# Steev profile distribution manifest — machine-readable identity + install contract. # Read by install.sh. Convention shared by all Hermes profile distributions # (see ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md — the canonical protocol). profile: steev # Hermes profile name (personal — no org suffix per FRAMEWORK §6.1) kind: profile-distribution # family marker; steev = personal-assistant reference impl role: personal-assistant # function — Chief of Staff for one principal (JP) # org: ~ # intentionally omitted — steev is personal/agnostic version: 1.0.0 identity: AGENT.md # WHO (role, mission, boundaries) contract: CONTRACT.md # behavior contract — tier T1 (this file wins) reference: docs/STEEV-MASTER.md # full operating source of truth # Governance — owner + vision + rules linked to SOT (PROFILE-DISTRIBUTION-PROTOCOL §2.2). # Steev is JP-scoped personal; no brand_master_ref (not org-bound). governance: org: personal owner: jp approval_authority: jp vision_refs: - ../sot/01-ROADMAP/CORTEX-OS-ROADMAP.md - ../sot/02-FRAMEWORK/CORTEX-OS-FRAMEWORK.md governing_protocols: - ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md standards: - ../sot/04-STANDARDS/FRONTMATTER-SPEC.md - ../sot/04-STANDARDS/SOT-ENFORCEMENT.md # brand_master_ref omitted — Steev serves JP personally, not a brand/org north_star: "keep JP unblocked — surface what needs attention, draft in JP voice, delegate business work to CEO" skills: # exposed to Hermes via skills.external_dirs (→ /skills) - skills/steev-agent # orchestrator — daily briefing, inbox triage, comms drafting, # business delegation to ceo-planb - skills/proton-tools # Proton Calendar + Email + Contacts (24-tool reference) — # uses the 3 cortex MCP servers (proton-calendar/-email/-contacts) # Role tools = scripts at repo root (the "lib"), reached through credbridge. # Personal-flow surface only; Plan B marketing CLIs out of scope (cmo-planb owns those). lib: - credbridge.sh # credctl → env → google-workspace / proton-bridge / perplexity - validate_access.sh # PASS / BLOCKED / FAIL per credential per §7 # Hermes built-in / external skills Steev reuses but does NOT vendor (per CLAUDE.md # "reuse existing core skills"). Informational — these come from Hermes' global skills # tree (~/.hermes/skills/) or external skill libraries the principal already installed. expected_external_skills: - google-workspace # Gmail + Calendar + Contacts - obsidian # ~/vaults/steev PKM - himalaya # IMAP/SMTP via proton-bridge sidecar - perplexity # WebSearch toolset (lightweight; MCP preferred) # macOS-only skills (Wave 8 Q10): install.sh F7 emits info on non-Darwin hosts. - name: apple-notes os_constraint: darwin - name: apple-reminders os_constraint: darwin - name: imessage os_constraint: darwin # MCP servers Steev consumes. Names match runtime-prefixed form (mcp__). optional_tools: - mcp_proton_calendar # 8-tool Proton Calendar facade - mcp_proton_email # 10-tool Proton Email facade - mcp_proton_contacts # 6-tool Proton Contacts facade - mcp_perplexity # research / WebSearch (key held by MCP server, not credbridge) requires_tools: [terminal, memory_tool] credentials: # validated by validate_access.sh # Wave 8 (2026-05-24): aligned with vault exact-match per DISCLOSURE-SCHEMA §4.5. # google-workspace removed — builtin manages its own OAuth via Hermes hub (not credctl vault). - name: proton-bridge-imap-user purpose: Proton Bridge IMAP/SMTP username (himalaya path) resolved_via: credbridge.sh - name: proton-bridge-imap-pass purpose: Proton Bridge IMAP/SMTP password (himalaya path) resolved_via: credbridge.sh - name: perplexity purpose: Perplexity API key for raw WebSearch (MCP path preferred) resolved_via: credbridge.sh - name: proton-account-email purpose: Proton account email (consumed by proton-email MCP server) resolved_via: credbridge.sh - name: proton-account-password purpose: Proton account password (consumed by proton-email MCP server) resolved_via: credbridge.sh - name: proton-mailbox-password purpose: Proton mailbox E2E key for mail decryption (consumed by proton-email MCP server) resolved_via: credbridge.sh db: file: steev.db # runtime state; created from schema.sql; never committed schema: schema.sql # briefings + inbox_items + invocations + agent_runtime cron: - id: steev-daily-briefing schedule: "30 6 * * *" # 06:30 local — well before JP's start of day skill: steev-agent input: { mode: daily-briefing } disabled_on_install: true # ships disabled per profile protocol §6 (Safety) template: cron/steev-daily-briefing.json.template sovereignty: llm_model: qwen-local/qwen3.6-35b-a3b host: dgx-spark external_api_dependencies: - perplexity # WebSearch only; build-time research path. Daily