---
name: disclosure-steev
tier: T2
status: active
owner: jp
source: generated
last_reviewed: 2026-05-24
review_by: 2026-08-22
depends_on:
  - disclosure-schema
  - profile-distribution-protocol
description: Canonical disclosure of steev — exposed skills + MCP + sovereign APIs + cortex tools + credentials. Drift-checked vs live runtime by pre-push hook check 6.
auto_regen_cmd: "yq '.disclosure' manifest.yaml | <renderer-script>"
---

# `steev` — Disclosure

> Live as of `2026-05-24`. Source: `steev/manifest.yaml → disclosure:` block. Pre-push hook check 6 (curator/lib/pre-push.sh) enforces this == live `hermes -p steev` runtime.

## §1 Identity

| Field | Value |
|---|---|
| Profile ID | `steev` |
| Repo | `/home/svrnty/workspaces/hermes/steev/` |
| Scope | `personal` |
| Org | `personal` |
| Owner | `jp` |
| Approval authority | `jp` |
| Role type | `personal-assistant` (Chief of Staff) |
| State | `stateful` (`steev.db` runtime-only, never committed) |
| Version | `1.0.0` |
| North star | keep JP unblocked — surface what needs attention, draft in JP voice, delegate business work to CEO |
| Chat-facing | `true` |
| Delegates to | `ceo-planb` |
| Sovereign-only | `false` |

## §2 Inheritance posture

| Field | Value | Rationale |
|---|---|---|
| `inherit_builtins` | `false` | Closes Wave-1 finding: 18 silently-enabled builtins (only `kanban-worker` cited in steev/ code — kept via explicit allowlist) |
| `inherit_mcp_toolsets` | `false` | **CLAUDE.md hard-rule fix.** Closes Wave-1 finding: `bte` MCP silently leaked from host. `bte` = Plan B marketing platform — forbidden to steev per `steev/CLAUDE.md:14` ("No access to Plan B marketing platform credentials (CMO-only)") |
| `inherit_dirs` | none | No external-dir skill bundles narrowed in |
| `sovereign_only` | `false` | steev intentionally calls Perplexity (hosted) for lightweight WebSearch per `manifest.yaml:90` — disclosed honestly |

## §3 Skills (6)

Per `disclosure.skills` enum. Each row matches `hermes -p steev skills list` enabled set (pre-push check 6.a enforces).

| ID | Source | Role | Sovereign-req | Hosted-API | Justification |
|---|---|---|---|---|---|
| `steev-agent` | local | orchestrator | — | — | Orchestrator — daily briefing, inbox triage, comms drafting, delegate-to-CEO |
| `proton-tools` | local | toolkit | — | — | 24-tool Proton facade (Calendar+Email+Contacts) — JP-personal comms surface |
| `google-workspace` | builtin | engine | — | — | Gmail+Calendar+Contacts for daily briefing + inbox triage (manifest L46) |
| `obsidian` | builtin | engine | — | — | PKM vault at `~/vaults/steev` (CLAUDE.md L17) |
| `himalaya` | builtin | engine | — | — | IMAP/SMTP via proton-bridge (manifest L50) |
| `kanban-worker` | builtin | engine | — | — | CEO delegation transport — steev → ceo-planb (steev-agent SKILL.md L83) |

**Totals.** 6 skills total. Source breakdown: 2 local, 0 hub, 4 builtin, 0 external_dir.

**Wave-1 → Wave-4 delta.** Live `hermes -p steev skills list` showed 21 enabled (2 local + 18 builtins +/- the 7 declared external set). Wave-4 narrows to 6 — drops 17 inherited builtins (15 uncited; 8 of the 17 are CONTRACT.md §9 v2+ REUSE candidates re-added when v2 lands).

## §4 MCP servers (0)

No MCP servers exposed — deny-by-default allowlist is empty.

**Wave-1 → Wave-4 delta.** Live `hermes -p steev mcp list` showed `bte` registered + enabled (silently inherited via host-global `agent.inherit_mcp_toolsets: true`). Wave-4 sets `inherit_mcp_toolsets: false` and omits `bte` from the allowlist — **resolves CLAUDE.md hard-rule violation**. Four manifest-declared MCP installs (`mcp_proton_calendar`, `mcp_proton_email`, `mcp_proton_contacts`, `mcp_perplexity`) are NOT registered today; ADD-back deferred (see §12).

## §5 Sovereign APIs (0)

No direct HTTP/gRPC sovereign API calls. Indirect access flows through the (currently unregistered) Proton/Perplexity MCP servers.

## §6 Cortex tools (0)

No `cortex/L6-*` or `cortex/PG-*` libraries consumed at runtime. `lib/` scripts (`credbridge.sh`, `validate_access.sh`) are repo-local utility shims, not cortex tools.

## §7 Credentials (3 declared)

Per `disclosure.credentials` allowlist. Names + scopes only — NEVER values. Pre-push check 6.d enforces vault_name exact-match.

| Vault name | Status | Scope | Used by | Governance |
|---|---|---|---|---|
| `google-workspace` | required | read-write | `credbridge.sh` | JP-personal; Gmail+Calendar+Contacts for briefing + inbox triage |
| `proton-bridge-imap` | required | read-write | `credbridge.sh` | JP-personal; local Proton Bridge IMAP/SMTP (himalaya path) |
| `perplexity-api` | optional | read | `credbridge.sh` | JP-personal; WebSearch fallback (MCP path preferred) |

> **PENDING JP REVIEW** — Per Wave-3 recommendations §5a, all three declared names are reported by audit as not exact-matching the vault (`credctl list` shows `proton-bridge-imap-pass`/`-user` split, `perplexity` without `-api`, and `google-workspace` plausibly absent or composite). Cred-rename rows are governance-class W3.4 and require JP decision (manifest-rename vs vault-rename vs bundle-indirection) — surfaced in §12.

