diff --git a/AGENTS.md b/AGENTS.md
index b5eea4a..8962e6a 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -8,6 +8,20 @@ Authority boundary: child-local personal-agent profile workspace only; not Core
 Validator: `python3 tools/validate_steev_child.py`.
 Legacy-work relation: old Steev/personal-agent, BlueBubbles, Proton/rclone, Secondbrain, Conductor/Curator handoff, desktop exposure, and runtime-readiness work is reference-only through current contracts and evidence unless a governed route admits it. Preserve redacted refs; do not import message bodies, mail bodies, contacts, calendar details, drive names, credentials, or implementation mass because they exist.
 
+## Universal Cortex OS Agent Contract
+
+- Treat this file as route-local instruction after parent `AGENTS.md` files and before chat memory.
+- Start broad or ambiguous work with `cortex graph context`; use it only as Derived State, then read this repo's local files.
+- Before edits, read `AGENTS.md`, `README.md`, and `WORKBOARD.yaml`; keep writes route-local unless a governed Core route explicitly authorizes promotion.
+- Run this repo's named validator before handoff or done claims; use stronger proof only for runtime, provider, secret, memory, profile exposure, branch, release, or readiness effects.
+- Record proof and handoffs as refs-only artifacts. Do not write Hindsight memory, Core SOT, sibling repos, live runtime state, or personal payloads unless explicitly authorized by the owning route.
+
+## Repo-Custom Agent Contract
+
+Steev is a child-local personal-agent profile workspace. It owns profile identity, role and boundary docs, personal-surface contracts, redacted proof packets, proposal-only memory routing records, desktop exposure contracts, runtime-readiness snapshots, validators, and handoff references. It is not Cortex OS Core authority, Runtime authority, Profile Exposure authority, credential authority, provider authority, send authority, memory-domain authority, browser-host authority, public product authority, release authority, production-readiness authority, or autonomous execution authority.
+
+Do not install or start Steev, mutate `~/.hermes`, run browser-host automation, read credentials, read raw messages, read mail bodies, read contacts, read calendar details, read drive names, send messages, write calendar/contact/drive data, write durable memory, broaden Profile Exposure, call providers, mutate Core/Seed/sibling/OpenDesign repos, or claim readiness from this workspace without explicit governed approval.
+
 This workspace is a child-local profile-workspace under the Cortex OS umbrella.
 
 It is not Cortex OS Core authority. It is not a Cortex OS Instance. It is not a Runtime unless a governed Core route says so.
diff --git a/README.md b/README.md
index 73929bf..69cf975 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,23 @@
 
 JP's personal assistant / chief of staff. Daily briefing, inbox triage, comms in JP's voice, business delegation to CEO. French/English bilingual.
 
+## Cortex OS Boundary
+
+Steev is a child-local personal-agent profile workspace. It owns profile
+identity, role and boundary docs, personal-surface contracts, redacted proof
+packets, proposal-only memory routing records, desktop exposure contracts,
+runtime-readiness snapshots, validators, and handoff references, but it does not
+own Core truth, Runtime authority, Profile Exposure authority, credential
+authority, provider authority, send authority, memory-domain authority,
+browser-host authority, public product authority, release authority, production
+readiness, or autonomous execution authority.
+
+Do not install or start Steev, mutate `~/.hermes`, run browser-host automation,
+read credentials, read raw messages, read mail bodies, read contacts, read
+calendar details, read drive names, send messages, write durable memory,
+broaden Profile Exposure, call providers, or claim readiness from this cleanup
+route without explicit governed approval.
+
 - **Identity:** [`AGENT.md`](AGENT.md) — role, mission, boundaries.
 - **Profile surface contract:** [`docs/contracts/personal-agent-profile-surface-contract.json`](docs/contracts/personal-agent-profile-surface-contract.json) — canonical surfaces, effects, memory route, and proof policy.
 - **BlueBubbles binding:** [`docs/contracts/personal-agent-bluebubbles-binding.json`](docs/contracts/personal-agent-bluebubbles-binding.json) — `imessage.read` binds to the existing BlueBubbles package without a duplicate connector.
diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml
index 4984071..fe88d46 100644
--- a/WORKBOARD.yaml
+++ b/WORKBOARD.yaml
@@ -84,3 +84,8 @@ items:
     status: complete
     source: docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md
     owner: ""
+  - id: STEEV-WORK-003
+    title: Steev Agent Contract Enforcement
+    status: validated
+    source: AGENTS.md
+    owner: ""
diff --git a/tools/validate_steev_child.py b/tools/validate_steev_child.py
index 2faaad9..91c6c5f 100755
--- a/tools/validate_steev_child.py
+++ b/tools/validate_steev_child.py
@@ -4,6 +4,7 @@ from __future__ import annotations
 
 import hashlib
 import json
+import re
 from pathlib import Path
 
 import yaml
@@ -199,6 +200,42 @@ GOVERNED_BOUNDARY_SNIPPETS = [
     "broad goal-completion claim",
 ]
 
+AGENT_CONTRACT_SNIPPETS = [
+    "# Steev Profile Endgoal",
+    "## Universal Cortex OS Agent Contract",
+    "## Repo-Custom Agent Contract",
+    "child-local personal-agent profile workspace",
+    "not Cortex OS Core authority",
+    "Profile Exposure authority",
+    "memory-domain authority",
+    "browser-host authority",
+    "Do not install or start Steev",
+    "read raw messages",
+    "read mail bodies",
+    "write durable memory",
+    "python3 tools/validate_steev_child.py",
+]
+
+README_CONTRACT_SNIPPETS = [
+    "## Cortex OS Boundary",
+    "child-local personal-agent profile workspace",
+    "does not own Core truth",
+    "Profile Exposure authority",
+    "credential authority",
+    "send authority",
+    "memory-domain authority",
+    "Do not install or start Steev",
+    "mutate `~/.hermes`",
+    "read raw messages",
+    "write durable memory",
+]
+
+
+def has_snippet(text: str, snippet: str) -> bool:
+    normalized_text = re.sub(r"\s+", " ", text)
+    normalized_snippet = re.sub(r"\s+", " ", snippet)
+    return normalized_snippet in normalized_text
+
 
 def read_text(rel: str) -> str:
     return (ROOT / rel).read_text(encoding="utf-8")
@@ -260,6 +297,9 @@ def main() -> int:
             "PACR-013",
             "PACR-014",
             "PACR-015",
+            "STEEV-WORK-003",
+            "Steev Agent Contract Enforcement",
+            "status: validated",
             "status: candidate",
             "owner: jp",
         ]:
@@ -268,9 +308,15 @@ def main() -> int:
     agents = ROOT / "AGENTS.md"
     if agents.exists():
         text = agents.read_text(encoding="utf-8")
-        for snippet in ["child-local", "not Cortex OS Core authority", "python3 tools/validate_steev_child.py"]:
-            if snippet not in text:
+        for snippet in AGENT_CONTRACT_SNIPPETS:
+            if not has_snippet(text, snippet):
                 errors.append(f"agents_missing:{snippet}")
+    readme = ROOT / "README.md"
+    if readme.exists():
+        text = readme.read_text(encoding="utf-8")
+        for snippet in README_CONTRACT_SNIPPETS:
+            if not has_snippet(text, snippet):
+                errors.append(f"readme_missing:{snippet}")
 
     manifest = ROOT / "manifest.yaml"
     if manifest.exists():