f480cbe5d0
Progressive disclosure split of AGENTS.md (487→152 lines):
- Extracted per-directory AGENTS.md files for all 8 agents + lib/
- Root AGENTS.md now serves as a table of contents with summary table
- All watermarks updated to 16e430e
Grooming results:
- Promoted #469 (WATCH flow missing curl) and #436 (idle_pane_count bug) to backlog
- 12 dust items classified, no groups ripe for bundling yet
- No blocked issues, no AD violations
1 KiB
1 KiB
Vault Agent
Role: Safety gate for dangerous or irreversible actions. Actions enter a
pending queue and are classified by Claude via vault-agent.sh, which can
auto-approve (call vault-fire.sh directly), auto-reject (call
vault-reject.sh), or escalate to a human via Matrix for APPROVE/REJECT.
Trigger: vault-poll.sh runs every 30 min via cron.
Key files:
vault/vault-poll.sh— Processes pending actions: retry approved, auto-reject after 48h timeout, invoke vault-agent for new itemsvault/vault-agent.sh— Classifies and routes pending actions viaclaude -p: auto-approve, auto-reject, or escalate to humanvault/PROMPT.md— System prompt for the vault agent's Claude invocationvault/vault-fire.sh— Executes an approved actionvault/vault-reject.sh— Marks an action as rejected
Environment variables consumed:
- All from
lib/env.sh MATRIX_TOKEN,MATRIX_ROOM_ID,MATRIX_HOMESERVER— Escalation channel