steev/manifest.yaml

# Steev profile distribution manifest — machine-readable identity + install contract.
# Read by install.sh. Convention shared by all Hermes profile distributions
# (see ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md — the canonical protocol).
profile: steev                 # Hermes profile name (personal — no org suffix per FRAMEWORK §6.1)
kind: profile-distribution     # family marker; steev = personal-assistant reference impl
role: personal-assistant       # function — Chief of Staff for one principal (JP)
# org: ~                       # intentionally omitted — steev is personal/agnostic
version: 1.0.0
identity: AGENT.md             # WHO (role, mission, boundaries)
contract: CONTRACT.md          # behavior contract — tier T1 (this file wins)
reference: docs/STEEV-MASTER.md   # full operating source of truth

# Governance — owner + vision + rules linked to SOT (PROFILE-DISTRIBUTION-PROTOCOL §2.2).
# Steev is JP-scoped personal; no brand_master_ref (not org-bound).
governance:
  org: personal
  owner: jp
  approval_authority: jp
  vision_refs:
    - ../sot/01-ROADMAP/CORTEX-OS-ROADMAP.md
    - ../sot/02-FRAMEWORK/CORTEX-OS-FRAMEWORK.md
  governing_protocols:
    - ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md
  standards:
    - ../sot/04-STANDARDS/FRONTMATTER-SPEC.md
    - ../sot/04-STANDARDS/SOT-ENFORCEMENT.md
  # brand_master_ref omitted — Steev serves JP personally, not a brand/org
  north_star: "keep JP unblocked — surface what needs attention, draft in JP voice, delegate business work to CEO"

skills:                        # exposed to Hermes via skills.external_dirs (→ <repo>/skills)
  - skills/steev-agent         # orchestrator — daily briefing, inbox triage, comms drafting,
                               #                business delegation to ceo-planb
  - skills/proton-tools        # Proton Calendar + Email + Contacts (24-tool reference) —
                               #   uses the 3 cortex MCP servers (proton-calendar/-email/-contacts)

# Role tools = scripts at repo root (the "lib"), reached through credbridge.
# Personal-flow surface only; Plan B marketing CLIs out of scope (cmo-planb owns those).
lib:
  - credbridge.sh              # credctl → env → google-workspace / proton-bridge / perplexity
  - validate_access.sh         # PASS / BLOCKED / FAIL per credential per §7

# Hermes built-in / external skills Steev reuses but does NOT vendor (per CLAUDE.md
# "reuse existing core skills"). Informational — these come from Hermes' global skills
# tree (~/.hermes/skills/) or external skill libraries the principal already installed.
expected_external_skills:
  - google-workspace           # Gmail + Calendar + Contacts
  - apple-notes                # macOS-local via osascript
  - apple-reminders            # macOS-local via osascript
  - obsidian                   # ~/vaults/steev PKM
  - himalaya                   # IMAP/SMTP via proton-bridge sidecar
  - imessage                   # macOS-local
  - perplexity                 # WebSearch toolset (lightweight; MCP preferred)

# MCP servers Steev consumes. Names match runtime-prefixed form (mcp_<server>_<tool>).
optional_tools:
  - mcp_proton_calendar        # 8-tool Proton Calendar facade
  - mcp_proton_email           # 10-tool Proton Email facade
  - mcp_proton_contacts        # 6-tool Proton Contacts facade
  - mcp_perplexity             # research / WebSearch (key held by MCP server, not credbridge)

requires_tools: [terminal, memory_tool]

credentials:                   # validated by validate_access.sh
  - name: google-workspace
    purpose: Gmail + Calendar + Contacts read/write for daily briefing + inbox triage
    resolved_via: credbridge.sh
  - name: proton-bridge-imap
    purpose: local Proton Bridge IMAP/SMTP password (himalaya path)
    resolved_via: credbridge.sh
  - name: perplexity-api
    purpose: Perplexity API key for raw WebSearch (MCP path preferred)
    resolved_via: credbridge.sh

