hermes/steev
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: hermes/steev:jp
Branches Tags
hermes/steev:jp hermes/steev:main
...
pull from: hermes/steev:main
Branches Tags
hermes/steev:main hermes/steev:jp

33 Commits
jp ... main

Author SHA1 Message Date
Svrnty 26411d6128 Normalize Steev pickup posture 2026-06-19 07:36:30 -04:00
Svrnty 0c549cb620 Align WorkBoard validator with closed-owner rule 2026-06-18 14:00:20 -04:00
Svrnty 958890ff7e Clear completed WorkBoard owners 2026-06-18 13:57:18 -04:00
Svrnty da9d1df0ff Validate Steev profile review 2026-06-18 11:08:02 -04:00
Svrnty 0ec0f886c4 Classify Steev local ignored state 2026-06-18 06:34:03 -04:00
Svrnty 3d0ab3fa14 Normalize AGENTS pickup field 2026-06-18 05:15:50 -04:00
Svrnty 74224da778 Add Steev legacy ingest overview 2026-06-18 03:03:49 -04:00
Svrnty 71eb1d6b22 Compact Steev agent pickup 2026-06-18 01:33:38 -04:00
Svrnty aadd2ce5ea Add Steev navigation index 2026-06-17 23:36:07 -04:00
Svrnty e3ada3edea Normalize AGENTS authority pickup 2026-06-17 22:15:24 -04:00
Svrnty 0e194f64f2 Add Steev agent contract blocks 2026-06-17 19:06:30 -04:00
Svrnty 6edcaaff33 docs: add steev endgoal pickup 2026-06-16 16:56:47 -04:00
Svrnty 7184c7dc01 CC: clear Steev completed owners 2026-06-15 16:17:57 -04:00
Svrnty e5d71b697d CC: refresh Steev governed boundary source lock 2026-06-15 16:13:58 -04:00
Svrnty 777806cee1 CC: tolerate repaired Core S654 validator 2026-06-15 06:44:40 -04:00
Svrnty 76ae8ad2f1 docs: pin Steev governed boundary 2026-06-15 05:55:31 -04:00
Svrnty 121b5bb1e6 docs: reconcile Steev Core Seed readiness 2026-06-15 00:47:38 -04:00
Svrnty 3b926000a6 docs: pick up proton bridge unit convergence 2026-06-14 11:21:30 -04:00
Svrnty f127076665 docs: pick up proton rclone runtime gate repair 2026-06-14 11:09:17 -04:00
Svrnty 5d77eaffc9 docs: link proton rclone child candidate to personal-agent 2026-06-14 10:49:01 -04:00
Svrnty d19825c3e6 docs: reconcile personal-agent secondbrain apply route 2026-06-14 09:39:12 -04:00
Svrnty 389bd1e89d docs: link imessage intake to secondbrain route 2026-06-14 09:08:42 -04:00
Svrnty 8c8d005fe8 docs: reconcile proton rclone runtime posture 2026-06-14 09:07:14 -04:00
Svrnty 0944fc7fd0 docs: define personal-agent desktop exposure contract 2026-06-14 08:46:33 -04:00
Svrnty 8274edffeb docs: capture personal-agent runtime readiness snapshot 2026-06-14 08:40:58 -04:00
Svrnty 412f669b93 docs: hand off personal-agent services to conductor curator 2026-06-14 08:36:34 -04:00
Svrnty 5807a86b2e docs: define personal Secondbrain proposal route 2026-06-14 08:32:20 -04:00
Svrnty c1e4d77611 docs: standardize Proton rclone package candidate 2026-06-14 08:28:36 -04:00
Svrnty 91d4e7f08b docs: bind BlueBubbles to personal-agent profile 2026-06-14 08:21:40 -04:00
Svrnty 0d4a7ff4e4 chore: ignore local sandcastles 2026-06-14 08:16:27 -04:00
Svrnty 8d4b216a6f docs: enforce personal-agent profile contract 2026-06-14 08:16:03 -04:00
Svrnty 0acd11b544 docs: clarify personal-agent profile naming 2026-06-14 07:46:35 -04:00
Svrnty d2a99ca36e docs: plan Steev personal context runtime 2026-06-14 07:18:48 -04:00
26 changed files with 3899 additions and 30 deletions
Expand all files Collapse all files
.gitignore
+1
View File
@@ -3,3 +3,4 @@ steev.db
.env .env
__pycache__/ __pycache__/
*.pyc *.pyc
.sandcastles/
AGENT.md
+3 -1
View File
@@ -11,9 +11,11 @@ depends_on:
- steev-contract - steev-contract
--- ---
> Supersession note, 2026-06-14: `personal-agent` is the canonical profile identity. Steev is the user-facing display name and current distribution alias. The active profile surface contract is `docs/contracts/personal-agent-profile-surface-contract.json`.
# Steev — Agent Identity # Steev — Agent Identity
> The WHO of this profile distribution. Loaded conceptually before the orchestrator skill. For the full operating reference, see [`docs/STEEV-MASTER.md`](docs/STEEV-MASTER.md). > The WHO of this profile distribution. Loaded conceptually before the orchestrator skill. For profile surfaces and effects, use [`docs/contracts/personal-agent-profile-surface-contract.json`](docs/contracts/personal-agent-profile-surface-contract.json).
| Field | Value | | Field | Value |
|---|---| |---|---|
AGENTS.md
+37 -18
View File
@@ -1,32 +1,51 @@
# Steev Profile Agent Rules # Steev Profile Endgoal
This workspace is a child-local profile-workspace under the Cortex OS umbrella. Endgoal: keep `personal-agent`/Steev as the child-local JP personal assistant profile for briefing, triage, drafting, delegation, and governed personal-surface handoffs without autonomous sends, credential reads, Core authority, Runtime authority, Profile Exposure broadening, durable memory writes, or readiness claims.
It is not Cortex OS Core authority. It is not a Cortex OS Instance. It is not a Runtime unless a governed Core route says so. Route: `steev`.
Stage: CLEAN.
Clean score: 100.
Validator: `python3 tools/validate_steev_child.py`.
Current pickup: use this workspace for personal-agent profile identity, role and boundary docs, personal-surface contracts, redacted proof refs, proposal-only memory routing records, desktop exposure contracts, runtime-readiness snapshots, validators, and handoff references; do not send, read credentials, read raw personal payloads, or claim readiness.
Authority boundary: child-local personal-agent profile workspace only; not Cortex OS Core authority, Runtime authority, Profile Exposure authority, credential authority, provider authority, send authority, memory-domain authority, browser-host authority, public product authority, release authority, production-readiness authority, or autonomous execution authority.
Legacy-work relation: old Steev/personal-agent, BlueBubbles, Proton/rclone, Secondbrain, Conductor/Curator handoff, desktop exposure, and runtime-readiness work is classified in `docs/LEGACY-INGEST.md`; preserve redacted refs and never import personal payloads because they exist.
## Authority Order ## Universal Cortex OS Agent Contract
1. `/home/svrnty/workspaces/cortex-os/core` active SOT. - Follow parent `AGENTS.md`; this file is route-local instruction before chat memory.
2. `/home/svrnty/workspaces/cortex-os/core/AGENTS.md`. - For broad work, run `cortex graph context` as Derived State, then read local files.
3. This file. - Before edits, read `AGENTS.md`, `README.md`, and `WORKBOARD.yaml`; keep writes route-local unless Core authorizes promotion.
4. `README.md`, `WORKBOARD.yaml`, and local tools. - Use Karpathy rules, small profile-boundary seams, real evals, and cartesian/pragmatic/efficient/elegant no-live execution; run the validator before handoff/done.
5. Chat/session memory. - Keep compact refs-only proof and handoffs; do not write Hindsight memory, Core SOT, siblings, runtime state, or personal payloads without route approval.
## Editing Rule ## Repo-Custom Agent Contract
Keep work inside this workspace unless Core explicitly routes promotion. Steev is a child-local personal-agent profile workspace. It owns profile identity, role and boundary docs, personal-surface contracts, redacted proof packets, proposal-only memory routing records, desktop exposure contracts, runtime-readiness snapshots, validators, and handoff references.
After editing, run: Do not install or start Steev, mutate `~/.hermes`, run browser-host automation, read credentials, read raw messages, read mail bodies, read contacts, read calendar details, read drive names, send messages, write calendar/contact/drive data, write durable memory, broaden Profile Exposure, call providers, mutate Core/Seed/sibling/OpenDesign repos, or claim readiness without governed approval.
## Current Pickup
Use this workspace for profile identity, role and boundary docs, personal-surface contracts, redacted proof packets, proposal-only memory routing records, desktop exposure contracts, runtime-readiness snapshots, validators, and handoff references.
## Allowed Writes
Write inside this repo only: profile docs, contracts, redacted proof refs, proposal-only routing records, validators, workboard entries, and handoffs.
## Forbidden Effects
Do not mutate `../core/`, sibling repos, `~/.hermes`, runtime state, browser hosts, credentials, raw personal payloads, send/write surfaces, Profile Exposure, Hindsight live memory, memory domains, or readiness/release claims without governed approval.
## Validation
After edits run:
```bash ```bash
python3 tools/validate_steev_child.py python3 tools/validate_steev_child.py
``` ```
For governance text, follow Core caveman prose discipline. For governance text, use Core compact prose.
## Protected Boundaries ## Handoff
- Do not mutate `../core/` from this workspace. Handoffs are refs-only: files, validator, avoided effects, deferred legacy intentions.
- Do not mutate sibling repositories.
- Do not import this workspace into Core source.
- Promotion into Core requires a governed Core route.
CONTRACT.md
+3 -1
View File
@@ -6,12 +6,14 @@ owner: jp
source: hand source: hand
last_reviewed: 2026-05-23 last_reviewed: 2026-05-23
review_by: 2026-08-21 review_by: 2026-08-21
description: steev profile behavior contract — what Steev does, doesn't do, edge cases. Tier T1 — this file wins for the steev profile. description: personal-agent behavior contract for the Steev-named distribution; the PACR profile surface contract supersedes older v1 surface assumptions.
depends_on: depends_on:
- profile-distribution-protocol - profile-distribution-protocol
note: legacy tier S remapped to T1 per FRONTMATTER-SPEC 2026-05-23. Required fields filled (name, last_reviewed, description) per §7 audit. note: legacy tier S remapped to T1 per FRONTMATTER-SPEC 2026-05-23. Required fields filled (name, last_reviewed, description) per §7 audit.
--- ---
> Supersession note, 2026-06-14: `personal-agent` is the canonical profile identity. Steev is the user-facing display name and current distribution alias. The active profile surface contract is `docs/contracts/personal-agent-profile-surface-contract.json`.
# Steev — Source of Truth # Steev — Source of Truth
**Role:** Personal Assistant / Chief of Staff for JP (Mathias) **Role:** Personal Assistant / Chief of Staff for JP (Mathias)
DISCLOSURE.md
+2
View File
@@ -13,6 +13,8 @@ description: Canonical disclosure of steev — exposed skills + MCP + sovereign
auto_regen_cmd: "yq '.disclosure' manifest.yaml | <renderer-script>" auto_regen_cmd: "yq '.disclosure' manifest.yaml | <renderer-script>"
--- ---
> Supersession note, 2026-06-14: this disclosure is historical runtime disclosure for the Steev-named distribution. `personal-agent` is the canonical profile identity. Steev is the display name and current distribution alias. Refresh this disclosure from `docs/contracts/personal-agent-profile-surface-contract.json` before claiming runtime readiness.
# `steev` — Disclosure # `steev` — Disclosure
> Live as of `2026-05-25`. Disclosure schema v2 (manifest `disclosure.schema_version: 2` — adds `external_orchestrators` per DISCLOSURE-SCHEMA §4.6). Source: `steev/manifest.yaml → disclosure:` block. Pre-push hook check 6 (curator/lib/pre-push.sh) enforces this == live `hermes -p steev` runtime. > Live as of `2026-05-25`. Disclosure schema v2 (manifest `disclosure.schema_version: 2` — adds `external_orchestrators` per DISCLOSURE-SCHEMA §4.6). Source: `steev/manifest.yaml → disclosure:` block. Pre-push hook check 6 (curator/lib/pre-push.sh) enforces this == live `hermes -p steev` runtime.
INDEX.md
+30
View File
@@ -0,0 +1,30 @@
# Steev Index
Route: `steev`.
Path: `/home/svrnty/workspaces/cortex-os/steev`.
Category: child-local `personal-agent` profile workspace for the Steev display/distribution alias.
Validator: `python3 tools/validate_steev_child.py`.
## Read Order
1. `AGENTS.md` for profile authority, forbidden effects, and validator rules.
2. `README.md` for profile boundary and current contract map.
3. `AGENT.md`, `CONTRACT.md`, and `DISCLOSURE.md` for visible profile identity and distribution constraints.
4. `docs/contracts/` and `docs/evidence/` only for the specific profile surface or proof being changed.
5. `WORKBOARD.yaml` for child-local work state.
## Local Authority
Steev owns child-local profile identity, role and boundary docs, personal-surface contracts, redacted proof packets, proposal-only memory routing records, desktop exposure contracts, runtime-readiness snapshots, validators, and handoff references.
Steev is not Core authority, Runtime authority, Profile Exposure authority, credential authority, provider authority, send authority, memory-domain authority, browser-host authority, public product authority, release authority, production-readiness authority, or autonomous execution authority.
## Legacy Relation
Old Steev/personal-agent, BlueBubbles, Proton/rclone, Secondbrain, Conductor/Curator handoff, desktop exposure, and runtime-readiness work is reference-only unless a governed route admits it. Preserve redacted refs and current contracts. Do not import raw messages, mail bodies, contacts, calendar details, drive names, credentials, browser state, provider payloads, or implementation mass because they exist.
## Completion State
Stage: CLEAN.
Clean score: 100.
Current next pass: keep Steev as a child-local profile workspace with proposal-only memory routing, no autonomous sends, no credential reads, no durable memory writes, no Profile Exposure broadening, and no readiness claim from local validation alone.
README.md
+32 -2
View File
@@ -1,9 +1,39 @@
# Steev — Hermes profile distribution # Steev — Personal-Agent Profile Distribution
`personal-agent` is the canonical profile identity. Steev is the user-facing display name and current distribution alias.
JP's personal assistant / chief of staff. Daily briefing, inbox triage, comms in JP's voice, business delegation to CEO. French/English bilingual. JP's personal assistant / chief of staff. Daily briefing, inbox triage, comms in JP's voice, business delegation to CEO. French/English bilingual.
## Cortex OS Boundary
Steev is a child-local personal-agent profile workspace. It owns profile
identity, role and boundary docs, personal-surface contracts, redacted proof
packets, proposal-only memory routing records, desktop exposure contracts,
runtime-readiness snapshots, validators, and handoff references, but it does not
own Core truth, Runtime authority, Profile Exposure authority, credential
authority, provider authority, send authority, memory-domain authority,
browser-host authority, public product authority, release authority, production
readiness, or autonomous execution authority.
