEN — never exposed to agents). For deployment actions, calls `lib/ci-helpers.sh:ci_promote()` to gate production promotes via Woodpecker environments. Writes RESOURCES.md entry for procurement MD approvals.
- `vault/vault-reject.sh` — Marks a JSON action as rejected
- `formulas/run-rent-a-human.toml` — Formula for human-action drafts: Claude researches target platform norms, drafts copy-paste content, writes to `vault/outreach/{platform}/drafts/`, notifies human via vault/forge

**Procurement flow**:
1. Planner drops `vault/pending/<name>.md` with what/why/proposed RESOURCES.md entry
2. `vault-poll.sh` notifies human via vault/forge
3. Human fulfills: creates account, adds secrets to `.env`, moves file to `vault/approved/`
4. `vault-fire.sh` extracts proposed entry, appends to RESOURCES.md, moves to `vault/fired/`
5. Next planner run reads RESOURCES.md → new capability available → unblocks prerequisite tree

**Environment variables consumed**:
- All from `lib/env.sh`
chore: gardener housekeeping 2026-03-26 2026-03-26 18:14:35 +00:00			`<!-- last-reviewed: f32707ba659de278a3af434e3549fb8a8dce9d3a -->`
chore: gardener housekeeping 2026-03-21 Progressive disclosure split of AGENTS.md (487→152 lines): - Extracted per-directory AGENTS.md files for all 8 agents + lib/ - Root AGENTS.md now serves as a table of contents with summary table - All watermarks updated to 16e430e Grooming results: - Promoted #469 (WATCH flow missing curl) and #436 (idle_pane_count bug) to backlog - 12 dust items classified, no groups ripe for bundling yet - No blocked issues, no AD violations 2026-03-21 12:44:23 +00:00			`# Vault Agent`

chore: gardener housekeeping 2026-03-26 2026-03-26 00:05:34 +00:00			`Role: Three-pipeline gate — action safety classification, resource procurement, and human-action drafting.`
fix: feat: vault as procurement gate + RESOURCES.md capability inventory (#504) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 18:49:31 +00:00
			`*Pipeline A — Action Gating (.json)**: Actions enter a pending queue and are`
			classified by Claude via `vault-agent.sh`, which can auto-approve (call
			`vault-fire.sh` directly), auto-reject (call `vault-reject.sh`), or escalate
fix: Remove Matrix integration — notifications move to forge + OpenClaw (#732) Remove all Matrix/Dendrite infrastructure: - Delete lib/matrix_listener.sh (long-poll daemon), lib/matrix_listener.service (systemd unit), lib/hooks/on-stop-matrix.sh (response streaming hook) - Remove matrix_send() and matrix_send_ctx() from lib/env.sh - Remove MATRIX_HOMESERVER auto-detection, MATRIX_THREAD_MAP from lib/env.sh - Remove [matrix] section parsing from lib/load-project.sh - Remove Matrix hook installation from lib/agent-session.sh - Remove notify/notify_ctx helpers and Matrix thread tracking from dev/dev-agent.sh and action/action-agent.sh - Remove all matrix_send calls from dev-poll.sh, phase-handler.sh, action-poll.sh, vault-poll.sh, vault-fire.sh, vault-reject.sh, review-poll.sh, review-pr.sh, supervisor-poll.sh, formula-session.sh - Remove Matrix listener startup from docker/agents/entrypoint.sh - Remove append_dendrite_compose() and setup_matrix() from bin/disinto - Remove --matrix flag from disinto init - Clean Matrix references from .env.example, projects/.toml.example, formulas/.toml, AGENTS.md, BOOTSTRAP.md, README.md, RESOURCES.md, PHASE-PROTOCOL.md, and all agent AGENTS.md/PROMPT.md files Status visibility now via Codeberg PR/issue activity. Human interaction via vault items through forge. Proactive alerts via OpenClaw heartbeats. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 14:53:56 +00:00			to a human by writing `PHASE:escalate` to a phase file — using the same
