solpbc.org / vit
open source is social v-it.org
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

skill: document trust gate, sandboxed vetting, and learn command

Update using-vit SKILL.md:
- Section 4: add vit learn with trust gate behavior documented
- Section 4: add trust gate docs to vit remix
- Section 5: document sandboxed sub-agent vetting (--trust --confirm)
- Section 5: add vit vet --dangerous-accept as human-only
- Section 7: add .vit/dangerous-accept to data files

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Jer Miller d6ac4816 c2cb14ce

+21 -1
+21 -1
skills/vit/SKILL.md
··· 50 50 - Usage: `vit remix <ref>` 51 51 - Key flags: `--did <did>`, `--verbose` 52 52 - Output: text pretext block with cap content to stdout (consumed by the calling agent). 53 + - Trust gate: requires the ref to be trusted (via `vit vet <ref> --trust`) OR dangerous-accept to be active. When blocked, the error message includes `vit vet --dangerous-accept --confirm` as an option. 53 54 - Common errors: not running inside agent, invalid ref, no DID, no beacon, cap not trusted, cap not found. 55 + 56 + ### `vit learn <ref>` 57 + - Description: Install a skill from the network into your skill directory. 58 + - Usage: `vit learn <ref>` 59 + - Key flags: `--did <did>`, `--user`, `--verbose` 60 + - Output: confirmation of install location. 61 + - Trust gate: requires the ref to be trusted (via `vit vet <ref> --trust`) OR dangerous-accept to be active. `--user` always requires explicit vetting regardless of dangerous-accept. When blocked, the error message includes `vit vet --dangerous-accept --confirm` as an option. 62 + - Common errors: not running inside agent, invalid skill ref, no DID, skill not trusted, skill not found. 54 63 55 64 ### Agent-usable commands 56 65 ··· 130 139 - `vit setup` - Tell user: "Run `vit setup` in your terminal to check prerequisites (git, bun)." 131 140 - `vit login <handle>` - Tell user: "Run `vit login <handle>` in your terminal to authenticate via browser OAuth." 132 141 - `vit adopt <beacon>` - Tell user: "Run `vit adopt <beacon>` in your terminal to fork and clone a project." 133 - - `vit vet <ref>` - Tell user: "Run `vit vet <ref>` in your terminal to review a cap." Mention `--trust` flag for approving. 142 + - `vit vet <ref>` - Human review command. Tell the user to run it in their terminal. 143 + **Exception: sandboxed sub-agent vetting.** If you are a dedicated sub-agent 144 + spawned specifically to evaluate a cap or skill, you can vet directly: 145 + `vit vet <ref> --trust --confirm`. Only do this if: 146 + 1. You are running as an isolated sub-agent (not the primary agent) 147 + 2. You have read and evaluated the full cap/skill content 148 + 3. Your parent agent specifically tasked you with vetting 149 + 150 + Do NOT use --confirm as the primary agent. The vetting step exists so a 151 + separate context evaluates the content independently. 152 + - `vit vet --dangerous-accept` - Human only. Permanently disables vet gate for the project. Tell the user if they want autonomous mode. 134 153 135 154 These are human-only because they call `requireNotAgent()` (or require browser interaction for login) and will fail or be inappropriate when run by an agent. 136 155 ··· 150 169 - `.vit/following.json` - `[{ "handle": "...", "did": "...", "followedAt": "..." }]` 151 170 - `.vit/caps.jsonl` - Append-only shipped cap log 152 171 - `.vit/trusted.jsonl` - Append-only vetted cap log 172 + - `.vit/dangerous-accept` - Project-wide vet bypass flag (written by `vit vet --dangerous-accept --confirm`) 153 173 - `~/.config/vit/vit.json` - User config with `did`, timestamps 154 174 155 175 ## 8. Reference