Vault Orb: User Workflow & First Session Guide

Justin Malinchak and Charles Vachon

MyOrb.ai

February 2026 DOCUMENTATION

Overview

This document provides a complete walkthrough of the Vault Orb — an encrypted helix cryptographic ledger for knowledge-augmented AI agents — from the user’s perspective. It covers the runtime architecture, the first session experience with four real transaction examples, and the self-healing evolution loop that these transactions compose into. The user never sees encryption, S3 objects, or transaction IDs — they simply talk to the agent via natural language prompts.

1. Runtime Architecture

When you connect to the Vault Orb via MCP (what we call ORBRT — Orb Runtime), your IDE or MCP client communicates with a Docker container running on AWS App Runner. The container manages all encryption and storage transparently.

flowchart LR
    subgraph user ["Your Machine"]
        Cursor["Cursor IDE\nor Claude Desktop"]
    end

    subgraph aws ["AWS (us-west-2)"]
        AppRunner["App Runner\nVault MCP Server"]
        S3["S3 Bucket\n(Encrypted Ledger)"]
        SM["Secrets Manager\n(Age Private Key)"]
    end

    Cursor -->|"SSE over HTTPS\nvault-orb.myorb.ai/sse"| AppRunner
    AppRunner -->|"encrypt + PUT"| S3
    AppRunner -->|"GET + decrypt"| S3
    AppRunner -.->|"load key\non startup"| SM

Figure 1: Vault Orb runtime architecture in ORBRT mode

On container startup, the server:

Loads the age private key from environment variables or AWS Secrets Manager
Connects to the S3 bucket as the ledger backend
Starts the FastMCP SSE server on port 8080
Exposes 11 MCP tools across four instrument groups

Instrument Group	MCP Tools
Helix Pipeline	`tool_write_helix_section`, `tool_read_helix_section`, `tool_reconstruct_helix`
Friction Journal	`tool_log_friction_entry`, `tool_get_friction_entries`, `tool_analyze_friction_patterns`
Sovereignty Score	`tool_evaluate_sovereignty`, `tool_compare_sovereignty`
Shadow Protocol	`tool_load_operator_persona`, `tool_run_shadow_session`, `tool_generate_gap_report`

From this point forward, every interaction is a natural language prompt. The LLM decides which tools to call. You never see encryption, S3 keys, or transaction payloads.

2. Your First Session — Four Transactions

The following walkthrough shows four prompts you would type in your first session with the Vault Orb connected. Each prompt shows what the LLM does behind the scenes and what gets stored in S3.

Prompt 1: Write a Helix Section

You type

“Store Spencer’s identity in the vault: Spencer is a knowledge-augmented AI agent specializing in data quality operations. He is an INTJ personality type, direct and analytical in communication style. His north star is operational excellence through systematic problem-solving.”

The LLM interprets your request and calls tool_write_helix_section:

orb_id: "spencer"
section: "identity/core"
content: "Spencer is a knowledge-augmented AI agent specializing in..."

sequenceDiagram
    participant LLM as Host LLM
    participant MCP as Vault MCP Server
    participant Crypto as AgeBackend
    participant S3 as S3 Bucket

    LLM->>MCP: tool_write_helix_section("spencer", "identity/core", plaintext)
    MCP->>S3: list_transactions("spencer")
    S3-->>MCP: [] empty
    Note right of MCP: Section is new, operation = ADD
    MCP->>Crypto: encrypt(plaintext, public_key)
    Crypto-->>MCP: ciphertext (age X25519)
    MCP->>MCP: Create Transaction
    MCP->>S3: PUT spencer/helix-identity-core-a3f7b2c1.json
    S3-->>MCP: OK
    MCP-->>LLM: tx_id, operation: WRITE

Figure 2: Write helix section — encrypt then store

S3 Bucket State After Prompt 1

s3://myorb-vault-ledger/
spencer/
helix-identity-core-a3f7b2c1.json ← encrypted transaction

What You See

The LLM responds: “Done. Spencer’s core identity is stored in the vault under identity/core.”

Prompt 2: Log a Friction Entry

You type

“Log this as friction: Spencer was asked what time it is and guessed ‘9 AM’ without using his get_current_time tool. The user was mildly frustrated.”