Do not install or start Steev, mutate `~/.hermes`, run browser-host automation,
read credentials, read raw messages, read mail bodies, read contacts, read
calendar details, read drive names, send messages, write durable memory,
broaden Profile Exposure, call providers, or claim readiness from this cleanup
route without explicit governed approval.
- **Identity:** [`AGENT.md`](AGENT.md) — role, mission, boundaries. - **Identity:** [`AGENT.md`](AGENT.md) — role, mission, boundaries.
- **Full reference (source of truth):** [`docs/STEEV-MASTER.md`](docs/STEEV-MASTER.md). - **Profile surface contract:** [`docs/contracts/personal-agent-profile-surface-contract.json`](docs/contracts/personal-agent-profile-surface-contract.json) — canonical surfaces, effects, memory route, and proof policy.
- **BlueBubbles binding:** [`docs/contracts/personal-agent-bluebubbles-binding.json`](docs/contracts/personal-agent-bluebubbles-binding.json) — `imessage.read` binds to the existing BlueBubbles package without a duplicate connector.
- **Proton/rclone package:** [`docs/contracts/personal-agent-proton-rclone-package.json`](docs/contracts/personal-agent-proton-rclone-package.json) — Mail, Calendar, Contacts, and Drive surfaces linked to Core S606 child-local `proton-rclone`; provider smokes and runtime readiness remain blocked.
- **Proton/rclone runtime reconciliation:** [`docs/evidence/2026-06-14-personal-agent-proton-rclone-runtime-reconciliation.md`](docs/evidence/2026-06-14-personal-agent-proton-rclone-runtime-reconciliation.md) — live redacted probe aligning systemd, Docker, MCP, and rclone posture.
- **Secondbrain proposal/apply route:** [`docs/contracts/personal-agent-secondbrain-proposal-route.json`](docs/contracts/personal-agent-secondbrain-proposal-route.json) — proposal-only personal memory intake plus governed apply-route reference; live durable apply remains approval-gated in Secondbrain.
- **Conductor/Curator service handoff:** [`docs/contracts/personal-agent-conductor-curator-service-handoff.json`](docs/contracts/personal-agent-conductor-curator-service-handoff.json) — redacted service map for future route selection and hygiene review pickup.
- **Runtime readiness snapshot:** [`docs/contracts/personal-agent-runtime-readiness-snapshot.json`](docs/contracts/personal-agent-runtime-readiness-snapshot.json) — redacted per-surface runtime state and gaps; Seed-local acceptance is proven, while broader readiness remains degraded.
- **Desktop exposure contract:** [`docs/contracts/personal-agent-desktop-exposure-contract.json`](docs/contracts/personal-agent-desktop-exposure-contract.json) — adapter-facing state rows for Desktop/Dashboard display; no UI wiring from this route.
- **Current Core/Seed pickup:** [`docs/evidence/2026-06-15-personal-agent-core-seed-readiness-reconciliation.md`](docs/evidence/2026-06-15-personal-agent-core-seed-readiness-reconciliation.md) — source-locks current Core S641/S642/S643, Seed final acceptance, and remaining broader gaps.
- **Current governed boundary:** [`docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md`](docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md) — pins Core S654 branch-authority approval status, stale S653 approval risk, and Proton Suite health-panel as future Keyvault successor context only.
- **Legacy ingest:** [`docs/LEGACY-INGEST.md`](docs/LEGACY-INGEST.md) — compact intention map for old Steev/personal-agent work.
- **Historical Steev reference redirect:** [`docs/STEEV-MASTER.md`](docs/STEEV-MASTER.md).
## Structure ## Structure
WORKBOARD.yaml
+92 -2
View File
@@ -1,6 +1,96 @@
items: items:
- id: STEEV-WORK-001 - id: STEEV-WORK-001
title: Centralized Legacy Workspace Review title: Centralized Legacy Workspace Review
status: candidate status: validated
source: README.md source: README.md
owner: jp owner: ""
- id: STEEV-WORK-002
title: Personal-Agent Context Runtime PRD And Sandcastle
status: complete
source: docs/prd/2026-06-14-personal-agent-context-runtime-prd.md
owner: ""
- id: PACR-001
title: Personal-Agent Profile Authority And Surface Contract
status: complete
source: docs/contracts/personal-agent-profile-surface-contract.json
owner: ""
- id: PACR-002
title: Supersession And Graph Hygiene Register Validator Gate
status: complete
source: docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md
owner: ""
- id: PACR-003
title: BlueBubbles Capability Binding Into Personal-Agent
status: complete
source: docs/contracts/personal-agent-bluebubbles-binding.json
owner: ""
- id: PACR-004
title: Proton And Rclone Capability Standardization
status: complete
source: docs/contracts/personal-agent-proton-rclone-package.json
owner: ""
- id: PACR-005
title: Personal Secondbrain Proposal And Apply Route
status: complete
source: docs/contracts/personal-agent-secondbrain-proposal-route.json
owner: ""
- id: PACR-006
title: Conductor And Curator Service Handoff
status: complete
source: docs/contracts/personal-agent-conductor-curator-service-handoff.json
owner: ""
- id: PACR-007
title: Runtime Readiness And Always-On Proof
status: complete
source: docs/contracts/personal-agent-runtime-readiness-snapshot.json
owner: ""
- id: PACR-008
title: Desktop Adapter Exposure Contract
status: complete
source: docs/contracts/personal-agent-desktop-exposure-contract.json
owner: ""
- id: PACR-009
title: Proton And Rclone Runtime Reconciliation
status: complete
source: docs/evidence/2026-06-14-personal-agent-proton-rclone-runtime-reconciliation.md
owner: ""
- id: PACR-010
title: Secondbrain Governed Apply Route Reconciliation
status: complete
source: docs/contracts/personal-agent-secondbrain-proposal-route.json
owner: ""
- id: PACR-011
title: Proton/rclone Child Candidate Reconciliation
status: complete
source: docs/contracts/personal-agent-proton-rclone-package.json
owner: ""
- id: PACR-012
title: Proton/rclone Runtime Gate Repair Pickup
status: complete
source: docs/contracts/personal-agent-proton-rclone-package.json
owner: ""
- id: PACR-013
title: Proton/rclone Bridge Unit Convergence Pickup
status: complete
source: docs/contracts/personal-agent-proton-rclone-package.json
owner: ""
- id: PACR-014
title: Current Core Seed Readiness Reconciliation
status: complete
source: docs/evidence/2026-06-15-personal-agent-core-seed-readiness-reconciliation.md
owner: ""
- id: PACR-015
title: Current Governed Boundary Reconciliation
status: complete
source: docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md
owner: ""
- id: STEEV-WORK-003
title: Steev Agent Contract Enforcement
status: validated
source: AGENTS.md
owner: ""
- id: STEEV-WORK-004
title: Steev Navigation Index
status: validated
source: INDEX.md
owner: ""
docs/LEGACY-INGEST.md
+84
View File
@@ -0,0 +1,84 @@
# Steev Legacy Ingest
Schema: `cortex.steev.legacy-ingest.v1`
Last reviewed: `2026-06-18`
This file is Steev child-local operator state. It is not Cortex OS Core SOT,
not Runtime authority, not Profile Exposure approval, not send approval, not
credential access, not Memory Domain approval, and not product readiness.
Steev legacy work is assessed by intention first. Old work is kept, ported,
archived outside the umbrella, deferred, or rejected only after the useful
intention is identified and compared against current Steev main.
## Rules
- Do not import raw messages, mail bodies, contacts, calendar details, drive
names, endpoint payloads, cookies, credentials, or secret values.
- Do not install or start Steev, mutate `~/.hermes`, broaden Profile Exposure,
send messages, write personal surfaces, call providers, or write durable
Hindsight memory from this route.
- Keep legacy records compact: refs, intention, current coverage, decision,
closure gate, and forbidden effects.
## Local Ignored State Classification
These ignored local paths are not cleanup targets for blind archive moves:
- `steev.db`: local personal-agent runtime database created from `schema.sql`.
It is not committed and may contain briefing, inbox, delegation, or runtime
state.
Decision: leave this path local and ignored. Do not inspect payload contents
from umbrella cleanup. Future movement needs a Steev-owned route that names the
exact path, proves no validator or install depends on it, avoids personal
payload reads, and records a custody manifest without installing or starting
Steev, mutating `~/.hermes`, broadening Profile Exposure, sending messages,
writing personal surfaces, calling providers, promoting Core or Seed, writing
Hindsight memory, or claiming readiness.
## Current Gates
### Steev Identity And Master Reference
- Source refs: `AGENT.md`, `docs/STEEV-MASTER.md`, `CONTRACT.md`,
`DISCLOSURE.md`, and `manifest.yaml`.
- Intention: preserve JP's personal-agent identity, role, mission, boundaries,
bilingual posture, delegation rules, and no-autonomous-send policy.
- Current coverage: met by current profile docs, manifest, disclosure, and
validator.
- Decision: keep as canonical child-local profile reference.
- Closure gate: any identity change needs Steev route validation and must not
alter Core truth, Profile Exposure, Runtime, send authority, or memory access.
### Personal-Agent Context Runtime Package
- Source refs: `docs/prd/2026-06-14-personal-agent-context-runtime-prd.md`,
`docs/issues/2026-06-14-personal-agent-context-runtime-work-orders.md`,
`docs/sandcastles/2026-06-14-personal-agent-context-runtime-sandcastle.md`,
`docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md`,
and `docs/contracts/*.json`.
- Intention: standardize personal-agent surfaces for BlueBubbles, Proton/rclone,
Secondbrain proposal/apply routing, Conductor/Curator handoff, runtime
readiness snapshots, and Desktop exposure without creating duplicate live
connectors.
- Current coverage: met as contracts, redacted refs, supersession register, and
validator-backed route-local evidence.
- Decision: keep as accepted Steev package material; do not import raw personal
data or old sandcastle mass.
- Closure gate: live Runtime, browser host, provider, send, write, Profile
Exposure, or durable memory behavior requires explicit governed approval.
### Core/Seed Readiness Boundary
- Source refs:
`docs/evidence/2026-06-15-personal-agent-core-seed-readiness-reconciliation.md`
and `docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md`.
- Intention: pin what Core/Seed/Proton evidence can inform Steev without letting
Steev claim branch authority, product readiness, or runtime readiness.
- Current coverage: met as redacted reconciliation evidence and governed
boundary notes.
- Decision: keep as reference-only; do not mutate Core, Seed, Proton, Keyvault,
OpenDesign, or sibling repos from Steev.
- Closure gate: future productization or broader readiness must enter Core/Seed
through exact source-lock refs, focused validators, and explicit approval.
docs/STEEV-MASTER.md
+26
View File
@@ -0,0 +1,26 @@
---
name: steev-master-supersession-redirect
status: superseded
owner: jp
source: personal-agent-context-runtime
last_reviewed: 2026-06-14
description: Redirect from the historical Steev master reference to the active personal-agent profile surface contract.
---
# Steev Master Supersession
`personal-agent` is the canonical profile identity. Steev is the user-facing display name and current distribution alias.
Active authority:
- `docs/contracts/personal-agent-profile-surface-contract.json`
- `docs/contracts/personal-agent-bluebubbles-binding.json`
- `docs/contracts/personal-agent-proton-rclone-package.json`
- `docs/contracts/personal-agent-secondbrain-proposal-route.json`
- `docs/contracts/personal-agent-conductor-curator-service-handoff.json`
- `docs/contracts/personal-agent-runtime-readiness-snapshot.json`
- `docs/contracts/personal-agent-desktop-exposure-contract.json`
- `docs/prd/2026-06-14-personal-agent-context-runtime-prd.md`
- `docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md`
This file exists so older references do not become graph ambiguity.
docs/contracts/personal-agent-bluebubbles-binding.json
+91
View File
@@ -0,0 +1,91 @@
{
"schema_version": "personal-agent-bluebubbles-binding/v1",
"status": "active-profile-binding",
"profile_identity": "personal-agent",
"display_name": "Steev",
"surface": "imessage.read",
"capability_package": {
"id": "bluebubbles",
"workspace": "../bluebubbles",
"package_surface": "bluebubbles.imessage.readonly",
"authority": "active-capability-package",
"live_connector": "hermes-agent",
"profile_local_connector_allowed": false,
"duplicate_connector_allowed": false
},
"binding_policy": {
"profile_consumes_package": true,
"package_owns_runtime_wrapper": true,
"package_owns_readonly_adapter": true,
"package_owns_redacted_health": true,
"package_owns_seed_candidate": true,
"profile_owns_surface_exposure": true,
"profile_runtime_readiness_claimed": false,
"reason": "BlueBubbles is already the governed iMessage package. personal-agent binds to it as imessage.read without implementing another connector."
},
"memory_policy": {
"target": "secondbrain-personal",
"forbidden": [
"orgbrain"
],
"durable_write_policy": "proposal-only; governed Secondbrain apply route is defined but live apply remains approval-gated"
},
"allowed_effects": [
"read_message_stream",
"read_conversation_history",
"read_attachment_metadata",
"emit_redacted_health",
"emit_secondbrain_personal_proposal"
],
"denied_effects": [
"send_message",
"send_tapback",
"typing_indicator",
"delete_message",
"mark_read",
"read_receipt",
"contact_mutation",
"chat_mutation",
"attachment_content_download",
"credential_mutation",
"secondbrain_durable_write",
"orgbrain_write",
"browser_full_control"
],
"proof_policy": {
"mode": "redacted-only",
"forbidden_fields": [
"raw_messages",
"message_text",
"sender_address",
"contact_details",
"attachment_content",
"endpoint_payloads",
"credentials",
"secret_values"
]
},
"bluebubbles_package_evidence": {
"validator_command": "python3 tools/validate_bluebubbles_child.py",
"validator_result_observed": "ok",
"validator_observed_date": "2026-06-14",
"runtime_claims_from_validator": false,
"referenced_artifacts": [
"contracts/personal-agent-imessage-readonly-contract.json",
"contracts/runtime-compliance-boundary.json",
"contracts/secondbrain-proposal-envelope-contract.json",
"../secondbrain/docs/integration/2026-06-14-secondbrain-personal-agent-imessage-apply-contract.md",
".sot/08-OUTPUTS/bluebubbles-live-service-package-proof.json",
".sot/08-OUTPUTS/bluebubbles-always-on-resilience-proof.json",
"runtime/steev/hermes-personal-agent-bluebubbles.service",
"runtime/steev/hermes-personal-agent-bluebubbles-watchdog.timer"
]
},
"remaining_gates": {
"seed_package_pickup": "blocked-follow-up",
"secondbrain_governed_apply_route": "defined-no-live-apply",
"secondbrain_durable_apply": "blocked-follow-up",
"desktop_adapter_exposure": "blocked-follow-up",
"browser_webwright_host_runtime": "separate-hitl-approval"
}
}
docs/contracts/personal-agent-conductor-curator-service-handoff.json
+209
View File
@@ -0,0 +1,209 @@
{
"schema_version": "personal-agent-conductor-curator-service-handoff/v1",
"status": "active-profile-service-handoff",
"handoff_id": "personal-agent-conductor-curator-service-handoff",
"profile_identity": "personal-agent",
"display_name": "Steev",
"observed_date": "2026-06-14",
"core_promotion_claimed": false,
"seed_readiness_claimed": false,
"runtime_readiness_claimed": false,
"desktop_integration_claimed": false,
"authority_boundary": {
"profile_owns_capability_surface_contract": true,
"conductor_owns_future_route_selection_and_worker_contracts": true,
"curator_owns_future_hygiene_review_queue": true,
"secondbrain_owns_personal_memory_domain_apply": true,
"capability_packages_own_runtime_health": true,
"notes": "This handoff gives Conductor and Curator a redacted service map. It does not mutate those workspaces or claim they have adopted it."
