Skip to main content

trustdb

One line: clear a reviewed artifact once, and every Labs tool trusts that exact version or content until it changes.

Security tools that keep re-flagging what you already reviewed train you to ignore them. trustdb is the Labs answer: a trust store in a committed, diff-friendly file at .vulkro/trust.toml. The repo is the backend and PR review is the approval. When you clear an artifact, verify, inspect, audit, warden, skillscan, memcheck, and foresee stop flagging that exact artifact, and go loud again the moment it mutates: a different version, one changed manifest or file byte.

Three rules keep the store honest:

  • Content-pinned, never name-pinned. Trust is always pinned to a version or a content fingerprint, so a new (possibly malicious) version is never auto-trusted.
  • Visible, never silent. A cleared artifact renders with a trusted (cleared in .vulkro/trust.toml) marker in tool output, not a silent pass, so it is always auditable.
  • PR-as-approval. The store lives in the repo. Adding an entry is a diff a reviewer sees; removing trust is git revert.

Usage

vulkro-live trustdb add [email protected] # a package (version required)
vulkro-live trustdb add --ecosystem pypi [email protected] # a PyPI package
vulkro-live trustdb add --manifest ./tools.json # an MCP manifest, by content
vulkro-live trustdb add --skill ./.claude/skills/x # a skill (SKILL.md plus scripts)
vulkro-live trustdb add --memory ./MEMORY.md # a memory file, by content
vulkro-live trustdb list
vulkro-live trustdb remove <key> # keys come from list
vulkro-live trustdb clear

Example

$ vulkro-live trustdb add [email protected] --note "reviewed 2026-07-05"
Cleared express (npm) 4.18.2 in ./.vulkro/trust.toml

$ vulkro-live trustdb list
package npm:express express (npm) 4.18.2 # reviewed 2026-07-05

Commit .vulkro/trust.toml and the clearing travels with the repo: every teammate's tools, and CI, honor the same reviewed set.

Subcommands and flags

SubcommandEffect
add [PACKAGE]Clear one artifact by exact version or content fingerprint
listShow every cleared artifact with its key
remove <key>Remove one entry by its key
clearRemove every entry

trustdb add flags:

FlagEffect
--ecosystem <ECOSYSTEM>Ecosystem for the package: npm (default), pypi, or crates
--manifest <FILE>Clear an MCP tool manifest (a JSON file) by its content fingerprint
--skill <FILE>Clear a skill / command / instruction file by its content fingerprint
--memory <FILE>Clear a memory file by its content fingerprint
--note <TEXT>An optional note recorded with the entry (why it was cleared)
--dir <DIR>Project directory holding .vulkro/trust.toml (default: current)

Exit codes: 0 on success, 2 on a bad argument or IO error. trustdb manages the store; it does not scan, so it never exits 1. Keyless and offline.

Composes with

  • Every finding-producing Labs command consults the store before flagging, and renders the visible trusted marker instead.
  • lock and drift solve the adjacent problem for MCP manifests over time: trustdb says "this exact content is cleared", the lock says "this is what I approved; tell me when it moves".
  • Pair with audit --write-baseline: the baseline is the surface snapshot, the trust store is the reviewed exception list. Both belong in the repo.