db:
  file: steev.db               # runtime state; created from schema.sql; never committed
  schema: schema.sql           # briefings + inbox_items + invocations + agent_runtime

cron:
  - id: steev-daily-briefing
    schedule: "30 6 * * *"     # 06:30 local — well before JP's start of day
    skill: steev-agent
    input: { mode: daily-briefing }
    disabled_on_install: true  # ships disabled per profile protocol §6 (Safety)
    template: cron/steev-daily-briefing.json.template

sovereignty:
  llm_model: qwen-local/qwen3.6-35b-a3b
  host: dgx-spark
  external_api_dependencies:
    - perplexity   # WebSearch only; build-time research path. Daily briefing scan uses 1-2 items.

# Disclosure block — runtime-truth contract per sot/04-STANDARDS/DISCLOSURE-SCHEMA.md.
# Wave-4 apply (2026-05-24). Closes Wave-1 audit findings:
#   - HARD-RULE FIX: REMOVE bte MCP (Plan B marketing infra; CLAUDE.md:14 forbids
#     access — steev is JP-personal-scope).
#   - DENY 17 silently-inherited builtin skills (only kanban-worker kept for CEO
#     delegation transport).
#   - Personal-scope discriminator fields (scope/chat_facing/delegates_to) populated.
# Pre-push hook check 6 enforces this == live `hermes -p steev …` runtime.
disclosure:
  scope: personal
  schema_version: 1
  chat_facing: true                         # sole JP chat touchpoint per CLAUDE.md L7-L8
  delegates_to: [ceo-planb]                 # business work routed to CEO via kanban
  inherit_builtins: false                   # deny Hermes 84-builtin default; allowlist below
  inherit_mcp_toolsets: false               # deny host MCP propagation (closes bte leak)
  sovereign_only: false                     # perplexity (hosted) intentionally called for WebSearch
  inherit_dirs: []

  skills:
    - id: steev-agent
      source: local
      path: skills/steev-agent
      role: orchestrator
    - id: proton-tools
      source: local
      path: skills/proton-tools
      role: toolkit
      justification: "24-tool Proton facade (Calendar+Email+Contacts) — JP-personal comms surface"
    - id: google-workspace
      source: builtin
      path: productivity/google-workspace
      role: engine
      justification: "Gmail+Calendar+Contacts for daily briefing + inbox triage (manifest L46)"
    - id: obsidian
      source: builtin
      path: note-taking/obsidian
      role: engine
      justification: "PKM vault at ~/vaults/steev (CLAUDE.md L17)"
    - id: himalaya
      source: builtin
      path: email/himalaya
      role: engine
      justification: "IMAP/SMTP via proton-bridge (manifest L50)"
    - id: kanban-worker
      source: builtin
      path: devops/kanban-worker
      role: engine
      justification: "CEO delegation transport — steev → ceo-planb (steev-agent SKILL.md L83)"

  mcp_servers: []                           # DENY-BY-DEFAULT. bte REMOVED (hard-rule fix).
                                            # proton-* + perplexity MCP installs PENDING JP review
                                            # (install-gap row in DISCLOSURE.md §12).

  sovereign_apis: []                        # 0 direct HTTP/gRPC calls (per audit §3)

  cortex_tools: []                          # steev does not consume cortex/L6-* or cortex/PG-*

  credentials:
    - vault_name: google-workspace
      status: required
      scope: read-write
      used_by: [credbridge.sh]
      governance: "JP-personal; Gmail+Calendar+Contacts for briefing + inbox triage"
    - vault_name: proton-bridge-imap
      status: required
      scope: read-write
      used_by: [credbridge.sh]
      governance: "JP-personal; local Proton Bridge IMAP/SMTP (himalaya path)"
    - vault_name: perplexity-api
      status: optional
      scope: read
      used_by: [credbridge.sh]
      governance: "JP-personal; WebSearch fallback (MCP path preferred)"