briefing scan uses 1-2 items. # Disclosure block — runtime-truth contract per sot/04-STANDARDS/DISCLOSURE-SCHEMA.md. # Wave-4 apply (2026-05-24). Closes Wave-1 audit findings: # - HARD-RULE FIX: REMOVE bte MCP (Plan B marketing infra; CLAUDE.md:14 forbids # access — steev is JP-personal-scope). # - DENY 17 silently-inherited builtin skills (only kanban-worker kept for CEO # delegation transport). # - Personal-scope discriminator fields (scope/delegates_to) populated. # Pre-push hook check 6 enforces this == live `hermes -p steev …` runtime. disclosure: scope: personal schema_version: 2 delegates_to: [ceo-planb] # business work routed to CEO via kanban inherit_builtins: false # deny Hermes 84-builtin default; allowlist below inherit_mcp_toolsets: false # deny host MCP propagation (closes bte leak) sovereign_only: false # perplexity (hosted) intentionally called for WebSearch inherit_dirs: [] external_orchestrators: [] # steev has no exec'd orchestrators (no sandcastle equiv) skills: - id: steev-agent source: local path: skills/steev-agent role: orchestrator - id: proton-tools source: local path: skills/proton-tools role: toolkit justification: "24-tool Proton facade (Calendar+Email+Contacts) — JP-personal comms surface" - id: assistant-identity source: builtin role: utility justification: "live enabled Hermes profile skill surfaced by disclosure drift gate" - id: proton-access source: builtin role: utility justification: "live enabled Hermes profile skill surfaced by disclosure drift gate" - id: proton-mail-operations source: builtin role: utility justification: "live enabled Hermes profile skill surfaced by disclosure drift gate" - id: proton-services source: builtin role: utility justification: "live enabled Hermes profile skill surfaced by disclosure drift gate" - id: google-workspace source: builtin path: productivity/google-workspace role: engine justification: "Gmail+Calendar+Contacts for daily briefing + inbox triage (manifest L46)" - id: obsidian source: builtin path: note-taking/obsidian role: engine justification: "PKM vault at ~/vaults/steev (CLAUDE.md L17)" - id: himalaya source: builtin path: email/himalaya role: engine justification: "IMAP/SMTP via proton-bridge (manifest L50)" - id: kanban-worker source: builtin path: devops/kanban-worker role: engine justification: "CEO delegation transport — steev → ceo-planb (steev-agent SKILL.md L83)" - id: webwright source: builtin role: utility justification: "live enabled Hermes builtin surfaced by disclosure drift gate" mcp_servers: - name: proton-calendar description: "Proton Calendar facade" tools: - calendar_list - calendar_events - calendar_upcoming - calendar_search - calendar_event_get - calendar_create - calendar_update - calendar_delete - name: proton-email description: "Proton Email facade" tools: - email_folders - email_list - email_read - email_search - email_send - email_reply - email_forward - email_archive - email_mark_read - email_mark_unread - name: proton-contacts description: "Proton Contacts facade" tools: - contacts_list - contacts_search - contacts_get - contacts_create - contacts_update - contacts_delete # DENY-BY-DEFAULT: bte removed (hard-rule fix). # mcp_perplexity intentionally omitted from disclosure until it is # registered in the live Hermes MCP list and can be introspected. sovereign_apis: [] # 0 direct HTTP/gRPC calls (per audit §3) cortex_tools: [] # steev does not consume cortex/L6-* or cortex/PG-* credentials: # Wave 8 (2026-05-24) — aligned with vault per DISCLOSURE-SCHEMA §4.5 (exact-match). # google-workspace removed (Hermes builtin self-manages OAuth, not in credctl vault). - vault_name: proton-bridge-imap-user status: required scope: read used_by: [credbridge.sh] governance: "JP-personal; local Proton Bridge IMAP/SMTP username (himalaya path)" - vault_name: proton-bridge-imap-pass status: required scope: read used_by: [credbridge.sh] governance: "JP-personal; local Proton Bridge IMAP/SMTP password (himalaya path)" - vault_name: perplexity status: optional scope: read used_by: [credbridge.sh] governance: "JP-personal; WebSearch fallback (MCP path preferred)" - vault_name: proton-account-email status: required scope: read used_by: [credbridge.sh, mcp_proton_email] governance: "JP-personal; Proton account email (consumed by proton-email MCP server)" - vault_name: proton-account-password status: required scope: read used_by: [credbridge.sh, mcp_proton_email] governance: "JP-personal; Proton account password (consumed by proton-email MCP server)" - vault_name: proton-mailbox-password status: required scope: read used_by: [credbridge.sh, mcp_proton_email] governance: "JP-personal; Proton mailbox E2E key for mail decryption"