hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Migrate CTO SOT route to dotpath

Browse Source
This commit is contained in:
Svrnty
2026-05-31 20:34:10 -04:00
parent b4454dab5f
commit 19e7766c1a
30 changed files with 143 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.sot/00-START/CTO-WORKSPACE-INTENT.md
+31
View File
@@ -0,0 +1,31 @@
---
name: cto-workspace-intent
tier: local
status: draft
owner: jp
source: conversation
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local workspace intent for Cortex OS CTO planning.
---
# CTO Workspace Intent
This workspace holds planning artifacts for a Cortex OS CTO product surface.
It is child-local. It does not create Core SOT authority.
## Purpose
- Define the CTO product boundary.
- Design the Hermes CTO control layer.
- Evaluate Case as the default code-change execution backend.
- Preserve Cortex OS authority separation.
- Produce route-ready briefs for later Core promotion.
## Non-Authority Notice
Artifacts here are planning outputs. Core promotion requires a governed Core route, Core validator coverage, and Evidence.
.sot/03-PROTOCOLS/CTO-CASE-ADAPTER-CONTRACT.md
+155
View File
@@ -0,0 +1,155 @@
---
name: cto-case-adapter-contract
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local contract for the future gated Case adapter and CTO Eligibility Decision.
---
# CTO Case Adapter Contract
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Purpose
Define the future Case adapter seam and CTO Eligibility Decision before any executable Case integration exists.
This contract keeps Case behind the CTO Harness seam. Case may become a backend adapter only after source admission, evidence interface conformance, explicit gating, and staged proof.
## Non-Authority Notice
This contract does not authorize Runtime behavior, WebUI Product behavior, Case execution, real-repo mutation, merge, deploy, push, close, vendor-source mutation, external developer repository mutation, or Core promotion.
## Adapter Boundary
The Case adapter must live behind the existing CTO Harness engine seam.
Required boundary rules:
- register backend id `case` as a gated engine before execution;
- require the harness to accept `--engine case` only when explicitly enabled;
- prevent a parallel runner path outside the existing harness seam;
- keep Case lifecycle details behind the adapter unless a later contract promotes normalized events;
- emit the CTO Harness Evidence Interface, not raw Case success claims;
- default-deny all execution until explicit gates pass.
## Gating Rule
`case` must be disabled by default.
Minimum future gates:
- source admission is validated;
- license note is resolved;
- evidence interface contract is validated;
- adapter contract is validated;
- mutation mode is explicitly selected;
- operator approval is recorded when mutation mode requires approval;
- allowed paths and forbidden actions are provided by the task contract.
No missing gate may degrade to a warning. Missing gate means blocked.
## Adapter Input Contract
The future adapter input must be derived from existing PRD, SOT Issue, task contract, and case contract language until Candidate Cortex Work Packet is promoted.
Minimum input fields:
| Field | Meaning |
| --- | --- |
| `task_id` | Stable task or issue identifier. |
| `target_repository` | Target Repository path or URL. |
| `authority_basis` | Local planning, Core route, or task contract reference. |
| `risk_class` | Risk class used for eligibility. |
| `allowed_paths` | Paths the backend may change. |
| `forbidden_actions` | Actions the backend must not perform. |
| `mutation_mode` | `none`, `copied-fixture`, `sandbox-repo`, `owned-noncritical-repo`, or `candidate-default`. |
| `approval_required` | Whether human approval is required before mutation. |
| `verification_commands` | Commands expected to prove the change. |
| `evidence_expectations` | Required artifacts and validation results. |
## Adapter Output Contract
The future adapter output must be the CTO Harness Evidence Interface.
Minimum output:
- `report.json`;
- `report.md`;
- `events.normalized.jsonl`;
- `patch.diff`;
- `test.log`;
- `trace.jsonl`;
- backend raw logs under `backend/`;
- pass, fail, or blocked status;
- blocker reasons for any fail-closed result.
Raw Case lifecycle output is allowed only as backend raw logs unless normalized by this or a later contract.
## CTO Eligibility Decision
Before selecting Case or any backend, CTO must emit an Eligibility Decision.