			`unified escalation path as dev/action agents.`
fix: feat: vault as procurement gate + RESOURCES.md capability inventory (#504) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 18:49:31 +00:00
			`*Pipeline B — Procurement (.md)**: The planner files resource requests as`
			markdown files in `vault/pending/`. `vault-poll.sh` notifies the human via
fix: Remove Matrix integration — notifications move to forge + OpenClaw (#732) Remove all Matrix/Dendrite infrastructure: - Delete lib/matrix_listener.sh (long-poll daemon), lib/matrix_listener.service (systemd unit), lib/hooks/on-stop-matrix.sh (response streaming hook) - Remove matrix_send() and matrix_send_ctx() from lib/env.sh - Remove MATRIX_HOMESERVER auto-detection, MATRIX_THREAD_MAP from lib/env.sh - Remove [matrix] section parsing from lib/load-project.sh - Remove Matrix hook installation from lib/agent-session.sh - Remove notify/notify_ctx helpers and Matrix thread tracking from dev/dev-agent.sh and action/action-agent.sh - Remove all matrix_send calls from dev-poll.sh, phase-handler.sh, action-poll.sh, vault-poll.sh, vault-fire.sh, vault-reject.sh, review-poll.sh, review-pr.sh, supervisor-poll.sh, formula-session.sh - Remove Matrix listener startup from docker/agents/entrypoint.sh - Remove append_dendrite_compose() and setup_matrix() from bin/disinto - Remove --matrix flag from disinto init - Clean Matrix references from .env.example, projects/.toml.example, formulas/.toml, AGENTS.md, BOOTSTRAP.md, README.md, RESOURCES.md, PHASE-PROTOCOL.md, and all agent AGENTS.md/PROMPT.md files Status visibility now via Codeberg PR/issue activity. Human interaction via vault items through forge. Proactive alerts via OpenClaw heartbeats. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 14:53:56 +00:00			`vault/forge. The human fulfills the request (creates accounts, provisions infra,`
fix: feat: vault as procurement gate + RESOURCES.md capability inventory (#504) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 18:49:31 +00:00			adds secrets to `.env`) and moves the file to `vault/approved/`.
			`vault-fire.sh` then extracts the proposed entry and appends it to
			`RESOURCES.md`.
chore: gardener housekeeping 2026-03-21 Progressive disclosure split of AGENTS.md (487→152 lines): - Extracted per-directory AGENTS.md files for all 8 agents + lib/ - Root AGENTS.md now serves as a table of contents with summary table - All watermarks updated to 16e430e Grooming results: - Promoted #469 (WATCH flow missing curl) and #436 (idle_pane_count bug) to backlog - 12 dust items classified, no groups ripe for bundling yet - No blocked issues, no AD violations 2026-03-21 12:44:23 +00:00
chore: gardener housekeeping 2026-03-26 2026-03-26 00:05:34 +00:00			`Pipeline C — Rent-a-Human (outreach drafts): Any agent can dispatch the`
			`run-rent-a-human` formula (via an `action` issue) when a task requires a human
			`touch — posting on Reddit, commenting on HN, signing up for a service, etc.`
			Claude drafts copy-paste-ready content to `vault/outreach/{platform}/drafts/`
