docs: plan Steev personal context runtime

2026-06-14 07:18:48 -04:00
parent aeb17cce22
commit d2a99ca36e
5 changed files with 490 additions and 0 deletions
@@ -0,0 +1,180 @@
+---
+name: 2026-06-14-steev-personal-context-runtime-work-orders
+status: active
+triage: ready-for-agent
+owner: jp
+source: docs/prd/2026-06-14-steev-personal-context-runtime-prd.md
+created: 2026-06-14
+last_reviewed: 2026-06-14
+core_promotion_status: not-promoted
+description: Dependency-ordered vertical slices for Steev personal context runtime standardization.
+artifact_type: work-orders
+---
+
+# Steev Personal Context Runtime Work Orders
+
+Each slice is vertical and proof-backed. Steev owns the profile contract.
+BlueBubbles and Proton/rclone own capability packages. Personal context targets
+personal Secondbrain only. `orgbrain`, raw payloads, and secrets are forbidden.
+
+## SPCR-001 Profile Authority And Surface Contract
+
+Type: AFK. Blocked by: None. User stories: 1-17, 21-23, 28-31.
+
+## What to build
+
+Define Steev's profile contract: surfaces, allowed effects, denied effects,
+memory target, credential posture, runtime proof, and package ownership.
+
+## Acceptance criteria
+
+- [ ] Steev declares iMessage, Proton Mail, Calendar, Contacts, Drive, and future browser host surfaces.
+- [ ] Required surfaces are named: `imessage.read`, Proton read/draft/propose/confirmation-write surfaces, and Drive read/confirmation-write.
+- [ ] Personal Secondbrain is the only memory target; `orgbrain`, raw payloads, credentials, and secrets are denied.
+- [ ] The Steev child validator passes.
+
+## SPCR-002 Supersession And Graph Hygiene Register
+
+Type: AFK. Blocked by: SPCR-001. User stories: 24-27, 29, 36.
+
+## What to build
+
+Classify older Steev, BlueBubbles, Proton, rclone, and legacy Cortex artifacts
+as active, superseded, archived, legacy-reference, or blocked-follow-up.
+
+## Acceptance criteria
+
+- [ ] Every known prior workstream has a supersession state and one-line reason.
+- [ ] Legacy Cortex Proton/rclone repos are marked reference-only unless promoted.
+- [ ] The register names the single canonical pickup path per work area.
+- [ ] The Steev child validator passes.
+
+## SPCR-003 BlueBubbles Capability Pickup Into Steev
+
+Type: AFK. Blocked by: SPCR-001, SPCR-002. User stories: 1-3, 13-18, 24-26, 32.
+
+## What to build
+
+Bind Steev's `imessage.read` surface to the existing BlueBubbles package.
+Preserve read-only runtime, redacted proof, Mac Mini host ownership, and
+proposal-only personal memory intake.
+
+## Acceptance criteria
+
+- [ ] Steev references BlueBubbles as package authority, not profile-local connector code.
+- [ ] Sends, read receipts, mark-read, contact/chat mutation, downloads, and deletes remain denied.
+- [ ] BlueBubbles health/watchdog proof remains redacted evidence.
+- [ ] Steev and BlueBubbles validators pass.
+
+## SPCR-004 Proton And Rclone Capability Standardization
+
+Type: AFK. Blocked by: SPCR-001, SPCR-002. User stories: 4-12, 15-17, 19-20, 24-31.
+
+## What to build
+
+Shape a Proton/rclone capability package for Mail, Calendar, Contacts, and
+Drive: surfaces, runtime path, rclone config posture, health, and write gates.
+
+## Acceptance criteria
+
+- [ ] Proton and Drive surfaces use read/draft/propose/confirmation naming.
+- [ ] Docker, systemd, MCP, CLI, and rclone routes are inventoried with one chosen or pending runtime path.
+- [ ] Health is redacted and per-surface, including degraded and not-running states.
+- [ ] Duplicate Proton skills are consolidated or clearly superseded.
