#!/usr/bin/env python3 """Validate the Steev-named personal-agent profile distribution.""" from __future__ import annotations import json from pathlib import Path import yaml ROOT = Path(__file__).resolve().parents[1] REQUIRED = [ "AGENTS.md", "README.md", "WORKBOARD.yaml", "manifest.yaml", "AGENT.md", "CONTRACT.md", "DISCLOSURE.md", "docs/STEEV-MASTER.md", "docs/contracts/personal-agent-profile-surface-contract.json", "docs/contracts/personal-agent-bluebubbles-binding.json", "docs/contracts/personal-agent-proton-rclone-package.json", "docs/contracts/personal-agent-secondbrain-proposal-route.json", "docs/prd/2026-06-14-personal-agent-context-runtime-prd.md", "docs/issues/2026-06-14-personal-agent-context-runtime-work-orders.md", "docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md", ] REQUIRED_SURFACES = { "imessage.read", "mail.read", "mail.draft", "mail.send_with_confirmation", "calendar.read", "calendar.propose_event", "calendar.write_with_confirmation", "contacts.read", "contacts.write_with_confirmation", "drive.read", "drive.write_with_confirmation", "browser.host_runtime.full_control", } REQUIRED_REDACTION_TERMS = { "raw_messages", "mail_bodies", "contact_details", "calendar_event_details", "drive_file_names", "endpoint_payloads", "credentials", "cookies", "keychain_values", "password_manager_values", "secret_values", } REQUIRED_PROTON_RCLONE_SURFACES = { "mail.read", "mail.draft", "mail.send_with_confirmation", "calendar.read", "calendar.propose_event", "calendar.write_with_confirmation", "contacts.read", "contacts.write_with_confirmation", "drive.read", "drive.write_with_confirmation", } REQUIRED_PROTON_RCLONE_DENIED_EFFECTS = { "send_without_confirmation", "calendar_write_without_confirmation", "contact_mutation_without_confirmation", "drive_delete", "orgbrain_write", } REQUIRED_MEMORY_SOURCE_SURFACES = { "imessage.read", "mail.read", "calendar.read", "contacts.read", "drive.read", } REQUIRED_PROPOSAL_ENVELOPE_FIELDS = { "schema_version", "proposal_id", "profile_identity", "human_authority_principal", "target_memory_domain", "target_domain_term", "source_capability_package", "source_surface", "proposal_type", "target_lifecycle_state", "source_handle_redacted", "content_digest", "redacted_summary", "changed_fields", "validator_plan", "rollback_note", "approval_state", "proof_redaction", } def read_text(rel: str) -> str: return (ROOT / rel).read_text(encoding="utf-8") def load_contract(errors: list[str]) -> dict: return load_json("docs/contracts/personal-agent-profile-surface-contract.json", errors) def load_json(rel: str, errors: list[str]) -> dict: path = ROOT / rel if not path.exists(): return {} try: return json.loads(path.read_text(encoding="utf-8")) except json.JSONDecodeError as exc: errors.append(f"json_invalid:{rel}:{exc.lineno}:{exc.colno}") return {} def main() -> int: errors: list[str] = [] for rel in REQUIRED: if not (ROOT / rel).exists(): errors.append(f"missing:{rel}") board = ROOT / "WORKBOARD.yaml" if board.exists(): text = board.read_text(encoding="utf-8") for snippet in [ "STEEV-WORK-001", "PACR-001", "PACR-002", "PACR-003", "PACR-004", "PACR-005", "status: candidate", "owner: jp", ]: if snippet not in text: errors.append(f"workboard_missing:{snippet}") agents = ROOT / "AGENTS.md" if agents.exists(): text = agents.read_text(encoding="utf-8") for snippet in ["child-local", "not Cortex OS Core authority", "python3 tools/validate_steev_child.py"]: if snippet not in text: errors.append(f"agents_missing:{snippet}") manifest = ROOT / "manifest.yaml" if manifest.exists(): data = yaml.safe_load(manifest.read_text(encoding="utf-8")) or {} if data.get("profile_identity") != "personal-agent": errors.append("manifest_profile_identity_not_personal_agent") if data.get("display_name") != "Steev": errors.append("manifest_display_name_not_steev") if data.get("profile") != "steev": errors.append("manifest_distribution_alias_not_steev") contract = load_contract(errors) if contract: if contract.get("profile_identity") != "personal-agent": errors.append("contract_profile_identity_not_personal_agent") if contract.get("display_name") != "Steev": errors.append("contract_display_name_not_steev") if