fix: Remove Matrix integration — notifications move to forge + OpenClaw (#732) Remove all Matrix/Dendrite infrastructure: - Delete lib/matrix_listener.sh (long-poll daemon), lib/matrix_listener.service (systemd unit), lib/hooks/on-stop-matrix.sh (response streaming hook) - Remove matrix_send() and matrix_send_ctx() from lib/env.sh - Remove MATRIX_HOMESERVER auto-detection, MATRIX_THREAD_MAP from lib/env.sh - Remove [matrix] section parsing from lib/load-project.sh - Remove Matrix hook installation from lib/agent-session.sh - Remove notify/notify_ctx helpers and Matrix thread tracking from dev/dev-agent.sh and action/action-agent.sh - Remove all matrix_send calls from dev-poll.sh, phase-handler.sh, action-poll.sh, vault-poll.sh, vault-fire.sh, vault-reject.sh, review-poll.sh, review-pr.sh, supervisor-poll.sh, formula-session.sh - Remove Matrix listener startup from docker/agents/entrypoint.sh - Remove append_dendrite_compose() and setup_matrix() from bin/disinto - Remove --matrix flag from disinto init - Clean Matrix references from .env.example, projects/.toml.example, formulas/.toml, AGENTS.md, BOOTSTRAP.md, README.md, RESOURCES.md, PHASE-PROTOCOL.md, and all agent AGENTS.md/PROMPT.md files Status visibility now via Codeberg PR/issue activity. Human interaction via vault items through forge. Proactive alerts via OpenClaw heartbeats. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 14:53:56 +00:00			`and notifies the human via vault/forge for one-click execution. No vault approval`
chore: gardener housekeeping 2026-03-26 2026-03-26 00:05:34 +00:00			`needed — the human reviews and publishes directly.`

chore: gardener housekeeping 2026-03-21 Progressive disclosure split of AGENTS.md (487→152 lines): - Extracted per-directory AGENTS.md files for all 8 agents + lib/ - Root AGENTS.md now serves as a table of contents with summary table - All watermarks updated to 16e430e Grooming results: - Promoted #469 (WATCH flow missing curl) and #436 (idle_pane_count bug) to backlog - 12 dust items classified, no groups ripe for bundling yet - No blocked issues, no AD violations 2026-03-21 12:44:23 +00:00			Trigger: `vault-poll.sh` runs every 30 min via cron.

			`Key files:`
fix: feat: vault as procurement gate + RESOURCES.md capability inventory (#504) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 18:49:31 +00:00			- `vault/vault-poll.sh` — Processes pending items: retry approved, auto-reject after 48h timeout, invoke vault-agent for JSON actions, notify human for procurement requests
			- `vault/vault-agent.sh` — Classifies and routes pending JSON actions via `claude -p`: auto-approve, auto-reject, or escalate to human
chore: gardener housekeeping 2026-03-26 2026-03-26 18:14:35 +00:00			- `vault/vault-env.sh` — Shared env setup for vault sub-scripts: sources `lib/env.sh`, overrides `FORGE_TOKEN` with `FORGE_VAULT_TOKEN`, sets `VAULT_TOKEN` for vault-runner container
chore: gardener housekeeping 2026-03-21 Progressive disclosure split of AGENTS.md (487→152 lines): - Extracted per-directory AGENTS.md files for all 8 agents + lib/ - Root AGENTS.md now serves as a table of contents with summary table - All watermarks updated to 16e430e Grooming results: - Promoted #469 (WATCH flow missing curl) and #436 (idle_pane_count bug) to backlog - 12 dust items classified, no groups ripe for bundling yet - No blocked issues, no AD violations 2026-03-21 12:44:23 +00:00			- `vault/PROMPT.md` — System prompt for the vault agent's Claude invocation
chore: gardener housekeeping 2026-03-26 2026-03-26 18:14:35 +00:00			- `vault/vault-fire.sh` — Executes an approved action (JSON) in an ephemeral Docker container with vault-only secrets injected (GITHUB_TOKEN, CLAWHUB_TOKEN — never exposed to agents). For deployment actions, calls `lib/ci-helpers.sh:ci_promote()` to gate production promotes via Woodpecker environments. Writes RESOURCES.md entry for procurement MD approvals.