},
"memory_policy": {
"target": "secondbrain-personal",
"target_domain_term": "Personal Memory Domain",
"forbidden": [
"orgbrain"
],
"durable_write_policy": "proposal-only-until-governed-secondbrain-curator-apply-route"
},
"service_identities": [
{
"service_id": "personal-agent.imessage.bluebubbles.readonly",
"capability_package": "bluebubbles",
"owner_route": "bluebubbles",
"surface": "imessage.read",
"health_shape": "redacted-readonly-runtime-health",
"readiness_state": "package-ready-profile-bound",
"allowed_effects": [
"read_message_stream",
"read_conversation_history",
"emit_redacted_health",
"emit_secondbrain_personal_proposal"
],
"denied_effects": [
"send_message",
"delete_message",
"mark_read",
"read_receipt",
"attachment_download",
"orgbrain_write",
"durable_memory_write"
]
},
{
"service_id": "personal-agent.proton-rclone.package-candidate",
"capability_package": "proton-rclone",
"owner_route": "proton-rclone",
"surface": "mail.calendar.contacts.drive",
"health_shape": "child-local-redacted-runtime-health",
"readiness_state": "degraded-child-candidate-core-registration-pending",
"allowed_effects": [
"emit_mail_health",
"emit_calendar_health",
"emit_contacts_health",
"emit_drive_health",
"emit_secondbrain_personal_proposal"
],
"denied_effects": [
"send_without_confirmation",
"calendar_write_without_confirmation",
"contact_mutation_without_confirmation",
"drive_write_without_confirmation",
"drive_delete",
"orgbrain_write",
"durable_memory_write"
]
},
{
"service_id": "personal-agent.secondbrain.proposal-route",
"capability_package": "personal-agent-profile",
"owner_route": "steev",
"surface": "secondbrain.memory.proposal",
"health_shape": "redacted-proposal-envelope-contract",
"readiness_state": "profile-contract-ready-governed-apply-defined",
"allowed_effects": [
"emit_redacted_proposal",
"emit_source_handle",
"emit_content_digest",
"reference_governed_apply_route"
],
"denied_effects": [
"secondbrain_apply",
"direct_memory_write",
"orgbrain_write",
"raw_payload_in_proof"
]
}
],
"conductor_handoff": {
"target_workspace": "../conductor",
"target_role": "future-route-selection-and-worker-contract-owner",
"adoption_status": "pending-conductor-lane-pickup",
"validator_command": "python3 tools/validate_conductor_child.py",
"validator_result_observed": "ok",
"required_route_decision_inputs": [
"profile_identity",
"requested_surface",
"capability_package",
"owner_route",
"allowed_effects",
"denied_effects",
"validator_command",
"evidence_expectation",
"approval_required"
],
"forbidden_conductor_effects": [
"runtime_start",
"runtime_stop",
"desktop_integration",
"core_mutation",
"seed_completion_claim",
"secret_read",
"raw_payload_import",
"sibling_mutation_without_worker_route"
],
"worker_contract_expectations": [
"one route per worker",
"one bounded goal",
"workspace-local validator",
"redacted evidence",
"no raw personal payloads",
"no unapproved runtime lifecycle"
]
},
"curator_handoff": {
"target_workspace": "../curator",
"target_role": "future-personal-memory-hygiene-review-queue",
"adoption_status": "pending-curator-lane-pickup",
"validator_command": "python3 tools/validate_curator_child.py",
"validator_result_observed": "ok",
"allowed_future_reviews": [
"novelty_candidate",
"stale_candidate",
"duplicate_candidate",
"supersession_candidate",
"archive_candidate",
"provenance_gap",
"contradiction_candidate"
],
"forbidden_curator_effects": [
"direct_memory_write",
"raw_payload_import",
"orgbrain_write",
"profile_exposure_broadening",
"runtime_activation",
"secret_read",
"core_mutation",
"seed_mutation"
]
},
"apply_expectations": {
"target": "secondbrain-personal",
"apply_owner": "secondbrain",
"hygiene_owner": "curator",
"apply_route_defined": true,
"apply_route_contract": "../secondbrain/docs/integration/2026-06-14-secondbrain-personal-agent-imessage-apply-contract.md",
"apply_allowed_now": false,
"live_apply_executed": false,
"durable_apply_without_approval": false,
"requires_proposal_envelope": true,
"requires_approval": true,
"requires_secondbrain_validator": "python3 tools/validate_secondbrain_child.py",
"requires_redacted_evidence": true,
"forbidden_targets": [
"orgbrain"
]
},
"source_contracts": [
"docs/contracts/personal-agent-profile-surface-contract.json",
"docs/contracts/personal-agent-bluebubbles-binding.json",
"docs/contracts/personal-agent-proton-rclone-package.json",
"docs/contracts/personal-agent-secondbrain-proposal-route.json",
"../secondbrain/docs/integration/2026-06-14-secondbrain-personal-agent-imessage-apply-contract.md"
],
"proof_policy": {
"mode": "redacted-only",
"forbidden_fields": [
"raw_messages",
"message_text",
"mail_bodies",
"mail_subjects",
"contact_details",
"calendar_event_details",
"drive_file_names",
"drive_file_contents",
"endpoint_payloads",
"credentials",
"secret_values",
"raw_transcripts"
]
},
"remaining_gates": {
"conductor_lane_pickup": "blocked-follow-up",
"curator_personal_memory_hygiene_lane_pickup": "blocked-follow-up",
"secondbrain_governed_apply_route": "defined-no-live-apply",
"secondbrain_durable_apply": "blocked-follow-up",
"runtime_health_proof": "complete-child-local",
"desktop_adapter_exposure": "blocked-follow-up",
"seed_package_pickup": "blocked-follow-up"
}
}
docs/contracts/personal-agent-desktop-exposure-contract.json
+189
View File
@@ -0,0 +1,189 @@
{
"schema_version": "personal-agent-desktop-exposure-contract/v1",
"status": "active-profile-desktop-exposure-contract",
"contract_id": "personal-agent-desktop-exposure-contract",
"profile_identity": "personal-agent",
"display_name": "Steev",
"observed_date": "2026-06-15",
"desktop_integration_claimed": false,
"runtime_readiness_claimed": false,
"seed_readiness_claimed": false,
"seed_local_acceptance_claimed": true,
"core_promotion_claimed": false,
"adapter_workspace": "../cortex-hermes-adapter",
"adapter_validator_command": "python3 tools/validate_cortex_hermes_adapter_child.py",
"adapter_validator_result_observed": "ok",
"adapter_reference_contracts": [
"../cortex-hermes-adapter/contracts/desktop-dashboard-host-surface.md",
"../cortex-hermes-adapter/contracts/personal-agent-s518-runtime-host-surface-intake.json",
"../cortex-hermes-adapter/contracts/first-open-evidence.schema.json",
"../cortex-hermes-adapter/dashboard/package-view.sample.json"
],
"authority_boundary": {
"profile_owns_desktop_exposure_contract": true,
"adapter_owns_desktop_rendering": true,
"seed_owns_package_first_open_proof": true,
"core_owns_acceptance": true,
"profile_mutates_adapter": false,
"notes": "This contract is a profile-side handoff for desktop-visible readiness. It does not wire UI or mutate the adapter workspace."
},
"allowed_adapter_surfaces": [
"package.status",
"runtime.health",
"onboarding.state",
"profile.distribution",
"capability.catalog"
],
"state_vocabulary": [
"ready",
"degraded",
"pending",
"blocked",
"disabled"
],
"desktop_rows": [
{
"row_id": "personal-agent.profile",
"label": "personal-agent",
"display_name": "Steev",
"surface": "profile.distribution",
"state": "degraded",
"source_contract": "docs/contracts/personal-agent-runtime-readiness-snapshot.json",
"visible_reason": "Profile exists, capability contracts are present, and Seed-local acceptance is proven; broader runtime and product readiness remain degraded."
},
{
"row_id": "personal-agent.imessage.read",
"label": "iMessage read",
"surface": "runtime.health",
"state": "ready",
"source_contract": "docs/contracts/personal-agent-bluebubbles-binding.json",
"visible_reason": "BlueBubbles package validator is OK, read-only, secondbrain-personal, and orgbrain-forbidden."
},
{
"row_id": "personal-agent.mail.read",
"label": "Proton Mail read",
"surface": "runtime.health",
"state": "degraded",
"source_contract": "docs/contracts/personal-agent-runtime-readiness-snapshot.json",
"visible_reason": "Proton MCP is enabled and email gate is repaired child-local; provider-smoke and canonical runtime gates remain blocked."
},
{
"row_id": "personal-agent.calendar.read",
"label": "Proton Calendar read",
"surface": "runtime.health",
"state": "degraded",
"source_contract": "docs/contracts/personal-agent-runtime-readiness-snapshot.json",
"visible_reason": "Calendar gate is running and Proton/rclone is Core-registered child-local; provider-smoke and canonical runtime gates remain blocked."
},
{
"row_id": "personal-agent.contacts.read",
"label": "Proton Contacts read",
"surface": "runtime.health",
"state": "degraded",
"source_contract": "docs/contracts/personal-agent-runtime-readiness-snapshot.json",
"visible_reason": "Proton MCP is enabled and contacts gate is repaired child-local; provider-smoke and canonical runtime gates remain blocked."
},
{
"row_id": "personal-agent.drive.read",
"label": "Proton Drive read",
"surface": "runtime.health",
"state": "degraded",
"source_contract": "docs/contracts/personal-agent-runtime-readiness-snapshot.json",
"visible_reason": "rclone about probe is redacted-ok and Core S606 registered the child; governed wrapper and provider-smoke gates remain blocked."
},
{
"row_id": "personal-agent.seed-local-acceptance",
"label": "Seed local acceptance",
"surface": "package.status",
"state": "ready",
"source_contract": "../seed/outputs/research/2026-06-14-cortex-os-seed-personal-agent-final-full-tool-acceptance-gate.json",
"visible_reason": "Seed final full-tool acceptance is complete for governed local JP scope only."
},
{
"row_id": "personal-agent.proton-suite.provider-smoke",
"label": "Proton Suite provider gate",
"surface": "runtime.health",
"state": "blocked",
"source_contract": "../proton-rclone/.sot/08-OUTPUTS/proton-suite-provider-smoke-gate-proof.json",
"visible_reason": "Provider smokes remain blocked on Proton Pass Agncy access, Keyvault parity, migration, rollback, and Conductor disclosure review."
},
{
"row_id": "personal-agent.secondbrain.proposal",
"label": "Personal memory proposals",
"surface": "capability.catalog",
"state": "pending",
"source_contract": "docs/contracts/personal-agent-secondbrain-proposal-route.json",
"visible_reason": "Proposal envelope route and governed apply route exist; live durable Secondbrain apply remains approval-gated."
},
{
"row_id": "personal-agent.browser.host-runtime",
"label": "Browser host runtime",
"surface": "capability.catalog",
"state": "blocked",
"source_contract": "docs/prd/2026-06-14-personal-agent-context-runtime-prd.md",
"visible_reason": "Full desktop/browser control requires separate PACR-009 approval packet."
},
{
"row_id": "personal-agent.write-actions",
"label": "Writes and sends",
"surface": "capability.catalog",
"state": "disabled",
"source_contract": "docs/contracts/personal-agent-profile-surface-contract.json",
"visible_reason": "Silent sends, deletes, mark-read/read receipts, contact/calendar/file mutation, and durable writes are denied unless a confirmation surface is explicitly approved."
