hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Plan Stage 6 real governed refresh

Browse Source
This commit is contained in:
Svrnty 2026-06-01 06:59:10 -04:00
parent 79272d9d1d
commit 0e7d5d00ce
4 changed files with 220 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md Normal file
View File

@ -0,0 +1,73 @@
---
name: cto-case-stage6-real-governed-refresh-issues
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md
created: 2026-06-01
last_reviewed: 2026-06-01
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local issue sequence for refreshing Stage 6 candidate-default evidence against real governed Stage 5 proof.
---
# CTO Case Stage 6 Real Governed Refresh Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Issue Sequence
### CTO-WORK-054 - Stage 6 Real Governed Refresh PRD
Type: AFK
Status: validated.
Blocked by: CTO-WORK-049, CTO-WORK-043
What to build: Define the read-only evidence refresh route for comparing the first real governed Stage 5 pass against Stage 6 candidate-default criteria.
Acceptance criteria:
- [x] PRD requires `CTO-WORK-049` validated evidence.
- [x] PRD requires the real pass report and Stage 5 proof paths.
- [x] PRD requires report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance checks.
- [x] PRD keeps runtime default activation false.
- [x] PRD forbids target mutation, Core promotion, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, and unowned repository mutation.
- [x] Local CTO validator checks the PRD and issue artifact.
Allowed files: CTO child workspace planning docs and local validator only.
Validator: `python3 tools/validate_cto_child.py`
Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit.
### CTO-WORK-055 - Stage 6 Real Governed Refresh Evidence Route
Type: HITL
Status: candidate.
Blocked by: CTO-WORK-054
What to build: In the Hermes CTO Harness, add a read-only Stage 6 refresh command that imports the real `CTO-WORK-049` pass report and Stage 5 proof, compares them against Stage 6 candidate-default criteria, and writes a refresh artifact.
Acceptance criteria:
- [ ] Command reads existing Harness Evidence Interface artifacts without mutating a Target Repository.
- [ ] Command verifies report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance.
- [ ] Command records fake, Codex, and Pi comparison status where applicable or blocked with rationale.
- [ ] Command records `runtime_default_activation: false`.
- [ ] Command records no target mutation, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, or unowned repository mutation.
- [ ] Focused validator passes before any aggregate Harness validation.
- [ ] Aggregate Harness validation runs once after focused validation passes and once after merge.
Allowed files: Hermes CTO Harness refresh validator, comparison code, and docs. Core, vendor source, Case source, target repositories, production repositories, external developer repositories, and WebUI behavior are forbidden.
Validator: future focused Hermes Stage 6 refresh validator, then `harness/evals/health.sh --json`.
Done evidence: Hermes sandcastle commit, focused validator output, refresh artifact path, aggregate Harness health output, clean merge, and CTO evidence update.
## Granularity Check
This is two slices because the planning route is now clear and cheap, while the executable Hermes refresh route touches a separate governed workspace and should use its own sandcastle.

90
.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md Normal file
View File

@ -0,0 +1,90 @@
---
name: cto-case-stage6-real-governed-refresh-prd
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PASS-EVIDENCE.md
created: 2026-06-01
last_reviewed: 2026-06-01
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local PRD for refreshing Stage 6 candidate-default evidence against the first real governed Stage 5 pass.
---
# CTO Case Stage 6 Real Governed Refresh PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem Statement
Stage 6 candidate-default comparison was validated before the first real governed Stage 5 Case execution passed. That was useful, but the CTO Product Surface now has stronger evidence: `CTO-WORK-049` validated a real approved owned-repo task through the CTO Harness Case seam. Candidate-default readiness should be refreshed against that real pass before any later default discussion.
## Solution
Create a bounded Stage 6 refresh route. The route imports the `CTO-WORK-049` pass report and Stage 5 proof, compares them against the existing Stage 6 candidate-default criteria, records whether Case still qualifies as candidate-default evidence, and keeps runtime default activation false. The refresh is evidence-only; it does not mutate target repositories or promote Core authority.
## Scope
- Require `CTO-WORK-049` pass evidence as the refresh input.
- Require Harness Evidence Interface artifacts, not conversational claims.
- Compare the real Stage 5 pass against Stage 6 criteria: report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance.
- Preserve existing fake, Codex, and Pi lane rationale where applicable.
- Record candidate-default refresh output as child-local evidence only.
- Keep runtime default activation false.
- Keep Core promotion, target mutation, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, and unowned repository mutation out of scope.
## Non-Goals
- Do not make Case the default backend.
- Do not create a new backend seam.
- Do not rerun an unapproved real target mutation.
- Do not replace Stage 6 comparison evidence with a single happy-path result.
- Do not build Hermes WebUI behavior in this slice.
- Do not promote CTO artifacts into Core.
## Acceptance Criteria
- [ ] Refresh requires `CTO-WORK-049` to be validated.
- [ ] Refresh consumes the real pass report path and Stage 5 proof path from `CTO-FIRST-REAL-GOVERNED-WORKFLOW-PASS-EVIDENCE.md`.
- [ ] Refresh verifies report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance.
- [ ] Refresh records fake, Codex, and Pi comparison status where applicable or blocked with rationale.
- [ ] Refresh records `runtime default activation: false`.
- [ ] Refresh records no target mutation, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, or unowned repository mutation.
- [ ] Local CTO validator checks this PRD and issue artifact.
## Validation
Planning validator: `python3 tools/validate_cto_child.py`.
Future Hermes focused validator should be a small Stage 6 refresh command that reads existing evidence and writes a comparison artifact without mutating a target repository.
The refresh command must run read-only without mutating a Target Repository.
## Risks
- A refresh artifact may be mistaken for default activation unless the false runtime-default field is explicit.
- A single real pass can strengthen Stage 6 evidence but cannot replace failure matrix coverage.
- Re-running real mutation without new approval would violate the governed workflow route.
- Missing comparison-lane rationale can make candidate-default status look stronger than the evidence supports.
## Dependencies
- `CTO-WORK-049` first real governed workflow execution is validated.
- `CTO-WORK-043` Stage 6 candidate-default comparison remains validated.
- Harness Evidence Interface remains active.
- Stage 5 proof and pass report remain available.
- Existing operator acceptance remains recorded.
## Challenge Notes
Accepted feedback: The useful next slice is an evidence refresh, not default activation, because the real governed Stage 5 pass happened after the original Stage 6 comparison.
Accepted feedback: The refresh must be read-only over existing artifacts. Re-running Case against the target would require a new approval packet.
Rejected feedback: Building Hermes WebUI now is too broad for this slice because the missing proof is candidate-default evidence freshness, not visualization capacity.
Rejected feedback: Promoting this into Core now is premature because CTO remains child-local planning and runtime default activation remains false.
## Success Definition
This slice succeeds when CTO has a validated child-local PRD and issue route for refreshing Stage 6 candidate-default evidence against the first real governed Stage 5 Case pass, without authority drift or new target mutation.

