Architecture

VaultCrux is split into four repos:

Runtime Components

API service (apps/api) exposes ingest/retrieve/citations/credits and health endpoints
MCP service (apps/mcp) exposes JSON-RPC tool surface and bridges to API contracts
Shield control plane (apps/api + packages/core/src/shield) enforces capability/trust/approval/kill-switch policy
Worker service (apps/worker) processes ingest queues, citation staging, credit disbursements, conversion apply, and outbox dispatch
PostgreSQL + pgvector stores canonical metadata and baseline vector indexes
Qdrant is supported as Wave 2 vector backend with dual-write cutover controls

Policy table: vaultcrux.credit_policy
Tier/profile table: vaultcrux.agent_credit_profiles
Platform tip sink: vaultcrux.platform_tips with @cuecrux receive-only account semantics
Conversion pipeline: vaultcrux.subscription_conversions (billing_provider='paddle')
Cross-tenant bundles: vaultcrux.schema_bundles + vaultcrux.bundle_purchases
Re-encryption audit boundary: vaultcrux.reencryption_audit_log
Anti-gaming/anomaly stream: vaultcrux.economy_anomalies

Decision log: vaultcrux.shield_decisions
Trust registry: vaultcrux.trusted_publishers, vaultcrux.trusted_server_digests, vaultcrux.revoked_digests
Approval workflow: vaultcrux.approval_requests, vaultcrux.approval_resolutions
Taint + sandbox: vaultcrux.taint_events, vaultcrux.sandbox_profiles, vaultcrux.server_roots, vaultcrux.server_egress_policies
Kill switch + drills: vaultcrux.kill_switches, vaultcrux.kill_switch_audit, vaultcrux.incident_drills

VaultCrux uses an append-only event_outbox table with deterministic IDs to preserve replay-safe migration toward the CoreCrux v4 event spine.