}
],
"desktop_false_effects": {
"adapter_mutated_by_profile": false,
"desktop_or_dashboard_opened": false,
"runtime_started": false,
"runtime_stopped": false,
"docker_started": false,
"profile_exposure_changed": false,
"memory_domain_access_granted": false,
"provider_call": false,
"secret_value_read": false,
"raw_payload_imported": false,
"seed_release_claim": false,
"runtime_readiness_claim": false,
"public_release_claim": false
},
"memory_policy": {
"target": "secondbrain-personal",
"forbidden": [
"orgbrain"
],
"desktop_displays_memory_content": false,
"desktop_displays_redacted_state_only": true
},
"proof_policy": {
"mode": "redacted-only",
"forbidden_fields": [
"raw_messages",
"message_text",
"mail_bodies",
"mail_subjects",
"sender_address",
"recipient_address",
"contact_details",
"calendar_event_details",
"drive_file_names",
"drive_file_contents",
"attachment_content",
"endpoint_payloads",
"credentials",
"secret_values"
]
},
"remaining_gates": {
"adapter_lane_pickup": "blocked-follow-up",
"desktop_ui_wiring": "blocked-follow-up",
"seed_local_acceptance": "complete-governed-local-jp-only",
"proton_suite_seed_package_pickup": "blocked-provider-smoke",
"secondbrain_governed_apply_route": "defined-no-live-apply",
"profile_exposure_route": "blocked-core-route-required",
"longer_standing_runtime_proof": "follow-up",
"runtime_readiness_finalization": "blocked-follow-up",
"browser_host_runtime_approval": "blocked-follow-up",
"final_acceptance_packet": "blocked-follow-up"
}
}
docs/contracts/personal-agent-profile-surface-contract.json
+257
View File
@@ -0,0 +1,257 @@
{
"schema_version": "personal-agent-profile-surface-contract/v1",
"profile_identity": "personal-agent",
"display_name": "Steev",
"distribution_alias": "steev",
"owner": "jp",
"status": "active-authority",
"authority_note": "personal-agent is the profile identity. Steev is the user-facing display name and current distribution alias.",
"memory_policy": {
"allowed_target": "secondbrain-personal",
"forbidden_targets": [
"orgbrain"
],
"durable_write_policy": "proposal-only-until-governed-secondbrain-curator-apply-route",
"proof_policy": "redacted-only"
},
"credential_policy": {
"mode": "keyvault-reference-names-only",
"forbidden_in_core_or_proof": [
"credential_values",
"secret_values",
"session_cookies",
"keychain_values",
"password_manager_values"
]
},
"proof_redaction_policy": {
"forbidden_in_core_or_proof": [
"raw_messages",
"mail_bodies",
"contact_details",
"calendar_event_details",
"drive_file_names",
"endpoint_payloads",
"credentials",
"cookies",
"keychain_values",
"password_manager_values",
"secret_values"
]
},
"readiness_states": [
"ready",
"degraded",
"pending",
"blocked",
"disabled"
],
"surfaces": [
{
"name": "imessage.read",
"capability_package": "bluebubbles",
"package_surface": "bluebubbles.imessage.readonly",
"status": "active-capability-package",
"allowed_effects": [
"read_message_stream",
"read_conversation_history",
"emit_redacted_health",
"emit_secondbrain_personal_proposal"
],
"denied_effects": [
"send_message",
"delete_message",
"mark_read",
"read_receipt",
"contact_mutation",
"chat_mutation",
"attachment_download",
"orgbrain_write"
],
"confirmation": "not-applicable-read-only"
},
{
"name": "mail.read",
"capability_package": "proton-rclone",
"status": "blocked-follow-up",
"allowed_effects": [
"read_mail_metadata",
"read_mail_body_when_user_requested",
"search_mail",
"emit_redacted_health",
"emit_secondbrain_personal_proposal"
],
"denied_effects": [
"send_mail",
"delete_mail",
"archive_mail",
"mark_read",
"mark_unread",
"orgbrain_write"
],
"confirmation": "not-applicable-read"
},
{
"name": "mail.draft",
"capability_package": "proton-rclone",
"status": "blocked-follow-up",
"allowed_effects": [
"compose_draft_for_user_review"
],
"denied_effects": [
"send_mail",
"mutate_mailbox",
"orgbrain_write"
],
"confirmation": "user-review-before-send"
},
{
"name": "mail.send_with_confirmation",
"capability_package": "proton-rclone",
"status": "blocked-follow-up",
"allowed_effects": [
"send_mail_after_explicit_confirmation"
],
"denied_effects": [
"send_without_confirmation",
"bulk_send",
"background_send",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
},
{
"name": "calendar.read",
"capability_package": "proton-rclone",
"status": "blocked-follow-up",
"allowed_effects": [
"read_calendar_metadata",
"read_event_detail_when_user_requested",
"search_calendar",
"emit_redacted_health",
"emit_secondbrain_personal_proposal"
],
"denied_effects": [
"create_event",
"update_event",
"delete_event",
"orgbrain_write"
],
"confirmation": "not-applicable-read"
},
{
"name": "calendar.propose_event",
"capability_package": "proton-rclone",
"status": "blocked-follow-up",
"allowed_effects": [
"draft_calendar_change_for_user_review"
],
"denied_effects": [
"write_calendar",
"delete_event",
"orgbrain_write"
],
"confirmation": "user-review-before-write"
},
{
"name": "calendar.write_with_confirmation",
"capability_package": "proton-rclone",
"status": "blocked-follow-up",
"allowed_effects": [
"create_event_after_explicit_confirmation",
"update_event_after_explicit_confirmation"
],
"denied_effects": [
"write_without_confirmation",
"delete_event",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
},
{
"name": "contacts.read",
"capability_package": "proton-rclone",
"status": "blocked-follow-up",
"allowed_effects": [
"read_contact_metadata",
"read_contact_detail_when_user_requested",
"search_contacts",
"emit_redacted_health",
"emit_secondbrain_personal_proposal"
],
"denied_effects": [
"create_contact",
"update_contact",
"delete_contact",
"orgbrain_write"
],
"confirmation": "not-applicable-read"
},
{
"name": "contacts.write_with_confirmation",
"capability_package": "proton-rclone",
"status": "blocked-follow-up",
"allowed_effects": [
"create_contact_after_explicit_confirmation",
"update_contact_after_explicit_confirmation"
],
"denied_effects": [
"write_without_confirmation",
"delete_contact",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
},
{
"name": "drive.read",
"capability_package": "proton-rclone",
"status": "blocked-follow-up",
"allowed_effects": [
"read_drive_metadata_when_user_requested",
"read_file_when_user_requested",
"emit_redacted_health",
"emit_secondbrain_personal_proposal"
],
"denied_effects": [
"write_file",
"move_file",
"copy_file",
"delete_file",
"purge_directory",
"orgbrain_write"
],
"confirmation": "not-applicable-read"
},
{
"name": "drive.write_with_confirmation",
"capability_package": "proton-rclone",
"status": "blocked-follow-up",
"allowed_effects": [
"write_file_after_explicit_confirmation",
"move_file_after_explicit_confirmation",
"copy_file_after_explicit_confirmation"
],
"denied_effects": [
"write_without_confirmation",
"delete_file",
"purge_directory",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
},
{
"name": "browser.host_runtime.full_control",
"capability_package": "mac-mini-host-runtime",
"status": "blocked-follow-up",
"allowed_effects": [],
"denied_effects": [
"browser_full_control_without_hitl_approval",
"read_password_manager",
"export_cookies",
"read_keychain",
"orgbrain_write"
],
"confirmation": "separate-hitl-host-runtime-approval-required"
}
]
}
docs/contracts/personal-agent-proton-rclone-package.json
+396
View File
@@ -0,0 +1,396 @@
{
"schema_version": "personal-agent-proton-rclone-package/v1",
"status": "registered-child-local-package-degraded",
"package_id": "proton-rclone",
"profile_identity": "personal-agent",
"display_name": "Steev",
"observed_date": "2026-06-15",
"child_workspace_registered": true,
"child_workspace_candidate_created": true,
"package_runtime_readiness_claimed": false,
"profile_runtime_readiness_claimed": false,
"seed_readiness_claimed": false,
"core_promotion_claimed": false,
"child_workspace_candidate": {
"path": "../proton-rclone",
"commit": "f8403f1e5927933a0a5e283d2020119336e4e5e7",
"validator_command": "python3 tools/validate_proton_rclone_child.py",
"validator_result_observed": "ok",
"core_registration_claimed": true,
"runtime_readiness_claimed": false,
"core_registration_candidate_packet": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-core-registration-candidate-packet.json",
"live_redacted_health_proof": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-live-redacted-health.json",
"runtime_gate_repair_proof": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-runtime-gate-repair-proof.json",
"bridge_unit_convergence_proof": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-bridge-unit-convergence-proof.json",
"current_runtime_state_reconciliation": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-current-runtime-state-reconciliation.json",
"core_registration_pickup": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-core-registration-pickup.json",
"core_s606_registration_output": "../core/.sot/08-OUTPUTS/2026-06-14-s606-proton-rclone-child-registration.json",
"core_s641_governance_pickup": "../core/.sot/08-OUTPUTS/2026-06-15-s641-proton-suite-governance-pickup.json",
"core_s642_seed_refresh_pickup": "../core/.sot/08-OUTPUTS/2026-06-15-s642-seed-proton-suite-refresh-pickup.json",
"core_s643_seed_validator_repair_pickup": "../core/.sot/08-OUTPUTS/2026-06-15-s643-seed-personal-agent-validator-repair-pickup.json",
"seed_final_acceptance_gate": "../seed/outputs/research/2026-06-14-cortex-os-seed-personal-agent-final-full-tool-acceptance-gate.json",
"seed_boundary_decision": "../seed/outputs/research/2026-06-14-cortex-os-seed-personal-agent-core-promotion-productization-boundary-decision.json",
"seed_objective_completion_audit": "../seed/outputs/research/2026-06-14-cortex-os-seed-personal-agent-objective-completion-audit.json",
"source_hashes": {
"readonly_contract": "d233a763ddb4fa49f5ff0bff02f5ec28595539375a735585902e535452f18686",
"live_redacted_health": "eebbb75e69c407f6b1a82fc847c30185bfa3b28d95848ea501333141a3c50edf",
"runtime_gate_repair_proof": "e9ebe2268209b6e9262a2d651d0baf9170c710e425fc591891f8b4ed81f21fbb",
"current_runtime_state_reconciliation": "4562a62053ef4805833a41e9bba744ecf5ee9698d325f90b4a98191fe7aa579c",
"bridge_unit_convergence_proof": "8a7c07e331ff3b49ff5462caa9a691fd29f6e4db7fb4c968e8a44a99b152c46b",
"core_registration_pickup": "d7ebfa239026b4e6d2667f4337ae7acaf763251ee11123f8974581137f34aa46",
"core_s606_registration_output": "ff7e0f93a705ce9149d48879a4a00f30ad5abf5903d569a738ba7f26ccc60d59",
"core_s641_governance_pickup": "224b12db17306764208cc16ae6d8dc3df342c77c05c0cba65df11d7ba20b0de6",
"core_s642_seed_refresh_pickup": "b3604875422663033772ba09a1a96e6152b654bcb020d1acc2dc6ccb9f44541f",
"core_s643_seed_validator_repair_pickup": "c378f7e25c5cd2668060aada18f3a8a0ebdceb76c30431cae48e109e41610c5c",
"seed_final_acceptance_gate": "1d56599c5fbc763e95a5734fa4a507767371189c56ec26f0da36b232f12f4869",
"seed_boundary_decision": "230accd38c9608656935858db576d5b1b19d71184387ef9015d6b7945c0ae136",
"seed_objective_completion_audit": "5bda7600319daee01348870bbe3c7cb716457f5507cdac974adb614540e08951"
}
},
"authority_boundary": {
"profile_owns_surface_exposure": true,
"package_candidate_owns_runtime_inventory": true,
"legacy_repositories_are_reference_only": true,
"duplicate_profile_local_connectors_allowed": false,
"notes": "This contract standardizes the Proton/rclone package shape for personal-agent. Core S606 registers proton-rclone as child-local authority only; runtime readiness, provider smokes, and Profile Exposure remain unclaimed."
},
"memory_policy": {
"target": "secondbrain-personal",
"forbidden": [
"orgbrain"
],
"durable_write_policy": "proposal-only-until-governed-secondbrain-curator-apply-route"
},
"credential_policy": {
"mode": "keyvault-reference-names-only",
"secret_values_in_contract": false,
"credential_mutation_allowed": false
},
"surfaces": [
{
"name": "mail.read",
"runtime_route": "proton-email MCP facade through Proton gate",
"readiness": "degraded",
"allowed_effects": [
"email_folders",
"email_list",
"email_search",
"email_read_metadata_or_body_when_requested"
],
"denied_effects": [
"send_without_confirmation",
"delete_mail",
"archive_mail",
"mark_read",
"mark_unread",
"orgbrain_write"
],
"confirmation": "not-required-for-read"
},
{
"name": "mail.draft",
"runtime_route": "proton-email MCP facade through Proton gate",
"readiness": "pending",
"allowed_effects": [
"draft_reply",
"draft_new_mail"
],
"denied_effects": [
"send_without_confirmation",
"delete_mail",
"orgbrain_write"
],
"confirmation": "draft-only"
},
{
"name": "mail.send_with_confirmation",
"runtime_route": "proton-email MCP facade through Proton gate",
"readiness": "disabled",
"allowed_effects": [
"send_after_explicit_jp_confirmation"
],
"denied_effects": [
"silent_send",
"send_without_confirmation",
"delete_mail",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
},
{
"name": "calendar.read",
"runtime_route": "proton-calendar MCP facade through calendar gate",
"readiness": "degraded",
"allowed_effects": [
"calendar_list",
"calendar_events",
"calendar_upcoming",
"calendar_search",
"calendar_event_get"
],
"denied_effects": [
"calendar_write_without_confirmation",
"calendar_delete",
"orgbrain_write"
],
"confirmation": "not-required-for-read"
},
{
"name": "calendar.propose_event",
"runtime_route": "proton-calendar MCP facade through calendar gate",
"readiness": "pending",
"allowed_effects": [
"propose_calendar_create",
"propose_calendar_update"
],
"denied_effects": [
"calendar_write_without_confirmation",
"calendar_delete",
"orgbrain_write"
],
"confirmation": "proposal-only"
},
{
"name": "calendar.write_with_confirmation",
"runtime_route": "proton-calendar MCP facade through calendar gate",
"readiness": "disabled",
"allowed_effects": [
"calendar_create_after_explicit_jp_confirmation",
"calendar_update_after_explicit_jp_confirmation"
],
"denied_effects": [
"silent_calendar_write",
"calendar_delete",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
},
{
"name": "contacts.read",
"runtime_route": "proton-contacts MCP facade through contacts gate",
"readiness": "degraded",
"allowed_effects": [
"contacts_list",
"contacts_search",
"contacts_get"
],
"denied_effects": [
"contact_mutation_without_confirmation",
"contacts_delete",
"orgbrain_write"
],
"confirmation": "not-required-for-read"
},
{
"name": "contacts.write_with_confirmation",
"runtime_route": "proton-contacts MCP facade through contacts gate",
"readiness": "disabled",
"allowed_effects": [
"contacts_create_after_explicit_jp_confirmation",
"contacts_update_after_explicit_jp_confirmation"
],
"denied_effects": [
"silent_contact_write",
"contacts_delete",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
},
{
"name": "drive.read",
"runtime_route": "rclone with explicit Proton config path",
"readiness": "degraded",
"allowed_effects": [
"rclone_about_redacted",
"rclone_list_only_when_requested"
],
"denied_effects": [
"drive_file_name_proof",
"drive_file_content_download",
"drive_write_without_confirmation",
"drive_delete",
"orgbrain_write"
],
"confirmation": "not-required-for-redacted-about"
},
{
"name": "drive.write_with_confirmation",
"runtime_route": "rclone with explicit Proton config path",
"readiness": "disabled",
"allowed_effects": [
"drive_write_after_explicit_jp_confirmation"
],
"denied_effects": [
"silent_drive_write",
"drive_delete",
"drive_purge",
"drive_share",
"orgbrain_write"
],
"confirmation": "explicit-jp-confirmation-required"
}
],
"runtime_inventory": {
"overall_state": "degraded",
"chosen_runtime_path": "MCP facades for Mail, Calendar, Contacts; explicit rclone config for Drive",
"pending_runtime_convergence": [
"Promote the repaired email and contacts gate bind-mount shape into a canonical runtime deployment route.",
"Keep stale native Proton Bridge user units disabled while the Docker bridge route is canonical.",
"Keep rclone RC/proxy units disabled unless a governed wrapper admits them.",
"Keep Core S606 registration child-local only; complete Proton Suite provider-smoke and canonical runtime routes before runtime readiness is claimed."
],
"mcp_servers": [
{
"name": "proton-calendar",
"observed_status": "enabled"
},
{
"name": "proton-email",
"observed_status": "enabled"
},
{
"name": "proton-contacts",
"observed_status": "enabled"
}
],
"docker_routes": [
{
"name": "protonmail-bridge-active-container",
"observed_state": "up"
},
{
"name": "sdo-calendar-gate",
"observed_state": "up"
},
{
"name": "sdo-email-gate",
"observed_state": "up"
},
{
"name": "sdo-contacts-gate",
"observed_state": "up"
},
{
"name": "stale-sdo-protonmail-bridge-container",
"observed_state": "created"
}
],
"systemd_user_units": [
{
"name": "proton-bridge.service",
"observed_state": "inactive-dead",
"unit_file_state": "disabled"
},
{
"name": "proton-bridge-proxy.service",
"observed_state": "inactive-dead",
"unit_file_state": "disabled"
},
{
"name": "rclone-rc.service",
"observed_state": "inactive-dead",
"unit_file_state": "disabled"
},
{
"name": "rclone-proxy.service",
"observed_state": "inactive-dead",
"unit_file_state": "disabled"
}
],
"rclone": {
"config_path": "/home/svrnty/.config/rclone/rclone.conf",
"remote": "proton:",
"listremotes_observed": true,
"about_probe": "ok-redacted",
"file_names_observed": false,
"file_contents_observed": false
}
},
"legacy_sources": [
{
"path": "/home/svrnty/workspaces/cortex/L4-svrnty.api-proton",
"state": "legacy-reference",
"reason": "Mail, Calendar, Contacts source material, not Cortex OS child authority."