11
WORKBOARD.yaml
View File

@ -265,3 +265,14 @@ items:
status: validated status: validated
source: .sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PASS-EVIDENCE.md source: .sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PASS-EVIDENCE.md
owner: "" owner: ""
- id: CTO-WORK-054
title: Stage 6 Real Governed Refresh PRD
status: validated
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md
owner: ""
- id: CTO-WORK-055
title: Stage 6 Real Governed Refresh Evidence Route
status: candidate
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md
owner: ""

46
tools/validate_cto_child.py
View File

@ -40,6 +40,8 @@ REQUIRED_FILES = [
".sot/03-PROTOCOLS/CTO-CASE-STAGE5-TARGET-REPOSITORY-ADMISSION.json", ".sot/03-PROTOCOLS/CTO-CASE-STAGE5-TARGET-REPOSITORY-ADMISSION.json",
".sot/03-PROTOCOLS/CTO-CASE-STAGE6-CANDIDATE-DEFAULT-PRD.md", ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-CANDIDATE-DEFAULT-PRD.md",
".sot/03-PROTOCOLS/CTO-CASE-STAGE6-CANDIDATE-DEFAULT-ISSUES.md", ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-CANDIDATE-DEFAULT-ISSUES.md",
".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md",
".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md",
".sot/03-PROTOCOLS/CTO-HERMES-CONTROL-SURFACE-PRD.md", ".sot/03-PROTOCOLS/CTO-HERMES-CONTROL-SURFACE-PRD.md",
".sot/03-PROTOCOLS/CTO-HERMES-CONTROL-SURFACE-ISSUES.md", ".sot/03-PROTOCOLS/CTO-HERMES-CONTROL-SURFACE-ISSUES.md",
".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md",
@ -129,6 +131,23 @@ REQUIRED_FIRST_REAL_WORKFLOW_APPROVAL_PACKET_PHRASES = [
"Runtime default activation remains false.", "Runtime default activation remains false.",
] ]
REQUIRED_STAGE6_REAL_REFRESH_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"CTO-WORK-049",
"real pass report",
"Stage 5 proof",
"report shape",
"event validity",
"allowed-path compliance",
"failure closure",
"artifact completeness",
"forbidden-action closure",
"operator acceptance",
"runtime default activation false",
"read-only",
"without mutating a Target Repository",
]
REQUIRED_PRD_PHRASES = [ REQUIRED_PRD_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.", "Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Case Candidate Backend", "Case Candidate Backend",
@ -1008,6 +1027,31 @@ def main() -> int:
if "core_promotion_status: not-promoted" not in text: if "core_promotion_status: not-promoted" not in text:
errors.append("brief_missing_not_promoted_frontmatter") errors.append("brief_missing_not_promoted_frontmatter")
stage6_real_refresh_prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md"
if stage6_real_refresh_prd.is_file():
text = stage6_real_refresh_prd.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("stage6_real_refresh_prd_missing_not_promoted_frontmatter")
for phrase in REQUIRED_STAGE6_REAL_REFRESH_PHRASES:
checked.append(f"stage6_real_refresh_prd_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_stage6_real_refresh_prd_phrase:{phrase}")
stage6_real_refresh_issues = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md"
if stage6_real_refresh_issues.is_file():
text = stage6_real_refresh_issues.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("stage6_real_refresh_issues_missing_not_promoted_frontmatter")
for phrase in [
"CTO-WORK-054",
"CTO-WORK-055",
"runtime_default_activation: false",
"harness/evals/health.sh --json",
]:
checked.append(f"stage6_real_refresh_issue_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_stage6_real_refresh_issue_phrase:{phrase}")
prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md" prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md"
if prd.is_file(): if prd.is_file():
text = prd.read_text(encoding="utf-8") text = prd.read_text(encoding="utf-8")
@ -1592,6 +1636,8 @@ def main() -> int:
"CTO-WORK-051": "blocked", "CTO-WORK-051": "blocked",
"CTO-WORK-052": "validated", "CTO-WORK-052": "validated",
"CTO-WORK-053": "validated", "CTO-WORK-053": "validated",
"CTO-WORK-054": "validated",
"CTO-WORK-055": "candidate",
} }
for issue_id, expected in expected_statuses.items(): for issue_id, expected in expected_statuses.items():
checked.append(f"workboard_status:{issue_id}:{expected}") checked.append(f"workboard_status:{issue_id}:{expected}")