hermes/steev
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: standardize Proton rclone package candidate

Browse Source
This commit is contained in:
Svrnty
2026-06-14 08:28:36 -04:00
parent 91d4e7f08b
commit c1e4d77611
6 changed files with 564 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/contracts/personal-agent-proton-rclone-package.json
+355
View File
@@ -0,0 +1,355 @@
{
"schema_version": "personal-agent-proton-rclone-package/v1",
"status": "package-candidate-unregistered",
"package_id": "proton-rclone",
"profile_identity": "personal-agent",
"display_name": "Steev",
"observed_date": "2026-06-14",
"child_workspace_registered": false,
"package_runtime_readiness_claimed": false,
"profile_runtime_readiness_claimed": false,
"seed_readiness_claimed": false,
"core_promotion_claimed": false,
"authority_boundary": {
"profile_owns_surface_exposure": true,
"package_candidate_owns_runtime_inventory": true,
"legacy_repositories_are_reference_only": true,
"duplicate_profile_local_connectors_allowed": false,
"notes": "This contract standardizes the Proton/rclone package shape for personal-agent. It does not register a new child workspace or claim full runtime readiness."
},
"memory_policy": {
"target": "secondbrain-personal",
"forbidden": [
"orgbrain"
],
"durable_write_policy": "proposal-only-until-governed-secondbrain-curator-apply-route"
},
"credential_policy": {
"mode": "keyvault-reference-names-only",
"secret_values_in_contract": false,
"credential_mutation_allowed": false
},
"surfaces": [
{
"name": "mail.read",
"runtime_route": "proton-email MCP facade through Proton gate",
"readiness": "degraded",
"allowed_effects": [
"email_folders",
"email_list",
"email_search",
"email_read_metadata_or_body_when_requested"
],
"denied_effects": [
"send_without_confirmation",
"delete_mail",
"archive_mail",
"mark_read",
"mark_unread",
"orgbrain_write"
],
"confirmation": "not-required-for-read"
},
{
"name": "mail.draft",
"runtime_route": "proton-email MCP facade through Proton gate",
"readiness": "pending",
"allowed_effects": [
"draft_reply",
"draft_new_mail"
],
"denied_effects": [
"send_without_confirmation",
"delete_mail",
"orgbrain_write"
],
"confirmation": "draft-only"
},
{
"name": "mail.send_with_confirmation",
"runtime_route": "proton-email MCP facade through Proton gate",
"readiness": "disabled",
"allowed_effects": [
"send_after_explicit_jp_confirmation"
],
"denied_effects": [
"silent_send",
"send_without_confirmation",
"delete_mail",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
},
{
"name": "calendar.read",
"runtime_route": "proton-calendar MCP facade through calendar gate",
"readiness": "degraded",
"allowed_effects": [
"calendar_list",
"calendar_events",
"calendar_upcoming",
"calendar_search",
"calendar_event_get"
],
"denied_effects": [
"calendar_write_without_confirmation",
"calendar_delete",
"orgbrain_write"
],
"confirmation": "not-required-for-read"
},
{
"name": "calendar.propose_event",
"runtime_route": "proton-calendar MCP facade through calendar gate",
"readiness": "pending",
"allowed_effects": [
"propose_calendar_create",
"propose_calendar_update"
],
"denied_effects": [
"calendar_write_without_confirmation",
"calendar_delete",
"orgbrain_write"
],
"confirmation": "proposal-only"
},
{
"name": "calendar.write_with_confirmation",
"runtime_route": "proton-calendar MCP facade through calendar gate",
"readiness": "disabled",
"allowed_effects": [
"calendar_create_after_explicit_jp_confirmation",
"calendar_update_after_explicit_jp_confirmation"
],
"denied_effects": [
"silent_calendar_write",
"calendar_delete",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
},
{
"name": "contacts.read",
"runtime_route": "proton-contacts MCP facade through contacts gate",
"readiness": "degraded",
"allowed_effects": [
"contacts_list",
"contacts_search",
"contacts_get"
],
"denied_effects": [
"contact_mutation_without_confirmation",
"contacts_delete",
"orgbrain_write"
],
"confirmation": "not-required-for-read"
},
{
"name": "contacts.write_with_confirmation",
"runtime_route": "proton-contacts MCP facade through contacts gate",
"readiness": "disabled",
"allowed_effects": [
"contacts_create_after_explicit_jp_confirmation",
"contacts_update_after_explicit_jp_confirmation"
],
"denied_effects": [
"silent_contact_write",
"contacts_delete",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
},
{
"name": "drive.read",
"runtime_route": "rclone with explicit Proton config path",
"readiness": "degraded",
"allowed_effects": [
"rclone_about_redacted",
"rclone_list_only_when_requested"
],
"denied_effects": [
"drive_file_name_proof",
"drive_file_content_download",
"drive_write_without_confirmation",
"drive_delete",
"orgbrain_write"
],
"confirmation": "not-required-for-redacted-about"
},
{
"name": "drive.write_with_confirmation",
"runtime_route": "rclone with explicit Proton config path",
"readiness": "disabled",
"allowed_effects": [
"drive_write_after_explicit_jp_confirmation"
],
"denied_effects": [
"silent_drive_write",
"drive_delete",
"drive_purge",
"drive_share",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
}
],
"runtime_inventory": {
"overall_state": "degraded",
"chosen_runtime_path": "MCP facades for Mail, Calendar, Contacts; explicit rclone config for Drive",
"pending_runtime_convergence": [
"Repair or replace exited email and contacts gate containers.",
"Resolve auto-restarting user proton-bridge and proton-bridge-proxy units or explicitly abandon them.",
"Keep rclone RC/proxy units disabled unless a governed wrapper admits them.",
"Create registered proton-rclone child workspace before package runtime readiness is claimed."
