Documentation
Everything you need to know about The Sovereignty Protocol
The Sovereignty Protocol is a meta-cognitive operating system for AI agents. It provides structure, rules, and self-improvement capabilities to make your AI assistants more reliable and focused.
Getting Started
Download the Package
Get the latest version from our download page. The package is small (~50KB) and contains everything you need.
Extract to Your Project
Extract the .agent folder, GEMINI.md, and README.md to your project root.
Configure Your Project
Edit .agent/project_context.md with your project details and requirements.
Initialize Your AI
Ask your AI assistant to read GEMINI.md, then .agent/manifest.md to initialize.
Core Concepts
🏛️ Laws
Rules that govern agent behavior. Laws define what agents can and cannot do, keeping them focused and safe.
⚡ Skills
Capabilities that agents can use. Skills are modular and can be added or removed as needed.
👤 Roles
Responsibilities that define an agent's purpose. Roles help agents understand their context and goals.
🔄 Flows
Workflows that orchestrate complex tasks. Flows ensure consistent and reliable execution.
Key Features
- ✓
Self-Documenting
Agents automatically maintain their own documentation
- ✓
Merit System
Agents evaluate and improve their own work
- ✓
Memory Management
Context is preserved across sessions
- ✓
IDE Agnostic
Works with any AI and development environment
Developer API
Explore the full Sovereignty Protocol endpoint surface through our interactive Swagger reference, or open the raw OpenAPI contract directly when you want the machine-readable spec.
🔐 Vault & Security System
Three-Layer Security Architecture
The Sovereignty Protocol uses a multi-layered vault system designed for maximum security and flexibility.
Master Key
Root of trust stored as bcrypt hash in your profile
Personal Vault
AES-256-GCM encrypted secrets accessible only to you
AI Vault
Opt-in secrets that AI/MCP tools can access
Master Key
Your Master Key is the foundation of your personal security. It is never stored in plain text.
- •Stored as a
bcrypthash in your user profile - •Used to derive AES-256-GCM encryption keys via KDF
- •Generated via Profile → Generate Master Key
- •Required to unseal your Personal Vault
Personal Vault (Sentinel Vault)
Your Personal Vault stores all your private secrets with military-grade encryption.
Features
- • AES-256-GCM encryption
- • User-isolated (no cross-user access)
- • Complete audit logging
- • Seal/unseal capability
- • Auto-seal on inactivity
Vault States
- 🔴 Sealed - Locked, encrypted at rest
- 🟢 Unsealed - Unlocked in memory
- 🔵 Auto-seal - Locks after timeout
Nexus MCP Vault (AI Access)
The Nexus MCP Vault is a bridge between your private secrets and AI tools. You have full control over what AI can access.
How It Works
- 1. Save secret to your Personal Vault
- 2. Go to Admin → Sentinel → Secrets → AI Access
- 3. Click "Publish to AI"
- 4. AI can now access via MCP tools
- 5. Revoke anytime to remove access
Security Controls
- • Explicit opt-in publishing
- • Tool-level access restrictions
- • Sensitivity flagging
- • Access count tracking
- • One-click revocation
MCP Tools
read_secret(name)write_secret(name, value)list_secrets()
Nexus Context Store
Local-first key-value storage for preferences and configuration. Uses dot-notation keys like api.openrouter.key or preferences.theme. Syncs to PocketBase every 5 minutes.
Comparison
| Feature | Personal Vault | AI Vault | Context Store |
|---|---|---|---|
| Encryption | Your Master Key | System Key | Optional |
| Who Can Access | You only | You + AI (opt-in) | You + System |
| Storage | PocketBase | PocketBase | Local + PB |
| Audit Log | Yes | Yes | No |
| Best For | Private secrets | AI-shared secrets | Config/preferences |
Best Practices
- 1.Use a strong, unique Master Key (not reused elsewhere)
- 2.Always seal your vault when not in use
- 3.Only publish secrets to AI that are actually needed
- 4.Regularly rotate API keys and update both vaults
- 5.Monitor the AI Access tab for unexpected access patterns