From 5d77eaffc9dbd37fda4e431b8de16e21e054cce1 Mon Sep 17 00:00:00 2001 From: Svrnty Date: Sun, 14 Jun 2026 10:49:01 -0400 Subject: [PATCH] docs: link proton rclone child candidate to personal-agent --- README.md | 2 +- WORKBOARD.yaml | 5 +++ ...ent-conductor-curator-service-handoff.json | 8 ++--- .../personal-agent-proton-rclone-package.json | 22 +++++++++--- ...onal-agent-runtime-readiness-snapshot.json | 35 ++++++++++++------- ...t-context-runtime-supersession-register.md | 15 ++++---- tools/validate_steev_child.py | 29 +++++++++++++-- 7 files changed, 83 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index 777130e..883a0c5 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ JP's personal assistant / chief of staff. Daily briefing, inbox triage, comms in - **Identity:** [`AGENT.md`](AGENT.md) — role, mission, boundaries. - **Profile surface contract:** [`docs/contracts/personal-agent-profile-surface-contract.json`](docs/contracts/personal-agent-profile-surface-contract.json) — canonical surfaces, effects, memory route, and proof policy. - **BlueBubbles binding:** [`docs/contracts/personal-agent-bluebubbles-binding.json`](docs/contracts/personal-agent-bluebubbles-binding.json) — `imessage.read` binds to the existing BlueBubbles package without a duplicate connector. -- **Proton/rclone package candidate:** [`docs/contracts/personal-agent-proton-rclone-package.json`](docs/contracts/personal-agent-proton-rclone-package.json) — Mail, Calendar, Contacts, and Drive surfaces with redacted runtime inventory and no readiness overclaim. +- **Proton/rclone package candidate:** [`docs/contracts/personal-agent-proton-rclone-package.json`](docs/contracts/personal-agent-proton-rclone-package.json) — Mail, Calendar, Contacts, and Drive surfaces now linked to the child-local `proton-rclone` candidate, with Core registration and readiness still blocked. - **Proton/rclone runtime reconciliation:** [`docs/evidence/2026-06-14-personal-agent-proton-rclone-runtime-reconciliation.md`](docs/evidence/2026-06-14-personal-agent-proton-rclone-runtime-reconciliation.md) — live redacted probe aligning systemd, Docker, MCP, and rclone posture. - **Secondbrain proposal/apply route:** [`docs/contracts/personal-agent-secondbrain-proposal-route.json`](docs/contracts/personal-agent-secondbrain-proposal-route.json) — proposal-only personal memory intake plus governed apply-route reference; live durable apply remains approval-gated in Secondbrain. - **Conductor/Curator service handoff:** [`docs/contracts/personal-agent-conductor-curator-service-handoff.json`](docs/contracts/personal-agent-conductor-curator-service-handoff.json) — redacted service map for future route selection and hygiene review pickup. diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml index 45f95e5..c0fe07c 100644 --- a/WORKBOARD.yaml +++ b/WORKBOARD.yaml @@ -59,3 +59,8 @@ items: status: complete source: docs/contracts/personal-agent-secondbrain-proposal-route.json owner: jp + - id: PACR-011 + title: Proton/rclone Child Candidate Reconciliation + status: complete + source: docs/contracts/personal-agent-proton-rclone-package.json + owner: jp diff --git a/docs/contracts/personal-agent-conductor-curator-service-handoff.json b/docs/contracts/personal-agent-conductor-curator-service-handoff.json index 51f6b4d..5f8527d 100644 --- a/docs/contracts/personal-agent-conductor-curator-service-handoff.json +++ b/docs/contracts/personal-agent-conductor-curator-service-handoff.json @@ -52,10 +52,10 @@ { "service_id": "personal-agent.proton-rclone.package-candidate", "capability_package": "proton-rclone", - "owner_route": "steev", + "owner_route": "proton-rclone", "surface": "mail.calendar.contacts.drive", - "health_shape": "redacted-per-surface-runtime-inventory", - "readiness_state": "degraded-package-candidate", + "health_shape": "child-local-redacted-runtime-health", + "readiness_state": "degraded-child-candidate-core-registration-pending", "allowed_effects": [ "emit_mail_health", "emit_calendar_health", @@ -202,7 +202,7 @@ "curator_personal_memory_hygiene_lane_pickup": "blocked-follow-up", "secondbrain_governed_apply_route": "defined-no-live-apply", "secondbrain_durable_apply": "blocked-follow-up", - "runtime_health_proof": "blocked-follow-up", + "runtime_health_proof": "complete-child-local", "desktop_adapter_exposure": "blocked-follow-up", "seed_package_pickup": "blocked-follow-up" } diff --git a/docs/contracts/personal-agent-proton-rclone-package.json b/docs/contracts/personal-agent-proton-rclone-package.json index b8788ea..9cd8157 100644 --- a/docs/contracts/personal-agent-proton-rclone-package.json +++ b/docs/contracts/personal-agent-proton-rclone-package.json @@ -6,16 +6,27 @@ "display_name": "Steev", "observed_date": "2026-06-14", "child_workspace_registered": false, + "child_workspace_candidate_created": true, "package_runtime_readiness_claimed": false, "profile_runtime_readiness_claimed": false, "seed_readiness_claimed": false, "core_promotion_claimed": false, + "child_workspace_candidate": { + "path": "../proton-rclone", + "commit": "c49f85691232c317d694725445ec3acbf127c72b", + "validator_command": "python3 tools/validate_proton_rclone_child.py", + "validator_result_observed": "ok", + "core_registration_claimed": false, + "runtime_readiness_claimed": false, + "core_registration_candidate_packet": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-core-registration-candidate-packet.json", + "live_redacted_health_proof": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-live-redacted-health.json" + }, "authority_boundary": { "profile_owns_surface_exposure": true, "package_candidate_owns_runtime_inventory": true, "legacy_repositories_are_reference_only": true, "duplicate_profile_local_connectors_allowed": false, - "notes": "This contract standardizes the Proton/rclone package shape for personal-agent. It does not register a new child workspace or claim full runtime readiness." + "notes": "This contract standardizes the Proton/rclone package shape for personal-agent. A child-local candidate now exists, but Core child-workspace registration and runtime readiness remain unclaimed." }, "memory_policy": { "target": "secondbrain-personal", @@ -197,10 +208,10 @@ "overall_state": "degraded", "chosen_runtime_path": "MCP facades for Mail, Calendar, Contacts; explicit rclone config for Drive", "pending_runtime_convergence": [ - "Repair or replace exited email and contacts gate containers.", + "Repair or replace not-up email and contacts gate containers.", "Resolve auto-restarting user proton-bridge and proton-bridge-proxy units or explicitly abandon them.", "Keep rclone RC/proxy units disabled unless a governed wrapper admits them.", - "Create registered proton-rclone child workspace before package runtime readiness is claimed." + "Promote/register proton-rclone through Core before package runtime readiness is claimed." ], "mcp_servers": [ { @@ -227,11 +238,11 @@ }, { "name": "sdo-email-gate", - "observed_state": "exited-127" + "observed_state": "not-up" }, { "name": "sdo-contacts-gate", - "observed_state": "exited-127" + "observed_state": "not-up" }, { "name": "stale-sdo-protonmail-bridge-container", @@ -345,6 +356,7 @@ "rclone --config /home/svrnty/.config/rclone/rclone.conf about proton: --json" ], "remaining_gates": { + "child_workspace_candidate": "complete-child-local", "registered_child_workspace": "blocked-follow-up", "email_gate_repair": "blocked-follow-up", "contacts_gate_repair": "blocked-follow-up", diff --git a/docs/contracts/personal-agent-runtime-readiness-snapshot.json b/docs/contracts/personal-agent-runtime-readiness-snapshot.json index 90a4294..75b5cd5 100644 --- a/docs/contracts/personal-agent-runtime-readiness-snapshot.json +++ b/docs/contracts/personal-agent-runtime-readiness-snapshot.json @@ -34,56 +34,64 @@ "surface": "mail.read", "capability_package": "proton-rclone", "readiness_state": "degraded", - "health_source": "MCP registration plus local service inventory", + "health_source": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-live-redacted-health.json", "redacted_health": { "mcp_server_enabled": true, "proton_bridge_systemd_running": false, "proton_bridge_systemd_state": "activating-auto-restart", - "docker_email_gate": "exited-127", + "docker_email_gate": "not-up", + "child_workspace_candidate_validator_ok": true, + "core_child_workspace_registered": false, "raw_mail_observed": false }, - "remaining_gap": "Email gate repair or replacement and package child registration remain required." + "remaining_gap": "Email gate repair or replacement and Core child registration remain required." }, { "surface": "calendar.read", "capability_package": "proton-rclone", "readiness_state": "degraded", - "health_source": "MCP registration