+
+## SPCR-005 Personal Secondbrain Proposal And Apply Route
+
+Type: AFK. Blocked by: SPCR-003, SPCR-004. User stories: 13-14, 16-17, 29, 32, 34.
+
+## What to build
+
+Define proposal-only memory intake for iMessage, Proton, and Drive-derived
+context. Durable writes wait for the owning Secondbrain/curator apply route.
+
+## Acceptance criteria
+
+- [ ] Proposal envelopes target personal Secondbrain only.
+- [ ] `orgbrain` attempts are rejected and proven.
+- [ ] Proof excludes raw bodies, contacts, event details, drive names, attachments, and secrets unless later approved.
+- [ ] The Steev child validator passes.
+
+## SPCR-006 Conductor And Curator Service Handoff
+
+Type: AFK. Blocked by: SPCR-001 and active conductor/curator lane release. User stories: 17, 23, 29, 33-34.
+
+## What to build
+
+Publish service identity, health shape, effects, credential posture, and
+apply-envelope expectations for future conductor/curator adoption.
+
+## Acceptance criteria
+
+- [ ] Each capability has service identity, health, allowed effects, and denied effects.
+- [ ] Apply expectations are redacted and personal-only.
+- [ ] No conductor or curator files are mutated from Steev.
+- [ ] The Steev child validator passes.
+
+## SPCR-007 Runtime Readiness And Always-On Proof
+
+Type: AFK. Blocked by: SPCR-003, SPCR-004, SPCR-006. User stories: 17-20, 28-29, 33.
+
+## What to build
+
+Prove per-surface runtime state with redacted health, supervisor posture,
+restart behavior, and explicit ready/degraded/pending/blocked claims.
+
+## Acceptance criteria
+
+- [ ] iMessage, Mail, Calendar, Contacts, and Drive each have a readiness state.
+- [ ] Broken, duplicate, inactive, or missing services are named as gaps.
+- [ ] Optional reboot/power-loss proof is separate from normal readiness.
+- [ ] The Steev child validator passes.
+
+## SPCR-008 Desktop Adapter Exposure Contract
+
+Type: AFK. Blocked by: SPCR-001 and active adapter lane release. User stories: 22, 29, 35.
+
+## What to build
+
+Prepare the desktop/adapter contract for capability readiness display. Do not
+wire UI or mutate adapter code from this route.
+
+## Acceptance criteria
+
+- [ ] Desktop-visible states come from contract and redacted runtime health.
+- [ ] State names are ready, degraded, pending, blocked, and disabled.
+- [ ] Personal memory only and no `orgbrain` are preserved.
+- [ ] The Steev child validator passes.
+
+## SPCR-009 Browser And Webwright Host Runtime Approval
+
+Type: HITL. Blocked by: SPCR-001, SPCR-002, explicit JP approval. User stories: 21, 29, 33, 35.
+
+## What to build
+
+Prepare a separate Mac Mini browser/Webwright Host Runtime approval packet.
+This grants broad authenticated computer authority and must not hide inside
+messaging or Proton work.
+
+## Acceptance criteria
+
+- [ ] The packet names browser session, password-manager, cookie, Google Drive, and desktop-control risks.
+- [ ] Default denied effects apply until JP grants scope.
+- [ ] No browser/Webwright runtime is enabled by this issue.
+- [ ] JP approval is required before execution.
+
+## SPCR-010 Final Acceptance And Promotion Packet
+
+Type: HITL. Blocked by: SPCR-002 through SPCR-009. User stories: 28-36.
+
+## What to build
+
+Assemble final acceptance across profile, capability, memory, runtime, Seed,
+Core, conductor/curator, desktop, and graph hygiene claims.
+
+## Acceptance criteria
+
+- [ ] Accepted, pending, and rejected claims are named with owning evidence.
+- [ ] Old work is archived, superseded, or marked legacy-reference.
+- [ ] Core and Seed readiness are claimed only through governed routes.
+- [ ] JP can read one page and know exactly what remains.