hermes/steev
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: hermes:fdc27aa92f5239fe9a03087d7e332281b9c3c00f
Branches Tags
hermes:jp
hermes:main
...
compare: hermes:aeb17cce22bce46551506c12928c9c32a8720b45
Branches Tags
hermes:jp
hermes:main

3 Commits
fdc27aa92f ... aeb17cce22

Author SHA1 Message Date
Svrnty
aeb17cce22 chore: sync Steev disclosure skills 2026-06-01 09:33:52 -04:00
Svrnty
c7b72a8758 chore: add Cortex child governance 2026-06-01 09:30:58 -04:00
Svrnty
0487a3d8fd Refine Steev profile disclosure and Proton tools 2026-05-30 23:35:53 -04:00
6 changed files with 145 additions and 10 deletions
Show Stats Expand all files Collapse all files

32
AGENTS.md Normal file
View File

@ -0,0 +1,32 @@
# Steev Profile Agent Rules
This workspace is a child-local profile-workspace under the Cortex OS umbrella.
It is not Cortex OS Core authority. It is not a Cortex OS Instance. It is not a Runtime unless a governed Core route says so.
## Authority Order
1. `/home/svrnty/workspaces/cortex-os/core` active SOT.
2. `/home/svrnty/workspaces/cortex-os/core/AGENTS.md`.
3. This file.
4. `README.md`, `WORKBOARD.yaml`, and local tools.
5. Chat/session memory.
## Editing Rule
Keep work inside this workspace unless Core explicitly routes promotion.
After editing, run:
```bash
python3 tools/validate_steev_child.py
```
For governance text, follow Core caveman prose discipline.
## Protected Boundaries
- Do not mutate `../core/` from this workspace.
- Do not mutate sibling repositories.
- Do not import this workspace into Core source.
- Promotion into Core requires a governed Core route.

6
WORKBOARD.yaml Normal file
View File

@ -0,0 +1,6 @@
items:
- id: STEEV-WORK-001
title: Centralized Legacy Workspace Review
status: candidate
source: README.md
owner: jp

11
install.sh
View File

@ -358,6 +358,17 @@ else
echo " WARN: F6 yq/global config missing — skipping MCP materialization"
fi
echo ""
echo "== model policy → Codex primary + Qwen fallback =="
POLICY_SCRIPT="$(cd "$REPO/.." && pwd)/scripts/apply-hermes-model-policy.py"
if [ "$DRY" = 1 ]; then
echo "DRY: python3 '$POLICY_SCRIPT' --config '$PROFILE_CFG'"
elif [ -f "$POLICY_SCRIPT" ]; then
python3 "$POLICY_SCRIPT" --config "$PROFILE_CFG"
else
echo " WARN: policy script not found: $POLICY_SCRIPT"
fi
# F7 — macOS-only externals OS-gate (Wave 8 Q10)
# Reads expected_external_skills entries with os_constraint: darwin and emits
# an INFO line on non-Darwin hosts. No install action (these are external

64
manifest.yaml
View File

@ -132,6 +132,22 @@ disclosure:
path: skills/proton-tools
role: toolkit
justification: "24-tool Proton facade (Calendar+Email+Contacts) — JP-personal comms surface"
- id: assistant-identity
source: builtin
role: utility
justification: "live enabled Hermes profile skill surfaced by disclosure drift gate"
- id: proton-access
source: builtin
role: utility
justification: "live enabled Hermes profile skill surfaced by disclosure drift gate"
- id: proton-mail-operations
source: builtin
role: utility
justification: "live enabled Hermes profile skill surfaced by disclosure drift gate"
- id: proton-services
source: builtin
role: utility
justification: "live enabled Hermes profile skill surfaced by disclosure drift gate"
- id: google-workspace
source: builtin
path: productivity/google-workspace
@ -152,14 +168,48 @@ disclosure:
path: devops/kanban-worker
role: engine
justification: "CEO delegation transport — steev → ceo-planb (steev-agent SKILL.md L83)"
- id: webwright
source: builtin
role: utility
justification: "live enabled Hermes builtin surfaced by disclosure drift gate"
mcp_servers: [] # DENY-BY-DEFAULT. bte REMOVED (hard-rule fix).
# Wave 8 (2026-05-24): install.sh F6 wires the 3 proton MCPs
# (proton-calendar, proton-email, proton-contacts) into per-profile
# runtime config from manifest.optional_tools. mcp_perplexity is
# deferred — server not yet in `hermes mcp list`.
# Per-tool enumeration in disclosure.mcp_servers DEFERRED to
# Wave 8.5 (requires tool introspection per server).
mcp_servers:
- name: proton-calendar
description: "Proton Calendar facade"
tools:
- calendar_list
- calendar_events
- calendar_upcoming
- calendar_search
- calendar_event_get
- calendar_create
- calendar_update
- calendar_delete
- name: proton-email
description: "Proton Email facade"
tools:
- email_folders
- email_list
- email_read
- email_search
- email_send
- email_reply
- email_forward
- email_archive
- email_mark_read
- email_mark_unread
- name: proton-contacts
description: "Proton Contacts facade"
tools:
- contacts_list
- contacts_search
- contacts_get
- contacts_create
- contacts_update
- contacts_delete
# DENY-BY-DEFAULT: bte removed (hard-rule fix).
# mcp_perplexity intentionally omitted from disclosure until it is
# registered in the live Hermes MCP list and can be introspected.
sovereign_apis: [] # 0 direct HTTP/gRPC calls (per audit §3)