plus local service inventory", + "health_source": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-live-redacted-health.json", "redacted_health": { "mcp_server_enabled": true, "calendar_gate_running": true, "proton_bridge_systemd_running": false, "proton_bridge_systemd_state": "activating-auto-restart", + "child_workspace_candidate_validator_ok": true, + "core_child_workspace_registered": false, "raw_calendar_events_observed": false }, - "remaining_gap": "Calendar read has service posture but no governed package child runtime proof." + "remaining_gap": "Calendar read has service posture and child proof, but Core registration and final readiness remain blocked." }, { "surface": "contacts.read", "capability_package": "proton-rclone", "readiness_state": "degraded", - "health_source": "MCP registration plus local service inventory", + "health_source": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-live-redacted-health.json", "redacted_health": { "mcp_server_enabled": true, - "docker_contacts_gate": "exited-127", + "docker_contacts_gate": "not-up", + "child_workspace_candidate_validator_ok": true, + "core_child_workspace_registered": false, "raw_contacts_observed": false }, - "remaining_gap": "Contacts gate repair or replacement and package child registration remain required." + "remaining_gap": "Contacts gate repair or replacement and Core child registration remain required." }, { "surface": "drive.read", "capability_package": "proton-rclone", "readiness_state": "degraded", - "health_source": "rclone explicit-config about probe", + "health_source": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-live-redacted-health.json", "redacted_health": { "rclone_remote_present": true, "rclone_about_probe": "ok-redacted", "rclone_rc_unit": "disabled", "rclone_proxy_unit": "disabled", + "child_workspace_candidate_validator_ok": true, + "core_child_workspace_registered": false, "drive_file_names_observed": false, "drive_file_contents_observed": false }, - "remaining_gap": "Drive read needs governed wrapper and package child before runtime readiness." + "remaining_gap": "Drive read has redacted child proof; governed wrapper and Core registration remain required before runtime readiness." } ], "supervisor_posture": { @@ -97,13 +105,13 @@ { "id": "proton-email-gate-exited", "severity": "must-fix", - "state": "sdo-email-gate exited-127", + "state": "email gate not-up", "impact": "mail.read remains degraded" }, { "id": "proton-contacts-gate-exited", "severity": "must-fix", - "state": "sdo-contacts-gate exited-127", + "state": "contacts gate not-up", "impact": "contacts.read remains degraded" }, { @@ -121,7 +129,7 @@ { "id": "proton-rclone-child-unregistered", "severity": "must-fix", - "state": "package candidate exists but no registered child workspace", + "state": "child-local candidate exists and validates; Core registry is not landed", "impact": "Proton/rclone package cannot claim runtime readiness" }, { @@ -172,6 +180,7 @@ "proton_email_gate_repair": "blocked-follow-up", "proton_contacts_gate_repair": "blocked-follow-up", "proton_bridge_systemd_convergence": "blocked-follow-up", + "proton_rclone_child_candidate": "complete-child-local", "proton_rclone_child_registration": "blocked-follow-up", "secondbrain_governed_apply_route": "defined-no-live-apply", "secondbrain_durable_apply": "blocked-follow-up", diff --git a/docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md b/docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md index 37c7e4a..b4f16bf 100644 --- a/docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md +++ b/docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md @@ -33,9 +33,9 @@ desktop exposure must be treated as one of: | Steev display name | active-alias | User-facing name for `personal-agent`, not separate authority | | Personal-agent BlueBubbles binding | active-authority | `docs/contracts/personal-agent-bluebubbles-binding.json` binds `imessage.read` to the package | | BlueBubbles iMessage | active-capability-package | BlueBubbles child completion-readiness package | -| Proton/rclone package candidate | active-authority | `docs/contracts/personal-agent-proton-rclone-package.json` standardizes Mail, Calendar, Contacts, and Drive without child/runtime readiness overclaim | -| Proton Mail/Calendar/Contacts | blocked-follow-up | Package child registration, degraded