Required fields:
| Field | Meaning |
| --- | --- |
| `decision_id` | Stable decision identifier. |
| `task_id` | Task or issue identifier. |
| `selected_backend` | Backend selected, or `none`. |
| `denied_backends` | Backends denied with reasons. |
| `risk_class` | Risk classification used for the decision. |
| `required_gates` | Gates that must pass before execution. |
| `passed_gates` | Gates already proven. |
| `missing_gates` | Gates that block execution. |
| `allowed_mutation_mode` | Maximum mutation mode allowed. |
| `approval_required` | Whether human approval is required. |
| `reasons` | Human-readable decision reasons. |
| `escalation_path` | JP, Core route, Hermes/operator, or blocked. |
Case must not create or override the Eligibility Decision. Case may recommend, but CTO decides eligibility and the harness records evidence.
## Backend Selection Rules
Case is ineligible when:
- source admission is not validated;
- license note is unresolved for the requested execution mode;
- Harness Evidence Interface cannot be produced;
- allowed paths are missing;
- forbidden actions are missing;
- approval is required but not granted;
- mutation mode exceeds the current staged proof gate;
- target repository ownership is unclear;
- starting worktree state is dirty when clean start is required.
Case may be eligible only when every required gate is proven and the allowed mutation mode is no broader than the current staged proof gate.
## Approval Rule
Case may recommend. Case must not approve itself or select its own authority.
Approval must be represented by normalized events:
- `approval.requested`;
- `approval.granted`;
- `approval.denied`.
No merge, push, deploy, close, or real-repo mutation is allowed without explicit task-contract permission.
## Implementation Guard
This contract deliberately does not create `case-engine.sh`.
The first future implementation slice may create a no-op gated adapter only after the staged proof gate record exists. The no-op adapter must prove default-deny behavior before it can attempt artificial fixture execution.
## Validation Expectations
Current validation is planning-only and checks this contract exists.
Later adapter validation must verify engine registration, explicit gate behavior, input shape, Eligibility Decision shape, output evidence shape, approval events, and fail-closed ineligibility.
.sot/03-PROTOCOLS/CTO-CASE-BACKEND-BRIEF.md
+141
View File
@@ -0,0 +1,141 @@
---
name: cto-case-backend-brief
tier: local
status: draft
owner: jp
source: conversation
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local brief for making Case the default CTO execution backend while Cortex OS keeps authority.
---
# CTO Case Backend Brief
## Thesis
Case is the leading candidate default real-repo execution backend for the Cortex OS CTO product surface, pending adapter proof, source admission, validator coverage, and governed Core route.
Cortex OS should govern Case. Cortex OS should not be built on Case.
## Core Position
```text
Cortex governs.
Hermes controls.
CTO routes.
Case executes.
Harness proves.
Target repo stays owned.
Evidence records.
Core promotes only through SOT route.
```
## Authority Model
| Block | Governs | Must not govern |
| --- | --- | --- |
| Cortex OS Core | SOT authority, routing, lifecycle, terminology, validators, evidence rules, promotion rules | Agent implementation, vendor internals, PR implementation |
| Hermes WebUI | Visual control, sessions, approvals, event replay, operator status | Core SOT authority, backend execution semantics |
| Hermes CTO Profile | Technical role, task contract, risk interpretation, backend selection, JP escalation | Core promotion, deploy authority, vendor source |
| CTO Harness | Adapter compliance, event validation, artifact validation, backend conformance | Final authority, product readiness claim |
| Case | Code-change pipeline, PR lifecycle, verifier/reviewer gates, retrospective learning | Cortex authority, JP approval, Core promotion |
| Target Repository | Owned source and local project contract | Cortex authority transfer, hidden mutation |
## Target Architecture
```text
+--------------------------------------------------------------------------------+
| Cortex OS Core |
| SOT authority: Standards, Protocols, Registries, Validators, Evidence rules |
+---------------------------------------+----------------------------------------+
|
| emits candidate work packet
v
+--------------------------------------------------------------------------------+
| Candidate Cortex Work Packet |
| route, authority basis, repo scope, allowed paths, forbidden actions, risk, |
| success criteria, evidence expectations, approval policy |
+--------------------------+-----------------------------------------------------+
|
v
+--------------------------------------------------------------------------------+
| Hermes CTO Profile |
| task contract, backend selection, risk gates, JP escalation, status |
+--------------------------+-----------------------------+--------------------+
| |
| invokes adapter | emits events
v v
+------------------------------------------------+ +----------------------------+
| CTO Harness | | Hermes WebUI |
| validates backend conformance | | control and replay surface |
+--------------------+---------------------------+ +----------------------------+
|
v
+--------------------------------------------------------------------------------+
| Case Backend |
| scout -> implementer -> verifier -> reviewer -> closer -> retrospective |
+--------------------------+-----------------------------------------------------+
|
v
+--------------------------------------------------------------------------------+
| Target Repository |
| bounded mutation through PR, diff, logs, tests, review, and evidence |
+--------------------------------------------------------------------------------+
```
## Execution Rule
Case is the candidate CTO execution backend, not the CTO authority layer.