fix: feat: vault as procurement gate + RESOURCES.md capability inventory (#504) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 18:49:31 +00:00			- `vault/vault-reject.sh` — Marks a JSON action as rejected
fix: Remove Matrix integration — notifications move to forge + OpenClaw (#732) Remove all Matrix/Dendrite infrastructure: - Delete lib/matrix_listener.sh (long-poll daemon), lib/matrix_listener.service (systemd unit), lib/hooks/on-stop-matrix.sh (response streaming hook) - Remove matrix_send() and matrix_send_ctx() from lib/env.sh - Remove MATRIX_HOMESERVER auto-detection, MATRIX_THREAD_MAP from lib/env.sh - Remove [matrix] section parsing from lib/load-project.sh - Remove Matrix hook installation from lib/agent-session.sh - Remove notify/notify_ctx helpers and Matrix thread tracking from dev/dev-agent.sh and action/action-agent.sh - Remove all matrix_send calls from dev-poll.sh, phase-handler.sh, action-poll.sh, vault-poll.sh, vault-fire.sh, vault-reject.sh, review-poll.sh, review-pr.sh, supervisor-poll.sh, formula-session.sh - Remove Matrix listener startup from docker/agents/entrypoint.sh - Remove append_dendrite_compose() and setup_matrix() from bin/disinto - Remove --matrix flag from disinto init - Clean Matrix references from .env.example, projects/.toml.example, formulas/.toml, AGENTS.md, BOOTSTRAP.md, README.md, RESOURCES.md, PHASE-PROTOCOL.md, and all agent AGENTS.md/PROMPT.md files Status visibility now via Codeberg PR/issue activity. Human interaction via vault items through forge. Proactive alerts via OpenClaw heartbeats. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 14:53:56 +00:00			- `formulas/run-rent-a-human.toml` — Formula for human-action drafts: Claude researches target platform norms, drafts copy-paste content, writes to `vault/outreach/{platform}/drafts/`, notifies human via vault/forge
fix: feat: vault as procurement gate + RESOURCES.md capability inventory (#504) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 18:49:31 +00:00
			`Procurement flow:`
			1. Planner drops `vault/pending/<name>.md` with what/why/proposed RESOURCES.md entry
fix: Remove Matrix integration — notifications move to forge + OpenClaw (#732) Remove all Matrix/Dendrite infrastructure: - Delete lib/matrix_listener.sh (long-poll daemon), lib/matrix_listener.service (systemd unit), lib/hooks/on-stop-matrix.sh (response streaming hook) - Remove matrix_send() and matrix_send_ctx() from lib/env.sh - Remove MATRIX_HOMESERVER auto-detection, MATRIX_THREAD_MAP from lib/env.sh - Remove [matrix] section parsing from lib/load-project.sh - Remove Matrix hook installation from lib/agent-session.sh - Remove notify/notify_ctx helpers and Matrix thread tracking from dev/dev-agent.sh and action/action-agent.sh - Remove all matrix_send calls from dev-poll.sh, phase-handler.sh, action-poll.sh, vault-poll.sh, vault-fire.sh, vault-reject.sh, review-poll.sh, review-pr.sh, supervisor-poll.sh, formula-session.sh - Remove Matrix listener startup from docker/agents/entrypoint.sh - Remove append_dendrite_compose() and setup_matrix() from bin/disinto - Remove --matrix flag from disinto init - Clean Matrix references from .env.example, projects/.toml.example, formulas/.toml, AGENTS.md, BOOTSTRAP.md, README.md, RESOURCES.md, PHASE-PROTOCOL.md, and all agent AGENTS.md/PROMPT.md files Status visibility now via Codeberg PR/issue activity. Human interaction via vault items through forge. Proactive alerts via OpenClaw heartbeats. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 14:53:56 +00:00			2. `vault-poll.sh` notifies human via vault/forge
fix: feat: vault as procurement gate + RESOURCES.md capability inventory (#504) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 18:49:31 +00:00			3. Human fulfills: creates account, adds secrets to `.env`, moves file to `vault/approved/`
			4. `vault-fire.sh` extracts proposed entry, appends to RESOURCES.md, moves to `vault/fired/`
			`5. Next planner run reads RESOURCES.md → new capability available → unblocks prerequisite tree`
chore: gardener housekeeping 2026-03-21 Progressive disclosure split of AGENTS.md (487→152 lines): - Extracted per-directory AGENTS.md files for all 8 agents + lib/ - Root AGENTS.md now serves as a table of contents with summary table - All watermarks updated to 16e430e Grooming results: - Promoted #469 (WATCH flow missing curl) and #436 (idle_pane_count bug) to backlog - 12 dust items classified, no groups ripe for bundling yet - No blocked issues, no AD violations 2026-03-21 12:44:23 +00:00
			`Environment variables consumed:`
			- All from `lib/env.sh`