],
"mcp_servers": [
{
"name": "proton-calendar",
"observed_status": "enabled"
},
{
"name": "proton-email",
"observed_status": "enabled"
},
{
"name": "proton-contacts",
"observed_status": "enabled"
}
],
"docker_routes": [
{
"name": "protonmail-bridge-active-container",
"observed_state": "up"
},
{
"name": "sdo-calendar-gate",
"observed_state": "up"
},
{
"name": "sdo-email-gate",
"observed_state": "exited-127"
},
{
"name": "sdo-contacts-gate",
"observed_state": "exited-127"
},
{
"name": "stale-sdo-protonmail-bridge-container",
"observed_state": "created"
}
],
"systemd_user_units": [
{
"name": "proton-bridge.service",
"observed_state": "activating-auto-restart",
"unit_file_state": "enabled"
},
{
"name": "proton-bridge-proxy.service",
"observed_state": "activating-auto-restart",
"unit_file_state": "enabled"
},
{
"name": "rclone-rc.service",
"observed_state": "inactive-dead",
"unit_file_state": "disabled"
},
{
"name": "rclone-proxy.service",
"observed_state": "inactive-dead",
"unit_file_state": "disabled"
}
],
"rclone": {
"config_path": "/home/svrnty/.config/rclone/rclone.conf",
"remote": "proton:",
"listremotes_observed": true,
"about_probe": "ok-redacted",
"file_names_observed": false,
"file_contents_observed": false
}
},
"legacy_sources": [
{
"path": "/home/svrnty/workspaces/cortex/L4-svrnty.api-proton",
"state": "legacy-reference",
"reason": "Mail, Calendar, Contacts source material, not Cortex OS child authority."
},
{
"path": "/home/svrnty/workspaces/cortex/L4-svrnty.tool-storage",
"state": "legacy-reference",
"reason": "Storage/rclone source material, not the canonical personal-agent package."
},
{
"path": "/home/svrnty/workspaces/cortex/L5-vendor.lib-proton-bridge",
"state": "legacy-reference",
"reason": "Vendor bridge code, not profile authority."
},
{
"path": "/home/svrnty/workspaces/cortex/L6-vendor.lib-proton-api",
"state": "legacy-reference",
"reason": "Vendor Proton API code, not profile authority."
},
{
"path": "/home/svrnty/workspaces/cortex/L6-vendor.lib-rclone",
"state": "legacy-reference",
"reason": "Vendor rclone code, not profile authority."
}
],
"duplicate_skill_policy": [
{
"id": "skills/proton-tools",
"state": "superseded-pending-package-install",
"reason": "Keep as tool reference until the package child exists; governance now lives in this contract."
},
{
"id": "proton-access",
"state": "superseded-pending-consolidation",
"reason": "Must not become separate Proton authority."
},
{
"id": "proton-mail-operations",
"state": "superseded-pending-consolidation",
"reason": "Must fold into the canonical Proton/rclone package."
},
{
"id": "proton-services",
"state": "superseded-pending-consolidation",
"reason": "Must fold into the canonical Proton/rclone package."
}
],
"proof_policy": {
"mode": "redacted-only",
"forbidden_fields": [
"raw_messages",
"mail_bodies",
"mail_subjects",
"sender_address",
"recipient_address",
"contact_details",
"calendar_event_details",
"drive_file_names",
"drive_file_contents",
"endpoint_payloads",
"credentials",
"secret_values"
]
},
"observed_commands": [
"hermes -p steev mcp list",
"systemctl --user list-unit-files --no-pager | rg -i 'proton|rclone|calendar|contacts|email'",
"systemctl --user show proton-bridge.service rclone-rc.service rclone-proxy.service -p Id -p LoadState -p ActiveState -p SubState -p UnitFileState -p FragmentPath --no-pager",
"systemctl --user show proton-bridge-proxy.service -p Id -p LoadState -p ActiveState -p SubState -p UnitFileState -p FragmentPath --no-pager",
"docker ps -a --format '<name status image>' | rg -i 'proton|calendar|contacts|email|mail|rclone|sdo'",
"rclone --config /home/svrnty/.config/rclone/rclone.conf listremotes",
"rclone --config /home/svrnty/.config/rclone/rclone.conf about proton: --json"
],
"remaining_gates": {
"registered_child_workspace": "blocked-follow-up",
"email_gate_repair": "blocked-follow-up",
"contacts_gate_repair": "blocked-follow-up",
"systemd_bridge_convergence": "blocked-follow-up",
"secondbrain_durable_apply": "blocked-follow-up",
"seed_package_pickup": "blocked-follow-up"
}
}