diff --git a/README.md b/README.md index 443ca90..73929bf 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ JP's personal assistant / chief of staff. Daily briefing, inbox triage, comms in - **Runtime readiness snapshot:** [`docs/contracts/personal-agent-runtime-readiness-snapshot.json`](docs/contracts/personal-agent-runtime-readiness-snapshot.json) — redacted per-surface runtime state and gaps; Seed-local acceptance is proven, while broader readiness remains degraded. - **Desktop exposure contract:** [`docs/contracts/personal-agent-desktop-exposure-contract.json`](docs/contracts/personal-agent-desktop-exposure-contract.json) — adapter-facing state rows for Desktop/Dashboard display; no UI wiring from this route. - **Current Core/Seed pickup:** [`docs/evidence/2026-06-15-personal-agent-core-seed-readiness-reconciliation.md`](docs/evidence/2026-06-15-personal-agent-core-seed-readiness-reconciliation.md) — source-locks current Core S641/S642/S643, Seed final acceptance, and remaining broader gaps. +- **Current governed boundary:** [`docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md`](docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md) — pins Core S654 branch-authority approval status, stale S653 approval risk, and Proton Suite health-panel as future Keyvault successor context only. - **Historical Steev reference redirect:** [`docs/STEEV-MASTER.md`](docs/STEEV-MASTER.md). ## Structure diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml index cffea19..ccc201a 100644 --- a/WORKBOARD.yaml +++ b/WORKBOARD.yaml @@ -79,3 +79,8 @@ items: status: complete source: docs/evidence/2026-06-15-personal-agent-core-seed-readiness-reconciliation.md owner: jp + - id: PACR-015 + title: Current Governed Boundary Reconciliation + status: complete + source: docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md + owner: jp diff --git a/docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md b/docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md new file mode 100644 index 0000000..0dcc8f7 --- /dev/null +++ b/docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md @@ -0,0 +1,42 @@ +# Personal-Agent Current Governed Boundary + +Date: 2026-06-15 +Profile identity: `personal-agent` +Display name: `Steev` +Work item: `PACR-015` +Status: complete profile-local boundary reconciliation + +## Objective + +Record the current Steev boundary after Core S654 and the Proton Suite health-panel signal, without changing Seed, Core, Proton, Keyvault, Runtime, Desktop, or memory state. + +## Source Locks + +| Source | Commit or stage | Path | SHA-256 | +| --- | --- | --- | --- | +| Core S654 Seed branch authority pickup | `S654` | `../core/.sot/08-OUTPUTS/2026-06-15-s654-seed-main-branch-authority-gate-pickup.json` | `d92e77e23418b67e27cc3058a9f415a9b4a023cfcd71e4465cbe859df9b8d7e4` | +| Core S654 validator | `S654` | `../core/tools/check_personal_agent_21_seed_main_branch_authority_gate_pickup.py` | `28a47c713cf3ec7e065fce54d55cc3e6de4d3c12696f72fcff8d8b4137085710` | +| Seed S653 branch authority gate | `fd880ef15232895da05bc31ae4449e32418190ec` | `../seed/outputs/research/2026-06-15-cortex-os-seed-main-branch-authority-gate.json` | `12515390f89263318f853c26918155b36376f7b976009101a026043d4d3c2379` | +| Seed S653 branch authority validator | `fd880ef15232895da05bc31ae4449e32418190ec` | `../seed/tools/validate_cortex_os_seed_main_branch_authority_gate.py` | `b7ce32bcfe48e8e568280c1659c09ec46729af8aa7d3c9e6433fb028506847e1` | +| Proton Suite health contract | `f8403f1e5927933a0a5e283d2020119336e4e5e7` | `../proton-rclone/contracts/personal-agent-proton-suite-health-contract.json` | `ec835d487aae52fe0aa251076caafbdb1fc7b7ec7a4923ca89de8c246f87495f` | +| Proton Suite redacted health panel | `f8403f1e5927933a0a5e283d2020119336e4e5e7` | `../proton-rclone/.sot/08-OUTPUTS/proton-suite-redacted-health-panel.json` | `0cb6938f00618fa794081a04a45ecc258e14e9f31ded990d67845dd35f0f1207` | +| Proton Suite health panel proof | `f8403f1e5927933a0a5e283d2020119336e4e5e7` | `../proton-rclone/.sot/08-OUTPUTS/proton-suite-health-panel-proof.json` | `03ece893a3c7678365741cfdd01cb2c6cc2c30c20519e5d8649c25afac5ce31b` | + +## Current Boundary + +- `seed_branch_authority`: approval-required. Core S654 carries the current approval target for Seed HEAD `fd880ef15232895da05bc31ae4449e32418190ec`. +- `stale_s653_approval`: blocker. The older Seed S653 gate targets `56a1a36cc51d3cd084a65e01eb77210f58d7b6fd` and must not be used for current branch authority. +- `seed_main_repoint`: not executed. Local Seed `main` was not archived or repointed by this Steev slice. +- `profile_exposure`: blocked. Broader Steev tool exposure still needs a Core route. +- `durable_memory`: blocked. Secondbrain/Hindsight live writes still need governed approval. +- `provider_policy`: blocked. Real provider calls and credential custody still need a governed route. +- `keyvault_replacement`: future-governed-route. Proton Suite