From 0487a3d8fdb2078e11a50915f6f1af125d4cccdd Mon Sep 17 00:00:00 2001 From: Svrnty Date: Sat, 30 May 2026 23:35:53 -0400 Subject: [PATCH] Refine Steev profile disclosure and Proton tools --- install.sh | 11 +++++++++ manifest.yaml | 44 ++++++++++++++++++++++++++++++------ skills/proton-tools/SKILL.md | 7 +++--- 3 files changed, 52 insertions(+), 10 deletions(-) diff --git a/install.sh b/install.sh index 242acec..831ebd9 100755 --- a/install.sh +++ b/install.sh @@ -358,6 +358,17 @@ else echo " WARN: F6 yq/global config missing — skipping MCP materialization" fi +echo "" +echo "== model policy → Codex primary + Qwen fallback ==" +POLICY_SCRIPT="$(cd "$REPO/.." && pwd)/scripts/apply-hermes-model-policy.py" +if [ "$DRY" = 1 ]; then + echo "DRY: python3 '$POLICY_SCRIPT' --config '$PROFILE_CFG'" +elif [ -f "$POLICY_SCRIPT" ]; then + python3 "$POLICY_SCRIPT" --config "$PROFILE_CFG" +else + echo " WARN: policy script not found: $POLICY_SCRIPT" +fi + # F7 — macOS-only externals OS-gate (Wave 8 Q10) # Reads expected_external_skills entries with os_constraint: darwin and emits # an INFO line on non-Darwin hosts. No install action (these are external diff --git a/manifest.yaml b/manifest.yaml index 2a25b1e..7bf1e8d 100644 --- a/manifest.yaml +++ b/manifest.yaml @@ -153,13 +153,43 @@ disclosure: role: engine justification: "CEO delegation transport — steev → ceo-planb (steev-agent SKILL.md L83)" - mcp_servers: [] # DENY-BY-DEFAULT. bte REMOVED (hard-rule fix). - # Wave 8 (2026-05-24): install.sh F6 wires the 3 proton MCPs - # (proton-calendar, proton-email, proton-contacts) into per-profile - # runtime config from manifest.optional_tools. mcp_perplexity is - # deferred — server not yet in `hermes mcp list`. - # Per-tool enumeration in disclosure.mcp_servers DEFERRED to - # Wave 8.5 (requires tool introspection per server). + mcp_servers: + - name: proton-calendar + description: "Proton Calendar facade" + tools: + - calendar_list + - calendar_events + - calendar_upcoming + - calendar_search + - calendar_event_get + - calendar_create + - calendar_update + - calendar_delete + - name: proton-email + description: "Proton Email facade" + tools: + - email_folders + - email_list + - email_read + - email_search + - email_send + - email_reply + - email_forward + - email_archive + - email_mark_read + - email_mark_unread + - name: proton-contacts + description: "Proton Contacts facade" + tools: + - contacts_list + - contacts_search + - contacts_get + - contacts_create + - contacts_update + - contacts_delete + # DENY-BY-DEFAULT: bte removed (hard-rule fix). + # mcp_perplexity intentionally omitted from disclosure until it is + # registered in the live Hermes MCP list and can be introspected. sovereign_apis: [] # 0 direct HTTP/gRPC calls (per audit §3) diff --git a/skills/proton-tools/SKILL.md b/skills/proton-tools/SKILL.md index 86865d6..1dd0086 100644 --- a/skills/proton-tools/SKILL.md +++ b/skills/proton-tools/SKILL.md @@ -1,6 +1,6 @@ --- name: proton-tools -description: "When Steev needs to access JP's Proton account — Calendar, Mail, or Contacts. Use this skill to discover which tool answers the user's question, and how to call it. Covers all 24 Proton MCP tools across the three cortex MCP servers (proton-calendar, proton-email, proton-contacts). Triggers: any request involving JP's calendar (events, meetings, availability), mail (inbox, send, reply, search, folders), or contacts (lookup, add, search). Drive is NOT in scope — defer Drive requests." +description: "When Steev needs to access JP's Proton account — Calendar, Mail, Contacts, or explicitly requested Proton Drive checks via rclone. Use this skill to discover which tool answers the user's question, and how to call it. Covers all 24 Proton MCP tools across the three cortex MCP servers (proton-calendar, proton-email, proton-contacts). Triggers: any request involving JP's calendar (events, meetings, availability), mail (inbox, send, reply, search, folders), contacts (lookup, add, search), or Drive via rclone." metadata: version: 1.0.0 hermes: @@ -13,9 +13,9 @@ Authoritative reference for the 24 tools exposed by three cortex MCP servers — ## Hard rules -- **Drive is out of scope.** If the user asks about Proton Drive files/folders, say so and defer — there is no `drive_*` tool. Roadmap: `rclone-module` MCP wrap. +- **Drive is out of scope for Proton MCP tools.** There is no `drive_*` MCP tool. If the user explicitly asks to check Drive via `rclone`, use the live Proton Drive rclone remote instead of claiming no access: this Steev/Hermes profile sets `HOME=/home/svrnty/.hermes/profiles/steev/home`, so plain `rclone` sees the profile config; the working Proton Drive config is `/home/svrnty/.config/rclone/rclone.conf` with remote `proton:`. Use read-only probes first (`rclone --config /home/svrnty/.config/rclone/rclone.conf about proton: --json`) and do not list file names unless JP asks. - **Destructive tools require explicit confirmation.** `email_send`, `email_reply`, `email_forward`, `calendar_delete`, `contacts_delete`. Never call these without quoting back the action + target + asking JP to confirm. -- **Date inputs are ISO 8601** (`2026-05-23T14:00:00-04:00`). Convert relative dates ("tomorrow", "next Tuesday") into ISO before tool call. +- **Calendar date filters:** the MCP schema may advertise RFC3339, but `calendar_events`/underlying gate expects date-only filters (`YYYY-MM-DD`) for reliable results. RFC3339 ranges can return empty even when events exist. Convert relative dates ("tomorrow", "next Tuesday") into `YYYY-MM-DD` for list/search filters; keep event create/update timestamps RFC3339. - **Pagination**: `email_list`, `calendar_events`, `contacts_list` are paginated. Default page size is small (~20). Fetch additional pages only when the user asks for more. ## When to use which tool @@ -82,6 +82,7 @@ Run in parallel. Merge results. Group by source. - **"WaitReady timeout"** → proton connector still booting. Retry once after 2-3s. If still failing, say so + suggest JP check `hermes mcp test proton`. - **403 / scope error** → proton session expired. Tool handler should re-auth automatically; if not, JP needs to re-run setup. - **Network / 5xx** → transient. Retry once. If persistent, report and stop. +- **`calendar_create` timeout** → do not retry blindly. First verify the target date range with `calendar_events` using `YYYY-MM-DD` filters to avoid duplicate events. If the event is still absent, one direct gate fallback may be attempted. If creates keep timing out while reads work, refresh `sdo-calendar-gate`: `docker restart sdo-calendar-gate`, wait for `connected to Proton` + `calendar-gate gRPC server listening`, then retry once. If restart fails with a bind-mount error because `/home/svrnty/workspaces/cortex/svrnty.sdo-agents/config/calendar-gate.toml` is a directory, replace it with a symlink to `../../L3-svrnty.agents-fleet/config/calendar-gate.toml`, then `docker start sdo-calendar-gate`. ## What NOT to do