2db2d26250
Closes the largest set of PROFILE-DISTRIBUTION-PROTOCOL §7 readiness gaps
surfaced in the 2026-05-23 audit. Profile goes from 4/8 to expected 8/8
once skills/proton-tools/ is committed.
New files:
credbridge.sh Personal-assistant variant of the shared-core
credbridge pattern. Three credentials in scope:
google-workspace (Gmail/Calendar/Contacts),
proton-bridge (himalaya IMAP/SMTP), perplexity
(raw WebSearch). Plan B marketing platforms
explicitly OUT OF SCOPE per CLAUDE.md hard rule.
validate_access.sh Emits PASS/BLOCKED/FAIL JSON line per credential.
Sourceable from install.sh and standalone. Exit
code always 0; status is in the JSON.
distribution.yaml Native Hermes install contract (`hermes profile
install` reads this). Mirrors cmo/ceo pattern.
Documents personal/agnostic naming exception
per FRAMEWORK §6.1 — no org suffix because there
is exactly one principal.
cron/steev-daily-briefing.json.template
06:30 daily briefing skeleton, ships disabled.
Aggregates calendar + flagged emails + due tasks
+ carried items + brief news scan into a single
digest in JP's voice. NEVER auto-sends, NEVER
touches business comms (CEO → CMO surface).
manifest.yaml fully rewritten:
- Added `contract: CONTRACT.md` pointer (was missing)
- Added inline comment explaining intentional `org:` omission
- Declared skills/proton-tools (on disk via JP's untracked WIP; declared
here so manifest matches disk truth once JP commits it)
- Added `lib:` block (credbridge.sh + validate_access.sh)
- Added `expected_external_skills:` informational list (google-workspace,
apple-*, obsidian, himalaya, imessage, perplexity) — these come from
Hermes' global skills tree per CLAUDE.md "reuse existing core skills"
- Added `optional_tools:` block (4 MCP servers: proton-calendar/-email/
-contacts, perplexity)
- Added `credentials:` block listing the 3 creds + resolution path
- Promoted `cron:` from empty list to a single steev-daily-briefing
entry (disabled_on_install: true)
- Added `sovereignty:` block (qwen3.6-35b-a3b on DGX Spark)
CONTRACT.md frontmatter migrated from legacy `tier: S` to T1 per
FRONTMATTER-SPEC. Added required fields (name, last_reviewed,
description, depends_on).
skills/proton-tools/ left untracked — that's JP's WIP, not mine to
commit.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
74 lines
3.9 KiB
YAML
74 lines
3.9 KiB
YAML
# Steev profile distribution manifest — machine-readable identity + install contract.
|
|
# Read by install.sh. Convention shared by all Hermes profile distributions
|
|
# (see ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md — the canonical protocol).
|
|
profile: steev # Hermes profile name (personal — no org suffix per FRAMEWORK §6.1)
|
|
kind: profile-distribution # family marker; steev = personal-assistant reference impl
|
|
role: personal-assistant # function — Chief of Staff for one principal (JP)
|
|
# org: ~ # intentionally omitted — steev is personal/agnostic
|
|
version: 1.0.0
|
|
identity: AGENT.md # WHO (role, mission, boundaries)
|
|
contract: CONTRACT.md # behavior contract — tier T1 (this file wins)
|
|
reference: docs/STEEV-MASTER.md # full operating source of truth
|
|
|
|
skills: # exposed to Hermes via skills.external_dirs (→ <repo>/skills)
|
|
- skills/steev-agent # orchestrator — daily briefing, inbox triage, comms drafting,
|
|
# business delegation to ceo-planb
|
|
- skills/proton-tools # Proton Calendar + Email + Contacts (24-tool reference) —
|
|
# uses the 3 cortex MCP servers (proton-calendar/-email/-contacts)
|
|
|
|
# Role tools = scripts at repo root (the "lib"), reached through credbridge.
|
|
# Personal-flow surface only; Plan B marketing CLIs out of scope (cmo-planb owns those).
|
|
lib:
|
|
- credbridge.sh # credctl → env → google-workspace / proton-bridge / perplexity
|
|
- validate_access.sh # PASS / BLOCKED / FAIL per credential per §7
|
|
|
|
# Hermes built-in / external skills Steev reuses but does NOT vendor (per CLAUDE.md
|
|
# "reuse existing core skills"). Informational — these come from Hermes' global skills
|
|
# tree (~/.hermes/skills/) or external skill libraries the principal already installed.
|
|
expected_external_skills:
|
|
- google-workspace # Gmail + Calendar + Contacts
|
|
- apple-notes # macOS-local via osascript
|
|
- apple-reminders # macOS-local via osascript
|
|
- obsidian # ~/vaults/steev PKM
|
|
- himalaya # IMAP/SMTP via proton-bridge sidecar
|
|
- imessage # macOS-local
|
|
- perplexity # WebSearch toolset (lightweight; MCP preferred)
|
|
|
|
# MCP servers Steev consumes. Names match runtime-prefixed form (mcp_<server>_<tool>).
|
|
optional_tools:
|
|
- mcp_proton_calendar # 8-tool Proton Calendar facade
|
|
- mcp_proton_email # 10-tool Proton Email facade
|
|
- mcp_proton_contacts # 6-tool Proton Contacts facade
|
|
- mcp_perplexity # research / WebSearch (key held by MCP server, not credbridge)
|
|
|
|
requires_tools: [terminal, memory_tool]
|
|
|
|
credentials: # validated by validate_access.sh
|
|
- name: google-workspace
|
|
purpose: Gmail + Calendar + Contacts read/write for daily briefing + inbox triage
|
|
resolved_via: credbridge.sh
|
|
- name: proton-bridge-imap
|
|
purpose: local Proton Bridge IMAP/SMTP password (himalaya path)
|
|
resolved_via: credbridge.sh
|
|
- name: perplexity-api
|
|
purpose: Perplexity API key for raw WebSearch (MCP path preferred)
|
|
resolved_via: credbridge.sh
|
|
|
|
db:
|
|
file: steev.db # runtime state; created from schema.sql; never committed
|
|
schema: schema.sql # briefings + inbox_items + invocations + agent_runtime
|
|
|
|
cron:
|
|
- id: steev-daily-briefing
|
|
schedule: "30 6 * * *" # 06:30 local — well before JP's start of day
|
|
skill: steev-agent
|
|
input: { mode: daily-briefing }
|
|
disabled_on_install: true # ships disabled per profile protocol §6 (Safety)
|
|
template: cron/steev-daily-briefing.json.template
|
|
|
|
sovereignty:
|
|
llm_model: qwen-local/qwen3.6-35b-a3b
|
|
host: dgx-spark
|
|
external_api_dependencies:
|
|
- perplexity # WebSearch only; build-time research path. Daily briefing scan uses 1-2 items.
|