hermes/steev
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
steev/manifest.yaml
Svrnty aeb17cce22 chore: sync Steev disclosure skills
2026-06-01 09:33:52 -04:00

251 lines
11 KiB
YAML
Raw Permalink Blame History

# Steev profile distribution manifest — machine-readable identity + install contract.
# Read by install.sh. Convention shared by all Hermes profile distributions
# (see ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md — the canonical protocol).
profile: steev # Hermes profile name (personal — no org suffix per FRAMEWORK §6.1)
kind: profile-distribution # family marker; steev = personal-assistant reference impl
role: personal-assistant # function — Chief of Staff for one principal (JP)
# org: ~ # intentionally omitted — steev is personal/agnostic
version: 1.0.0
identity: AGENT.md # WHO (role, mission, boundaries)
contract: CONTRACT.md # behavior contract — tier T1 (this file wins)
reference: docs/STEEV-MASTER.md # full operating source of truth
# Governance — owner + vision + rules linked to SOT (PROFILE-DISTRIBUTION-PROTOCOL §2.2).
# Steev is JP-scoped personal; no brand_master_ref (not org-bound).
governance:
org: personal
owner: jp
approval_authority: jp
vision_refs:
- ../sot/01-ROADMAP/CORTEX-OS-ROADMAP.md
- ../sot/02-FRAMEWORK/CORTEX-OS-FRAMEWORK.md
governing_protocols:
- ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md
standards:
- ../sot/04-STANDARDS/FRONTMATTER-SPEC.md
- ../sot/04-STANDARDS/SOT-ENFORCEMENT.md
# brand_master_ref omitted — Steev serves JP personally, not a brand/org
north_star: "keep JP unblocked — surface what needs attention, draft in JP voice, delegate business work to CEO"
skills: # exposed to Hermes via skills.external_dirs (→ <repo>/skills)
- skills/steev-agent # orchestrator — daily briefing, inbox triage, comms drafting,
# business delegation to ceo-planb
- skills/proton-tools # Proton Calendar + Email + Contacts (24-tool reference) —
# uses the 3 cortex MCP servers (proton-calendar/-email/-contacts)
# Role tools = scripts at repo root (the "lib"), reached through credbridge.
# Personal-flow surface only; Plan B marketing CLIs out of scope (cmo-planb owns those).
lib:
- credbridge.sh # credctl → env → google-workspace / proton-bridge / perplexity
- validate_access.sh # PASS / BLOCKED / FAIL per credential per §7
# Hermes built-in / external skills Steev reuses but does NOT vendor (per CLAUDE.md
# "reuse existing core skills"). Informational — these come from Hermes' global skills
# tree (~/.hermes/skills/) or external skill libraries the principal already installed.
expected_external_skills:
- google-workspace # Gmail + Calendar + Contacts
- obsidian # ~/vaults/steev PKM
- himalaya # IMAP/SMTP via proton-bridge sidecar
- perplexity # WebSearch toolset (lightweight; MCP preferred)
# macOS-only skills (Wave 8 Q10): install.sh F7 emits info on non-Darwin hosts.
- name: apple-notes
os_constraint: darwin
- name: apple-reminders
os_constraint: darwin
- name: imessage
os_constraint: darwin
# MCP servers Steev consumes. Names match runtime-prefixed form (mcp_<server>_<tool>).
optional_tools:
- mcp_proton_calendar # 8-tool Proton Calendar facade
- mcp_proton_email # 10-tool Proton Email facade
- mcp_proton_contacts # 6-tool Proton Contacts facade
- mcp_perplexity # research / WebSearch (key held by MCP server, not credbridge)
requires_tools: [terminal, memory_tool]
credentials: # validated by validate_access.sh
# Wave 8 (2026-05-24): aligned with vault exact-match per DISCLOSURE-SCHEMA §4.5.
# google-workspace removed — builtin manages its own OAuth via Hermes hub (not credctl vault).
- name: proton-bridge-imap-user
purpose: Proton Bridge IMAP/SMTP username (himalaya path)
resolved_via: credbridge.sh
- name: proton-bridge-imap-pass
purpose: Proton Bridge IMAP/SMTP password (himalaya path)
resolved_via: credbridge.sh
- name: perplexity
purpose: Perplexity API key for raw WebSearch (MCP path preferred)
resolved_via: credbridge.sh
- name: proton-account-email
purpose: Proton account email (consumed by proton-email MCP server)
resolved_via: credbridge.sh
- name: proton-account-password
purpose: Proton account password (consumed by proton-email MCP server)
resolved_via: credbridge.sh
- name: proton-mailbox-password
purpose: Proton mailbox E2E key for mail decryption (consumed by proton-email MCP server)
resolved_via: credbridge.sh
db:
file: steev.db # runtime state; created from schema.sql; never committed
schema: schema.sql # briefings + inbox_items + invocations + agent_runtime
cron:
- id: steev-daily-briefing
schedule: "30 6 * * *" # 06:30 local — well before JP's start of day
skill: steev-agent
input: { mode: daily-briefing }
disabled_on_install: true # ships disabled per profile protocol §6 (Safety)
template: cron/steev-daily-briefing.json.template
sovereignty:
llm_model: qwen-local/qwen3.6-35b-a3b
host: dgx-spark
external_api_dependencies:
- perplexity # WebSearch only; build-time research path. Daily briefing scan uses 1-2 items.
