From 0e7d5d00cef6223d76cdd98ed936d3b6d52140c7 Mon Sep 17 00:00:00 2001 From: Svrnty Date: Mon, 1 Jun 2026 06:59:10 -0400 Subject: [PATCH] Plan Stage 6 real governed refresh --- ...ASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md | 73 +++++++++++++++ ...O-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md | 90 +++++++++++++++++++ WORKBOARD.yaml | 11 +++ tools/validate_cto_child.py | 46 ++++++++++ 4 files changed, 220 insertions(+) create mode 100644 .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md create mode 100644 .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md diff --git a/.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md b/.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md new file mode 100644 index 0000000..d7ccb3d --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md @@ -0,0 +1,73 @@ +--- +name: cto-case-stage6-real-governed-refresh-issues +tier: local +status: draft +owner: jp +source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md +created: 2026-06-01 +last_reviewed: 2026-06-01 +lifecycle_classification: planning +core_promotion_status: not-promoted +description: Child-local issue sequence for refreshing Stage 6 candidate-default evidence against real governed Stage 5 proof. +--- + +# CTO Case Stage 6 Real Governed Refresh Issues + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Issue Sequence + +### CTO-WORK-054 - Stage 6 Real Governed Refresh PRD + +Type: AFK + +Status: validated. + +Blocked by: CTO-WORK-049, CTO-WORK-043 + +What to build: Define the read-only evidence refresh route for comparing the first real governed Stage 5 pass against Stage 6 candidate-default criteria. + +Acceptance criteria: + +- [x] PRD requires `CTO-WORK-049` validated evidence. +- [x] PRD requires the real pass report and Stage 5 proof paths. +- [x] PRD requires report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance checks. +- [x] PRD keeps runtime default activation false. +- [x] PRD forbids target mutation, Core promotion, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, and unowned repository mutation. +- [x] Local CTO validator checks the PRD and issue artifact. + +Allowed files: CTO child workspace planning docs and local validator only. + +Validator: `python3 tools/validate_cto_child.py` + +Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit. + +### CTO-WORK-055 - Stage 6 Real Governed Refresh Evidence Route + +Type: HITL + +Status: candidate. + +Blocked by: CTO-WORK-054 + +What to build: In the Hermes CTO Harness, add a read-only Stage 6 refresh command that imports the real `CTO-WORK-049` pass report and Stage 5 proof, compares them against Stage 6 candidate-default criteria, and writes a refresh artifact. + +Acceptance criteria: + +- [ ] Command reads existing Harness Evidence Interface artifacts without mutating a Target Repository. +- [ ] Command verifies report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance. +- [ ] Command records fake, Codex, and Pi comparison status where applicable or blocked with rationale. +- [ ] Command records `runtime_default_activation: false`. +- [ ] Command records no target mutation, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, or unowned repository mutation. +- [ ] Focused validator passes before any aggregate Harness validation. +- [ ] Aggregate Harness validation runs once after focused validation passes and once after merge. + +Allowed files: Hermes CTO Harness refresh validator, comparison code, and docs. Core, vendor source, Case source, target repositories, production repositories, external developer repositories, and WebUI behavior are forbidden. + +Validator: future focused Hermes Stage 6 refresh validator, then `harness/evals/health.sh --json`. + +Done evidence: Hermes sandcastle commit, focused validator output, refresh artifact path, aggregate Harness health output, clean merge, and CTO evidence update. + +## Granularity Check + +This is two slices because the planning route is now clear and cheap, while the executable Hermes refresh route touches a separate governed workspace and should use its own sandcastle. diff --git a/.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md b/.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md new file mode 100644 index 0000000..764f827 --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md @@ -0,0 +1,90 @@ +--- +name: cto-case-stage6-real-governed-refresh-prd +tier: local +status: draft +owner: jp +source: .sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PASS-EVIDENCE.md +created: 2026-06-01 +last_reviewed: 2026-06-01 +lifecycle_classification: planning +core_promotion_status: not-promoted +description: Child-local PRD for refreshing Stage 6 candidate-default evidence against the first real governed Stage 5 pass. +--- + +# CTO Case Stage 6 Real Governed Refresh PRD + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Problem Statement + +Stage 6 candidate-default comparison was validated before the first real governed Stage 5 Case execution passed. That was useful, but the CTO Product Surface now has stronger evidence: `CTO-WORK-049` validated a real approved owned-repo task through the CTO Harness Case seam. Candidate-default readiness should be refreshed against that real pass before any later default discussion. + +## Solution + +Create a bounded Stage 6 refresh route. The route imports the `CTO-WORK-049` pass report and Stage 5 proof, compares them against the existing Stage 6 candidate-default criteria, records whether Case still qualifies as candidate-default evidence, and keeps runtime default activation false. The refresh is evidence-only; it does not mutate target repositories or promote Core authority. + +## Scope + +- Require `CTO-WORK-049` pass evidence as the refresh input. +- Require Harness Evidence Interface artifacts, not conversational claims. +- Compare the real Stage 5 pass against Stage 6 criteria: report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance. +- Preserve existing fake, Codex, and Pi lane rationale where applicable. +- Record candidate-default refresh output as child-local evidence only. +- Keep runtime default activation false. +- Keep Core promotion, target mutation, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, and unowned repository mutation out of scope. + +## Non-Goals + +- Do not make Case the default backend. +- Do not create a new backend seam. +- Do not rerun an unapproved real target