gate repair, and runtime proof remain follow-up work | -| Proton Drive/rclone | blocked-follow-up | rclone read probe is redacted-ok; governed wrapper and write gates remain follow-up work | +| Proton/rclone package candidate | active-authority | `docs/contracts/personal-agent-proton-rclone-package.json` links to the child-local `../proton-rclone` candidate without Core registration or runtime readiness overclaim | +| Proton Mail/Calendar/Contacts | blocked-follow-up | Child candidate exists; Core registration, degraded gate repair, and final readiness remain follow-up work | +| Proton Drive/rclone | blocked-follow-up | Child candidate has redacted rclone `about` proof; governed wrapper and write gates remain follow-up work | | Personal-agent Secondbrain proposal/apply route | active-authority | `docs/contracts/personal-agent-secondbrain-proposal-route.json` defines proposal-only personal memory intake and references the governed Secondbrain apply route | | Personal memory live durable apply | blocked-follow-up | Secondbrain apply route is defined, but live apply still requires approval; profile/capability packages do not write durable memory | | Personal-agent Conductor/Curator service handoff | active-authority | `docs/contracts/personal-agent-conductor-curator-service-handoff.json` gives route and hygiene lanes a redacted service map | @@ -64,8 +64,9 @@ desktop exposure must be treated as one of: | Hermes installed `proton-access` skill | superseded-pending-consolidation | It overlaps with Steev `proton-tools` and should not be a separate authority. | | Hermes installed `proton-mail-operations` skill | superseded-pending-consolidation | It overlaps with Steev `proton-tools` and should fold into the canonical Proton package. | | Hermes installed `proton-services` skill | superseded-pending-consolidation | It overlaps with Steev `proton-tools` and should fold into the canonical Proton package. | -| Direct rclone CLI proofs | active-evidence-source | Read-only `about` proof is captured redacted in the package candidate, but runtime authority still needs a governed wrapper. | -| Docker Proton Bridge and calendar gate state | active-evidence-source | Current runtime fact is captured redacted in the package candidate, not a readiness claim by itself. | +| Proton/rclone child candidate | active-capability-package | Child-local repo exists at `../proton-rclone`, validates locally, and still needs Core registry pickup. | +| Direct rclone CLI proofs | active-evidence-source | Read-only `about` proof is captured redacted in the child candidate, but runtime authority still needs a governed wrapper. | +| Docker Proton Bridge and calendar gate state | active-evidence-source | Current runtime fact is captured redacted in the child candidate, not a readiness claim by itself. | | Broken user `proton-bridge.service` state | active-gap | Must be resolved or explicitly abandoned when one canonical runtime path is chosen. | | Inactive rclone RC/proxy units | active-gap | Must stay disabled or become gated through a governed wrapper before runtime readiness. | | Secondbrain direct-write ideas | superseded | Personal context begins as redacted proposal envelopes; durable apply belongs to Secondbrain governed memory write path. | @@ -77,7 +78,7 @@ desktop exposure must be treated as one of: - Graph context should expose this PRD as the `personal-agent` profile-level pickup. - Graph context should treat Steev as display name / distribution alias only. - Graph context should expose BlueBubbles as the active iMessage capability package. -- Graph context should expose the Proton/rclone package candidate as the active standardization pickup, not a runtime-ready child package. +- Graph context should expose the Proton/rclone child candidate as the active standardization pickup, not a Core-registered or runtime-ready package. - Graph context should expose the personal-agent Secondbrain proposal/apply route as active while keeping live durable apply blocked to approval and Secondbrain/curator. - Graph context should expose the personal-agent Conductor/Curator service handoff as active, while adoption remains blocked to owning lanes. - Graph context should expose the personal-agent runtime snapshot as degraded until the named runtime gaps close. @@ -91,7 +92,7 @@ desktop exposure must be treated as one of: ## Archive And