fix: chore: tear down old vault scripts — prepare for PR-based vault (#73)

2026-03-31 20:38:05 +00:00 · 2026-03-31 20:38:05 +00:00 · aad21dc084
commit aad21dc084
parent bfce7a9a06
19 changed files with 31 additions and 907 deletions
--- a/site/docs/architecture.html
+++ b/site/docs/architecture.html
@ -399,8 +399,8 @@
        </div>
        <div class="agent-card">
          <div class="name">vault</div>
-          <div class="role"><strong>Safety gate.</strong> Reviews dangerous actions before they execute. Auto-approves safe operations, escalates risky ones to a human.</div>
-          <div class="trigger">Event-driven</div>
+          <div class="role"><strong>Being redesigned.</strong> Moving to PR-based approval workflow on ops repo. See issues #73-#77.</div>
+          <div class="trigger">Redesign in progress</div>
        </div>
      </div>
    </div>
@ -446,12 +446,11 @@

    <!-- Vault -->
    <div class="section">
-      <h2>Vault &mdash; quality gate</h2>
+      <h2>Vault &mdash; being redesigned</h2>
      <div class="concept">
-        <div class="label">How it works</div>
-        <p>The vault sits between agents and dangerous actions. Before an agent can execute a risky operation (force push, deploy, delete), the vault reviews the request.</p>
-        <p><strong>Auto-approve</strong> &mdash; safe, well-understood operations pass through instantly. <strong>Escalate</strong> &mdash; risky or novel operations get sent to a human via Matrix. <strong>Reject</strong> &mdash; clearly unsafe actions are blocked.</p>
-        <p>You define the boundaries. The vault enforces them. This is what lets you sleep while the factory runs.</p>
+        <div class="label">Redesign in progress</div>
+        <p>The vault is being redesigned as a PR-based approval workflow on the ops repo. Instead of polling pending files, vault items will be created as PRs that require admin approval before execution.</p>
+        <p><strong>See issues #73-#77</strong> for the design: #75 defines the vault.sh helper for creating vault PRs, #76 rewrites the dispatcher to poll for merged vault PRs, #77 adds branch protection requiring admin approval.</p>
      </div>
    </div>

@ -519,7 +518,7 @@ disinto/
 ├── <span class="agent-name">predictor/</span>     predictor-run.sh (daily cron executor)
 ├── <span class="agent-name">planner/</span>       planner-run.sh (weekly cron executor)
 ├── <span class="agent-name">supervisor/</span>    supervisor-run.sh (health monitoring)
-├── <span class="agent-name">vault/</span>         vault-poll.sh, vault-agent.sh, vault-fire.sh
+├── <span class="agent-name">vault/</span>         vault-env.sh (vault redesign in progress, see #73-#77)
 ├── <span class="agent-name">lib/</span>           env.sh, agent-session.sh, ci-helpers.sh
 ├── <span class="agent-name">projects/</span>      *.toml per-project config
 ├── <span class="agent-name">formulas/</span>      TOML specs for multi-step agent tasks