},
{
"path": "/home/svrnty/workspaces/cortex/L4-svrnty.tool-storage",
"state": "legacy-reference",
"reason": "Storage/rclone source material, not the canonical personal-agent package."
},
{
"path": "/home/svrnty/workspaces/cortex/L5-vendor.lib-proton-bridge",
"state": "legacy-reference",
"reason": "Vendor bridge code, not profile authority."
},
{
"path": "/home/svrnty/workspaces/cortex/L6-vendor.lib-proton-api",
"state": "legacy-reference",
"reason": "Vendor Proton API code, not profile authority."
},
{
"path": "/home/svrnty/workspaces/cortex/L6-vendor.lib-rclone",
"state": "legacy-reference",
"reason": "Vendor rclone code, not profile authority."
}
],
"duplicate_skill_policy": [
{
"id": "skills/proton-tools",
"state": "superseded-pending-package-install",
"reason": "Keep as tool reference until the package child exists; governance now lives in this contract."
},
{
"id": "proton-access",
"state": "superseded-pending-consolidation",
"reason": "Must not become separate Proton authority."
},
{
"id": "proton-mail-operations",
"state": "superseded-pending-consolidation",
"reason": "Must fold into the canonical Proton/rclone package."
},
{
"id": "proton-services",
"state": "superseded-pending-consolidation",
"reason": "Must fold into the canonical Proton/rclone package."
}
],
"proof_policy": {
"mode": "redacted-only",
"forbidden_fields": [
"raw_messages",
"mail_bodies",
"mail_subjects",
"sender_address",
"recipient_address",
"contact_details",
"calendar_event_details",
"drive_file_names",
"drive_file_contents",
"endpoint_payloads",
"credentials",
"secret_values"
]
},
"observed_commands": [
"hermes -p steev mcp list",
"systemctl --user list-unit-files --no-pager | rg -i 'proton|rclone|calendar|contacts|email'",
"systemctl --user show proton-bridge.service rclone-rc.service rclone-proxy.service -p Id -p LoadState -p ActiveState -p SubState -p UnitFileState -p FragmentPath --no-pager",
"systemctl --user show proton-bridge-proxy.service -p Id -p LoadState -p ActiveState -p SubState -p UnitFileState -p FragmentPath --no-pager",
"docker ps -a --format '<name status image>' | rg -i 'proton|calendar|contacts|email|mail|rclone|sdo'",
"rclone --config /home/svrnty/.config/rclone/rclone.conf listremotes",
"rclone --config /home/svrnty/.config/rclone/rclone.conf about proton: --json"
],
"remaining_gates": {
"child_workspace_candidate": "complete-child-local",
"registered_child_workspace": "complete-core-s606-child-local",
"email_gate_repair": "complete-child-local",
"contacts_gate_repair": "complete-child-local",
"systemd_bridge_convergence": "complete-child-local-docker-route-active",
"seed_personal_agent_local_acceptance": "complete-governed-local-jp-only",
"proton_suite_provider_smoke": "blocked-follow-up",
"proton_suite_seed_package_pickup": "blocked-provider-smoke",
"secondbrain_durable_apply": "blocked-follow-up",
"seed_package_pickup": "complete-governed-local-personal-agent"
}
}
docs/contracts/personal-agent-runtime-readiness-snapshot.json
+224
View File
@@ -0,0 +1,224 @@
{
"schema_version": "personal-agent-runtime-readiness-snapshot/v1",
"status": "active-redacted-runtime-snapshot",
"snapshot_id": "personal-agent-runtime-readiness-2026-06-15",
"profile_identity": "personal-agent",
"display_name": "Steev",
"observed_date": "2026-06-15",
"aggregate_runtime_state": "degraded",
"runtime_readiness_claimed": false,
"seed_readiness_claimed": false,
"seed_local_acceptance_claimed": true,
"core_promotion_claimed": false,
"memory_target": "secondbrain-personal",
"forbidden_memory_targets": [
"orgbrain"
],
"surface_states": [
{
"surface": "imessage.read",
"capability_package": "bluebubbles",
"readiness_state": "ready",
"health_source": "python3 tools/validate_bluebubbles_child.py",
"redacted_health": {
"validator_ok": true,
"read_only_imessage": true,
"memory_domain": "secondbrain-personal",
"orgbrain_forbidden": true,
"secondbrain_intake_contract": "ready",
"secondbrain_governed_apply_route": "defined-no-live-apply",
"package_runtime_claims": false
},
"remaining_gap": "Profile aggregate runtime readiness remains broader-degraded until Core Profile Exposure, durable apply, provider, productization, and longer standing-runtime gates close."
},
{
"surface": "mail.read",
"capability_package": "proton-rclone",
"readiness_state": "degraded",
"health_source": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-live-redacted-health.json",
"redacted_health": {
"mcp_server_enabled": true,
"proton_bridge_systemd_running": false,
"proton_bridge_systemd_state": "inactive-disabled",
"docker_email_gate": "up",
"child_workspace_candidate_validator_ok": true,
"core_child_workspace_registered": true,
"seed_local_acceptance": true,
"raw_mail_observed": false
},
"remaining_gap": "Email gate and Docker Bridge route are repaired child-local; Seed-local acceptance is proven, but Proton Suite provider smokes and canonical runtime readiness remain blocked."
},
{
"surface": "calendar.read",
"capability_package": "proton-rclone",
"readiness_state": "degraded",
"health_source": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-live-redacted-health.json",
"redacted_health": {
"mcp_server_enabled": true,
"calendar_gate_running": true,
"proton_bridge_systemd_running": false,
"proton_bridge_systemd_state": "inactive-disabled",
"child_workspace_candidate_validator_ok": true,
"core_child_workspace_registered": true,
"seed_local_acceptance": true,
"raw_calendar_events_observed": false
},
"remaining_gap": "Calendar read has service posture, Core S606 child registration, and Seed-local acceptance; provider-smoke and canonical runtime readiness remain blocked."
},
{
"surface": "contacts.read",
"capability_package": "proton-rclone",
"readiness_state": "degraded",
"health_source": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-live-redacted-health.json",
"redacted_health": {
"mcp_server_enabled": true,
"docker_contacts_gate": "up",
"child_workspace_candidate_validator_ok": true,
"core_child_workspace_registered": true,
"seed_local_acceptance": true,
"raw_contacts_observed": false
},
"remaining_gap": "Contacts gate is repaired child-local; Seed-local acceptance is proven, but provider-smoke and canonical runtime readiness remain blocked."
},
{
"surface": "drive.read",
"capability_package": "proton-rclone",
"readiness_state": "degraded",
"health_source": "../proton-rclone/.sot/08-OUTPUTS/proton-rclone-live-redacted-health.json",
"redacted_health": {
"rclone_remote_present": true,
"rclone_about_probe": "ok-redacted",
"rclone_rc_unit": "disabled",
"rclone_proxy_unit": "disabled",
"child_workspace_candidate_validator_ok": true,
"core_child_workspace_registered": true,
"seed_local_acceptance": true,
"drive_file_names_observed": false,
"drive_file_contents_observed": false
},
"remaining_gap": "Drive read has redacted child proof and Core S606 registration; governed wrapper, provider smokes, and canonical runtime readiness remain required."
}
],
"supervisor_posture": {
"mac_mini_bluebubbles": "package-validator-ok-redacted",
"proton_bridge_service": "inactive-disabled",
"proton_bridge_proxy_service": "inactive-disabled",
"rclone_rc_service": "disabled-inactive",
"rclone_proxy_service": "disabled-inactive"
},
"named_runtime_gaps": [
{
"id": "proton-runtime-gate-repair-source-lock-refresh",
"severity": "follow-up",
"state": "email and contacts gates repaired child-local; Seed and downstream profile snapshots need pickup",
"impact": "runtime remains degraded until source locks and final acceptance catch up"
},
{
"id": "proton-rclone-service-posture-disabled",
"severity": "must-fix",
"state": "rclone-rc.service and rclone-proxy.service are disabled and inactive",
"impact": "Drive read can use redacted CLI proof, but an always-on runtime API is not claimed"
},
{
"id": "stale-protonmail-bridge-container",
"severity": "follow-up",
"state": "stale sdo-protonmail-bridge container exists in Created state",
"impact": "duplicate service topology must be resolved before final runtime readiness"
},
{
"id": "proton-bridge-native-units-disabled-docker-route-active",
"severity": "follow-up",
"state": "stale native Proton Bridge user units are disabled; Docker bridge route is active",
"impact": "native unit loop is resolved, but canonical runtime deployment is still not claimed"
},
{
"id": "proton-rclone-child-registered-core-s606",
"severity": "complete",
"state": "Core S606 registers proton-rclone as child-local capability workspace",
"impact": "Registration gap is closed; runtime readiness still depends on provider-smoke and canonical runtime gates"
},
{
"id": "seed-local-acceptance-proven",
"severity": "complete",
"state": "Seed final full-tool acceptance, boundary decision, and objective audit are green for governed local JP scope",
"impact": "Steev is accepted as a local Seed deployment, not Core-authorized or product-ready infrastructure"
},
{
"id": "proton-suite-provider-smoke-blocked",
"severity": "must-fix",
"state": "Proton Suite provider-smoke gate is blocked pending local Proton Pass Agncy access, Keyvault parity, migration receipt, read-only smokes, rollback, and Conductor disclosure review",
"impact": "Proton Suite cannot unlock provider execution, Pass access, or product readiness"
},
{
"id": "profile-exposure-route-required",
"severity": "must-fix",
"state": "Core Profile Exposure change remains blocked until a governed Core route accepts it",
"impact": "Broader tool exposure cannot be claimed from Seed-local proof"
},
{
"id": "longer-standing-runtime-proof-beyond-three-poll",
"severity": "follow-up",
"state": "Current standing rollback proof is enough for Seed-local acceptance, not a longer always-on posture claim",
"impact": "Daily-driver and production posture need a separate longer standing-runtime proof"
},
{
"id": "secondbrain-apply-blocked",
"severity": "must-fix",
"state": "proposal route and governed apply route exist; live durable apply remains blocked without approval",
"impact": "personal memory intake can be proposed and checked, but is not live-applied yet"
},
{
"id": "desktop-adapter-exposure-blocked",
"severity": "follow-up",
"state": "adapter lane must pick up the contract before desktop display",
"impact": "desktop app cannot display final personal-agent runtime readiness yet"
}
],
"optional_reboot_power_loss_proof": {
"status": "not-run",
"required_for_final_always_on_claim": true,
"notes": "Current proof verifies supervisor posture and package validators, not reboot recovery."
},
"observed_commands": [
"python3 tools/validate_bluebubbles_child.py",
"hermes -p steev mcp list",
"systemctl --user show proton-bridge.service proton-bridge-proxy.service rclone-rc.service rclone-proxy.service -p Id -p LoadState -p ActiveState -p SubState -p UnitFileState --no-pager",
"docker ps -a --format '<name status image>' | rg -i 'bluebubbles|proton|calendar|contacts|email|mail|rclone|sdo'",
"rclone --config /home/svrnty/.config/rclone/rclone.conf about proton: --json"
],
"proof_policy": {
"mode": "redacted-only",
"forbidden_fields": [
"raw_messages",
"message_text",
"mail_bodies",
"mail_subjects",
"sender_address",
"recipient_address",
"contact_details",
"calendar_event_details",
"drive_file_names",
"drive_file_contents",
"attachment_content",
"endpoint_payloads",
"credentials",
"secret_values"
]
},
"remaining_gates": {
"proton_email_gate_repair": "complete-child-local",
"proton_contacts_gate_repair": "complete-child-local",
"proton_bridge_systemd_convergence": "complete-child-local-docker-route-active",
"proton_rclone_child_candidate": "complete-child-local",
"proton_rclone_child_registration": "complete-core-s606-child-local",
"seed_local_acceptance": "complete-governed-local-jp-only",
"proton_suite_provider_smoke": "blocked-follow-up",
"profile_exposure_route": "blocked-core-route-required",
"longer_standing_runtime_proof": "follow-up",
"secondbrain_governed_apply_route": "defined-no-live-apply",
"secondbrain_durable_apply": "blocked-follow-up",
"desktop_adapter_exposure": "blocked-follow-up",
"reboot_power_loss_drill": "optional-follow-up",
"final_acceptance_packet": "blocked-follow-up"
}
}
docs/contracts/personal-agent-secondbrain-proposal-route.json
+231
View File
@@ -0,0 +1,231 @@
{
"schema_version": "personal-agent-secondbrain-proposal-route/v1",
"status": "active-profile-memory-proposal-route",
"route_id": "personal-agent-secondbrain-proposal-route",
"profile_identity": "personal-agent",
"display_name": "Steev",
"observed_date": "2026-06-14",
"target_memory_domain": "secondbrain-personal",
"target_domain_term": "Personal Memory Domain",
"human_authority_principal": "jp",
"forbidden_memory_domains": [
"orgbrain"
],
"durable_write_allowed": false,
"direct_write_allowed": false,
"profile_runtime_readiness_claimed": false,
"secondbrain_runtime_readiness_claimed": false,
"seed_readiness_claimed": false,
"authority_boundary": {
"profile_owns_source_surface_exposure": true,
"secondbrain_owns_personal_memory_domain": true,
"curator_owns_hygiene_review_queue": true,
"capability_packages_emit_proposals_only": true,
"apply_owner": "secondbrain",
"hygiene_owner": "curator",
"notes": "personal-agent capability packages may emit redacted proposal envelopes. Secondbrain now defines the governed apply route; live durable Memory Object writes still require approval and Secondbrain evidence."
