docs: enforce personal-agent profile contract

docs/STEEV-MASTER.md

@@ -0,0 +1,20 @@
+---
+name: steev-master-supersession-redirect
+status: superseded
+owner: jp
+source: personal-agent-context-runtime
+last_reviewed: 2026-06-14
+description: Redirect from the historical Steev master reference to the active personal-agent profile surface contract.
+---
+
+# Steev Master Supersession
+
+`personal-agent` is the canonical profile identity. Steev is the user-facing display name and current distribution alias.
+
+Active authority:
+
+- `docs/contracts/personal-agent-profile-surface-contract.json`
+- `docs/prd/2026-06-14-personal-agent-context-runtime-prd.md`
+- `docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md`
+
+This file exists so older references do not become graph ambiguity.

docs/contracts/personal-agent-profile-surface-contract.json

@@ -0,0 +1,257 @@
+{
+  "schema_version": "personal-agent-profile-surface-contract/v1",
+  "profile_identity": "personal-agent",
+  "display_name": "Steev",
+  "distribution_alias": "steev",
+  "owner": "jp",
+  "status": "active-authority",
+  "authority_note": "personal-agent is the profile identity. Steev is the user-facing display name and current distribution alias.",
+  "memory_policy": {
+    "allowed_target": "secondbrain-personal",
+    "forbidden_targets": [
+      "orgbrain"
+    ],
+    "durable_write_policy": "proposal-only-until-governed-secondbrain-curator-apply-route",
+    "proof_policy": "redacted-only"
+  },
+  "credential_policy": {
+    "mode": "keyvault-reference-names-only",
+    "forbidden_in_core_or_proof": [
+      "credential_values",
+      "secret_values",
+      "session_cookies",
+      "keychain_values",
+      "password_manager_values"
+    ]
+  },
+  "proof_redaction_policy": {
+    "forbidden_in_core_or_proof": [
+      "raw_messages",
+      "mail_bodies",
+      "contact_details",
+      "calendar_event_details",
+      "drive_file_names",
+      "endpoint_payloads",
+      "credentials",
+      "cookies",
+      "keychain_values",
+      "password_manager_values",
+      "secret_values"
+    ]
+  },
+  "readiness_states": [
+    "ready",
+    "degraded",
+    "pending",
+    "blocked",
+    "disabled"
+  ],
+  "surfaces": [
+    {
+      "name": "imessage.read",
+      "capability_package": "bluebubbles",
+      "package_surface": "bluebubbles.imessage.readonly",
+      "status": "active-capability-package",
+      "allowed_effects": [
+        "read_message_stream",
+        "read_conversation_history",
+        "emit_redacted_health",
+        "emit_secondbrain_personal_proposal"
+      ],
+      "denied_effects": [
+        "send_message",
+        "delete_message",
+        "mark_read",
+        "read_receipt",
+        "contact_mutation",
+        "chat_mutation",
+        "attachment_download",
+        "orgbrain_write"
+      ],
+      "confirmation": "not-applicable-read-only"
+    },
+    {
+      "name": "mail.read",
+      "capability_package": "proton-rclone",
+      "status": "blocked-follow-up",
+      "allowed_effects": [
+        "read_mail_metadata",
+        "read_mail_body_when_user_requested",
+        "search_mail",
+        "emit_redacted_health",
+        "emit_secondbrain_personal_proposal"
+      ],
+      "denied_effects": [
+        "send_mail",
+        "delete_mail",
+        "archive_mail",
+        "mark_read",
+        "mark_unread",
+        "orgbrain_write"
+      ],
+      "confirmation": "not-applicable-read"
+    },
+    {
+      "name": "mail.draft",
+      "capability_package": "proton-rclone",
+      "status": "blocked-follow-up",
+      "allowed_effects": [
+        "compose_draft_for_user_review"
+      ],
+      "denied_effects": [
+        "send_mail",
+        "mutate_mailbox",
+        "orgbrain_write"
+      ],
+      "confirmation": "user-review-before-send"
+    },
+    {
+      "name": "mail.send_with_confirmation",
+      "capability_package": "proton-rclone",
+      "status": "blocked-follow-up",
+      "allowed_effects": [
+        "send_mail_after_explicit_confirmation"
+      ],
+      "denied_effects": [
+        "send_without_confirmation",
+        "bulk_send",