## §8 Cron (1)

| Job | Schedule | Skill | Disabled on install |
|---|---|---|---|
| `steev-daily-briefing` | `30 6 * * *` (06:30 local) | `steev-agent` | `true` (per §6 Safety) |

## §9 Drift status

| Surface | Declared | Live (Wave-1) | Status |
|---|---|---|---|
| Skills | 6 | 21 enabled | drift expected post-Wave-4 reinstall → in-sync |
| MCP servers | 0 | 1 (`bte`) | drift — Wave-4 reinstall removes `bte`; pending install.sh patch + reinstall |
| MCP tools (total) | 0 | n/a (`bte` is `all`-tools) | n/a after MCP removal |
| Credentials | 3 | 3 declared, 3 vault-name mismatches | name-canonicalization drift (PENDING JP, §12) |

> Pre-push hook check 6 last run: not yet — Wave-4 inserts the check; first run validates this disclosure after `install.sh` reapplies `disclosure.*` to `~/.hermes/profiles/steev/config.yaml`.

## §10 Sovereign-purity audit

- Steev's owned code (`steev/skills/`, `steev/lib/`): **CLEAN** — only Proton + Google Workspace + Perplexity (last is hosted but `sovereign_only: false` discloses honestly).
- Bundled-skill exposure layer: **CLEAN post-Wave-4** — 17 builtins removed; only 4 builtins allowlisted (google-workspace, obsidian, himalaya, kanban-worker), none hosted-API.
- `sovereign_only: false` — validator rule 6.e does not apply.

## §11 Governance refs

- Vision: `../sot/01-ROADMAP/CORTEX-OS-ROADMAP.md`, `../sot/02-FRAMEWORK/CORTEX-OS-FRAMEWORK.md`
- Governing protocols: `../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md`
- Standards: `../sot/04-STANDARDS/FRONTMATTER-SPEC.md`, `../sot/04-STANDARDS/SOT-ENFORCEMENT.md`, `../sot/04-STANDARDS/DISCLOSURE-SCHEMA.md`
- Brand master ref: omitted (scope: personal) — steev serves JP personally, not a brand/org

## §12 Open issues + next steps (PENDING JP REVIEW)

Rows below are **PAUSED for JP** per W3.4 governance-class rule. Wave-4 applies auto-approved rows only (REMOVE bte MCP + DROP 17 builtins + scaffold disclosure block). JP must mark each PAUSE row approve/reject/edit before next apply wave.

| # | Topic | Recommended action | Why PAUSED |
|---|---|---|---|
| 1 | Personal-scope discriminator values (`chat_facing: true`, `delegates_to: [ceo-planb]`, `sovereign_only: false`) | Confirm values | New disclosure surface; JP confirms intent matches CLAUDE.md L7-L8 + CONTRACT delegation chain |
| 2 | Cred `google-workspace` not in vault | (a) add composite OAuth JSON to vault, OR (b) split manifest into per-cred entries matching vault | Cred binding (W3.4) |
| 3 | Cred `proton-bridge-imap` vs vault `proton-bridge-imap-pass` + `proton-bridge-imap-user` | Rename manifest entry to TWO entries matching vault | Cred binding (W3.4) |
| 4 | Cred `perplexity-api` vs vault `perplexity` | Rename manifest declaration `perplexity-api` → `perplexity` (exact-match per schema §4.5) | Cred binding (W3.4) |
| 5 | 5 vault entries plausibly steev-scope but undeclared (`proton-account-email`, `proton-account-password`, `proton-mailbox-password`, `proton-bridge-imap-pass`, `proton-bridge-imap-user`) | ADD to `disclosure.credentials` after MCP install confirms which are consumed | Cred binding (W3.4); also depends on MCP install (row 6) |
| 6 | 4 declared MCP servers absent from `hermes mcp list` (`mcp_proton_calendar`, `mcp_proton_email`, `mcp_proton_contacts`, `mcp_perplexity`) | Confirm install order — Wave-4 install.sh patch, or deferred | Install gap; cred-adjacent |
| 7 | macOS-only externals (`apple-notes`, `apple-reminders`, `imessage`) in `expected_external_skills` | Gate on OS in `install.sh`, or document as macOS-host-only | OS-platform decision |
| 8 | Pre-push hook check 6 not yet wired (curator/lib/pre-push.sh patch belongs to Wave-5+) | Wire check 6 per DISCLOSURE-SCHEMA §6 | Cross-profile rollup (Wave-5) |

## §13 Related

- [`../sot/04-STANDARDS/DISCLOSURE-SCHEMA.md`](../sot/04-STANDARDS/DISCLOSURE-SCHEMA.md) — schema definition
- [`../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md`](../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md) — protocol disclosure extends
- [`../sot/06-REGISTRY/PROFILE-CATALOG.md`](../sot/06-REGISTRY/PROFILE-CATALOG.md) — fleet rollup (aggregates this doc + 4 siblings)
- [`../sot/06-REGISTRY/audits/AUDIT-steev-2026-05-24.md`](../sot/06-REGISTRY/audits/AUDIT-steev-2026-05-24.md) — Wave-1 discovery
- [`../sot/06-REGISTRY/audits/RECOMMENDATIONS-steev-2026-05-24.md`](../sot/06-REGISTRY/audits/RECOMMENDATIONS-steev-2026-05-24.md) — Wave-3 recommendations
- `./manifest.yaml` — machine-readable `disclosure:` block
- `./AGENT.md` — identity (T2)
- `./CONTRACT.md` — behavior contract (T1)