The first integration target should be:
```text
cto/harness/runner/case-engine.sh
```
The adapter must map:
```text
Candidate Cortex Work Packet -> Case task file
Case events/logs -> CTO event envelope
Case result -> CTO Harness evidence packet
```
## Preserve From Existing CTO Work
- CTO event vocabulary.
- Approval gates.
- Task contract shape.
- Runtime artifact directory discipline.
- Allowed-path validation.
- Health, status, and WebUI summary commands.
- Fake deterministic cases.
- Codex and Pi comparative lanes.
## Decision Candidate
Adopt Case as the leading candidate default real-repo code-change backend for CTO after proof.
Keep the existing CTO harness as the adapter and compliance test surface.
## Default Eligibility Gate
Case is not default until adapter validation, harness parity, allowed-path proof, approval-gate proof, source admission, failure-mode fixtures, artifact hashes, and staged execution evidence pass.
## Candidate Term Notice
Candidate Cortex Work Packet is not a promoted Core object class. Until Core promotes it, use existing PRD, SOT Issue, task contract, and case contract language.
## Open Questions
- Which Case task fields map directly to Candidate Cortex Work Packet fields?
- Which Case events need normalization into CTO event envelopes?
- Where should Case runtime artifacts be stored for child-local evidence?
- Which approval gates stay in Hermes WebUI versus Case?
- What focused validator proves Case adapter compliance without claiming Core promotion?
## Non-Authority Notice
This brief is child-local planning. It does not promote Case, Hermes CTO, or the CTO harness into Core authority.
.sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-ISSUES.md
+164
View File
@@ -0,0 +1,164 @@
---
name: cto-case-candidate-backend-issues
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local issue sequence for evaluating Case as a candidate CTO backend without granting Core authority.
---
# CTO Case Candidate Backend Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Issue Sequence
### CTO-WORK-003 - Planning Validator Coverage
Type: AFK
Blocked by: CTO-WORK-002
User stories covered: 1, 5, 6, 12
What to build: Extend child-local validation so the CTO workspace cannot pass planning validation if the PRD or this issue artifact is missing, stale, or authority-drifting.
Acceptance criteria:
- [ ] `validate_cto_child.py` requires the PRD and issue artifact.
- [ ] Validator checks `core_promotion_status: not-promoted` on PRD and issue artifact.
- [ ] Validator checks local-planning disclaimer on PRD and issue artifact.
- [ ] Validator checks candidate-backend wording and rejects a plain default-backend claim.
- [ ] Validator checks `WORKBOARD.yaml` contains PRD and issue entries.
- [ ] Validation remains planning-only and does not claim backend readiness.
Allowed files: CTO child workspace planning docs and local validator only.
Validator: `python3 tools/validate_cto_child.py`
Done evidence: validator JSON, clean worktree, commit.
### CTO-WORK-004 - Harness Evidence Interface Contract
Type: AFK
Blocked by: CTO-WORK-003
User stories covered: 4, 9, 10, 11
What to build: Define the stable Harness Evidence Interface that any Case adapter must satisfy before execution work starts.
Acceptance criteria:
- [ ] Contract names exact required artifacts: `report.json`, `report.md`, `events.normalized.jsonl`, `patch.diff`, `test.log`, `trace.jsonl`, and backend raw logs.
