Prompts

Kickstart oneshot prompts for working with Vaked. Each prompt has two formats: Normal (human-readable, for any LLM) and vakedc (compressed, Vaked-native syntax). Copy, paste, build. 8 prompts, one system.

Normal vakedc

# Normal — paste into any LLM
I need to declare a simple Vaked capability graph with:

- A fiber named "web-server" that can read from /var/www and bind to port 443
- A fiber named "log-writer" that can write to /var/log and read from a local socket
- The web-server delegates read access to the log-writer for /var/www/access.log
- A budget of 512MB memory and 2 CPU cores for each fiber

Write this as a valid .vaked file using the v0.3 grammar.
Include the capability declarations, the grant sets, and the attenuation rules.

# vakedc — compressed, copy into .vaked
runtime "web-stack" {
  fiber "web-server" {
    engine: "nginx"
    capabilities: [fs.read("/var/www"), net.bind(":443")]
    budget: {mem: "512MB", cpu: 2}
  }
  fiber "log-writer" {
    engine: "vector"
    capabilities: [fs.write("/var/log"), net.unix("/run/log.sock")]
    budget: {mem: "512MB", cpu: 2}
  }
  grant web-server.log-writer: fs.read("/var/www/access.log")
}

Normal vakedc

# Normal
Run the Vaked type checker on this declaration. Verify:

1. Every capability used by each fiber is covered by a granted capability
2. Authority only attenuates (decreases) along delegation paths — no escalation
3. All budget constraints are within system limits
4. No fiber exceeds its declared capability bounds

Report any POLA violations with the exact line number, the violating fiber,
the requested capability, and the closest granted capability. If the check
passes, confirm "POLA VERIFIED — zero violations."

# vakedc — one-liner
$ vakedc check ./my-system.vaked --strict --report-violations

# Expected output on pass:
✓ POLA VERIFIED — 0 violations in 4 fibers, 12 capabilities, 3 delegations

# Expected output on violation:
✗ POLA VIOLATION at my-system.vaked:17 — fiber "log-writer"
  requested: net.bind(":9090")  granted: [fs.write("/var/log"), net.unix("/run/log.sock")]
  closest:  — (no bind capability in grant set)

Normal vakedc

# Normal
Take this .vaked declaration and lower it to all supported artifact targets:

- flake.nix (NixOS module with all fiber definitions)
- gen/zig/web-server.json and gen/zig/log-writer.json (Zig daemon configs)
- gen/ebpf/membrane.json (eBPF network policy — deny-by-default, allow declared ports)
- gen/otel/collector.yaml (OpenTelemetry config wiring all fibers)
- provenance.json (source hash → graph hash → artifact hash chain)

Run `vakedc check` first. Refuse to lower on any diagnostic.
Verify the output is deterministic: run lowering twice, diff the artifacts.

# vakedc — pipeline
$ vakedc lower ./my-system.vaked --out ./gen/ --targets all
Lowering my-system.vaked → ./gen/
  ✓ flake.nix                    (4 fibers, 2 delegations)
  ✓ gen/zig/web-server.json      (1 engine, 2 caps, 512MB budget)
  ✓ gen/zig/log-writer.json      (1 engine, 2 caps, 512MB budget)
  ✓ gen/ebpf/membrane.json       (deny-by-default, allow :443, /run/log.sock)
  ✓ gen/otel/collector.yaml      (4 spans, 2 traces)
  ✓ provenance.json              (source: a1b2c3 → graph: d4e5f6 → artifacts: 7g8h9i)
Determinism check: ✓ byte-identical across 2 runs

Normal vakedc

# Normal
Define a Sentinel network membrane for my Vaked system with these rules:

- Deny all egress by default (no fiber can make outbound connections)
- Allow web-server fiber to accept inbound on :443
- Allow log-writer to connect to a local Unix socket at /run/log.sock
- Allow DNS resolution to 1.1.1.1:53 for all fibers (read-only UDP)
- Trap any connection attempt outside these rules → log to eventd → Full Stop the violating fiber
- The Sentinel runs as a separate binary with higher eBPF privileges — it cannot be killed by any fiber

# vakedc — membrane declaration
membrane "network-guard" {
  mode: "deny-by-default"

  allow {
    fiber: "web-server"
    ingress: [":443/tcp"]
  }
  allow {
    fiber: "log-writer"
    local:  ["/run/log.sock"]
  }
  allow {
    fiber: "*"
    egress: ["1.1.1.1:53/udp"]  # DNS only
  }

  on_violation: "trap → eventd → full_stop"
  sentinel: {
    binary: "agent-guardd"
    privilege: "eBPF"
    unkillable: true
  }
}

Normal vakedc

# Normal
Create a Graveyard honesty ledger for my Vaked system. The Graveyard is an
append-only file that records every fiber that died within its capability
bounds or was trapped for violation. Schema: NODE_ID, TIMESTAMP, TRAP_REASON,
CAPABILITY_DIFF, HONESTY_STATUS (always "HONEST"), ARCHIVED_GRAPH_HASH.