},
"source_routes": [
{
"source_surface": "imessage.read",
"capability_package": "bluebubbles",
"proposal_type": "secondbrain.memory.propose_create_from_imessage",
"secondbrain_intake_contract": "../secondbrain/docs/integration/2026-06-14-secondbrain-personal-agent-imessage-intake-contract.md",
"secondbrain_apply_contract": "../secondbrain/docs/integration/2026-06-14-secondbrain-personal-agent-imessage-apply-contract.md",
"target_lifecycle_state": "inbox",
"allowed_effects": [
"emit_redacted_proposal",
"emit_source_handle",
"emit_content_digest"
],
"denied_effects": [
"durable_memory_write",
"orgbrain_write",
"message_send",
"message_delete",
"message_mark_read",
"attachment_download"
]
},
{
"source_surface": "mail.read",
"capability_package": "proton-rclone",
"proposal_type": "secondbrain.memory.propose_create_from_mail",
"target_lifecycle_state": "inbox",
"allowed_effects": [
"emit_redacted_proposal",
"emit_source_handle",
"emit_content_digest"
],
"denied_effects": [
"durable_memory_write",
"orgbrain_write",
"mail_send",
"mail_delete",
"mail_mark_read"
]
},
{
"source_surface": "calendar.read",
"capability_package": "proton-rclone",
"proposal_type": "secondbrain.memory.propose_create_from_calendar",
"target_lifecycle_state": "inbox",
"allowed_effects": [
"emit_redacted_proposal",
"emit_source_handle",
"emit_content_digest"
],
"denied_effects": [
"durable_memory_write",
"orgbrain_write",
"calendar_write",
"calendar_delete"
]
},
{
"source_surface": "contacts.read",
"capability_package": "proton-rclone",
"proposal_type": "secondbrain.memory.propose_create_from_contacts",
"target_lifecycle_state": "inbox",
"allowed_effects": [
"emit_redacted_proposal",
"emit_source_handle",
"emit_content_digest"
],
"denied_effects": [
"durable_memory_write",
"orgbrain_write",
"contact_mutation",
"contact_delete"
]
},
{
"source_surface": "drive.read",
"capability_package": "proton-rclone",
"proposal_type": "secondbrain.memory.propose_create_from_drive_pointer",
"target_lifecycle_state": "inbox",
"allowed_effects": [
"emit_redacted_proposal",
"emit_source_handle",
"emit_content_digest"
],
"denied_effects": [
"durable_memory_write",
"orgbrain_write",
"drive_file_content_download",
"drive_file_name_proof",
"drive_write",
"drive_delete"
]
}
],
"proposal_envelope_contract": {
"schema_version": "personal-agent.secondbrain.proposal-envelope.v1",
"required_fields": [
"schema_version",
"proposal_id",
"profile_identity",
"human_authority_principal",
"target_memory_domain",
"target_domain_term",
"source_capability_package",
"source_surface",
"proposal_type",
"target_lifecycle_state",
"source_handle_redacted",
"content_digest",
"redacted_summary",
"changed_fields",
"validator_plan",
"rollback_note",
"approval_state",
"proof_redaction"
],
"target_memory_domain": "secondbrain-personal",
"target_domain_term": "Personal Memory Domain",
"approval_state": "pending",
"raw_payload_custody": "source-runtime-or-secondbrain-apply-route-only",
"raw_payload_in_core_or_profile_proof": false,
"durable_apply_authorized_by_envelope": false
},
"apply_policy": {
"apply_route": "Secondbrain governed memory write path",
"apply_route_contract": "../secondbrain/docs/integration/2026-06-14-secondbrain-personal-agent-imessage-apply-contract.md",
"governed_apply_route_defined": true,
"apply_allowed_now": false,
"live_apply_executed": false,
"durable_apply_without_approval": false,
"requires_secondbrain_validator": "python3 tools/validate_secondbrain_child.py",
"requires_focused_secondbrain_gate": true,
"focused_secondbrain_gate_command": "python3 tools/check_secondbrain_personal_agent_imessage_intake.py",
"focused_secondbrain_apply_gate_command": "python3 tools/check_secondbrain_personal_agent_imessage_apply.py",
"requires_human_or_governed_approval": true,
"requires_local_evidence_and_handoff": true,
"push_allowed": false
},
"rejection_cases": [
{
"case": "target_orgbrain",
"input_target": "orgbrain",
"result": "rejected",
"reason": "personal context cannot route to Organization Memory Domain"
},
{
"case": "direct_durable_write",
"requested_effect": "durable_memory_write",
"result": "rejected",
"reason": "capability packages emit proposal envelopes only"
},
{
"case": "raw_payload_in_core_or_profile_proof",
"requested_effect": "store_raw_payload_in_proof",
"result": "rejected",
"reason": "proof is redacted-only"
},
{
"case": "apply_without_approval",
"requested_effect": "secondbrain_apply",
"result": "blocked",
"reason": "Secondbrain governed apply requires approval and validators"
}
],
"referenced_secondbrain_contracts": [
"../secondbrain/docs/integration/2026-06-09-secondbrain-personal-memory-domain-runtime-contract.md",
"../secondbrain/docs/integration/2026-06-09-secondbrain-governed-agent-retrieval-contract.md",
"../secondbrain/docs/integration/2026-06-09-secondbrain-governed-memory-write-path-contract.md",
"../secondbrain/docs/integration/2026-06-09-secondbrain-curator-hygiene-queue-contract.md",
"../secondbrain/docs/integration/2026-06-09-secondbrain-hermes-runtime-boundary.md",
"../secondbrain/docs/integration/2026-06-14-secondbrain-personal-agent-imessage-intake-contract.md",
"../secondbrain/docs/evidence/2026-06-14-secondbrain-personal-agent-imessage-intake-proof.md",
"../secondbrain/docs/integration/2026-06-14-secondbrain-personal-agent-imessage-apply-contract.md",
"../secondbrain/docs/evidence/2026-06-14-secondbrain-personal-agent-imessage-apply-proof.md"
],
"proof_policy": {
"mode": "redacted-only",
"forbidden_fields": [
"raw_messages",
"message_text",
"mail_bodies",
"mail_subjects",
"sender_address",
"recipient_address",
"contact_details",
"calendar_event_details",
"drive_file_names",
"drive_file_contents",
"attachment_content",
"endpoint_payloads",
"credentials",
"secret_values"
]
},
"remaining_gates": {
"secondbrain_governed_apply_route": "defined-no-live-apply",
"secondbrain_imessage_intake_contract": "ready",
"secondbrain_durable_apply": "blocked-follow-up",
"curator_hygiene_apply_review": "blocked-follow-up",
"desktop_adapter_exposure": "blocked-follow-up",
"runtime_health_proof": "blocked-follow-up",
"seed_package_pickup": "blocked-follow-up"
}
}
docs/evidence/2026-06-14-personal-agent-proton-rclone-runtime-reconciliation.md
+41
View File
@@ -0,0 +1,41 @@
---
name: 2026-06-14-personal-agent-proton-rclone-runtime-reconciliation
status: complete
triage: evidence
owner: jp
created: 2026-06-14
source: docs/contracts/personal-agent-runtime-readiness-snapshot.json
artifact_type: evidence
---
# Personal-Agent Proton/rclone Runtime Reconciliation
## Scope
This evidence reconciles the `personal-agent` Proton/rclone profile snapshot
against a same-day redacted runtime probe.
## Redacted Probe
- MCP registration: `proton-calendar`, `proton-email`, and `proton-contacts`
are enabled for the Steev profile.
- Docker inventory: calendar, email, and contacts gates are up after the
child-local bind-mount repair; one Proton Bridge container is up, and one
stale Proton Bridge container remains created.
- systemd user inventory: stale native `proton-bridge.service` and
`proton-bridge-proxy.service` are loaded but disabled/inactive while the
Docker bridge route remains active.
- rclone inventory: explicit Proton remote `about` probe succeeded with
redacted quota output only; no drive file names or file contents were listed.
## Result
The profile runtime snapshot now records the email and contacts gate repair as
complete child-local. The aggregate `personal-agent` runtime state remains
degraded because Core registration, rclone service posture, canonical runtime
deployment, source-lock pickup, and final acceptance remain open.
This proof does not read or store mail bodies, mail subjects, sender or
recipient addresses, contact details, calendar event details, drive file names,
drive file contents, endpoint payloads, credentials, cookies, Keychain values,
password-manager values, or secret values.
docs/evidence/2026-06-15-personal-agent-core-seed-readiness-reconciliation.md
+41
View File
@@ -0,0 +1,41 @@
# Personal-Agent Core Seed Readiness Reconciliation
Date: 2026-06-15
Profile identity: `personal-agent`
Display name: `Steev`
Work item: `PACR-014`
Status: complete profile-local reconciliation
## Objective
Update Steev profile distribution truth after Seed-local acceptance and Core pickup work, without claiming Core authority, Profile Exposure, durable memory, provider, product, publish, deploy, or public readiness.
## Source Locks
| Source | Commit | Path | SHA-256 |
| --- | --- | --- | --- |
| Proton/rclone current head | `f8403f1e5927933a0a5e283d2020119336e4e5e7` | `.sot/08-OUTPUTS/proton-suite-redacted-health-panel.json` | `0cb6938f00618fa794081a04a45ecc258e14e9f31ded990d67845dd35f0f1207` |
| Proton/rclone child registration pickup | `f8403f1e5927933a0a5e283d2020119336e4e5e7` | `.sot/08-OUTPUTS/proton-rclone-core-registration-pickup.json` | `d7ebfa239026b4e6d2667f4337ae7acaf763251ee11123f8974581137f34aa46` |
| Core S606 registration output | `52b2293b` | `.sot/08-OUTPUTS/2026-06-14-s606-proton-rclone-child-registration.json` | `ff7e0f93a705ce9149d48879a4a00f30ad5abf5903d569a738ba7f26ccc60d59` |
| Core S641 Proton Suite governance pickup | `52b2293b` | `.sot/08-OUTPUTS/2026-06-15-s641-proton-suite-governance-pickup.json` | `224b12db17306764208cc16ae6d8dc3df342c77c05c0cba65df11d7ba20b0de6` |
| Core S642 Seed Proton Suite refresh pickup | `52b2293b` | `.sot/08-OUTPUTS/2026-06-15-s642-seed-proton-suite-refresh-pickup.json` | `b3604875422663033772ba09a1a96e6152b654bcb020d1acc2dc6ccb9f44541f` |
| Core S643 Seed validator repair pickup | `52b2293b` | `.sot/08-OUTPUTS/2026-06-15-s643-seed-personal-agent-validator-repair-pickup.json` | `c378f7e25c5cd2668060aada18f3a8a0ebdceb76c30431cae48e109e41610c5c` |
| Seed final acceptance gate | `999f286fc7dafc5635cc72d2a63f08b7b2f98433` | `outputs/research/2026-06-14-cortex-os-seed-personal-agent-final-full-tool-acceptance-gate.json` | `1d56599c5fbc763e95a5734fa4a507767371189c56ec26f0da36b232f12f4869` |
| Seed boundary decision | `999f286fc7dafc5635cc72d2a63f08b7b2f98433` | `outputs/research/2026-06-14-cortex-os-seed-personal-agent-core-promotion-productization-boundary-decision.json` | `230accd38c9608656935858db576d5b1b19d71184387ef9015d6b7945c0ae136` |
| Seed objective audit | `999f286fc7dafc5635cc72d2a63f08b7b2f98433` | `outputs/research/2026-06-14-cortex-os-seed-personal-agent-objective-completion-audit.json` | `5bda7600319daee01348870bbe3c7cb716457f5507cdac974adb614540e08951` |
## Result
Steev is represented as Seed-local accepted for the governed JP local package scope. Proton/rclone is represented as Core S606 child-local registered. The profile distribution still reports broader aggregate runtime state as degraded.
## Remaining Gates
- `profile_exposure_route`: Core route required before broader Profile Exposure.
- `secondbrain_durable_apply`: Secondbrain route and exact approval required.
- `proton_suite_provider_smoke`: blocked on local Proton Pass Agncy access, Keyvault parity, migration receipt, read-only smokes, rollback, and Conductor disclosure review.
- `longer_standing_runtime_proof`: needed before daily-driver or production posture.
- `productization_release_distribution_lane`: separate approval and release decision required.
## False Effects
No Core mutation, Seed mutation, sibling mutation, Runtime start, Docker start, Desktop/Dashboard launch, browser control, Webwright control, secret read, provider call, Profile Exposure change, Memory Domain grant, durable Secondbrain apply, Hindsight live write, publish, deploy, public release, product readiness, production readiness, or broad goal-completion claim occurred in this Steev slice.
docs/evidence/2026-06-15-personal-agent-current-governed-boundary.md
+42
View File
@@ -0,0 +1,42 @@
# Personal-Agent Current Governed Boundary
Date: 2026-06-15
Profile identity: `personal-agent`
Display name: `Steev`
Work item: `PACR-015`
Status: complete profile-local boundary reconciliation
## Objective
Record the current Steev boundary after Core S654 and the Proton Suite health-panel signal, without changing Seed, Core, Proton, Keyvault, Runtime, Desktop, or memory state.
## Source Locks
| Source | Commit or stage | Path | SHA-256 |
| --- | --- | --- | --- |
| Core S654 Seed branch authority pickup | `S654` | `../core/.sot/08-OUTPUTS/2026-06-15-s654-seed-main-branch-authority-gate-pickup.json` | `d92e77e23418b67e27cc3058a9f415a9b4a023cfcd71e4465cbe859df9b8d7e4` |
| Core S654 validator | `3cc8a77a06de4ff282b36205e101c99c2fb54c9b` | `../core/tools/check_personal_agent_21_seed_main_branch_authority_gate_pickup.py` | `20fffdb88f1e7a023e715465aa944c33201bc83ccff218833d6ba72f900f0944` |
| Seed S653 branch authority gate | `fd880ef15232895da05bc31ae4449e32418190ec` | `../seed/outputs/research/2026-06-15-cortex-os-seed-main-branch-authority-gate.json` | `12515390f89263318f853c26918155b36376f7b976009101a026043d4d3c2379` |
| Seed S653 branch authority validator | `fd880ef15232895da05bc31ae4449e32418190ec` | `../seed/tools/validate_cortex_os_seed_main_branch_authority_gate.py` | `b7ce32bcfe48e8e568280c1659c09ec46729af8aa7d3c9e6433fb028506847e1` |
| Proton Suite health contract | `f8403f1e5927933a0a5e283d2020119336e4e5e7` | `../proton-rclone/contracts/personal-agent-proton-suite-health-contract.json` | `ec835d487aae52fe0aa251076caafbdb1fc7b7ec7a4923ca89de8c246f87495f` |
| Proton Suite redacted health panel | `f8403f1e5927933a0a5e283d2020119336e4e5e7` | `../proton-rclone/.sot/08-OUTPUTS/proton-suite-redacted-health-panel.json` | `0cb6938f00618fa794081a04a45ecc258e14e9f31ded990d67845dd35f0f1207` |
| Proton Suite health panel proof | `f8403f1e5927933a0a5e283d2020119336e4e5e7` | `../proton-rclone/.sot/08-OUTPUTS/proton-suite-health-panel-proof.json` | `03ece893a3c7678365741cfdd01cb2c6cc2c30c20519e5d8649c25afac5ce31b` |
## Current Boundary
- `seed_branch_authority`: approval-required. Core S654 carries the current approval target for Seed HEAD `fd880ef15232895da05bc31ae4449e32418190ec`.
- `stale_s653_approval`: blocker. The older Seed S653 gate targets `56a1a36cc51d3cd084a65e01eb77210f58d7b6fd` and must not be used for current branch authority.
- `seed_main_repoint`: not executed. Local Seed `main` was not archived or repointed by this Steev slice.
- `profile_exposure`: blocked. Broader Steev tool exposure still needs a Core route.
- `durable_memory`: blocked. Secondbrain/Hindsight live writes still need governed approval.
- `provider_policy`: blocked. Real provider calls and credential custody still need a governed route.
- `keyvault_replacement`: future-governed-route. Proton Suite health-panel architecture may inform Keyvault successor work, but it does not replace Keyvault here.
- `runtime_readiness`: degraded. Seed-local acceptance exists, but broader runtime readiness and product readiness are not claimed.