mutation. +- Do not replace Stage 6 comparison evidence with a single happy-path result. +- Do not build Hermes WebUI behavior in this slice. +- Do not promote CTO artifacts into Core. + +## Acceptance Criteria + +- [ ] Refresh requires `CTO-WORK-049` to be validated. +- [ ] Refresh consumes the real pass report path and Stage 5 proof path from `CTO-FIRST-REAL-GOVERNED-WORKFLOW-PASS-EVIDENCE.md`. +- [ ] Refresh verifies report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance. +- [ ] Refresh records fake, Codex, and Pi comparison status where applicable or blocked with rationale. +- [ ] Refresh records `runtime default activation: false`. +- [ ] Refresh records no target mutation, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, or unowned repository mutation. +- [ ] Local CTO validator checks this PRD and issue artifact. + +## Validation + +Planning validator: `python3 tools/validate_cto_child.py`. + +Future Hermes focused validator should be a small Stage 6 refresh command that reads existing evidence and writes a comparison artifact without mutating a target repository. + +The refresh command must run read-only without mutating a Target Repository. + +## Risks + +- A refresh artifact may be mistaken for default activation unless the false runtime-default field is explicit. +- A single real pass can strengthen Stage 6 evidence but cannot replace failure matrix coverage. +- Re-running real mutation without new approval would violate the governed workflow route. +- Missing comparison-lane rationale can make candidate-default status look stronger than the evidence supports. + +## Dependencies + +- `CTO-WORK-049` first real governed workflow execution is validated. +- `CTO-WORK-043` Stage 6 candidate-default comparison remains validated. +- Harness Evidence Interface remains active. +- Stage 5 proof and pass report remain available. +- Existing operator acceptance remains recorded. + +## Challenge Notes + +Accepted feedback: The useful next slice is an evidence refresh, not default activation, because the real governed Stage 5 pass happened after the original Stage 6 comparison. + +Accepted feedback: The refresh must be read-only over existing artifacts. Re-running Case against the target would require a new approval packet. + +Rejected feedback: Building Hermes WebUI now is too broad for this slice because the missing proof is candidate-default evidence freshness, not visualization capacity. + +Rejected feedback: Promoting this into Core now is premature because CTO remains child-local planning and runtime default activation remains false. + +## Success Definition + +This slice succeeds when CTO has a validated child-local PRD and issue route for refreshing Stage 6 candidate-default evidence against the first real governed Stage 5 Case pass, without authority drift or new target mutation. diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml index 3715535..7f0284d 100644 --- a/WORKBOARD.yaml +++ b/WORKBOARD.yaml @@ -265,3 +265,14 @@ items: status: validated source: .sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PASS-EVIDENCE.md owner: "" + + - id: CTO-WORK-054 + title: Stage 6 Real Governed Refresh PRD + status: validated + source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md + owner: "" + - id: CTO-WORK-055 + title: Stage 6 Real Governed Refresh Evidence Route + status: candidate + source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md + owner: "" diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py index 62f3fc3..62a9602 100644 --- a/tools/validate_cto_child.py +++ b/tools/validate_cto_child.py @@ -40,6 +40,8 @@ REQUIRED_FILES = [ ".sot/03-PROTOCOLS/CTO-CASE-STAGE5-TARGET-REPOSITORY-ADMISSION.json", ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-CANDIDATE-DEFAULT-PRD.md", ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-CANDIDATE-DEFAULT-ISSUES.md", + ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md", + ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md", ".sot/03-PROTOCOLS/CTO-HERMES-CONTROL-SURFACE-PRD.md", ".sot/03-PROTOCOLS/CTO-HERMES-CONTROL-SURFACE-ISSUES.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md", @@ -129,6 +131,23 @@ REQUIRED_FIRST_REAL_WORKFLOW_APPROVAL_PACKET_PHRASES = [ "Runtime default activation remains false.", ] +REQUIRED_STAGE6_REAL_REFRESH_PHRASES = [ + "Local planning SOT only. Not a Core Protocol. Not active Core authority.", + "CTO-WORK-049", + "real pass report", + "Stage 5 proof", + "report shape", + "event validity", + "allowed-path compliance", + "failure closure", + "artifact completeness", + "forbidden-action closure", + "operator acceptance", + "runtime default activation false", + "read-only", + "without mutating a Target Repository", +] + REQUIRED_PRD_PHRASES = [ "Local planning SOT only. Not a Core Protocol. Not active Core authority.", "Case Candidate Backend", @@ -1008,6 +1027,31 @@ def main() -> int: if "core_promotion_status: not-promoted" not in text: errors.append("brief_missing_not_promoted_frontmatter") + stage6_real_refresh_prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md" + if stage6_real_refresh_prd.is_file(): + text = stage6_real_refresh_prd.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("stage6_real_refresh_prd_missing_not_promoted_frontmatter") + for phrase in REQUIRED_STAGE6_REAL_REFRESH_PHRASES: + checked.append(f"stage6_real_refresh_prd_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_stage6_real_refresh_prd_phrase:{phrase}") + + stage6_real_refresh_issues = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md" + if stage6_real_refresh_issues.is_file(): + text = stage6_real_refresh_issues.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("stage6_real_refresh_issues_missing_not_promoted_frontmatter") + for phrase in [ + "CTO-WORK-054", + "CTO-WORK-055", + "runtime_default_activation: false", + "harness/evals/health.sh --json", + ]: + checked.append(f"stage6_real_refresh_issue_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_stage6_real_refresh_issue_phrase:{phrase}") + prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md" if prd.is_file(): text = prd.read_text(encoding="utf-8") @@ -1592,6 +1636,8 @@ def main() -> int: "CTO-WORK-051": "blocked", "CTO-WORK-052": "validated", "CTO-WORK-053": "validated", + "CTO-WORK-054": "validated", + "CTO-WORK-055": "candidate", } for issue_id, expected in expected_statuses.items(): checked.append(f"workboard_status:{issue_id}:{expected}")