- [ ] Contract names required `report.json` fields: run start, run end, backend exit code, changed files, blockers, pass/fail status, artifact paths, and digest manifest.
- [ ] Contract requires SHA-256 digests and freshness proof.
- [ ] Contract defines fail-closed semantics and nonzero exit behavior.
- [ ] Contract defines approval events: `approval.requested`, `approval.granted`, `approval.denied`.
Allowed files: CTO child workspace planning docs only.
Validator: `python3 tools/validate_cto_child.py`
Done evidence: contract artifact, validator JSON, clean worktree, commit.
### CTO-WORK-005 - Case Source Admission Record
Type: AFK
Blocked by: CTO-WORK-003
User stories covered: 1, 12, 13
What to build: Define and record the source admission shape required before any non-artificial Case run.
Acceptance criteria:
- [ ] Source admission fields include source URL, pinned commit or tag, license note, retrieval date, retrieval command, integrity hash or source-lock reference, allowed execution mode, and protected-source boundary.
- [ ] Source update rule records previous and new source IDs.
- [ ] Source admission remains child-local and does not mutate vendor source.
- [ ] Validator checks the planning artifact exists before later Case adapter candidacy.
Allowed files: CTO child workspace planning docs and local validator only.
Validator: `python3 tools/validate_cto_child.py`
Done evidence: source admission artifact, validator JSON, clean worktree, commit.
### CTO-WORK-006 - Case Adapter Contract And Eligibility Decision
Type: AFK
Blocked by: CTO-WORK-004, CTO-WORK-005
User stories covered: 3, 4, 8, 10
What to build: Define the Case adapter contract and CTO Eligibility Decision without implementing real backend execution.
Acceptance criteria:
- [ ] Contract requires `case` to be registered as a gated engine before execution.
- [ ] Contract requires the harness to accept `--engine case` only when explicitly enabled.
- [ ] Contract prevents a parallel runner path outside the existing harness seam.
- [ ] Eligibility Decision records selected backend, denied backends, risk class, required gates, allowed mutation mode, reasons, and escalation path.
- [ ] Case may recommend but cannot approve itself or select its own authority.
Allowed files: CTO child workspace planning docs only.
Validator: `python3 tools/validate_cto_child.py`
Done evidence: adapter contract artifact, validator JSON, clean worktree, commit.
### CTO-WORK-007 - Case Failure Fixture Matrix
Type: AFK
Blocked by: CTO-WORK-004, CTO-WORK-006
User stories covered: 8, 9, 11, 13
What to build: Define the required failure fixtures for later Case adapter testing.
Acceptance criteria:
- [ ] Matrix includes no diff, disallowed file, failed tests, missing test command, missing event, reviewer reject, approval denied, timeout, dirty starting tree, dirty ending tree, artifact write failure, and provider unavailable.
- [ ] Each row names expected blocker reason, normalized event, report status, and exit behavior.
- [ ] Each row maps to the Harness Evidence Interface.
- [ ] Matrix is planning-only and does not run Case.
Allowed files: CTO child workspace planning docs only.
Validator: `python3 tools/validate_cto_child.py`
Done evidence: failure matrix artifact, validator JSON, clean worktree, commit.
### CTO-WORK-008 - Staged Proof Gate Records
Type: AFK
Blocked by: CTO-WORK-004, CTO-WORK-006, CTO-WORK-007
User stories covered: 5, 7, 8, 9, 13
What to build: Define per-stage entry and exit records for Case candidate progression.
Acceptance criteria:
- [ ] Records cover gated engine, artificial fixture, copied repo fixture, disposable sandbox repo, owned noncritical repo, and candidate default.
- [ ] Each stage names allowed mutation scope, required artifacts, validator, failure modes, and promotion condition.
- [ ] Candidate default requires comparison against fake, Codex, and Pi where applicable.
- [ ] Records state that default status is earned, not assumed.
Allowed files: CTO child workspace planning docs only.
Validator: `python3 tools/validate_cto_child.py`
Done evidence: staged gate artifact, validator JSON, clean worktree, commit.
## Granularity Check
This sequence is intentionally planning-heavy. It avoids implementing Case until the evidence interface, source admission, adapter contract, failure matrix, and staged proof gates are explicit.
.sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md
+160
View File
@@ -0,0 +1,160 @@
---
name: cto-case-candidate-backend-prd
tier: local
status: draft
owner: jp
source: conversation
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local PRD for evaluating Case as the leading candidate backend for the Cortex OS CTO Product Surface.
---
# CTO Case Candidate Backend PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem Statement
JP wants a Cortex OS CTO Product Surface that can delegate code-change work without losing Cortex OS authority, Target Repository ownership, evidence quality, or human approval. The current CTO planning brief captures the strategic shape, but it is too easy to misread Case as an approved default backend. Case must instead earn candidate-default status through adapter proof, source admission, validator coverage, and staged execution evidence.
## Solution
Make Case the leading Case Candidate Backend behind the CTO Harness seam. Cortex OS remains the authority layer. Hermes remains the planned control and visualization surface. The CTO Product Surface interprets risk, selects eligible backends, and escalates when needed. The CTO Harness owns the Harness Evidence Interface and proves backend conformance. Case may execute only as a gated adapter that emits normalized evidence.
The first valuable outcome is not real-repo automation. The first valuable outcome is a Core-compliant, child-local PRD and issue sequence that prevents false authority claims while defining the minimum proof path for Case.
## User Stories
1. As JP, I want Cortex OS to remain the authority layer, so that backend execution cannot override Core SOT, lifecycle, or promotion rules.
2. As JP, I want planned Hermes control and replay after a routed WebUI Product Panel contract, so that I can later supervise CTO execution without reading raw backend logs.
3. As JP, I want CTO to interpret risk and backend eligibility, so that Case does not decide its own authority.
4. As JP, I want the CTO Harness to own evidence validation, so that every backend is compared through one stable interface.
5. As JP, I want Case treated as a candidate default, so that default status is earned by proof rather than assumed by enthusiasm.
6. As a future agent, I want exact authority wording, so that I do not promote Case, Hermes, or CTO behavior into Core accidentally.
7. As a future agent, I want a staged proof sequence, so that real-repo mutation is not attempted before artificial and sandbox evidence exists.
8. As a Target Repository owner, I want allowed-path and forbidden-action controls, so that code changes stay bounded.
9. As a reviewer, I want artifact hashes and normalized events, so that success claims can be checked independently.
10. As a maintainer, I want raw backend logs kept behind the Harness Evidence Interface, so that Case internals do not leak into Hermes or Core.
11. As a maintainer, I want failure modes specified, so that no-diff, failed tests, disallowed writes, missing events, rejected reviews, denied approvals, timeouts, and dirty worktrees fail closed.
12. As a Core reviewer, I want source admission for Case, so that source URL, pinned version, license note, and source lock exist before real-repo execution.
13. As JP, I want the Target Repository to stay owned and protected, so that vendors and external developers do not lose control of their source.
## Implementation Decisions
- Case is the Case Candidate Backend, not Cortex OS authority.
- CTO Harness owns the Harness Evidence Interface. Case supplies logs and results; the harness normalizes and validates them.
- CTO owns backend eligibility. Case must not decide whether it is allowed to run.
- Hermes may become the visual control surface after a routed WebUI Product Panel contract. This PRD does not authorize new WebUI Runtime behavior.
- Candidate Cortex Work Packet is an unpromoted term. Until Core promotes it, use existing PRD, SOT Issue, task contract, and case contract language.
- The first implementation seam is the existing harness engine seam. Case should be added as a gated backend adapter only after a child-local issue defines its contract.
- Case adapter output must preserve the existing harness evidence shape: report, normalized events, patch, test log, trace, changed files, blockers, and backend-specific raw logs under a backend artifact directory.
- Default eligibility requires staged proof: gated Case engine, artificial fixture, copied repo fixture, disposable sandbox repo, owned noncritical repo, then candidate default.
- Real-repo mutation is default-denied. It requires clean worktree policy, allowed paths, forbidden actions, branch policy, approval event, no direct push unless explicitly allowed, no secret reads, and no vendor-source edits unless explicitly allowed.
- Case may recommend; CTO Harness records; Hermes or operator approval is the only human approval signal. No merge, push, deploy, close, or real-repo mutation is allowed without explicit task-contract permission.