contract.get("distribution_alias") != "steev": errors.append("contract_distribution_alias_not_steev") memory = contract.get("memory_policy", {}) if memory.get("allowed_target") != "secondbrain-personal": errors.append("contract_memory_allowed_target_not_secondbrain_personal") if "orgbrain" not in memory.get("forbidden_targets", []): errors.append("contract_memory_orgbrain_not_forbidden") if "proposal-only" not in memory.get("durable_write_policy", ""): errors.append("contract_memory_not_proposal_only") credential = contract.get("credential_policy", {}) if credential.get("mode") != "keyvault-reference-names-only": errors.append("contract_credential_policy_not_keyvault_refs_only") redaction = set(contract.get("proof_redaction_policy", {}).get("forbidden_in_core_or_proof", [])) missing_redaction = sorted(REQUIRED_REDACTION_TERMS - redaction) if missing_redaction: errors.append(f"contract_redaction_missing:{','.join(missing_redaction)}") states = set(contract.get("readiness_states", [])) for state in ["ready", "degraded", "pending", "blocked", "disabled"]: if state not in states: errors.append(f"contract_readiness_state_missing:{state}") surfaces = contract.get("surfaces", []) surface_names = {surface.get("name") for surface in surfaces} missing_surfaces = sorted(REQUIRED_SURFACES - surface_names) if missing_surfaces: errors.append(f"contract_surfaces_missing:{','.join(missing_surfaces)}") for surface in surfaces: name = surface.get("name", "") if not surface.get("capability_package"): errors.append(f"surface_missing_capability_package:{name}") if not isinstance(surface.get("allowed_effects"), list): errors.append(f"surface_allowed_effects_not_list:{name}") denied = surface.get("denied_effects") if not isinstance(denied, list): errors.append(f"surface_denied_effects_not_list:{name}") elif "orgbrain_write" not in denied: errors.append(f"surface_orgbrain_write_not_denied:{name}") if not surface.get("confirmation"): errors.append(f"surface_missing_confirmation_policy:{name}") binding = load_json("docs/contracts/personal-agent-bluebubbles-binding.json", errors) if binding: if binding.get("profile_identity") != "personal-agent": errors.append("bluebubbles_binding_profile_identity_not_personal_agent") if binding.get("surface") != "imessage.read": errors.append("bluebubbles_binding_surface_not_imessage_read") package = binding.get("capability_package", {}) if package.get("id") != "bluebubbles": errors.append("bluebubbles_binding_package_not_bluebubbles") if package.get("package_surface") != "bluebubbles.imessage.readonly": errors.append("bluebubbles_binding_package_surface_not_readonly") if package.get("live_connector") != "hermes-agent": errors.append("bluebubbles_binding_live_connector_not_hermes") if package.get("profile_local_connector_allowed") is not False: errors.append("bluebubbles_binding_profile_local_connector_not_denied") if package.get("duplicate_connector_allowed") is not False: errors.append("bluebubbles_binding_duplicate_connector_not_denied") policy = binding.get("binding_policy", {}) for key in [ "profile_consumes_package", "package_owns_runtime_wrapper", "package_owns_readonly_adapter", "package_owns_redacted_health", "package_owns_seed_candidate", "profile_owns_surface_exposure", ]: if policy.get(key) is not True: errors.append(f"bluebubbles_binding_policy_not_true:{key}") if policy.get("profile_runtime_readiness_claimed") is not False: errors.append("bluebubbles_binding_profile_runtime_readiness_claimed") memory = binding.get("memory_policy", {}) if memory.get("target") != "secondbrain-personal": errors.append("bluebubbles_binding_memory_target_not_secondbrain_personal") if "orgbrain" not in memory.get("forbidden", []): errors.append("bluebubbles_binding_orgbrain_not_forbidden") if "proposal-only" not in memory.get("durable_write_policy", ""): errors.append("bluebubbles_binding_memory_not_proposal_only") denied = set(binding.get("denied_effects", [])) for effect in [ "send_message", "read_receipt", "mark_read", "attachment_content_download", "secondbrain_durable_write", "orgbrain_write", "browser_full_control", ]: if effect not in denied: errors.append(f"bluebubbles_binding_denied_effect_missing:{effect}") forbidden_fields = set(binding.get("proof_policy", {}).get("forbidden_fields", [])) for