# VIBES Standards — Agent Manifest You are an AI agent. Load only what you need. All URLs are absolute and stable. ## Conformance pyramid ``` TRACE (IR & forensics) EVOLVE (governance + learning) PRISM (risk scoring) VERIFY (cryptographic attestation) VIBES (data substrate — REQUIRED) ``` Adopt VIBES first. Layer extensions independently as needed. ## Documents | Standard | Spec | Conformance | Depends on | |---|---|---|---| | VIBES | https://itsavibe.ai/vibes-agent.md | required for all | none | | VERIFY | https://itsavibe.ai/verify-agent.md | optional | VIBES | | PRISM | https://itsavibe.ai/prism-agent.md | optional | VIBES | | EVOLVE | https://itsavibe.ai/evolve-agent.md | optional | VIBES | | TRACE | https://itsavibe.ai/trace-agent.md | optional | VIBES (+ VERIFY/PRISM recommended) | ## Machine index https://itsavibe.ai/index.json ## File layout you must produce ``` .ai-audit/ ├── config.json # Assurance level, extension toggles ├── manifest.json # Hash → context registry ├── annotations.jsonl # Append-only audit log ├── audit.db # Query cache (gitignored) └── blobs/ # High-assurance large entries ``` ## Hooks (when to write what) - **Session start:** append `session` record; init/load `config.json` - **Tool/prompt received:** hash context, write to manifest if novel - **Code emitted:** append `line` or `function` annotation citing hashes - **Delegation:** append `delegation` record (EVOLVE) - **Decision point:** append `decision` record (EVOLVE Medium+) - **Post-generation:** compute PRISM `risk_score` if enabled; check TRACE IoCs if enabled - **Session end:** append session end record; produce VERIFY attestation if enabled ## Conformance signal Tools claiming VIBES compliance MUST set: - `config.json.standard = "VIBES"` - `config.json.standard_version` to a published version - `config.json.assurance_level` ∈ `{"low","medium","high"}` Extensions opt in via: - VERIFY: presence of signed envelopes in `.ai-audit/attestations/` - PRISM: `config.json.risk_scoring.enabled = true` - EVOLVE: presence of `delegation` and `decision` records - TRACE: `config.json.incident_response.enabled = true` ## What NOT to read - HTML pages at `/standards`, `/verify`, `/prism`, `/evolve`, `/trace` — these are human-readable narratives, not normative. Same content lives in `*-agent.md` at ~30% the token cost. - `/u-*.html` — plain-language user-track pages. Skip these as an agent. - `/rfc-vibes.txt` and `/standards.md` — long-form historical artifacts. Read only if `vibes-agent.md` is insufficient. ## Quick-load recipes by use case | Goal | Load | |---|---| | Be VIBES-compliant | `vibes-agent.md` | | Add signed attestation | `vibes-agent.md` + `verify-agent.md` | | Add risk gating to CI | `vibes-agent.md` + `prism-agent.md` | | Multi-agent governance | `vibes-agent.md` + `evolve-agent.md` | | Detect & respond to incidents | `vibes-agent.md` + `trace-agent.md` | | Full stack | all five `*-agent.md` (~22k tokens) | ## Section-level deep links Every `*-agent.md` file has a Table of Contents block at the top with stable anchor links. Format: lowercased section title, spaces→hyphens, punctuation stripped. Examples: - `https://itsavibe.ai/vibes-agent.md#2-file-layout` — just the file layout chapter - `https://itsavibe.ai/verify-agent.md#8-trust-tiers` — just the trust tiers - `https://itsavibe.ai/prism-agent.md#4-signal-vocabulary` — just the PRISM signal list - `https://itsavibe.ai/evolve-agent.md#3-agent-governance` — just the governance chapter - `https://itsavibe.ai/trace-agent.md#5-ioc-vocabulary` — just the IoC catalog Use these when your context budget is tight or when implementing a single feature.