+        "background_send",
+        "orgbrain_write"
+      ],
+      "confirmation": "explicit-jp-confirmation-required"
+    },
+    {
+      "name": "calendar.read",
+      "capability_package": "proton-rclone",
+      "status": "blocked-follow-up",
+      "allowed_effects": [
+        "read_calendar_metadata",
+        "read_event_detail_when_user_requested",
+        "search_calendar",
+        "emit_redacted_health",
+        "emit_secondbrain_personal_proposal"
+      ],
+      "denied_effects": [
+        "create_event",
+        "update_event",
+        "delete_event",
+        "orgbrain_write"
+      ],
+      "confirmation": "not-applicable-read"
+    },
+    {
+      "name": "calendar.propose_event",
+      "capability_package": "proton-rclone",
+      "status": "blocked-follow-up",
+      "allowed_effects": [
+        "draft_calendar_change_for_user_review"
+      ],
+      "denied_effects": [
+        "write_calendar",
+        "delete_event",
+        "orgbrain_write"
+      ],
+      "confirmation": "user-review-before-write"
+    },
+    {
+      "name": "calendar.write_with_confirmation",
+      "capability_package": "proton-rclone",
+      "status": "blocked-follow-up",
+      "allowed_effects": [
+        "create_event_after_explicit_confirmation",
+        "update_event_after_explicit_confirmation"
+      ],
+      "denied_effects": [
+        "write_without_confirmation",
+        "delete_event",
+        "orgbrain_write"
+      ],
+      "confirmation": "explicit-jp-confirmation-required"
+    },
+    {
+      "name": "contacts.read",
+      "capability_package": "proton-rclone",
+      "status": "blocked-follow-up",
+      "allowed_effects": [
+        "read_contact_metadata",
+        "read_contact_detail_when_user_requested",
+        "search_contacts",
+        "emit_redacted_health",
+        "emit_secondbrain_personal_proposal"
+      ],
+      "denied_effects": [
+        "create_contact",
+        "update_contact",
+        "delete_contact",
+        "orgbrain_write"
+      ],
+      "confirmation": "not-applicable-read"
+    },
+    {
+      "name": "contacts.write_with_confirmation",
+      "capability_package": "proton-rclone",
+      "status": "blocked-follow-up",
+      "allowed_effects": [
+        "create_contact_after_explicit_confirmation",
+        "update_contact_after_explicit_confirmation"
+      ],
+      "denied_effects": [
+        "write_without_confirmation",
+        "delete_contact",
+        "orgbrain_write"
+      ],
+      "confirmation": "explicit-jp-confirmation-required"
+    },
+    {
+      "name": "drive.read",
+      "capability_package": "proton-rclone",
+      "status": "blocked-follow-up",
+      "allowed_effects": [
+        "read_drive_metadata_when_user_requested",
+        "read_file_when_user_requested",
+        "emit_redacted_health",
+        "emit_secondbrain_personal_proposal"
+      ],
+      "denied_effects": [
+        "write_file",
+        "move_file",
+        "copy_file",
+        "delete_file",
+        "purge_directory",
+        "orgbrain_write"
+      ],
+      "confirmation": "not-applicable-read"
+    },
+    {
+      "name": "drive.write_with_confirmation",
+      "capability_package": "proton-rclone",
+      "status": "blocked-follow-up",
+      "allowed_effects": [
+        "write_file_after_explicit_confirmation",
+        "move_file_after_explicit_confirmation",
+        "copy_file_after_explicit_confirmation"
+      ],
+      "denied_effects": [
+        "write_without_confirmation",
+        "delete_file",
+        "purge_directory",
+        "orgbrain_write"
+      ],
+      "confirmation": "explicit-jp-confirmation-required"
+    },
+    {
+      "name": "browser.host_runtime.full_control",
+      "capability_package": "mac-mini-host-runtime",
+      "status": "blocked-follow-up",
+      "allowed_effects": [],
+      "denied_effects": [
+        "browser_full_control_without_hitl_approval",
+        "read_password_manager",
+        "export_cookies",
+        "read_keychain",
+        "orgbrain_write"
+      ],
+      "confirmation": "separate-hitl-host-runtime-approval-required"
+    }
+  ]
+}