trustdb
One line: clear a reviewed artifact once, and every Labs tool trusts that exact version or content until it changes.
Security tools that keep re-flagging what you already reviewed train
you to ignore them. trustdb is the Labs answer: a trust store in a
committed, diff-friendly file at .vulkro/trust.toml. The repo is the
backend and PR review is the approval. When you clear an artifact,
verify, inspect,
audit, warden,
skillscan, memcheck, and
foresee stop flagging that exact artifact, and go
loud again the moment it mutates: a different version, one changed
manifest or file byte.
Three rules keep the store honest:
- Content-pinned, never name-pinned. Trust is always pinned to a version or a content fingerprint, so a new (possibly malicious) version is never auto-trusted.
- Visible, never silent. A cleared artifact renders with a
trusted (cleared in .vulkro/trust.toml)marker in tool output, not a silent pass, so it is always auditable. - PR-as-approval. The store lives in the repo. Adding an entry is a
diff a reviewer sees; removing trust is
git revert.
Usage
vulkro-live trustdb add --manifest ./tools.json # an MCP manifest, by content
vulkro-live trustdb add --skill ./.claude/skills/x # a skill (SKILL.md plus scripts)
vulkro-live trustdb add --memory ./MEMORY.md # a memory file, by content
vulkro-live trustdb list
vulkro-live trustdb remove <key> # keys come from list
vulkro-live trustdb clear
Example
$ vulkro-live trustdb add [email protected] --note "reviewed 2026-07-05"
Cleared express (npm) 4.18.2 in ./.vulkro/trust.toml
$ vulkro-live trustdb list
package npm:express express (npm) 4.18.2 # reviewed 2026-07-05
Commit .vulkro/trust.toml and the clearing travels with the repo:
every teammate's tools, and CI, honor the same reviewed set.
Subcommands and flags
| Subcommand | Effect |
|---|---|
add [PACKAGE] | Clear one artifact by exact version or content fingerprint |
list | Show every cleared artifact with its key |
remove <key> | Remove one entry by its key |
clear | Remove every entry |
trustdb add flags:
| Flag | Effect |
|---|---|
--ecosystem <ECOSYSTEM> | Ecosystem for the package: npm (default), pypi, or crates |
--manifest <FILE> | Clear an MCP tool manifest (a JSON file) by its content fingerprint |
--skill <FILE> | Clear a skill / command / instruction file by its content fingerprint |
--memory <FILE> | Clear a memory file by its content fingerprint |
--note <TEXT> | An optional note recorded with the entry (why it was cleared) |
--dir <DIR> | Project directory holding .vulkro/trust.toml (default: current) |
Exit codes: 0 on success, 2 on a bad argument or IO error. trustdb
manages the store; it does not scan, so it never exits 1. Keyless and
offline.
Composes with
- Every finding-producing Labs command consults the store before flagging, and renders the visible trusted marker instead.
lockanddriftsolve the adjacent problem for MCP manifests over time: trustdb says "this exact content is cleared", the lock says "this is what I approved; tell me when it moves".- Pair with
audit --write-baseline: the baseline is the surface snapshot, the trust store is the reviewed exception list. Both belong in the repo.