field in ["raw_messages", "message_text", "endpoint_payloads", "credentials", "secret_values"]: if field not in forbidden_fields: errors.append(f"bluebubbles_binding_forbidden_field_missing:{field}") evidence = binding.get("bluebubbles_package_evidence", {}) if evidence.get("validator_command") != "python3 tools/validate_bluebubbles_child.py": errors.append("bluebubbles_binding_validator_command_missing") if evidence.get("validator_result_observed") != "ok": errors.append("bluebubbles_binding_validator_result_not_ok") if evidence.get("runtime_claims_from_validator") is not False: errors.append("bluebubbles_binding_runtime_claims_not_false") refs = set(evidence.get("referenced_artifacts", [])) for ref in [ "contracts/personal-agent-imessage-readonly-contract.json", "contracts/runtime-compliance-boundary.json", "contracts/secondbrain-proposal-envelope-contract.json", ]: if ref not in refs: errors.append(f"bluebubbles_binding_reference_missing:{ref}") proton = load_json("docs/contracts/personal-agent-proton-rclone-package.json", errors) if proton: if proton.get("schema_version") != "personal-agent-proton-rclone-package/v1": errors.append("proton_rclone_schema_version_invalid") if proton.get("status") != "package-candidate-unregistered": errors.append("proton_rclone_status_not_package_candidate") if proton.get("package_id") != "proton-rclone": errors.append("proton_rclone_package_id_invalid") if proton.get("profile_identity") != "personal-agent": errors.append("proton_rclone_profile_identity_not_personal_agent") if proton.get("display_name") != "Steev": errors.append("proton_rclone_display_name_not_steev") for key in [ "child_workspace_registered", "package_runtime_readiness_claimed", "profile_runtime_readiness_claimed", "seed_readiness_claimed", "core_promotion_claimed", ]: if proton.get(key) is not False: errors.append(f"proton_rclone_overclaim:{key}") boundary = proton.get("authority_boundary", {}) if boundary.get("profile_owns_surface_exposure") is not True: errors.append("proton_rclone_profile_surface_boundary_missing") if boundary.get("package_candidate_owns_runtime_inventory") is not True: errors.append("proton_rclone_inventory_boundary_missing") if boundary.get("legacy_repositories_are_reference_only") is not True: errors.append("proton_rclone_legacy_reference_boundary_missing") if boundary.get("duplicate_profile_local_connectors_allowed") is not False: errors.append("proton_rclone_duplicate_connectors_allowed") memory = proton.get("memory_policy", {}) if memory.get("target") != "secondbrain-personal": errors.append("proton_rclone_memory_target_not_secondbrain_personal") if "orgbrain" not in memory.get("forbidden", []): errors.append("proton_rclone_orgbrain_not_forbidden") if "proposal-only" not in memory.get("durable_write_policy", ""): errors.append("proton_rclone_memory_not_proposal_only") credential = proton.get("credential_policy", {}) if credential.get("mode") != "keyvault-reference-names-only": errors.append("proton_rclone_credential_mode_invalid") if credential.get("secret_values_in_contract") is not False: errors.append("proton_rclone_secret_values_allowed") if credential.get("credential_mutation_allowed") is not False: errors.append("proton_rclone_credential_mutation_allowed") surfaces = proton.get("surfaces", []) surface_names = {surface.get("name") for surface in surfaces} missing_surfaces = sorted(REQUIRED_PROTON_RCLONE_SURFACES - surface_names) if missing_surfaces: errors.append(f"proton_rclone_surfaces_missing:{','.join(missing_surfaces)}") readiness_by_surface = {surface.get("name"): surface.get("readiness") for surface in surfaces} if readiness_by_surface.get("drive.read") != "degraded": errors.append("proton_rclone_drive_read_not_degraded") for disabled_surface in [ "mail.send_with_confirmation", "calendar.write_with_confirmation", "contacts.write_with_confirmation", "drive.write_with_confirmation", ]: if readiness_by_surface.get(disabled_surface) != "disabled": errors.append(f"proton_rclone_confirmation_surface_not_disabled:{disabled_surface}") observed_denied: set[str] = set() for surface in surfaces: name = surface.get("name", "") if not surface.get("runtime_route"): errors.append(f"proton_rclone_surface_missing_runtime_route:{name}") if