9.9 KiB
| name | tier | status | owner | source | last_reviewed | review_by | depends_on | description | auto_regen_cmd | ||
|---|---|---|---|---|---|---|---|---|---|---|---|
| disclosure-steev | T2 | active | jp | generated | 2026-05-25 | 2026-08-23 |
|
Canonical disclosure of steev — exposed skills + MCP + sovereign APIs + cortex tools + credentials. Drift-checked vs live runtime by pre-push hook check 6. | yq '.disclosure' manifest.yaml | <renderer-script> |
steev — Disclosure
Live as of
2026-05-25. Disclosure schema v2 (manifestdisclosure.schema_version: 2— addsexternal_orchestratorsper DISCLOSURE-SCHEMA §4.6). Source:steev/manifest.yaml → disclosure:block. Pre-push hook check 6 (curator/lib/pre-push.sh) enforces this == livehermes -p steevruntime.
§1 Identity
| Field | Value |
|---|---|
| Profile ID | steev |
| Repo | /home/svrnty/workspaces/hermes/steev/ |
| Scope | personal |
| Org | personal |
| Owner | jp |
| Approval authority | jp |
| Role type | personal-assistant (Chief of Staff) |
| State | stateful (steev.db runtime-only, never committed) |
| Version | 1.0.0 |
| North star | keep JP unblocked — surface what needs attention, draft in JP voice, delegate business work to CEO |
| Chat-facing | true |
| Delegates to | ceo-planb |
| Sovereign-only | false |
§2 Inheritance posture
| Field | Value | Rationale |
|---|---|---|
inherit_builtins |
false |
Closes Wave-1 finding: 18 silently-enabled builtins (only kanban-worker cited in steev/ code — kept via explicit allowlist) |
inherit_mcp_toolsets |
false |
CLAUDE.md hard-rule fix. Closes Wave-1 finding: bte MCP silently leaked from host. bte = Plan B marketing platform — forbidden to steev per steev/CLAUDE.md:14 ("No access to Plan B marketing platform credentials (CMO-only)") |
inherit_dirs |
none | No external-dir skill bundles narrowed in |
sovereign_only |
false |
steev intentionally calls Perplexity (hosted) for lightweight WebSearch per manifest.yaml:90 — disclosed honestly |
external_orchestrators |
[] |
Schema v2 field (DISCLOSURE-SCHEMA §4.6). steev has no exec'd orchestrators (no sandcastle equiv) — empty list. |
§3 Skills (6)
Per disclosure.skills enum. Each row matches hermes -p steev skills list enabled set (pre-push check 6.a enforces).
| ID | Source | Role | Sovereign-req | Hosted-API | Justification |
|---|---|---|---|---|---|
steev-agent |
local | orchestrator | — | — | Orchestrator — daily briefing, inbox triage, comms drafting, delegate-to-CEO |
proton-tools |
local | toolkit | — | — | 24-tool Proton facade (Calendar+Email+Contacts) — JP-personal comms surface |
google-workspace |
builtin | engine | — | — | Gmail+Calendar+Contacts for daily briefing + inbox triage (manifest L46) |
obsidian |
builtin | engine | — | — | PKM vault at ~/vaults/steev (CLAUDE.md L17) |
himalaya |
builtin | engine | — | — | IMAP/SMTP via proton-bridge (manifest L50) |
kanban-worker |
builtin | engine | — | — | CEO delegation transport — steev → ceo-planb (steev-agent SKILL.md L83) |
Totals. 6 skills total. Source breakdown: 2 local, 0 hub, 4 builtin, 0 external_dir.
Wave-1 → Wave-4 delta. Live hermes -p steev skills list showed 21 enabled (2 local + 18 builtins +/- the 7 declared external set). Wave-4 narrows to 6 — drops 17 inherited builtins (15 uncited; 8 of the 17 are CONTRACT.md §9 v2+ REUSE candidates re-added when v2 lands).
§4 MCP servers (0)
No MCP servers exposed — deny-by-default allowlist is empty.
Wave-1 → Wave-4 delta. Live hermes -p steev mcp list showed bte registered + enabled (silently inherited via host-global agent.inherit_mcp_toolsets: true). Wave-4 sets inherit_mcp_toolsets: false and omits bte from the allowlist — resolves CLAUDE.md hard-rule violation. Four manifest-declared MCP installs (mcp_proton_calendar, mcp_proton_email, mcp_proton_contacts, mcp_perplexity) are NOT registered today; ADD-back deferred (see §12).
§5 Sovereign APIs (0)
No direct HTTP/gRPC sovereign API calls. Indirect access flows through the (currently unregistered) Proton/Perplexity MCP servers.
§6 Cortex tools (0)
No cortex/L6-* or cortex/PG-* libraries consumed at runtime. lib/ scripts (credbridge.sh, validate_access.sh) are repo-local utility shims, not cortex tools.
