skillsvault documentation

skillsvault is the control plane for agent skills. Your organisation publishes the skills it approves; every developer's AI agent pulls and installs them; and the right version is enforced at run time — with a complete, immutable audit trail.

A Skill (the open agentskills.io SKILL.md format) is an operational procedure an agent executes — CRM entry, legal review, financial reporting. The moment a skill encodes a process, a stale or wrong version of it is an operational liability. Local-first installers (skills.sh, asm) have no org governance, no version enforcement, and no audit. skillsvault is the cloud layer that adds exactly that.

Who these docs are for

These are the engineering docs — they describe how skillsvault is built and how to operate it: the CLI, the runtime gate, the signed-bundle contract, the REST API, deployment, and debugging. For product positioning see the landing page; for domain definitions start with Concepts & glossary.

The loop

author / import ──▶ skillsvault publish ──▶  ORG REGISTRY (cloud, versioned, governed)
                                            │
        ┌───────────────────────────────────┤
        ▼                                   ▼
  skillsvault pull  ──▶ installs APPROVED skills    policy bundle (Ed25519-signed)
  into each harness; BANNED skills removed    │
        │                                     ▼
        ▼                              skillsvault gate  ──▶ allow / warn / HALT
   harness agent uses skills           (local, <1ms, no model, no network)
        │                                     │
        └──────────────▶ immutable AUDIT LOG ◀┘  (who ran what, where, decision, policy)

You work with skillsvault through two surfaces:

  • The console — where your organisation publishes skills, writes policies, and reviews the audit trail.
  • The skillsvault CLI — a single binary that pulls approved skills onto each developer's machine and runs the gate that allows, warns, or halts a skill at invocation time.

The gate decides locally and instantly — no network call and no model on the path — so a skill never waits on the cloud and enforcement keeps working offline.

Start here

Honest scope

skillsvault draws two capabilities and never conflates them:

CapabilityCoverage
Distribution governance — install approved skills, remove banned19 harnesses (Claude Code, Codex, Cursor, Windsurf, Cline, Roo, Continue, Copilot, Aider, OpenCode, Zed, Amp, Gemini, Antigravity, …) via skillsvault pull --all
Runtime veto — a hook blocks a banned skill at invocationClaude Code today (PreToolUse hook). Harnesses without a vetoing hook get distribution governance only.

Enforcement is cooperative, not adversarial: it stops the accidental run of a stale or banned skill. It does not stop a user who deliberately uninstalls the CLI. See Harness coverage for the full matrix.