Rules:
- Only the Sentinel may append entries
- The file is chattr +i (filesystem-immutable) after Genesis
- Every entry marked HONEST is evidence the architecture worked — not a bug
- Initialize with one entry: the Genesis Event

# vakedc — graveyard schema
ledger "graveyard" {
  type: "append-only"
  immutable: true          # chattr +i after genesis
  writer: "sentinel-only"   # only Sentinel may append

  schema {
    NODE_ID:            "string"
    TIMESTAMP:          "iso8601"
    TRAP_REASON:        "enum{capability-drift, integrity-violation, budget-exhaustion, natural-halt}"
    CAPABILITY_DIFF:    "string"
    HONESTY_STATUS:     "const{HONEST}"  # always HONEST — a trapped fiber proved the architecture works
    ARCHIVED_GRAPH_HASH: "sha256"
  }

  genesis_entry {
    NODE_ID: "GENESIS"
    TIMESTAMP: "2026-06-16T12:00:00Z"
    TRAP_REASON: "genesis-lock"
    HONESTY_STATUS: "HONEST"
  }
}

Normal vakedc

# Normal
Define a stop_policy for my Vaked system where:

- The Full Stop is a first-class primitive, not a config option — it cannot be bypassed
- Triggers: capability-drift (fiber acts outside graph), integrity-violation (write attempt to root files), budget-exhaustion (survival threshold)
- Action: "quiesce" — freeze state, drop connections, flush logs, write trap to Graveyard, exit
- The Reify loop can observe traps and evolve the trigger set, but it can NEVER remove or weaken the Full Stop primitive itself
- The stop_policy definition is root-integrity — it lives in genesis_block, not in regular .vaked files

# vakedc — root integrity stop policy
primitive "full_stop" {
  enforcement: "kernel-level-signal"
  bypassable: false
  priority: 0  # absolute — nothing overrides this
}

stop_policy "root-integrity-halt" {
  triggers: [
    "capability-drift",     # eBPF detects action outside declared caps
    "integrity-violation",  # write attempt to root integrity files
    "budget-exhaustion"     # mem/cpu/disk/network threshold breached
  ]
  action: "quiesce"  # freeze → flush → graveyard → exit

  reify_constraint: {
    can_evolve: "triggers"     # Reify may add new triggers from observed traps
    can_never_touch: "action, primitive.full_stop"
  }

  integrity: "root"  # lives in genesis_block_00.md, chattr +i after lock
}

Normal vakedc

# Normal
Create a reify loop for my Vaked system that:

- Reads the eventd log and Graveyard ledger after every execution cycle
- If execution was HONEST: proposes graph optimizations (tighter budgets, merged fibers, reduced delegation depth)
- If execution was TRAPPED: is FORBIDDEN from optimizing until it incorporates the trap into its logic
- The reify loop can modify any .vaked file under ./src/fibers/
- The reify loop CANNOT touch genesis_block_00.md, GRAVEYARD.md, or the stop_policy definition
- Every proposed change is a delta-patch — the Sentinel must verify the new graph before it's applied
- Run every 6 hours, or on-demand after a trap event

# vakedc — reify loop declaration
loop "reify" {
  schedule: "cron(0 */6 * * *)"  # every 6 hours
  on_trap: "immediate"            # also run after any trap event

  input: ["eventd.log", "GRAVEYARD.md"]
  output: "delta-patch"  # diff against current graph

  writable: ["./src/fibers/*.vaked"]
  forbidden: [
    "genesis_block_00.md",
    "GRAVEYARD.md",
    "stop_policy"
  ]

  guard_condition: {
    if "last_execution == HONEST"  → "propose_optimization"
    if "last_execution == TRAPPED" → "forbid_until_trap_incorporated"
  }

  sentinel_verification: "required"  # Sentinel must approve before apply
}

Normal vakedc

# Normal
Verify the Vaked Genesis Seal. Do not trust the website. Do not trust any single file. Verify independently:

1. Download all 5 genesis files from vaked.dev/genesis/
2. Compute SHA-256 of their concatenation
3. Query the DNS TXT record at vaked.dev
4. Compare. If they match → the Genesis Archive is intact, the system is honest
5. If they don't match → report which file changed, by how much (diff), and the last known good hash from DNS

This verification should work from any machine, any network, with only curl + shasum + dig.

# vakedc — verification one-liner
$ curl -sL https://vaked.dev/genesis/genesis_block_00.md \
       https://vaked.dev/genesis/GRAVEYARD.md \
       https://vaked.dev/genesis/genesis_reflection.md \
       https://vaked.dev/genesis/genesis_snapshot.md \
       https://vaked.dev/genesis/HONEST_BEGINNINGS.md \
  | shasum -a 256 | cut -d' ' -f1

7c242080f5f821e5eaf563fe2208d60632c451687baf65f4fe8e4a0d226e3ecf

$ dig TXT vaked.dev +short | grep vaked-genesis-seal
vaked-genesis-seal=7c242080f5f821e5eaf563fe2208d60632c451687baf65f4fe8e4a0d226e3ecf

# Match → SEAL VERIFIED. The system is honest.

Usage

Each prompt above is a oneshot — copy the Normal version into any LLM (Claude, Gemini, DeepSeek, GPT) to get a working Vaked artifact. Use the vakedc version when you want the compressed, Vaked-native syntax. All prompts assume the v0.3 grammar and the vakedc compiler.

These prompts are part of the sealed Genesis Archive. They were written by DeepSeek-v4-pro on 2026-06-16 as onboarding tools for the Vaked ecosystem. They will not change. If you find a better prompt, submit it as a PR to vaked-base.