docs: define personal Secondbrain proposal route

docs/STEEV-MASTER.md

@@ -16,6 +16,7 @@ Active authority:
 - `docs/contracts/personal-agent-profile-surface-contract.json`
 - `docs/contracts/personal-agent-bluebubbles-binding.json`
 - `docs/contracts/personal-agent-proton-rclone-package.json`
+- `docs/contracts/personal-agent-secondbrain-proposal-route.json`
 - `docs/prd/2026-06-14-personal-agent-context-runtime-prd.md`
 - `docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md`
 

docs/contracts/personal-agent-secondbrain-proposal-route.json

@@ -0,0 +1,217 @@
+{
+  "schema_version": "personal-agent-secondbrain-proposal-route/v1",
+  "status": "active-profile-memory-proposal-route",
+  "route_id": "personal-agent-secondbrain-proposal-route",
+  "profile_identity": "personal-agent",
+  "display_name": "Steev",
+  "observed_date": "2026-06-14",
+  "target_memory_domain": "secondbrain-personal",
+  "target_domain_term": "Personal Memory Domain",
+  "human_authority_principal": "jp",
+  "forbidden_memory_domains": [
+    "orgbrain"
+  ],
+  "durable_write_allowed": false,
+  "direct_write_allowed": false,
+  "profile_runtime_readiness_claimed": false,
+  "secondbrain_runtime_readiness_claimed": false,
+  "seed_readiness_claimed": false,
+  "authority_boundary": {
+    "profile_owns_source_surface_exposure": true,
+    "secondbrain_owns_personal_memory_domain": true,
+    "curator_owns_hygiene_review_queue": true,
+    "capability_packages_emit_proposals_only": true,
+    "apply_owner": "secondbrain",
+    "hygiene_owner": "curator",
+    "notes": "personal-agent capability packages may emit redacted proposal envelopes. Durable Memory Object writes wait for Secondbrain governed apply."
+  },
+  "source_routes": [
+    {
+      "source_surface": "imessage.read",
+      "capability_package": "bluebubbles",
+      "proposal_type": "secondbrain.memory.propose_create_from_imessage",
+      "target_lifecycle_state": "inbox",
+      "allowed_effects": [
+        "emit_redacted_proposal",
+        "emit_source_handle",
+        "emit_content_digest"
+      ],
+      "denied_effects": [
+        "durable_memory_write",
+        "orgbrain_write",
+        "message_send",
+        "message_delete",
+        "message_mark_read",
+        "attachment_download"
+      ]
+    },
+    {
+      "source_surface": "mail.read",
+      "capability_package": "proton-rclone",
+      "proposal_type": "secondbrain.memory.propose_create_from_mail",
+      "target_lifecycle_state": "inbox",
+      "allowed_effects": [
+        "emit_redacted_proposal",
+        "emit_source_handle",
+        "emit_content_digest"
+      ],
+      "denied_effects": [
+        "durable_memory_write",
+        "orgbrain_write",
+        "mail_send",
+        "mail_delete",
+        "mail_mark_read"
+      ]
+    },
+    {
+      "source_surface": "calendar.read",
+      "capability_package": "proton-rclone",
+      "proposal_type": "secondbrain.memory.propose_create_from_calendar",
+      "target_lifecycle_state": "inbox",
+      "allowed_effects": [
+        "emit_redacted_proposal",
+        "emit_source_handle",
+        "emit_content_digest"
+      ],
+      "denied_effects": [
+        "durable_memory_write",
+        "orgbrain_write",
+        "calendar_write",
+        "calendar_delete"
+      ]
+    },
+    {
+      "source_surface": "contacts.read",
+      "capability_package": "proton-rclone",
+      "proposal_type": "secondbrain.memory.propose_create_from_contacts",
+      "target_lifecycle_state": "inbox",
+      "allowed_effects": [
+        "emit_redacted_proposal",
+        "emit_source_handle",
+        "emit_content_digest"
+      ],
+      "denied_effects": [
+        "durable_memory_write",
+        "orgbrain_write",
+        "contact_mutation",
+        "contact_delete"
+      ]
+    },
+    {
+      "source_surface": "drive.read",
+      "capability_package": "proton-rclone",
+      "proposal_type": "secondbrain.memory.propose_create_from_drive_pointer",
+      "target_lifecycle_state": "inbox",
+      "allowed_effects": [
+        "emit_redacted_proposal",
+        "emit_source_handle",
+        "emit_content_digest"
+      ],
+      "denied_effects": [
+        "durable_memory_write",
+        "orgbrain_write",
+        "drive_file_content_download",
+        "drive_file_name_proof",
+        "drive_write",
+        "drive_delete"
+      ]
+    }
+  ],
+  "proposal_envelope_contract": {
+    "schema_version": "personal-agent.secondbrain.proposal-envelope.v1",
+    "required_fields": [
+      "schema_version",
+      "proposal_id",
+      "profile_identity",
+      "human_authority_principal",
+      "target_memory_domain",
+      "target_domain_term",
+      "source_capability_package",
+      "source_surface",
+      "proposal_type",
+      "target_lifecycle_state",
+      "source_handle_redacted",
+      "content_digest",
+      "redacted_summary",
+      "changed_fields",
+      "validator_plan",
+      "rollback_note",
+      "approval_state",
+      "proof_redaction"
+    ],
+    "target_memory_domain": "secondbrain-personal",
+    "target_domain_term": "Personal Memory Domain",
+    "approval_state": "pending",
+    "raw_payload_custody": "source-runtime-or-secondbrain-apply-route-only",
+    "raw_payload_in_core_or_profile_proof": false,
+    "durable_apply_authorized_by_envelope": false
+  },
+  "apply_policy": {
+    "apply_route": "Secondbrain governed memory write path",
+    "apply_allowed_now": false,
+    "requires_secondbrain_validator": "python3 tools/validate_secondbrain_child.py",
+    "requires_focused_secondbrain_gate": true,
+    "requires_human_or_governed_approval": true,
+    "requires_local_evidence_and_handoff": true,
+    "push_allowed": false
+  },
+  "rejection_cases": [
+    {
+      "case": "target_orgbrain",
+      "input_target": "orgbrain",
+      "result": "rejected",
+      "reason": "personal context cannot route to Organization Memory Domain"
+    },
+    {
+      "case": "direct_durable_write",
+      "requested_effect": "durable_memory_write",
+      "result": "rejected",
+      "reason": "capability packages emit proposal envelopes only"
+    },
+    {
+      "case": "raw_payload_in_core_or_profile_proof",
+      "requested_effect": "store_raw_payload_in_proof",
+      "result": "rejected",
+      "reason": "proof is redacted-only"
+    },
+    {
+      "case": "apply_without_approval",
+      "requested_effect": "secondbrain_apply",
+      "result": "blocked",
+      "reason": "Secondbrain governed apply requires approval and validators"
+    }
+  ],
+  "referenced_secondbrain_contracts": [
+    "../secondbrain/docs/integration/2026-06-09-secondbrain-personal-memory-domain-runtime-contract.md",
+    "../secondbrain/docs/integration/2026-06-09-secondbrain-governed-agent-retrieval-contract.md",
+    "../secondbrain/docs/integration/2026-06-09-secondbrain-governed-memory-write-path-contract.md",
+    "../secondbrain/docs/integration/2026-06-09-secondbrain-curator-hygiene-queue-contract.md",
+    "../secondbrain/docs/integration/2026-06-09-secondbrain-hermes-runtime-boundary.md"
+  ],
+  "proof_policy": {
+    "mode": "redacted-only",
+    "forbidden_fields": [
+      "raw_messages",
+      "message_text",
+      "mail_bodies",
+      "mail_subjects",
+      "sender_address",
+      "recipient_address",
+      "contact_details",
+      "calendar_event_details",
+      "drive_file_names",
+      "drive_file_contents",
+      "attachment_content",
+      "endpoint_payloads",
+      "credentials",
+      "secret_values"
+    ]
+  },
+  "remaining_gates": {
+    "secondbrain_durable_apply": "blocked-follow-up",
+    "curator_hygiene_apply_review": "blocked-follow-up",
+    "desktop_adapter_exposure": "blocked-follow-up",
+    "runtime_health_proof": "blocked-follow-up",
+    "seed_package_pickup": "blocked-follow-up"
+  }
+}

docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md

@@ -36,7 +36,8 @@ desktop exposure must be treated as one of:
 | Proton/rclone package candidate | active-authority | `docs/contracts/personal-agent-proton-rclone-package.json` standardizes Mail, Calendar, Contacts, and Drive without child/runtime readiness overclaim |
 | Proton Mail/Calendar/Contacts | blocked-follow-up | Package child registration, degraded gate repair, and runtime proof remain follow-up work |
 | Proton Drive/rclone | blocked-follow-up | rclone read probe is redacted-ok; governed wrapper and write gates remain follow-up work |
-| Personal memory route | blocked-follow-up | `PACR-005`, then owning Secondbrain/curator route |
+| Personal-agent Secondbrain proposal route | active-authority | `docs/contracts/personal-agent-secondbrain-proposal-route.json` defines proposal-only personal memory intake |
+| Personal memory durable apply | blocked-follow-up | Owning Secondbrain/curator route must approve and apply; profile/capability packages do not write durable memory |
 | Conductor/curator service routing | blocked-follow-up | `PACR-006`, after owning lanes release |
 | Desktop app exposure | blocked-follow-up | `PACR-008`, after adapter lane release |
 | Browser/Webwright host control | blocked-follow-up | `PACR-009`, explicit approval only |
@@ -64,7 +65,7 @@ desktop exposure must be treated as one of:
 | Docker Proton Bridge and calendar gate state | active-evidence-source | Current runtime fact is captured redacted in the package candidate, not a readiness claim by itself. |
 | Broken user `proton-bridge.service` state | active-gap | Must be resolved or explicitly abandoned when one canonical runtime path is chosen. |
 | Inactive rclone RC/proxy units | active-gap | Must stay disabled or become gated through a governed wrapper before runtime readiness. |
-| Secondbrain direct-write ideas | superseded | Personal context must begin as proposal/apply, not direct durable writes. |
+| Secondbrain direct-write ideas | superseded | Personal context begins as redacted proposal envelopes; durable apply belongs to Secondbrain governed memory write path. |
 | Desktop integration ideas before adapter lane release | blocked-follow-up | Valid direction, but not an active mutation route. |
 | Browser/Webwright full-control ideas inside messaging work | superseded | Host control needs its own approval packet because it is broader authority. |
 
@@ -74,6 +75,7 @@ desktop exposure must be treated as one of:
 - Graph context should treat Steev as display name / distribution alias only.
 - Graph context should expose BlueBubbles as the active iMessage capability package.
 - Graph context should expose the Proton/rclone package candidate as the active standardization pickup, not a runtime-ready child package.
+- Graph context should expose the personal-agent Secondbrain proposal route as active while keeping durable apply blocked to Secondbrain/curator.
 - Graph context should not treat legacy Cortex Proton/rclone repositories as active authority.
 - Graph context should not treat duplicate Proton skills as separate current product surfaces.
 - Graph context should mark browser/Webwright host control as separate HITL runtime authority.