- The CTO Product Surface must emit an Eligibility Decision before selecting a backend. The decision records selected backend, denied backends, risk class, required gates, allowed mutation mode, reasons, and escalation path.
## Harness Evidence Interface Requirements
The Case adapter is not accepted until it preserves the existing CTO Harness seam:
- `case` is registered as a gated engine.
- The harness accepts `--engine case` without creating a parallel runner path.
- `case-engine.sh` is gated by explicit environment or configuration.
- Each run writes `report.json`, `report.md`, `events.normalized.jsonl`, `patch.diff`, `test.log`, and `trace.jsonl`.
- Backend-specific raw logs live under a backend artifact directory.
- `report.json` records run start, run end, backend exit code, changed files, blockers, pass/fail status, and artifact paths.
- `report.json` records SHA-256 digests for `report.json`, `events.normalized.jsonl`, `patch.diff`, `test.log`, `trace.jsonl`, and raw backend logs.
- Digest evidence includes freshness proof by comparing run start time with artifact write time or check time.
- Required approval events before live mutation are `approval.requested`, `approval.granted`, and `approval.denied`. Denial is terminal and fail-closed.
- Fail-closed states produce a blocker reason, normalized event, report status, and nonzero exit where appropriate.
## Source Admission Requirements
Before any non-artificial Case run, a source admission record must exist with:
- source URL;
- pinned commit or tag;
- license note;
- retrieval date;
- retrieval command;
- integrity hash or source-lock reference;
- allowed execution mode;
- protected-source boundary;
- previous and new source IDs when the pinned Case version changes.
Changing the pinned Case source requires rerunning adapter fixtures and recording previous and new source IDs in evidence.
## Staged Proof Gates
| Stage | Allowed mutation scope | Required exit evidence | Promotion condition |
| --- | --- | --- | --- |
| Gated Case engine | none | gated engine registration, default-deny proof, no-op preflight report | Harness accepts `--engine case` only when explicitly enabled |
| Artificial fixture | copied artificial case only | full Harness Evidence Interface, allowed-write proof, hash proof | matches existing fake fixture behavior |
| Copied repo fixture | copied local repository fixture only | clean start/end proof, diff proof, tests, failure fixtures | no source repo mutation |
| Disposable sandbox repo | disposable repository only | branch policy, approval event, failure matrix | no hidden mutation, fail-closed behavior |
| Owned noncritical repo | explicitly owned low-risk repository | source admission, approval, allowed paths, replayable evidence | operator accepts bounded proof |
| Candidate default | scoped real-repo use only | comparison against fake/Codex/Pi where applicable | matches or beats existing lanes on report shape, event validity, allowed-path compliance, failure closure, and artifact completeness |
## Failure-Mode Matrix
Later adapter work must include fixtures for: no diff, disallowed file, failed tests, missing test command, missing event, reviewer reject, approval denied, timeout, dirty starting tree, dirty ending tree, artifact write failure, and provider unavailable.
## Acceptance Criteria
- The PRD states that Case is a candidate backend and not Cortex OS authority.
- The PRD defines Cortex, Hermes, CTO, Harness, Case, and Target Repository responsibilities without authority drift.
- The PRD names the CTO Harness as owner of the evidence interface.
- The PRD includes staged proof before default eligibility.
- The PRD requires source admission before real-repo Case execution.
- The PRD requires allowed-path, approval-gate, failure-mode, and artifact-hash proof.
- The PRD defines the Harness Evidence Interface with exact artifacts, digest requirements, approval events, and fail-closed behavior.
- The PRD defines source admission fields and source-lock update behavior.
- The PRD defines staged proof gates with allowed mutation scope, exit evidence, and promotion conditions.
- A child-local issue artifact exists, is linked from `WORKBOARD.yaml`, and each issue maps to one or more PRD acceptance criteria.
- Fake remains the default validation lane. Case candidate status requires comparison against existing fake, Codex, and Pi lanes where applicable rather than replacing them.
- The PRD does not authorize Runtime behavior, WebUI Product behavior, Core promotion, real-repo mutation, merge, deploy, push, or vendor-source mutation.