Supersede Actions - Add visible supersession notes to the personal-agent contract and disclosure when `PACR-001` is implemented. -- Add package-level supersession notes to Proton/rclone artifacts when `PACR-004` creates the child package. +- Add Core registration pickup after the child-local Proton/rclone candidate is route-approved. - Keep BlueBubbles artifacts active but subordinate to the `personal-agent` profile contract. - Archive or mark duplicate Proton skills after the canonical package is installed. - Record final graph cleanup in `PACR-010`; do not claim complete before this register matches the graph pickup state. diff --git a/tools/validate_steev_child.py b/tools/validate_steev_child.py index 1d8dd9e..9af4b4b 100755 --- a/tools/validate_steev_child.py +++ b/tools/validate_steev_child.py @@ -200,6 +200,7 @@ def main() -> int: "PACR-007", "PACR-008", "PACR-010", + "PACR-011", "status: candidate", "owner: jp", ]: @@ -358,6 +359,23 @@ def main() -> int: ]: if proton.get(key) is not False: errors.append(f"proton_rclone_overclaim:{key}") + if proton.get("child_workspace_candidate_created") is not True: + errors.append("proton_rclone_child_candidate_not_created") + candidate = proton.get("child_workspace_candidate", {}) + expected_candidate = { + "path": "../proton-rclone", + "commit": "c49f85691232c317d694725445ec3acbf127c72b", + "validator_command": "python3 tools/validate_proton_rclone_child.py", + "validator_result_observed": "ok", + "core_registration_candidate_packet": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-core-registration-candidate-packet.json", + "live_redacted_health_proof": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-live-redacted-health.json", + } + for key, expected in expected_candidate.items(): + if candidate.get(key) != expected: + errors.append(f"proton_rclone_child_candidate_mismatch:{key}") + for key in ["core_registration_claimed", "runtime_readiness_claimed"]: + if candidate.get(key) is not False: + errors.append(f"proton_rclone_child_candidate_overclaim:{key}") boundary = proton.get("authority_boundary", {}) if boundary.get("profile_owns_surface_exposure") is not True: errors.append("proton_rclone_profile_surface_boundary_missing") @@ -431,9 +449,9 @@ def main() -> int: for name in ["sdo-calendar-gate", "sdo-email-gate", "sdo-contacts-gate"]: if name not in docker: errors.append(f"proton_rclone_docker_route_missing:{name}") - if docker.get("sdo-email-gate") != "exited-127": + if docker.get("sdo-email-gate") != "not-up": errors.append("proton_rclone_email_gate_state_not_captured") - if docker.get("sdo-contacts-gate") != "exited-127": + if docker.get("sdo-contacts-gate") != "not-up": errors.append("proton_rclone_contacts_gate_state_not_captured") units = {item.get("name"): item for item in inventory.get("systemd_user_units", [])} if units.get("proton-bridge.service", {}).get("observed_state") != "activating-auto-restart": @@ -488,6 +506,8 @@ def main() -> int: if command not in commands: errors.append(f"proton_rclone_observed_command_missing:{command}") remaining_gates = proton.get("remaining_gates", {}) + if remaining_gates.get("child_workspace_candidate") != "complete-child-local": + errors.append("proton_rclone_child_candidate_gate_missing") for gate in [ "registered_child_workspace", "email_gate_repair", @@ -826,12 +846,13 @@ def main() -> int: "conductor_lane_pickup", "curator_personal_memory_hygiene_lane_pickup", "secondbrain_durable_apply", - "runtime_health_proof", "desktop_adapter_exposure", "seed_package_pickup", ]: if remaining_gates.get(gate) != "blocked-follow-up": errors.append(f"service_handoff_remaining_gate_missing:{gate}") + if remaining_gates.get("runtime_health_proof") != "complete-child-local": + errors.append("service_handoff_runtime_health_proof_not_child_complete") runtime = load_json("docs/contracts/personal-agent-runtime-readiness-snapshot.json", errors) if runtime: @@ -939,6 +960,8 @@ def main() -> int: remaining_gates = runtime.get("remaining_gates", {}) if remaining_gates.get("secondbrain_governed_apply_route") != "defined-no-live-apply": errors.append("runtime_snapshot_governed_apply_route_not_defined") + if remaining_gates.get("proton_rclone_child_candidate") != "complete-child-local": + errors.append("runtime_snapshot_child_candidate_gate_missing") for gate in [ "proton_email_gate_repair", "proton_contacts_gate_repair",