# Disclosure block — runtime-truth contract per sot/04-STANDARDS/DISCLOSURE-SCHEMA.md.
# Wave-4 apply (2026-05-24). Closes Wave-1 audit findings:
# - HARD-RULE FIX: REMOVE bte MCP (Plan B marketing infra; CLAUDE.md:14 forbids
# access — steev is JP-personal-scope).
# - DENY 17 silently-inherited builtin skills (only kanban-worker kept for CEO
# delegation transport).
# - Personal-scope discriminator fields (scope/delegates_to) populated.
# Pre-push hook check 6 enforces this == live `hermes -p steev …` runtime.
disclosure:
scope: personal
schema_version: 2
delegates_to: [ceo-planb] # business work routed to CEO via kanban
inherit_builtins: false # deny Hermes 84-builtin default; allowlist below
inherit_mcp_toolsets: false # deny host MCP propagation (closes bte leak)
sovereign_only: false # perplexity (hosted) intentionally called for WebSearch
inherit_dirs: []
external_orchestrators: [] # steev has no exec'd orchestrators (no sandcastle equiv)
skills:
- id: steev-agent
source: local
path: skills/steev-agent
role: orchestrator
- id: proton-tools
source: local
path: skills/proton-tools
role: toolkit
justification: "24-tool Proton facade (Calendar+Email+Contacts) — JP-personal comms surface"
- id: assistant-identity
source: builtin
role: utility
justification: "live enabled Hermes profile skill surfaced by disclosure drift gate"
- id: proton-access
source: builtin
role: utility
justification: "live enabled Hermes profile skill surfaced by disclosure drift gate"
- id: proton-mail-operations
source: builtin
role: utility
justification: "live enabled Hermes profile skill surfaced by disclosure drift gate"
- id: proton-services
source: builtin
role: utility
justification: "live enabled Hermes profile skill surfaced by disclosure drift gate"
- id: google-workspace
source: builtin
path: productivity/google-workspace
role: engine
justification: "Gmail+Calendar+Contacts for daily briefing + inbox triage (manifest L46)"
- id: obsidian
source: builtin
path: note-taking/obsidian
role: engine
justification: "PKM vault at ~/vaults/steev (CLAUDE.md L17)"
- id: himalaya
source: builtin
path: email/himalaya
role: engine
justification: "IMAP/SMTP via proton-bridge (manifest L50)"
- id: kanban-worker
source: builtin
path: devops/kanban-worker
role: engine
justification: "CEO delegation transport — steev → ceo-planb (steev-agent SKILL.md L83)"
- id: webwright
source: builtin
role: utility
justification: "live enabled Hermes builtin surfaced by disclosure drift gate"
mcp_servers:
- name: proton-calendar
description: "Proton Calendar facade"
tools:
- calendar_list
- calendar_events
- calendar_upcoming
- calendar_search
- calendar_event_get
- calendar_create
- calendar_update
- calendar_delete
- name: proton-email
description: "Proton Email facade"
tools:
- email_folders
- email_list
- email_read
- email_search
- email_send
- email_reply
- email_forward
- email_archive
- email_mark_read
- email_mark_unread
- name: proton-contacts
description: "Proton Contacts facade"
tools:
- contacts_list
- contacts_search
- contacts_get
- contacts_create
- contacts_update
- contacts_delete
# DENY-BY-DEFAULT: bte removed (hard-rule fix).
# mcp_perplexity intentionally omitted from disclosure until it is
# registered in the live Hermes MCP list and can be introspected.
sovereign_apis: [] # 0 direct HTTP/gRPC calls (per audit §3)
cortex_tools: [] # steev does not consume cortex/L6-* or cortex/PG-*
credentials:
# Wave 8 (2026-05-24) — aligned with vault per DISCLOSURE-SCHEMA §4.5 (exact-match).
# google-workspace removed (Hermes builtin self-manages OAuth, not in credctl vault).
- vault_name: proton-bridge-imap-user
status: required
scope: read
used_by: [credbridge.sh]
governance: "JP-personal; local Proton Bridge IMAP/SMTP username (himalaya path)"
- vault_name: proton-bridge-imap-pass
status: required
scope: read
used_by: [credbridge.sh]
governance: "JP-personal; local Proton Bridge IMAP/SMTP password (himalaya path)"
- vault_name: perplexity
status: optional
scope: read
used_by: [credbridge.sh]
governance: "JP-personal; WebSearch fallback (MCP path preferred)"
- vault_name: proton-account-email
status: required
scope: read
used_by: [credbridge.sh, mcp_proton_email]
governance: "JP-personal; Proton account email (consumed by proton-email MCP server)"
- vault_name: proton-account-password
status: required
scope: read
used_by: [credbridge.sh, mcp_proton_email]
governance: "JP-personal; Proton account password (consumed by proton-email MCP server)"
- vault_name: proton-mailbox-password
status: required
scope: read
used_by: [credbridge.sh, mcp_proton_email]
governance: "JP-personal; Proton mailbox E2E key for mail decryption"
Reference in New Issue View Git Blame Copy Permalink