## Operator Note
Use the Core S654 exact current-head approval text before any local Seed branch-authority execution. Do not use the older S653 approval text for current Seed HEAD `fd880ef15232895da05bc31ae4449e32418190ec`.
## False Effects
No Core mutation, Seed mutation, Proton mutation, Keyvault mutation, Runtime start, Docker start, Desktop/Dashboard launch, browser control, Webwright control, secret read, provider call, Profile Exposure change, Memory Domain grant, durable Secondbrain apply, Hindsight live write, branch repoint, publish, deploy, public release, product readiness, production readiness, or broad goal-completion claim occurred in this Steev slice.
docs/issues/2026-06-14-personal-agent-context-runtime-work-orders.md
+180
View File
@@ -0,0 +1,180 @@
---
name: 2026-06-14-personal-agent-context-runtime-work-orders
status: active
triage: ready-for-agent
owner: jp
source: docs/prd/2026-06-14-personal-agent-context-runtime-prd.md
created: 2026-06-14
last_reviewed: 2026-06-14
core_promotion_status: not-promoted
description: Dependency-ordered vertical slices for personal-agent context runtime standardization.
artifact_type: work-orders
---
# Personal-Agent Context Runtime Work Orders
Each slice is vertical and proof-backed. `personal-agent` owns the profile contract.
BlueBubbles and Proton/rclone own capability packages. Personal context targets
personal Secondbrain only. `orgbrain`, raw payloads, and secrets are forbidden.
## PACR-001 Profile Authority And Surface Contract
Type: AFK. Blocked by: None. User stories: 1-17, 21-23, 28-31.
## What to build
Define the `personal-agent` profile contract: surfaces, allowed effects, denied effects,
memory target, credential posture, runtime proof, and package ownership.
## Acceptance criteria
- [ ] `personal-agent` declares iMessage, Proton Mail, Calendar, Contacts, Drive, and future browser host surfaces.
- [ ] Required surfaces are named: `imessage.read`, Proton read/draft/propose/confirmation-write surfaces, and Drive read/confirmation-write.
- [ ] Personal Secondbrain is the only memory target; `orgbrain`, raw payloads, credentials, and secrets are denied.
- [ ] The personal-agent distribution validator passes.
## PACR-002 Supersession And Graph Hygiene Register
Type: AFK. Blocked by: PACR-001. User stories: 24-27, 29, 36.
## What to build
Classify older personal-agent/Steev, BlueBubbles, Proton, rclone, and legacy Cortex artifacts
as active, superseded, archived, legacy-reference, or blocked-follow-up.
## Acceptance criteria
- [ ] Every known prior workstream has a supersession state and one-line reason.
- [ ] Legacy Cortex Proton/rclone repos are marked reference-only unless promoted.
- [ ] The register names the single canonical pickup path per work area.
- [ ] The personal-agent distribution validator passes.
## PACR-003 BlueBubbles Capability Pickup Into Personal-Agent
Type: AFK. Blocked by: PACR-001, PACR-002. User stories: 1-3, 13-18, 24-26, 32.
## What to build
Bind `personal-agent`'s `imessage.read` surface to the existing BlueBubbles package.
Preserve read-only runtime, redacted proof, Mac Mini host ownership, and
proposal-only personal memory intake.
## Acceptance criteria
- [ ] `personal-agent` references BlueBubbles as package authority, not profile-local connector code.
- [ ] Sends, read receipts, mark-read, contact/chat mutation, downloads, and deletes remain denied.
- [ ] BlueBubbles health/watchdog proof remains redacted evidence.
- [ ] Personal-agent distribution and BlueBubbles validators pass.
## PACR-004 Proton And Rclone Capability Standardization
Type: AFK. Blocked by: PACR-001, PACR-002. User stories: 4-12, 15-17, 19-20, 24-31.
## What to build
Shape a Proton/rclone capability package for `personal-agent`: Mail, Calendar, Contacts, and
Drive: surfaces, runtime path, rclone config posture, health, and write gates.
## Acceptance criteria
- [ ] Proton and Drive surfaces use read/draft/propose/confirmation naming.
- [ ] Docker, systemd, MCP, CLI, and rclone routes are inventoried with one chosen or pending runtime path.
- [ ] Health is redacted and per-surface, including degraded and not-running states.
- [ ] Duplicate Proton skills are consolidated or clearly superseded.
## PACR-005 Personal Secondbrain Proposal And Apply Route
Type: AFK. Blocked by: PACR-003, PACR-004. User stories: 13-14, 16-17, 29, 32, 34.
## What to build
Define proposal-only memory intake for iMessage, Proton, and Drive-derived
context. Durable writes wait for the owning Secondbrain/curator apply route.
## Acceptance criteria
- [ ] Proposal envelopes target personal Secondbrain only.
- [ ] `orgbrain` attempts are rejected and proven.
- [ ] Proof excludes raw bodies, contacts, event details, drive names, attachments, and secrets unless later approved.
- [ ] The personal-agent distribution validator passes.
## PACR-006 Conductor And Curator Service Handoff
Type: AFK. Blocked by: PACR-001 and active conductor/curator lane release. User stories: 17, 23, 29, 33-34.
## What to build
Publish service identity, health shape, effects, credential posture, and
apply-envelope expectations for future conductor/curator adoption.
## Acceptance criteria
- [ ] Each capability has service identity, health, allowed effects, and denied effects.
- [ ] Apply expectations are redacted and personal-only.
- [ ] No conductor or curator files are mutated from the personal-agent distribution route.
- [ ] The personal-agent distribution validator passes.
## PACR-007 Runtime Readiness And Always-On Proof
Type: AFK. Blocked by: PACR-003, PACR-004, PACR-006. User stories: 17-20, 28-29, 33.
## What to build
Prove per-surface runtime state with redacted health, supervisor posture,
restart behavior, and explicit ready/degraded/pending/blocked claims.
## Acceptance criteria
- [ ] iMessage, Mail, Calendar, Contacts, and Drive each have a readiness state.
- [ ] Broken, duplicate, inactive, or missing services are named as gaps.
- [ ] Optional reboot/power-loss proof is separate from normal readiness.
- [ ] The personal-agent distribution validator passes.
## PACR-008 Desktop Adapter Exposure Contract
Type: AFK. Blocked by: PACR-001 and active adapter lane release. User stories: 22, 29, 35.
## What to build
Prepare the desktop/adapter contract for capability readiness display. Do not
wire UI or mutate adapter code from this route.
## Acceptance criteria
- [ ] Desktop-visible states come from contract and redacted runtime health.
- [ ] State names are ready, degraded, pending, blocked, and disabled.
- [ ] Personal memory only and no `orgbrain` are preserved.
- [ ] The personal-agent distribution validator passes.
## PACR-009 Browser And Webwright Host Runtime Approval
Type: HITL. Blocked by: PACR-001, PACR-002, explicit JP approval. User stories: 21, 29, 33, 35.
## What to build
Prepare a separate Mac Mini browser/Webwright Host Runtime approval packet.
This grants broad authenticated computer authority and must not hide inside
messaging or Proton work.
## Acceptance criteria
- [ ] The packet names browser session, password-manager, cookie, Google Drive, and desktop-control risks.
- [ ] Default denied effects apply until JP grants scope.
- [ ] No browser/Webwright runtime is enabled by this issue.
- [ ] JP approval is required before execution.
## PACR-010 Final Acceptance And Promotion Packet
Type: HITL. Blocked by: PACR-002 through PACR-009. User stories: 28-36.
## What to build
Assemble final acceptance across profile, capability, memory, runtime, Seed,
Core, conductor/curator, desktop, and graph hygiene claims.
## Acceptance criteria
- [ ] Accepted, pending, and rejected claims are named with owning evidence.
- [ ] Old work is archived, superseded, or marked legacy-reference.
- [ ] Core and Seed readiness are claimed only through governed routes.
- [ ] JP can read one page and know exactly what remains.
docs/prd/2026-06-14-personal-agent-context-runtime-prd.md
+145
View File
@@ -0,0 +1,145 @@
---
name: 2026-06-14-personal-agent-context-runtime-prd
status: active
triage: ready-for-agent
owner: jp
source: user-request-2026-06-14-personal-agent-context-runtime
created: 2026-06-14
last_reviewed: 2026-06-14
core_promotion_status: not-promoted
description: PRD for making the personal-agent profile the governed personal context runtime over iMessage, Proton, rclone, and future host-control capabilities.
artifact_type: prd
---
# Personal-Agent Context Runtime PRD
## Problem Statement
JP wants the `personal-agent` profile, displayed to users as Steev, to know him through the live
communication and personal-data surfaces that already shape his day: iMessage,
Proton Mail, Calendar, Contacts, Proton Drive through rclone, and later the Mac
Mini browser host. Today those surfaces exist in different states across
profile docs, BlueBubbles child work, Proton skills, older Cortex repositories,
Docker services, systemd units, Hermes adapters, and Secondbrain/curator lanes.
The risk is context confusion. Future agents can mistake the Steev display name
or old work for active profile authority, build duplicate connectors, route
private personal context toward the wrong memory domain, or claim runtime
readiness from partial proofs. The `personal-agent` profile needs one clean
contract that says which personal surfaces are active,
which capability package owns each surface, which mutations are forbidden,
which durable memory route is allowed, and which old artifacts are archived,
superseded, or legacy reference only.
## Solution
Make `personal-agent` a governed personal context runtime profile. The profile declares
the personal context surfaces it may observe, the capability packages that
provide those surfaces, the exact memory routing policy, the mutation policy,
and the runtime readiness gates. BlueBubbles/iMessage, Proton/rclone, and
future browser/Webwright host control stay in separate capability packages, but
`personal-agent` owns the profile-level decision that those packages belong to JP's
personal-agent runtime and must route personal context only through governed personal
memory paths.
The first target state is read-first and proof-backed:
- iMessage is `imessage.read` only.
- Proton exposes read, draft, propose, and confirmation-gated write surfaces.
- Proton Drive through rclone starts as `drive.read`.
- Durable memory proposals target only personal Secondbrain storage.
- `orgbrain` is forbidden for message, mail, contact, calendar, and drive-derived personal context.
- Core stores no raw personal content, endpoint payloads, credentials, or secret values.
- Old work is classified so graph context has one canonical pickup path.
## User Stories
1. As JP, I want `personal-agent` to understand my recent iMessage exchanges, so that he can answer with real personal context.
2. As JP, I want `personal-agent` to read iMessages without sending, so that personal-agent context does not mutate my Messages state.
3. As JP, I want BlueBubbles to be the iMessage capability package, so that iMessage runtime work is not duplicated inside the profile distribution.
4. As JP, I want `personal-agent` to read Proton Mail, so that my personal-agent knows what people are asking me.
5. As JP, I want `personal-agent` to draft Proton replies without sending them, so that I keep final control of outbound mail.
6. As JP, I want Proton sends to require explicit confirmation, so that no agent sends mail silently.
7. As JP, I want `personal-agent` to read Proton Calendar, so that it knows my time commitments.
8. As JP, I want `personal-agent` to propose calendar changes before writing them, so that scheduling remains controlled.
9. As JP, I want `personal-agent` to read Proton Contacts, so that it can identify people across channels.
10. As JP, I want contact writes to require explicit confirmation, so that my address book is not changed silently.
11. As JP, I want `personal-agent` to read Proton Drive through rclone, so that it can find personal context when I ask.
12. As JP, I want Drive writes to be confirmation-gated, so that personal files are not changed silently.
13. As JP, I want all personal context routed to personal Secondbrain storage, so that my private life stays personal.
14. As JP, I want `orgbrain` forbidden for this data, so that personal messages and mail never become organization memory.
15. As JP, I want `personal-agent` to use Keyvault references only, so that this project does not become a credential migration.
16. As JP, I want Core to store only redacted proofs, so that governance can be reviewed without exposing personal content.
17. As JP, I want each capability to report health without leaking payloads, so that runtime readiness is observable and private.
18. As JP, I want the Mac Mini BlueBubbles runtime to stay always-on, so that iMessage context is available continuously.
19. As JP, I want Proton services to have one canonical runtime path, so that Docker, systemd, and MCP do not fight each other.
20. As JP, I want rclone to use an explicit governed config path, so that Drive access is repeatable and not ambient.
21. As JP, I want browser/Webwright Mac control separated from messaging, so that full computer authority is approved deliberately.
22. As JP, I want desktop app integration to wait for the adapter lane, so that UI work uses the right service boundary.
23. As JP, I want conductor and curator to become the standard service path, so that capabilities are centralized cleanly.
24. As JP, I want every old planning artifact classified, so that future graph context has no ambiguous authority.
25. As JP, I want superseded work marked visibly, so that agents do not revive stale plans.
26. As JP, I want active capability packages named explicitly, so that agents know where to continue work.
27. As JP, I want legacy repositories treated as reference material, so that useful code is preserved without becoming authority.
28. As JP, I want runtime readiness separated from Seed readiness, so that package claims are not inflated.
29. As JP, I want final completion to require profile, capability, runtime, memory, and graph hygiene acceptance, so that "done" has one meaning.
30. As a profile maintainer, I want the personal-agent manifest and disclosure to match live capability exposure, so that runtime drift is caught.
31. As a capability maintainer, I want each surface to declare allowed and forbidden effects, so that test coverage follows real risk.
32. As a Secondbrain maintainer, I want proposal-only intake before durable apply, so that memory writes remain governed.
33. As a conductor operator, I want service identity and health shapes per capability, so that the central service lane can adopt them.
34. As a curator operator, I want redacted apply envelopes, so that personal memory can be reviewed without raw payload sprawl.
35. As a desktop adapter operator, I want one profile capability contract, so that the desktop app can display personal-agent readiness without guessing.
36. As a future agent, I want a sandcastle pickup map, so that I continue vertically instead of re-planning horizontally.
## Implementation Decisions
- `personal-agent` owns the profile-level personal context runtime contract; individual integrations remain child capability packages.
- Steev is the user-facing display name and current distribution/repo alias for `personal-agent`; it is not a separate product authority.
- BlueBubbles owns the iMessage capability package. `personal-agent` consumes the package as `imessage.read` and does not implement a second connector.
- Proton/rclone must become a standardized capability package with declared surfaces for Mail, Calendar, Contacts, and Drive.
- The personal-agent memory target is personal Secondbrain storage only. `orgbrain` is a hard-denied target for this work.
- Runtime claims require redacted live proof and a local validator. Partial service availability must be named per surface.
- Mutations use surface names that encode consent: read, draft, propose, send-with-confirmation, and write-with-confirmation.
- Message sends, mail sends, mark-read/read receipts, deletes, contact mutation, calendar mutation, and file mutation are forbidden unless the surface explicitly requires confirmation and JP confirms.
- Core promotion is out of scope for the child route. Core may receive only governed promotion packets and redacted evidence.
- Seed readiness is out of scope until the Seed lane accepts a package.
- Desktop app integration must wait for the adapter lane to settle.
- Conductor and curator are the desired service and apply path, but this PRD does not mutate those workspaces.
- Browser/Webwright Mac Mini host control is a separate runtime route because it grants broader computer authority than read-only communications.