7
skills/proton-tools/SKILL.md
View File

@ -1,6 +1,6 @@
---
name: proton-tools
description: "When Steev needs to access JP's Proton account — Calendar, Mail, or Contacts. Use this skill to discover which tool answers the user's question, and how to call it. Covers all 24 Proton MCP tools across the three cortex MCP servers (proton-calendar, proton-email, proton-contacts). Triggers: any request involving JP's calendar (events, meetings, availability), mail (inbox, send, reply, search, folders), or contacts (lookup, add, search). Drive is NOT in scope — defer Drive requests."
description: "When Steev needs to access JP's Proton account — Calendar, Mail, Contacts, or explicitly requested Proton Drive checks via rclone. Use this skill to discover which tool answers the user's question, and how to call it. Covers all 24 Proton MCP tools across the three cortex MCP servers (proton-calendar, proton-email, proton-contacts). Triggers: any request involving JP's calendar (events, meetings, availability), mail (inbox, send, reply, search, folders), contacts (lookup, add, search), or Drive via rclone."
metadata:
version: 1.0.0
hermes:
@ -13,9 +13,9 @@ Authoritative reference for the 24 tools exposed by three cortex MCP servers —
## Hard rules
- **Drive is out of scope.** If the user asks about Proton Drive files/folders, say so and defer — there is no `drive_*` tool. Roadmap: `rclone-module` MCP wrap.
- **Drive is out of scope for Proton MCP tools.** There is no `drive_*` MCP tool. If the user explicitly asks to check Drive via `rclone`, use the live Proton Drive rclone remote instead of claiming no access: this Steev/Hermes profile sets `HOME=/home/svrnty/.hermes/profiles/steev/home`, so plain `rclone` sees the profile config; the working Proton Drive config is `/home/svrnty/.config/rclone/rclone.conf` with remote `proton:`. Use read-only probes first (`rclone --config /home/svrnty/.config/rclone/rclone.conf about proton: --json`) and do not list file names unless JP asks.
- **Destructive tools require explicit confirmation.** `email_send`, `email_reply`, `email_forward`, `calendar_delete`, `contacts_delete`. Never call these without quoting back the action + target + asking JP to confirm.
- **Date inputs are ISO 8601** (`2026-05-23T14:00:00-04:00`). Convert relative dates ("tomorrow", "next Tuesday") into ISO before tool call.
- **Calendar date filters:** the MCP schema may advertise RFC3339, but `calendar_events`/underlying gate expects date-only filters (`YYYY-MM-DD`) for reliable results. RFC3339 ranges can return empty even when events exist. Convert relative dates ("tomorrow", "next Tuesday") into `YYYY-MM-DD` for list/search filters; keep event create/update timestamps RFC3339.
- **Pagination**: `email_list`, `calendar_events`, `contacts_list` are paginated. Default page size is small (~20). Fetch additional pages only when the user asks for more.
## When to use which tool
@ -82,6 +82,7 @@ Run in parallel. Merge results. Group by source.
- **"WaitReady timeout"** → proton connector still booting. Retry once after 2-3s. If still failing, say so + suggest JP check `hermes mcp test proton`.
- **403 / scope error** → proton session expired. Tool handler should re-auth automatically; if not, JP needs to re-run setup.
- **Network / 5xx** → transient. Retry once. If persistent, report and stop.
- **`calendar_create` timeout** → do not retry blindly. First verify the target date range with `calendar_events` using `YYYY-MM-DD` filters to avoid duplicate events. If the event is still absent, one direct gate fallback may be attempted. If creates keep timing out while reads work, refresh `sdo-calendar-gate`: `docker restart sdo-calendar-gate`, wait for `connected to Proton` + `calendar-gate gRPC server listening`, then retry once. If restart fails with a bind-mount error because `/home/svrnty/workspaces/cortex/svrnty.sdo-agents/config/calendar-gate.toml` is a directory, replace it with a symlink to `../../L3-svrnty.agents-fleet/config/calendar-gate.toml`, then `docker start sdo-calendar-gate`.
## What NOT to do

35
tools/validate_steev_child.py Executable file
View File

@ -0,0 +1,35 @@
#!/usr/bin/env python3
"""Validate Steev Profile child workspace shell."""
from __future__ import annotations
import json
from pathlib import Path
ROOT = Path(__file__).resolve().parents[1]
REQUIRED = ["AGENTS.md", "README.md", "WORKBOARD.yaml"]
def main() -> int:
errors: list[str] = []
for rel in REQUIRED:
if not (ROOT / rel).exists():
errors.append(f"missing:{rel}")
board = ROOT / "WORKBOARD.yaml"
if board.exists():
text = board.read_text(encoding="utf-8")
for snippet in ["STEEV-WORK-001", "status: candidate", "owner: jp"]:
if snippet not in text:
errors.append(f"workboard_missing:{snippet}")
agents = ROOT / "AGENTS.md"
if agents.exists():
text = agents.read_text(encoding="utf-8")
for snippet in ["child-local", "not Cortex OS Core authority", "python3 tools/validate_steev_child.py"]:
if snippet not in text:
errors.append(f"agents_missing:{snippet}")
result = {"ok": not errors, "validator": "steev-child-v1", "checked": REQUIRED, "errors": errors, "warnings": []}
print(json.dumps(result, indent=2, sort_keys=True))
return 0 if result["ok"] else 1
if __name__ == "__main__":
raise SystemExit(main())