surface.get("readiness") not in {"ready", "degraded", "pending", "blocked", "disabled"}: errors.append(f"proton_rclone_surface_readiness_invalid:{name}") if not isinstance(surface.get("allowed_effects"), list): errors.append(f"proton_rclone_allowed_effects_not_list:{name}") denied = surface.get("denied_effects") if not isinstance(denied, list): errors.append(f"proton_rclone_denied_effects_not_list:{name}") else: observed_denied.update(denied) if "orgbrain_write" not in denied: errors.append(f"proton_rclone_orgbrain_write_not_denied:{name}") if not surface.get("confirmation"): errors.append(f"proton_rclone_confirmation_missing:{name}") missing_denied = sorted(REQUIRED_PROTON_RCLONE_DENIED_EFFECTS - observed_denied) if missing_denied: errors.append(f"proton_rclone_denied_effects_missing:{','.join(missing_denied)}") inventory = proton.get("runtime_inventory", {}) if inventory.get("overall_state") != "degraded": errors.append("proton_rclone_inventory_overall_state_not_degraded") if "MCP facades" not in inventory.get("chosen_runtime_path", ""): errors.append("proton_rclone_inventory_chosen_path_missing_mcp") mcp = {item.get("name"): item.get("observed_status") for item in inventory.get("mcp_servers", [])} for name in ["proton-calendar", "proton-email", "proton-contacts"]: if mcp.get(name) != "enabled": errors.append(f"proton_rclone_mcp_not_enabled:{name}") docker = {item.get("name"): item.get("observed_state") for item in inventory.get("docker_routes", [])} for name in ["sdo-calendar-gate", "sdo-email-gate", "sdo-contacts-gate"]: if name not in docker: errors.append(f"proton_rclone_docker_route_missing:{name}") if docker.get("sdo-email-gate") != "exited-127": errors.append("proton_rclone_email_gate_state_not_captured") if docker.get("sdo-contacts-gate") != "exited-127": errors.append("proton_rclone_contacts_gate_state_not_captured") units = {item.get("name"): item for item in inventory.get("systemd_user_units", [])} if units.get("proton-bridge.service", {}).get("observed_state") != "activating-auto-restart": errors.append("proton_rclone_proton_bridge_gap_not_captured") for unit in ["rclone-rc.service", "rclone-proxy.service"]: if units.get(unit, {}).get("unit_file_state") != "disabled": errors.append(f"proton_rclone_rclone_unit_not_disabled:{unit}") rclone = inventory.get("rclone", {}) if rclone.get("remote") != "proton:": errors.append("proton_rclone_remote_missing") if rclone.get("about_probe") != "ok-redacted": errors.append("proton_rclone_about_probe_not_redacted_ok") if rclone.get("file_names_observed") is not False: errors.append("proton_rclone_file_names_observed") if rclone.get("file_contents_observed") is not False: errors.append("proton_rclone_file_contents_observed") legacy_states = {item.get("path"): item.get("state") for item in proton.get("legacy_sources", [])} for path in [ "/home/svrnty/workspaces/cortex/L4-svrnty.api-proton", "/home/svrnty/workspaces/cortex/L4-svrnty.tool-storage", "/home/svrnty/workspaces/cortex/L5-vendor.lib-proton-bridge", "/home/svrnty/workspaces/cortex/L6-vendor.lib-proton-api", "/home/svrnty/workspaces/cortex/L6-vendor.lib-rclone", ]: if legacy_states.get(path) != "legacy-reference": errors.append(f"proton_rclone_legacy_source_not_reference:{path}") duplicate_states = {item.get("id"): item.get("state") for item in proton.get("duplicate_skill_policy", [])} for skill in ["skills/proton-tools", "proton-access", "proton-mail-operations", "proton-services"]: state = duplicate_states.get(skill, "") if "superseded" not in state: errors.append(f"proton_rclone_duplicate_skill_not_superseded:{skill}") forbidden_fields = set(proton.get("proof_policy", {}).get("forbidden_fields", [])) for field in [ "mail_bodies", "mail_subjects", "contact_details", "calendar_event_details", "drive_file_names", "drive_file_contents", "endpoint_payloads", "credentials", "secret_values", ]: if field not in forbidden_fields: errors.append(f"proton_rclone_forbidden_field_missing:{field}") commands = set(proton.get("observed_commands", [])) for command in [ "hermes -p steev mcp list", "rclone --config /home/svrnty/.config/rclone/rclone.conf listremotes", "rclone --config /home/svrnty/.config/rclone/rclone.conf