§7 Credentials (3 declared)
Per disclosure.credentials allowlist. Names + scopes only — NEVER values. Pre-push check 6.d enforces vault_name exact-match.
| Vault name | Status | Scope | Used by | Governance |
|---|---|---|---|---|
google-workspace |
required | read-write | credbridge.sh |
JP-personal; Gmail+Calendar+Contacts for briefing + inbox triage |
proton-bridge-imap |
required | read-write | credbridge.sh |
JP-personal; local Proton Bridge IMAP/SMTP (himalaya path) |
perplexity-api |
optional | read | credbridge.sh |
JP-personal; WebSearch fallback (MCP path preferred) |
PENDING JP REVIEW — Per Wave-3 recommendations §5a, all three declared names are reported by audit as not exact-matching the vault (
credctl listshowsproton-bridge-imap-pass/-usersplit,perplexitywithout-api, andgoogle-workspaceplausibly absent or composite). Cred-rename rows are governance-class W3.4 and require JP decision (manifest-rename vs vault-rename vs bundle-indirection) — surfaced in §12.
§8 Cron (1)
| Job | Schedule | Skill | Disabled on install |
|---|---|---|---|
steev-daily-briefing |
30 6 * * * (06:30 local) |
steev-agent |
true (per §6 Safety) |
§9 Drift status
| Surface | Declared | Live (Wave-1) | Status |
|---|---|---|---|
| Skills | 6 | 21 enabled | drift expected post-Wave-4 reinstall → in-sync |
| MCP servers | 0 | 1 (bte) |
drift — Wave-4 reinstall removes bte; pending install.sh patch + reinstall |
| MCP tools (total) | 0 | n/a (bte is all-tools) |
n/a after MCP removal |
| Credentials | 3 | 3 declared, 3 vault-name mismatches | name-canonicalization drift (PENDING JP, §12) |
Pre-push hook check 6 last run: not yet — Wave-4 inserts the check; first run validates this disclosure after
install.shreappliesdisclosure.*to~/.hermes/profiles/steev/config.yaml.
§10 Sovereign-purity audit
- Steev's owned code (
steev/skills/,steev/lib/): CLEAN — only Proton + Google Workspace + Perplexity (last is hosted butsovereign_only: falsediscloses honestly). - Bundled-skill exposure layer: CLEAN post-Wave-4 — 17 builtins removed; only 4 builtins allowlisted (google-workspace, obsidian, himalaya, kanban-worker), none hosted-API.
sovereign_only: false— validator rule 6.e does not apply.
§11 Governance refs
- Vision:
../sot/01-ROADMAP/CORTEX-OS-ROADMAP.md,../sot/02-FRAMEWORK/CORTEX-OS-FRAMEWORK.md - Governing protocols:
../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md - Standards:
../sot/04-STANDARDS/FRONTMATTER-SPEC.md,../sot/04-STANDARDS/SOT-ENFORCEMENT.md,../sot/04-STANDARDS/DISCLOSURE-SCHEMA.md - Brand master ref: omitted (scope: personal) — steev serves JP personally, not a brand/org
§12 Open issues + next steps (PENDING JP REVIEW)
Rows below are PAUSED for JP per W3.4 governance-class rule. Wave-4 applies auto-approved rows only (REMOVE bte MCP + DROP 17 builtins + scaffold disclosure block). JP must mark each PAUSE row approve/reject/edit before next apply wave.
| # | Topic | Recommended action | Why PAUSED |
|---|---|---|---|
| 1 | Personal-scope discriminator values (chat_facing: true, delegates_to: [ceo-planb], sovereign_only: false) |
Confirm values | New disclosure surface; JP confirms intent matches CLAUDE.md L7-L8 + CONTRACT delegation chain |
| 2 | Cred google-workspace not in vault |
(a) add composite OAuth JSON to vault, OR (b) split manifest into per-cred entries matching vault | Cred binding (W3.4) |
| 3 | Cred proton-bridge-imap vs vault proton-bridge-imap-pass + proton-bridge-imap-user |
Rename manifest entry to TWO entries matching vault | Cred binding (W3.4) |
| 4 | Cred perplexity-api vs vault perplexity |
Rename manifest declaration perplexity-api → perplexity (exact-match per schema §4.5) |
Cred binding (W3.4) |
| 5 | 5 vault entries plausibly steev-scope but undeclared (proton-account-email, proton-account-password, proton-mailbox-password, proton-bridge-imap-pass, proton-bridge-imap-user) |
ADD to disclosure.credentials after MCP install confirms which are consumed |
Cred binding (W3.4); also depends on MCP install (row 6) |
| 6 | 4 declared MCP servers absent from hermes mcp list (mcp_proton_calendar, mcp_proton_email, mcp_proton_contacts, mcp_perplexity) |
Confirm install order — Wave-4 install.sh patch, or deferred | Install gap; cred-adjacent |
| 7 | macOS-only externals (apple-notes, apple-reminders, imessage) in expected_external_skills |
Gate on OS in install.sh, or document as macOS-host-only |
OS-platform decision |
| 8 | Pre-push hook check 6 not yet wired (curator/lib/pre-push.sh patch belongs to Wave-5+) | Wire check 6 per DISCLOSURE-SCHEMA §6 | Cross-profile rollup (Wave-5) |
§13 Related
../sot/04-STANDARDS/DISCLOSURE-SCHEMA.md— schema definition../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md— protocol disclosure extends../sot/06-REGISTRY/PROFILE-CATALOG.md— fleet rollup (aggregates this doc + 4 siblings)../sot/06-REGISTRY/audits/AUDIT-steev-2026-05-24.md— Wave-1 discovery../sot/06-REGISTRY/audits/RECOMMENDATIONS-steev-2026-05-24.md— Wave-3 recommendations./manifest.yaml— machine-readabledisclosure:block./AGENT.md— identity (T2)./CONTRACT.md— behavior contract (T1)