health-panel architecture may inform Keyvault successor work, but it does not replace Keyvault here. +- `runtime_readiness`: degraded. Seed-local acceptance exists, but broader runtime readiness and product readiness are not claimed. + +## Operator Note + +Use the Core S654 exact current-head approval text before any local Seed branch-authority execution. Do not use the older S653 approval text for current Seed HEAD `fd880ef15232895da05bc31ae4449e32418190ec`. + +## False Effects + +No Core mutation, Seed mutation, Proton mutation, Keyvault mutation, Runtime start, Docker start, Desktop/Dashboard launch, browser control, Webwright control, secret read, provider call, Profile Exposure change, Memory Domain grant, durable Secondbrain apply, Hindsight live write, branch repoint, publish, deploy, public release, product readiness, production readiness, or broad goal-completion claim occurred in this Steev slice. diff --git a/tools/validate_steev_child.py b/tools/validate_steev_child.py index 6284c25..3970b72 100755 --- a/tools/validate_steev_child.py +++ b/tools/validate_steev_child.py @@ -2,6 +2,7 @@ """Validate the Steev-named personal-agent profile distribution.""" from __future__ import annotations +import hashlib import json from pathlib import Path @@ -26,6 +27,7 @@ REQUIRED = [ "docs/contracts/personal-agent-desktop-exposure-contract.json", "docs/evidence/2026-06-14-personal-agent-proton-rclone-runtime-reconciliation.md", "docs/evidence/2026-06-15-personal-agent-core-seed-readiness-reconciliation.md", + "docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md", "docs/prd/2026-06-14-personal-agent-context-runtime-prd.md", "docs/issues/2026-06-14-personal-agent-context-runtime-work-orders.md", "docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md", @@ -168,11 +170,51 @@ REQUIRED_DESKTOP_ROWS = { "personal-agent.write-actions", } +GOVERNED_BOUNDARY_SOURCE_LOCKS = { + "../core/.sot/08-OUTPUTS/2026-06-15-s654-seed-main-branch-authority-gate-pickup.json": "d92e77e23418b67e27cc3058a9f415a9b4a023cfcd71e4465cbe859df9b8d7e4", + "../core/tools/check_personal_agent_21_seed_main_branch_authority_gate_pickup.py": "28a47c713cf3ec7e065fce54d55cc3e6de4d3c12696f72fcff8d8b4137085710", + "../seed/outputs/research/2026-06-15-cortex-os-seed-main-branch-authority-gate.json": "12515390f89263318f853c26918155b36376f7b976009101a026043d4d3c2379", + "../seed/tools/validate_cortex_os_seed_main_branch_authority_gate.py": "b7ce32bcfe48e8e568280c1659c09ec46729af8aa7d3c9e6433fb028506847e1", + "../proton-rclone/contracts/personal-agent-proton-suite-health-contract.json": "ec835d487aae52fe0aa251076caafbdb1fc7b7ec7a4923ca89de8c246f87495f", + "../proton-rclone/.sot/08-OUTPUTS/proton-suite-redacted-health-panel.json": "0cb6938f00618fa794081a04a45ecc258e14e9f31ded990d67845dd35f0f1207", + "../proton-rclone/.sot/08-OUTPUTS/proton-suite-health-panel-proof.json": "03ece893a3c7678365741cfdd01cb2c6cc2c30c20519e5d8649c25afac5ce31b", +} + +GOVERNED_BOUNDARY_SNIPPETS = [ + "PACR-015", + "Core S654", + "fd880ef15232895da05bc31ae4449e32418190ec", + "56a1a36cc51d3cd084a65e01eb77210f58d7b6fd", + "must not be used for current branch authority", + "Proton Suite health-panel architecture may inform Keyvault successor work", + "future-governed-route", + "No Core mutation", + "No Core mutation, Seed mutation, Proton mutation, Keyvault mutation", + "broad goal-completion claim", +] + def read_text(rel: str) -> str: return (ROOT / rel).read_text(encoding="utf-8") +def umbrella_root() -> Path: + root = ROOT.resolve() + if root.parent.name == "worktrees": + return root.parent.parent.parent + return root.parent + + +def resolve_external(rel: str) -> Path: + if rel.startswith("../"): + return umbrella_root() / rel[3:] + return ROOT / rel + + +def sha256_file(path: Path) -> str: + return hashlib.sha256(path.read_bytes()).hexdigest() + + def load_contract(errors: list[str]) -> dict: return load_json("docs/contracts/personal-agent-profile-surface-contract.json", errors) @@ -211,6 +253,7 @@ def main() -> int: "PACR-012", "PACR-013", "PACR-014", + "PACR-015", "status: candidate", "owner: jp", ]: @@ -1245,6 +1288,21 @@ def main() -> int: if snippet not in text: errors.append(f"reconciliation_missing:{snippet}") + governed_boundary = ROOT / "docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md" + if governed_boundary.exists(): + text = governed_boundary.read_text(encoding="utf-8") + for snippet in GOVERNED_BOUNDARY_SNIPPETS: + if snippet not in text: + errors.append(f"governed_boundary_missing:{snippet}") + for rel, expected_hash in GOVERNED_BOUNDARY_SOURCE_LOCKS.items(): + path = resolve_external(rel) + if not path.exists(): + errors.append(f"governed_boundary_source_missing:{rel}") + continue + actual_hash = sha256_file(path) + if actual_hash != expected_hash: + errors.append(f"governed_boundary_source_hash_drift:{rel}:{actual_hash}") + result = { "ok": not errors, "validator": "personal-agent-profile-distribution-v8",