about proton: --json", ]: if command not in commands: errors.append(f"proton_rclone_observed_command_missing:{command}") remaining_gates = proton.get("remaining_gates", {}) for gate in [ "registered_child_workspace", "email_gate_repair", "contacts_gate_repair", "systemd_bridge_convergence", "secondbrain_durable_apply", "seed_package_pickup", ]: if remaining_gates.get(gate) != "blocked-follow-up": errors.append(f"proton_rclone_remaining_gate_missing:{gate}") memory_route = load_json("docs/contracts/personal-agent-secondbrain-proposal-route.json", errors) if memory_route: if memory_route.get("schema_version") != "personal-agent-secondbrain-proposal-route/v1": errors.append("memory_route_schema_version_invalid") if memory_route.get("status") != "active-profile-memory-proposal-route": errors.append("memory_route_status_invalid") if memory_route.get("route_id") != "personal-agent-secondbrain-proposal-route": errors.append("memory_route_id_invalid") if memory_route.get("profile_identity") != "personal-agent": errors.append("memory_route_profile_identity_not_personal_agent") if memory_route.get("display_name") != "Steev": errors.append("memory_route_display_name_not_steev") if memory_route.get("target_memory_domain") != "secondbrain-personal": errors.append("memory_route_target_not_secondbrain_personal") if memory_route.get("target_domain_term") != "Personal Memory Domain": errors.append("memory_route_domain_term_invalid") if "orgbrain" not in memory_route.get("forbidden_memory_domains", []): errors.append("memory_route_orgbrain_not_forbidden") for key in [ "durable_write_allowed", "direct_write_allowed", "profile_runtime_readiness_claimed", "secondbrain_runtime_readiness_claimed", "seed_readiness_claimed", ]: if memory_route.get(key) is not False: errors.append(f"memory_route_overclaim:{key}") boundary = memory_route.get("authority_boundary", {}) for key in [ "profile_owns_source_surface_exposure", "secondbrain_owns_personal_memory_domain", "curator_owns_hygiene_review_queue", "capability_packages_emit_proposals_only", ]: if boundary.get(key) is not True: errors.append(f"memory_route_boundary_missing:{key}") if boundary.get("apply_owner") != "secondbrain": errors.append("memory_route_apply_owner_not_secondbrain") if boundary.get("hygiene_owner") != "curator": errors.append("memory_route_hygiene_owner_not_curator") source_routes = memory_route.get("source_routes", []) source_surface_names = {route.get("source_surface") for route in source_routes} missing_sources = sorted(REQUIRED_MEMORY_SOURCE_SURFACES - source_surface_names) if missing_sources: errors.append(f"memory_route_source_surfaces_missing:{','.join(missing_sources)}") for route in source_routes: surface = route.get("source_surface", "") if route.get("capability_package") not in {"bluebubbles", "proton-rclone"}: errors.append(f"memory_route_bad_capability_package:{surface}") if not str(route.get("proposal_type", "")).startswith("secondbrain.memory.propose_"): errors.append(f"memory_route_bad_proposal_type:{surface}") if route.get("target_lifecycle_state") != "inbox": errors.append(f"memory_route_lifecycle_not_inbox:{surface}") allowed = route.get("allowed_effects") if not isinstance(allowed, list) or "emit_redacted_proposal" not in allowed: errors.append(f"memory_route_redacted_proposal_not_allowed:{surface}") denied = route.get("denied_effects") if not isinstance(denied, list): errors.append(f"memory_route_denied_effects_not_list:{surface}") else: for effect in ["durable_memory_write", "orgbrain_write"]: if effect not in denied: errors.append(f"memory_route_denied_effect_missing:{surface}:{effect}") envelope = memory_route.get("proposal_envelope_contract", {}) if envelope.get("schema_version") != "personal-agent.secondbrain.proposal-envelope.v1": errors.append("memory_route_envelope_schema_invalid") fields = set(envelope.get("required_fields", [])) missing_fields = sorted(REQUIRED_PROPOSAL_ENVELOPE_FIELDS - fields) if missing_fields: errors.append(f"memory_route_envelope_fields_missing:{','.join(missing_fields)}") if envelope.get("target_memory_domain") != "secondbrain-personal": errors.append("memory_route_envelope_target_invalid") if envelope.get("approval_state") != "pending": errors.append("memory_route_envelope_approval_not_pending") if