--- name: 2026-06-14-personal-agent-context-runtime-work-orders status: active triage: ready-for-agent owner: jp source: docs/prd/2026-06-14-personal-agent-context-runtime-prd.md created: 2026-06-14 last_reviewed: 2026-06-14 core_promotion_status: not-promoted description: Dependency-ordered vertical slices for personal-agent context runtime standardization. artifact_type: work-orders --- # Personal-Agent Context Runtime Work Orders Each slice is vertical and proof-backed. `personal-agent` owns the profile contract. BlueBubbles and Proton/rclone own capability packages. Personal context targets personal Secondbrain only. `orgbrain`, raw payloads, and secrets are forbidden. ## PACR-001 Profile Authority And Surface Contract Type: AFK. Blocked by: None. User stories: 1-17, 21-23, 28-31. ## What to build Define the `personal-agent` profile contract: surfaces, allowed effects, denied effects, memory target, credential posture, runtime proof, and package ownership. ## Acceptance criteria - [ ] `personal-agent` declares iMessage, Proton Mail, Calendar, Contacts, Drive, and future browser host surfaces. - [ ] Required surfaces are named: `imessage.read`, Proton read/draft/propose/confirmation-write surfaces, and Drive read/confirmation-write. - [ ] Personal Secondbrain is the only memory target; `orgbrain`, raw payloads, credentials, and secrets are denied. - [ ] The personal-agent distribution validator passes. ## PACR-002 Supersession And Graph Hygiene Register Type: AFK. Blocked by: PACR-001. User stories: 24-27, 29, 36. ## What to build Classify older personal-agent/Steev, BlueBubbles, Proton, rclone, and legacy Cortex artifacts as active, superseded, archived, legacy-reference, or blocked-follow-up. ## Acceptance criteria - [ ] Every known prior workstream has a supersession state and one-line reason. - [ ] Legacy Cortex Proton/rclone repos are marked reference-only unless promoted. - [ ] The register names the single canonical pickup path per work area. - [ ] The personal-agent distribution validator passes. ## PACR-003 BlueBubbles Capability Pickup Into Personal-Agent Type: AFK. Blocked by: PACR-001, PACR-002. User stories: 1-3, 13-18, 24-26, 32. ## What to build Bind `personal-agent`'s `imessage.read` surface to the existing BlueBubbles package. Preserve read-only runtime, redacted proof, Mac Mini host ownership, and proposal-only personal memory intake. ## Acceptance criteria - [ ] `personal-agent` references BlueBubbles as package authority, not profile-local connector code. - [ ] Sends, read receipts, mark-read, contact/chat mutation, downloads, and deletes remain denied. - [ ] BlueBubbles health/watchdog proof remains redacted evidence. - [ ] Personal-agent distribution and BlueBubbles validators pass. ## PACR-004 Proton And Rclone Capability Standardization Type: AFK. Blocked by: PACR-001, PACR-002. User stories: 4-12, 15-17, 19-20, 24-31. ## What to build Shape a Proton/rclone capability package for `personal-agent`: Mail, Calendar, Contacts, and Drive: surfaces, runtime path, rclone config posture, health, and write gates. ## Acceptance criteria - [ ] Proton and Drive surfaces use read/draft/propose/confirmation naming. - [ ] Docker, systemd, MCP, CLI, and rclone routes are inventoried with one chosen or pending runtime path. - [ ] Health is redacted and per-surface, including degraded and not-running states. - [ ] Duplicate Proton skills are consolidated or clearly superseded. ## PACR-005 Personal Secondbrain Proposal And Apply Route Type: AFK. Blocked by: PACR-003, PACR-004. User stories: 13-14, 16-17, 29, 32, 34. ## What to build Define proposal-only memory intake for iMessage, Proton, and Drive-derived context. Durable writes wait for the owning Secondbrain/curator apply route. ## Acceptance criteria - [ ] Proposal envelopes target personal Secondbrain only. - [ ] `orgbrain` attempts are rejected and proven. - [ ] Proof excludes raw bodies, contacts, event details, drive names, attachments, and secrets unless later approved. - [ ] The personal-agent distribution validator passes. ## PACR-006 Conductor And Curator Service Handoff Type: AFK. Blocked by: PACR-001 and active conductor/curator lane release. User stories: 17, 23, 29, 33-34. ## What to build Publish service identity, health shape, effects, credential posture, and apply-envelope expectations for future conductor/curator adoption. ## Acceptance criteria - [ ] Each capability has service identity, health, allowed effects, and denied effects. - [ ] Apply expectations are redacted and personal-only. - [ ] No conductor or curator files are mutated from the personal-agent distribution route. - [ ] The personal-agent distribution validator passes. ## PACR-007 Runtime Readiness And Always-On Proof Type: AFK. Blocked by: PACR-003, PACR-004, PACR-006. User stories: 17-20, 28-29, 33. ## What to build Prove per-surface runtime state with redacted health, supervisor posture, restart behavior, and explicit ready/degraded/pending/blocked claims. ## Acceptance criteria - [ ] iMessage, Mail, Calendar, Contacts, and Drive each have a readiness state. - [ ] Broken, duplicate, inactive, or missing services are named as gaps. - [ ] Optional reboot/power-loss proof is separate from normal readiness. - [ ] The personal-agent distribution validator passes. ## PACR-008 Desktop Adapter Exposure Contract Type: AFK. Blocked by: PACR-001 and active adapter lane release. User stories: 22, 29, 35. ## What to build Prepare the desktop/adapter contract for capability readiness display. Do not wire UI or mutate adapter code from this route. ## Acceptance criteria - [ ] Desktop-visible states come from contract and redacted runtime health. - [ ] State names are ready, degraded, pending, blocked, and disabled. - [ ] Personal memory only and no `orgbrain` are preserved. - [ ] The personal-agent distribution validator passes. ## PACR-009 Browser And Webwright Host Runtime Approval Type: HITL. Blocked by: PACR-001, PACR-002, explicit JP approval. User stories: 21, 29, 33, 35. ## What to build Prepare a separate Mac Mini browser/Webwright Host Runtime approval packet. This grants broad authenticated computer authority and must not hide inside messaging or Proton work. ## Acceptance criteria - [ ] The packet names browser session, password-manager, cookie, Google Drive, and desktop-control risks. - [ ] Default denied effects apply until JP grants scope. - [ ] No browser/Webwright runtime is enabled by this issue. - [ ] JP approval is required before execution. ## PACR-010 Final Acceptance And Promotion Packet Type: HITL. Blocked by: PACR-002 through PACR-009. User stories: 28-36. ## What to build Assemble final acceptance across profile, capability, memory, runtime, Seed, Core, conductor/curator, desktop, and graph hygiene claims. ## Acceptance criteria - [ ] Accepted, pending, and rejected claims are named with owning evidence. - [ ] Old work is archived, superseded, or marked legacy-reference. - [ ] Core and Seed readiness are claimed only through governed routes. - [ ] JP can read one page and know exactly what remains.