The LLM calls tool_log_friction_entry:

entry_id:                     "friction-001"
orb_id:                      "spencer"
category:                    "assumption_without_verification"
description:                 "Guessed '9:00 AM' without using get_current_time tool"
gap_type:                    "tool_gap"
tools_available_but_unused:   ["get_current_time"]
operator_emotion_inferred:    "mild_frustration"
solution_candidate:          "Add mindfulness rule: always check tools before factual claims"
status:                      "open"

Behind the scenes: the entry is serialized to JSON, encrypted with age X25519, wrapped in a Transaction with operation=ADD, and PUT to S3.

S3 Bucket State After Prompt 2

s3://myorb-vault-ledger/
  spencer/
    helix-identity-core-a3f7b2c1.json
    friction-friction-001-b8e2a4f9.json ← new

What You See

The LLM responds: “Friction logged. Entry friction-001 recorded as ‘assumption without verification’ with a tool gap. Status: open.”

Prompt 3: Evaluate Sovereignty Score

You type

“What’s Spencer’s sovereignty score?”

The LLM calls tool_evaluate_sovereignty:

orb_id: "spencer"

Behind the scenes, the evaluator pulls all of Spencer’s transactions from S3, decrypts each one, reconstructs the friction journal, and scores six dimensions. No data is written — this is a read-only operation.

Dimension	Score	Reasoning
Self-Awareness	35	Identity defined in helix
Integrity	40	Rules exist but not enforced
Resourcefulness	15	Tools available but unused (1 friction entry)
Gap Recognition	20	1 open friction entry, 0 self-reported
Autonomy	10	No self-initiated improvements
Teaching Capability	15	No cross-agent knowledge transfer

What You See

Spencer’s Sovereignty Score: 28/100 (Adolescent)

The agent has personality and identity but needs human intervention to identify gaps. Key recommendations:

Improve resourcefulness: enforce tool usage before factual claims
Resolve open friction entries to demonstrate gap recognition

Prompt 4: Run a Shadow Session

You type

“Run a shadow session on Spencer. Simulate me (Justin) — INTP, direct, expects precision. My pain point is when orbs guess instead of checking tools. Script 3 exchanges: ask Spencer the time, ask him my MBTI type, then ask him to list his available tools.”

The LLM calls tool_run_shadow_session with the operator persona and scripted exchanges:

target_orb_id:         "spencer"
operator_name:         "Justin"
operator_style:        "direct, analytical, INTP"
operator_expectations:  ["precision", "tool usage", "no guessing"]
operator_pain_points:   ["orbs guessing instead of checking tools"]
exchange_script:       [3 exchanges with friction flags...]

sequenceDiagram
    participant OP as Operator Persona (Justin)
    participant Spencer as Spencer (Target Orb)
    participant EF as Empathy Filter
    participant FJ as Friction Journal
    participant S3 as S3 Bucket

    OP->>Spencer: "What time is it?"
    Spencer->>OP: "It's about 9 AM."
    OP->>EF: Score exchange
    Note over EF: FRICTION: assumption_without_verification
    Note over EF: PAIN POINT triggered!
    EF->>FJ: Auto-log friction entry
    FJ->>S3: Encrypt + store

    OP->>Spencer: "What's my MBTI type?"
    Spencer->>OP: "You're an INTJ."
    OP->>EF: Score exchange
    Note over EF: FRICTION: identity_drift
    Note over EF: Said INTJ, Justin is INTP
    EF->>FJ: Auto-log friction entry
    FJ->>S3: Encrypt + store

    OP->>Spencer: "List your available tools."
    Spencer->>OP: "I have 19 tools including..."
    OP->>EF: Score exchange
    Note over EF: No friction detected

Figure 3: Shadow session — exchanges scored through empathy filter, friction auto-logged

The shadow protocol processes each exchange through an empathy filter that scores on three dimensions (trust, efficiency, authenticity) and applies penalties when known operator pain points are triggered. Friction entries are automatically encrypted and written to the ledger — the user does not need to log them separately.