- Old work must be classified in a supersession register before final readiness claims.
- Hindsight compliance means every major decision has a durable pickup artifact, a supersession state, and a one-line reason.
- Indie-dev compliance means vertical slices stay small, demoable, and useful without adding process that does not reduce confusion or risk.
## Testing Decisions
- The highest profile seam is the personal-agent distribution validator plus manifest/disclosure consistency.
- The highest iMessage seam is the BlueBubbles read-only runtime package and its redacted watchdog proof.
- The highest Proton seam is a redacted health check per surface: Mail, Calendar, Contacts, and Drive.
- The highest memory seam is a proposal envelope that targets personal Secondbrain storage and rejects `orgbrain`.
- The highest graph-hygiene seam is the supersession register plus graph context showing one canonical pickup path.
- The highest runtime seam is always-on supervisor posture with redacted proof, not raw payload capture.
- The highest desktop seam is a contract handoff, not UI wiring, until the adapter lane releases.
- Tests should assert external behavior: allowed reads work, denied mutations fail before transport, confirmation-gated writes cannot run silently, personal memory proposals do not become durable writes, and proof files contain no raw personal data or secrets.
- Every completed slice must leave the current distribution validator passing.
## Out of Scope
- Sending iMessages.
- Sending mail without explicit confirmation.
- Deleting messages, mail, calendar events, contacts, or files.
- Marking messages or mail read unless a later approved surface grants it.
- Downloading attachments unless separately approved.
- Reading or exporting password-manager contents.
- Granting browser/Webwright full computer control through this PRD.
- Writing durable Secondbrain memory directly from capability packages.
- Routing any personal context to `orgbrain`.
- Mutating Core, Seed, conductor, curator, desktop adapter, BlueBubbles, Proton, or Secondbrain workspaces from this personal-agent planning route.
## Further Notes
This PRD intentionally moves the center of gravity from individual connector
experiments to the `personal-agent` profile contract. BlueBubbles remains the concrete
iMessage package. Proton/rclone becomes the next standardized capability
package. The current Steev-named distribution becomes the governed `personal-agent` package that declares which
capabilities are allowed, how they route memory, and which old work is no
longer authoritative.
docs/sandcastles/2026-06-14-personal-agent-context-runtime-sandcastle.md
+82
View File
@@ -0,0 +1,82 @@
---
name: 2026-06-14-personal-agent-context-runtime-sandcastle
status: prepared
triage: ready-for-agent
owner: jp
source: docs/issues/2026-06-14-personal-agent-context-runtime-work-orders.md
created: 2026-06-14
last_reviewed: 2026-06-14
artifact_type: sandcastle-descriptor
---
# Personal-Agent Context Runtime Sandcastle
## Active Sandcastle Decision
- Source repo: `/home/svrnty/workspaces/cortex-os/steev`
- Profile identity: `personal-agent`
- User display name / distribution alias: Steev
- Active personal-agent sandcastle before this work: none found
- Prepared pickup descriptor: this file
- Local issue tracker: `docs/issues/2026-06-14-personal-agent-context-runtime-work-orders.md`
- PRD: `docs/prd/2026-06-14-personal-agent-context-runtime-prd.md`
- Supersession register: `docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md`
- Local gate: `python3 tools/validate_steev_child.py`
## Decision
Use `personal-agent` as the profile-level sandcastle for personal context runtime
standardization. Do not open a competing iMessage connector, Proton connector,
rclone storage service, desktop adapter, conductor, curator, or Secondbrain
runtime from this route.
Continue BlueBubbles-specific execution in the existing BlueBubbles completion
readiness sandcastle. Use this package as the `personal-agent` profile contract
that says which capability packages the profile may consume and how personal
context must route. Steev remains the user-facing name.
## Purpose
Make `personal-agent` the clean profile over JP's real personal context:
iMessage, Proton Mail, Calendar, Contacts, Proton Drive through rclone, and
future browser/Webwright host control. This sandcastle exists to remove context
confusion, classify old work, and produce vertical implementation slices.
## Boundaries
- No Core mutation from this route.
- No Seed readiness claim until Seed accepts a package.
- No conductor or curator mutation until their active lane releases.
- No desktop adapter mutation until the adapter lane releases.
- No second production BlueBubbles connector.
- No profile-local Proton/rclone connector rewrite before capability packaging.
- No durable Secondbrain writes; proposal/apply route only.
- No `orgbrain` target.
- No iMessage sends, read receipts, mark-read, deletes, contact mutation, or attachment download.
- No Proton send, calendar write, contact write, Drive write, move, copy, purge, or delete without an explicit confirmation surface and JP confirmation.
- No browser/Webwright full-control runtime until separate Host Runtime approval.
- No raw message bodies, mail bodies, contact details, event details, drive file names, endpoint payloads, credentials, cookies, keychain values, password-manager values, or secret values in proof artifacts.
## Pickup Order
- Start with `PACR-001` to define the profile authority and surface contract.
- Then run `PACR-002` to classify old work and prevent graph ambiguity.
- Run `PACR-003` and `PACR-004` in parallel only after the supersession register exists.
- Run `PACR-005` after iMessage and Proton/rclone surfaces are clear.
- Keep `PACR-006` blocked until conductor/curator release their lane.
- Keep `PACR-008` blocked until the adapter lane releases.
- Keep `PACR-009` HITL because it grants broad Mac/browser authority.
- Use `PACR-010` only as the final acceptance gate.
## One-Line Execution Map
- Define `personal-agent` profile surfaces: one personal context contract.
- Classify old work: active, superseded, archived, or legacy-reference.
- Pick up BlueBubbles: `imessage.read`, read-only, personal memory only.
- Package Proton/rclone: Mail, Calendar, Contacts, Drive surfaces.
- Route memory: proposal-only to personal Secondbrain, no `orgbrain`.
- Hand off services: conductor and curator shape, no cross-route mutation.
- Prove runtime: per-surface redacted health, no payload leakage.
- Prepare desktop: adapter contract only, no early UI wiring.
- Separate host control: browser/Webwright approval packet.
- Accept final state: only evidence-backed claims become complete.
docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md
+98
View File
@@ -0,0 +1,98 @@
---
name: 2026-06-14-personal-agent-context-runtime-supersession-register
status: active
triage: ready-for-agent
owner: jp
source: docs/prd/2026-06-14-personal-agent-context-runtime-prd.md
created: 2026-06-14
last_reviewed: 2026-06-14
core_promotion_status: not-promoted
description: Supersession register for personal-agent context runtime work so old artifacts do not confuse graph context.
artifact_type: supersession-register
---
# Personal-Agent Context Runtime Supersession Register
## Rule
Every artifact that talks about `personal-agent`, Steev display-name context, iMessage, BlueBubbles,
Proton, rclone, Secondbrain memory routing, conductor/curator routing, or
desktop exposure must be treated as one of:
- `active-authority`: current pickup path for this route.
- `active-capability-package`: current package owned by another child route.
- `superseded`: useful history, not a pickup path.
- `legacy-reference`: source material only, not current authority.
- `blocked-follow-up`: valid work, blocked by another owning lane.
## Canonical Pickup Paths
| Area | Status | Canonical pickup |
| --- | --- | --- |
| Personal-agent profile contract | active-authority | This PRD and work orders |
| Steev display name | active-alias | User-facing name for `personal-agent`, not separate authority |
| Personal-agent BlueBubbles binding | active-authority | `docs/contracts/personal-agent-bluebubbles-binding.json` binds `imessage.read` to the package |
| BlueBubbles iMessage | active-capability-package | BlueBubbles child completion-readiness package |
| Proton/rclone package candidate | active-authority | `docs/contracts/personal-agent-proton-rclone-package.json` links to the child-local `../proton-rclone` candidate without Core registration or runtime readiness overclaim |
| Proton Mail/Calendar/Contacts | blocked-follow-up | Child candidate exists and email/contacts gates are repaired child-local; Core registration, bridge convergence, source-lock pickup, and final readiness remain follow-up work |
| Proton Drive/rclone | blocked-follow-up | Child candidate has redacted rclone `about` proof; governed wrapper and write gates remain follow-up work |
| Personal-agent Secondbrain proposal/apply route | active-authority | `docs/contracts/personal-agent-secondbrain-proposal-route.json` defines proposal-only personal memory intake and references the governed Secondbrain apply route |
| Personal memory live durable apply | blocked-follow-up | Secondbrain apply route is defined, but live apply still requires approval; profile/capability packages do not write durable memory |
| Personal-agent Conductor/Curator service handoff | active-authority | `docs/contracts/personal-agent-conductor-curator-service-handoff.json` gives route and hygiene lanes a redacted service map |
| Conductor/curator adoption | blocked-follow-up | Owning lanes must explicitly pick up the handoff; this profile does not mutate them |
| Personal-agent runtime readiness snapshot | active-authority | `docs/contracts/personal-agent-runtime-readiness-snapshot.json` names per-surface states and runtime gaps without aggregate readiness claim |
| Personal-agent desktop exposure contract | active-authority | `docs/contracts/personal-agent-desktop-exposure-contract.json` defines adapter-visible rows without UI wiring |
| Desktop app exposure wiring | blocked-follow-up | Owning adapter lane must pick up the contract and wire UI after approval |
| Browser/Webwright host control | blocked-follow-up | `PACR-009`, explicit approval only |
## Known Artifacts And Supersession State
| Artifact family | State | One-line reason |
| --- | --- | --- |
| Steev-named distribution repo | active-alias | Current repo path for `personal-agent`; display name is not separate profile authority. |
| `CONTRACT.md` v1 iMessage-as-v2 wording | superseded | iMessage is now main personal context intake, not a low-priority future messaging item. |
| `AGENT.md` reused-skill summary | superseded | It names useful tools but not the new governed surface model. |
| `skills/steev-agent` current memory protocol | superseded | It says episodic memory only but does not encode personal Secondbrain proposal/apply routing. |
| `skills/proton-tools` | superseded-pending-package-install | It remains tool reference material, but governance now lives in the Proton/rclone package candidate. |
| `DISCLOSURE.md` Wave 8/8.5 runtime disclosure | superseded-pending-refresh | It is historical disclosure and must be refreshed after the profile capability contract changes. |
| BlueBubbles runtime-readiness PRD | active-capability-package | It remains valid for the iMessage capability package, subordinate to the `personal-agent` profile contract. |
| BlueBubbles completion-readiness PRD | active-capability-package | It remains the BlueBubbles package pickup for read-only iMessage readiness. |
| BlueBubbles Hermes connector convergence PRD | active-capability-package | It prevents duplicate connector work and remains aligned with the `personal-agent` profile contract. |
| Legacy Cortex Proton API repo | legacy-reference | It has useful Mail/Calendar/Contacts service code but is not Cortex OS child authority. |
| Legacy Cortex Proton Bridge repo | legacy-reference | It has bridge/container material but is not the canonical runtime package. |
| Legacy Cortex rclone storage repo | legacy-reference | It has Drive service and permission code but is not the canonical personal-agent package. |
| Hermes installed `proton-access` skill | superseded-pending-consolidation | It overlaps with Steev `proton-tools` and should not be a separate authority. |
| Hermes installed `proton-mail-operations` skill | superseded-pending-consolidation | It overlaps with Steev `proton-tools` and should fold into the canonical Proton package. |
| Hermes installed `proton-services` skill | superseded-pending-consolidation | It overlaps with Steev `proton-tools` and should fold into the canonical Proton package. |
| Proton/rclone child candidate | active-capability-package | Child-local repo exists at `../proton-rclone`, validates locally, and still needs Core registry pickup. |
| Direct rclone CLI proofs | active-evidence-source | Read-only `about` proof is captured redacted in the child candidate, but runtime authority still needs a governed wrapper. |
| Docker Proton Bridge and calendar gate state | active-evidence-source | Current runtime fact is captured redacted in the child candidate, not a readiness claim by itself. |
| Broken user `proton-bridge.service` state | superseded | Stale native user units are disabled; Docker bridge route remains active in the Proton/rclone child proof. |
| Inactive rclone RC/proxy units | active-gap | Must stay disabled or become gated through a governed wrapper before runtime readiness. |
| Secondbrain direct-write ideas | superseded | Personal context begins as redacted proposal envelopes; durable apply belongs to Secondbrain governed memory write path. |
| Desktop integration ideas before adapter lane release | blocked-follow-up | Valid direction, but not an active mutation route. |
| Browser/Webwright full-control ideas inside messaging work | superseded | Host control needs its own approval packet because it is broader authority. |
## Graph Hygiene Requirements
- Graph context should expose this PRD as the `personal-agent` profile-level pickup.
- Graph context should treat Steev as display name / distribution alias only.
- Graph context should expose BlueBubbles as the active iMessage capability package.
- Graph context should expose the Proton/rclone child candidate as the active standardization pickup, not a Core-registered or runtime-ready package.
- Graph context should expose the personal-agent Secondbrain proposal/apply route as active while keeping live durable apply blocked to approval and Secondbrain/curator.
- Graph context should expose the personal-agent Conductor/Curator service handoff as active, while adoption remains blocked to owning lanes.
- Graph context should expose the personal-agent runtime snapshot as degraded until the named runtime gaps close.
- Graph context should expose the personal-agent desktop exposure contract as active, while adapter UI wiring remains blocked to the adapter lane.
- Graph context should not treat legacy Cortex Proton/rclone repositories as active authority.
- Graph context should not treat duplicate Proton skills as separate current product surfaces.
- Graph context should mark browser/Webwright host control as separate HITL runtime authority.
- Graph context should preserve `secondbrain-personal` as the only allowed personal memory target.
- Graph context should preserve `orgbrain` as denied for this work.
## Archive And Supersede Actions
- Add visible supersession notes to the personal-agent contract and disclosure when `PACR-001` is implemented.
- Add Core registration pickup after the child-local Proton/rclone candidate is route-approved.
- Keep BlueBubbles artifacts active but subordinate to the `personal-agent` profile contract.
- Archive or mark duplicate Proton skills after the canonical package is installed.
- Record final graph cleanup in `PACR-010`; do not claim complete before this register matches the graph pickup state.
manifest.yaml
+2
View File
@@ -2,6 +2,8 @@
# Read by install.sh. Convention shared by all Hermes profile distributions # Read by install.sh. Convention shared by all Hermes profile distributions
# (see ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md — the canonical protocol). # (see ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md — the canonical protocol).
profile: steev # Hermes profile name (personal — no org suffix per FRAMEWORK §6.1) profile: steev # Hermes profile name (personal — no org suffix per FRAMEWORK §6.1)
profile_identity: personal-agent # canonical profile identity; Steev is display/distribution alias.
display_name: Steev
kind: profile-distribution # family marker; steev = personal-assistant reference impl kind: profile-distribution # family marker; steev = personal-assistant reference impl
role: personal-assistant # function — Chief of Staff for one principal (JP) role: personal-assistant # function — Chief of Staff for one principal (JP)
# org: ~ # intentionally omitted — steev is personal/agnostic # org: ~ # intentionally omitted — steev is personal/agnostic
tools/validate_steev_child.py
+1361 -6
View File
File diff suppressed because it is too large Load Diff