Purpose
VAULT compiles the private projection aggregate. Auth-gated.
Every service that declares a VAULT.md file contributes to the private surface. VAULT walks SERVICES/**/VAULT.md and {USER}/**/VAULT.md to compile a governed catalog of everything behind the auth gate. Only authenticated users with matching scope grants can access VAULT content.
Structure
Aggregator SERVICE scope. No governed child scopes.
Discovery: walk SERVICES/**/VAULT.md (filesystem-first, UPPERCASE per LANGUAGE).
All projections are private by default.
Required closure artifacts per scope:
CANON.md, README.md, VAULT.md, VOCAB.md, ROADMAP.md, COVERAGE.md, LEARNING.md.
Routes
web_docs: https://hadleylab-canonic.github.io/
web_surface: https://hadleylab-canonic.github.io/SERVICES/VAULT/
magic: magic://hadleylab-canonic.github.io/SERVICES/VAULT/
Compilation Contract
1. Walk all VAULT.md files in SERVICES/ and {USER}/ trees
2. Extract front matter metadata from each VAULT.md
3. Compile aggregate catalog (scope, privacy, readers, date per entry)
4. Emit _data/vault.json for Jekyll consumption (auth-gated render)
5. Frontend renders catalog only after AUTH session validation
6. Validation gate: AUTH scope grants checked per-entry at render time
Ecosystem Connectivity
- Upstream: every service with a VAULT.md file contributes to the aggregate.
- Downstream: compiled catalog at
_data/vault.jsonconsumed by auth-gated frontend. - Gate: AUTH session + scope grants checked before render. Fail-closed.
- Frontend: governed auth-gated surface at SERVICES/VAULT/ route. NEVER surfaced in public navigation.
Pages
| Page | Sections |
|---|---|
| Overview | Purpose, Structure |
| Compilation | Routes, Compilation Contract |
| Ecosystem | Ecosystem Connectivity |
Default: Overview.
| *VAULT | SPEC | SERVICES* |