Documentation
Everything you need to know about The Sovereignty Protocol
The Sovereignty Protocol is a meta-cognitive operating system for AI agents. It provides structure, rules, and self-improvement capabilities to make your AI assistants more reliable and focused.
Getting Started
Download the Package
Get the latest version from our download page. The package is small (~50KB) and contains everything you need.
Extract to Your Project
Extract the .agent folder, GEMINI.md, and README.md to your project root.
Configure Your Project
Edit .agent/project_context.md with your project details and requirements.
Initialize Your AI
Ask your AI assistant to read GEMINI.md, then .agent/manifest.md to initialize.
Core Concepts
🏛️ Laws
Rules that govern agent behavior. Laws define what agents can and cannot do, keeping them focused and safe.
⚡ Skills
Capabilities that agents can use. Skills are modular and can be added or removed as needed.
👤 Roles
Responsibilities that define an agent's purpose. Roles help agents understand their context and goals.
🔄 Flows
Workflows that orchestrate complex tasks. Flows ensure consistent and reliable execution.
Key Features
- ✓
Self-Documenting
Agents automatically maintain their own documentation
- ✓
Merit System
Agents evaluate and improve their own work
- ✓
Memory Management
Context is preserved across sessions
- ✓
IDE Agnostic
Works with any AI and development environment
🔐 Vault & Security System
Three-Layer Security Architecture
The Sovereignty Protocol uses a multi-layered vault system designed for maximum security and flexibility.
Master Key
Root of trust stored as bcrypt hash in your profile
Personal Vault
AES-256-GCM encrypted secrets accessible only to you
AI Vault
Opt-in secrets that AI/MCP tools can access
Master Key
Your Master Key is the foundation of your personal security. It is never stored in plain text.
- •Stored as a
bcrypthash in your user profile - •Used to derive AES-256-GCM encryption keys via KDF
- •Generated via Profile → Generate Master Key
- •Required to unseal your Personal Vault
Personal Vault (Sentinel Vault)
Your Personal Vault stores all your private secrets with military-grade encryption.
Features
- • AES-256-GCM encryption
- • User-isolated (no cross-user access)
- • Complete audit logging
- • Seal/unseal capability
- • Auto-seal on inactivity
Vault States
- 🔴 Sealed - Locked, encrypted at rest
- 🟢 Unsealed - Unlocked in memory
- 🔵 Auto-seal - Locks after timeout
Nexus MCP Vault (AI Access)
The Nexus MCP Vault is a bridge between your private secrets and AI tools. You have full control over what AI can access.
How It Works
- 1. Save secret to your Personal Vault
- 2. Go to Admin → Sentinel → Secrets → AI Access
- 3. Click "Publish to AI"
- 4. AI can now access via MCP tools
- 5. Revoke anytime to remove access
Security Controls
- • Explicit opt-in publishing
- • Tool-level access restrictions
- • Sensitivity flagging
- • Access count tracking
- • One-click revocation
MCP Tools
read_secret(name)write_secret(name, value)list_secrets()
Nexus Context Store
Local-first key-value storage for preferences and configuration. Uses dot-notation keys like api.openrouter.key or preferences.theme. Syncs to PocketBase every 5 minutes.
Comparison
| Feature | Personal Vault | AI Vault | Context Store |
|---|---|---|---|
| Encryption | Your Master Key | System Key | Optional |
| Who Can Access | You only | You + AI (opt-in) | You + System |
| Storage | PocketBase | PocketBase | Local + PB |
| Audit Log | Yes | Yes | No |
| Best For | Private secrets | AI-shared secrets | Config/preferences |
Best Practices
- 1.Use a strong, unique Master Key (not reused elsewhere)
- 2.Always seal your vault when not in use
- 3.Only publish secrets to AI that are actually needed
- 4.Regularly rotate API keys and update both vaults
- 5.Monitor the AI Access tab for unexpected access patterns