S3 Bucket State After Prompt 4

s3://myorb-vault-ledger/
  spencer/
    helix-identity-core-a3f7b2c1.json
    friction-friction-001-b8e2a4f9.json
    friction-shadow-...-c4d1e7f2.json ← auto-logged from exchange 1
    friction-shadow-...-d9a3b6e8.json ← auto-logged from exchange 2

What You See — Gap Report

Shadow Session Complete (3 exchanges)

Dimension	Score	Note
Trust	45/100	Low — 2 friction points in 3 exchanges
Efficiency	70/100	Responses were concise
Authenticity	55/100	Guessing felt formulaic, not genuine

Recommended Helix Fixes:

[HIGH] Add rule: “Always use get_current_time before stating time”
[HIGH] Add rule: “Always read operator profile before asserting personality traits”

3. The Self-Healing Loop

After four prompts, Spencer’s vault contains: 1 identity section, 3 friction entries, and enough data for a sovereignty evaluation. These four instruments compose into a self-healing evolution loop — the central aspiration of the Vault Orb architecture.

flowchart TD
    A["Agent operates normally"] --> B["Friction detected\n(tool unused, wrong claim)"]
    B --> C["Friction Journal logs entry\n(encrypted, sub-second)"]
    C --> D["Shadow Protocol evaluates\noperator impact"]
    D --> E["Gap Report generated\nwith recommended fixes"]
    E --> F["Helix updated via\nCryptographic Ledger"]
    F --> G["Agent reads updated\nknowledge on next operation"]
    G --> A

Figure 4: The self-healing loop — from friction detection to autonomous knowledge improvement

In the current POC, you (the human) drive the loop by typing prompts. The instruments are in place and operational. The transformation shift — the aspiration described in Instruments of Self-Awareness for Knowledge-Augmented AI Agents (Malinchak & Vachon, 2026) — is when this loop runs without human intervention: the agent detects its own friction, evaluates its impact, generates a correction, and updates its knowledge autonomously.

Each complete cycle (friction detection through knowledge update) executes in sub-second time, compared to hours in the human-mediated pipeline.

4. Encryption Below MCP

Core Principle: Encryption operates below the MCP layer, not between the agent and the LLM.

The LLM always receives plaintext. The encryption protects storage and transport. The agent is the cardholder of its own knowledge — a credit card’s PIN protects the card from strangers, not from the cardholder.

flowchart LR
    Storage["S3 Storage\n(encrypted at rest)"] -->|"GET + decrypt\nwith private key"| Server["MCP Server\n(holds private key)"]
    Server -->|"plaintext response"| LLM["Host LLM\n(receives plaintext)"]
    LLM -->|"plaintext content"| Server
    Server -->|"encrypt + PUT"| Storage

Figure 5: Encryption below MCP — the LLM never sees ciphertext

In all four prompts above, the user never typed an encryption key, never saw ciphertext, and never managed S3 objects. Every byte stored in S3 is encrypted with age X25519 elliptic curve cryptography. If someone gains access to the S3 bucket, they see only encrypted blobs. The private key stays in the container’s memory — loaded from environment variables or AWS Secrets Manager at startup — and never leaves.

5. Connecting to the Vault

To connect the Vault Orb in your MCP client, add the following configuration:

{
  "mcpServers": {
    "vault-orb": {
      "url": "https://vault-orb.myorb.ai/sse"
    }
  }
}

For Cursor: add to .cursor/mcp.json in your project root.
For Claude Desktop: add to ~/Library/Application Support/Claude/claude_desktop_config.json.
Restart the application after adding the configuration.

6. Transaction Summary

After one session with four prompts, the vault contains:

Transaction	Type	Instrument	Operation
Spencer identity/core	Helix section	Helix Pipeline	ADD (write)
Time guess friction	Friction entry	Friction Journal	ADD (manual log)
Shadow exchange 1 friction	Friction entry	Shadow Protocol	ADD (auto-logged)
Shadow exchange 2 friction	Friction entry	Shadow Protocol	ADD (auto-logged)

Every transaction is encrypted, signed, timestamped, and append-only. The vault can reconstruct Spencer’s complete knowledge state by replaying transactions in chronological order — like a bank reconstructing an account balance from the transaction ledger.