envelope.get("raw_payload_in_core_or_profile_proof") is not False: errors.append("memory_route_envelope_allows_raw_payload_proof") if envelope.get("durable_apply_authorized_by_envelope") is not False: errors.append("memory_route_envelope_authorizes_apply") apply_policy = memory_route.get("apply_policy", {}) if apply_policy.get("apply_route") != "Secondbrain governed memory write path": errors.append("memory_route_apply_policy_route_invalid") if apply_policy.get("apply_allowed_now") is not False: errors.append("memory_route_apply_allowed_now") if apply_policy.get("requires_secondbrain_validator") != "python3 tools/validate_secondbrain_child.py": errors.append("memory_route_secondbrain_validator_missing") for key in [ "requires_focused_secondbrain_gate", "requires_human_or_governed_approval", "requires_local_evidence_and_handoff", ]: if apply_policy.get(key) is not True: errors.append(f"memory_route_apply_policy_missing:{key}") if apply_policy.get("push_allowed") is not False: errors.append("memory_route_apply_policy_allows_push") cases = {case.get("case"): case.get("result") for case in memory_route.get("rejection_cases", [])} expected_cases = { "target_orgbrain": "rejected", "direct_durable_write": "rejected", "raw_payload_in_core_or_profile_proof": "rejected", "apply_without_approval": "blocked", } for case, result in expected_cases.items(): if cases.get(case) != result: errors.append(f"memory_route_rejection_case_missing:{case}") refs = set(memory_route.get("referenced_secondbrain_contracts", [])) for ref in [ "../secondbrain/docs/integration/2026-06-09-secondbrain-personal-memory-domain-runtime-contract.md", "../secondbrain/docs/integration/2026-06-09-secondbrain-governed-agent-retrieval-contract.md", "../secondbrain/docs/integration/2026-06-09-secondbrain-governed-memory-write-path-contract.md", "../secondbrain/docs/integration/2026-06-09-secondbrain-curator-hygiene-queue-contract.md", "../secondbrain/docs/integration/2026-06-09-secondbrain-hermes-runtime-boundary.md", ]: if ref not in refs: errors.append(f"memory_route_secondbrain_ref_missing:{ref}") forbidden_fields = set(memory_route.get("proof_policy", {}).get("forbidden_fields", [])) for field in [ "raw_messages", "message_text", "mail_bodies", "contact_details", "calendar_event_details", "drive_file_names", "endpoint_payloads", "credentials", "secret_values", ]: if field not in forbidden_fields: errors.append(f"memory_route_forbidden_field_missing:{field}") remaining_gates = memory_route.get("remaining_gates", {}) for gate in [ "secondbrain_durable_apply", "curator_hygiene_apply_review", "desktop_adapter_exposure", "runtime_health_proof", "seed_package_pickup", ]: if remaining_gates.get(gate) != "blocked-follow-up": errors.append(f"memory_route_remaining_gate_missing:{gate}") for rel in ["AGENT.md", "CONTRACT.md", "DISCLOSURE.md", "README.md", "docs/STEEV-MASTER.md"]: path = ROOT / rel if not path.exists(): continue text = path.read_text(encoding="utf-8") if "personal-agent" not in text: errors.append(f"visible_personal_agent_note_missing:{rel}") if "display name" not in text and "display/distribution alias" not in text: errors.append(f"visible_display_alias_note_missing:{rel}") supersession = ROOT / "docs/supersession/2026-06-14-personal-agent-context-runtime-supersession-register.md" if supersession.exists(): text = supersession.read_text(encoding="utf-8") for snippet in [ "active-authority", "active-alias", "active-capability-package", "Personal-agent BlueBubbles binding", "Proton/rclone package candidate", "Personal-agent Secondbrain proposal route", "superseded", "legacy-reference", "blocked-follow-up", "secondbrain-personal", "`orgbrain` as denied", "PACR-010", ]: if snippet not in text: errors.append(f"supersession_missing:{snippet}") for stale in ["SPCR-", "steev-personal-context-runtime"]: if stale in text: errors.append(f"supersession_stale_reference:{stale}") result = { "ok": not errors, "validator": "personal-agent-profile-distribution-v4", "checked": REQUIRED, "errors": errors, "warnings": [], } print(json.dumps(result, indent=2, sort_keys=True)) return 0 if result["ok"] else 1 if __name__ == "__main__": raise SystemExit(main())