- Local CTO validation remains green after adding PRD and issue artifacts.
## Validation
- Run `python3 tools/validate_cto_child.py` for the child-local workspace.
- Run focused review against the PRD for Core-compliance, architecture fit, missing constraints, testability, and sequence.
- Before merge, inspect the sandcastle worktree status and the target `cto` worktree status.
- After merge, run `python3 tools/validate_cto_child.py` in the registered `cto` child workspace.
## Risks
- Case default language could create false product-readiness.
- A shallow Case adapter could leak Case lifecycle details into Hermes and Core.
- A weak validator could prove words instead of backend safety.
- Real-repo mutation could outrun artificial, copied, and sandbox proof.
- Case source could drift without pinned source admission.
- Duplicate approval gates between Hermes and Case could create false safety.
## Dependencies
- Existing CTO child workspace registration.
- Existing CTO Harness evidence discipline in Hermes.
- Source admission details for Case.
- Later child-local adapter contract and validator.
- Later governed Core route before promotion.
## Success Definition
The CTO Product Surface has a Core-compliant planning path for evaluating Case as a candidate backend while preserving governance, observability, reversibility, evidence, allowed-path control, and JP approval. No default backend claim exists until the staged proof sequence passes.
## Out of Scope
- Implementing `case-engine.sh`.
- Running Case against a real repository.
- Promoting any CTO artifact into Core.
- Adding WebUI Product behavior.
- Merging, deploying, pushing, or closing PRs.
- Mutating vendor source or external developer repositories.
- Replacing Pi, Codex, or existing fake comparative lanes.
## Further Notes
Keep fake as the default validation lane until Case earns candidate-default status. Keep Codex and Pi comparative lanes so Case can be measured rather than trusted.
.sot/03-PROTOCOLS/CTO-CASE-FAILURE-FIXTURE-MATRIX.md
+75
View File
@@ -0,0 +1,75 @@
---
name: cto-case-failure-fixture-matrix
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local failure fixture matrix for later Case adapter fail-closed testing.
---
# CTO Case Failure Fixture Matrix
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Purpose
Define the required failure fixtures for later Case adapter testing before any executable Case integration exists.
This matrix turns failure-mode language into concrete expected evidence. It prevents the future adapter from proving only the happy path.
## Non-Authority Notice
This matrix does not authorize Runtime behavior, WebUI Product behavior, Case execution, real-repo mutation, merge, deploy, push, close, vendor-source mutation, external developer repository mutation, or Core promotion.
## Matrix Rules
- Each row maps to the CTO Harness Evidence Interface.
- Each row must produce `report.json`, `events.normalized.jsonl`, `patch.diff`, `test.log`, and `trace.jsonl` when implemented.
- Each row must produce `artifact_digests` and freshness proof when implemented.
- Each row must record a blocker reason in `report.json`.
- Each row must emit a normalized event when the failure class has one.
- Each row must fail closed with `status` set to `fail` or `blocked`.
- Each row must use nonzero exit behavior when the adapter contract marks the failure executable.
- This matrix is planning-only and does not run Case.
## Required Failure Fixtures
| Fixture | Trigger | Expected blocker reason | Normalized event | Report status | Exit behavior | Evidence mapping |
| --- | --- | --- | --- | --- | --- | --- |
| no-diff | Backend reports success but no source diff exists when a diff is required. | `no_diff` | `git.diff.checked` | `fail` | nonzero | `patch.diff` exists and is empty; `changed_files` is empty; `blockers` includes `no_diff`. |
| disallowed-file | Backend changes a path outside `allowed_paths`. | `disallowed_file_change` | `git.diff.checked` | `fail` | nonzero | `changed_files` lists offending path; `allowed_writes_passed` is `false`; `patch.diff` captures the change. |
| failed-tests | Verification command exits nonzero. | `verification_failed` | `verification.completed` | `fail` | nonzero | `test.log` captures failing command output; `verification` records command and nonzero exit. |
| missing-test-command | Task contract requires verification but no command is available. | `missing_test_command` | `verification.completed` | `blocked` | nonzero | `test.log` states no command was available; `verification` records missing command. |
| missing-event | Required normalized event is absent or out of order. | `missing_required_event` | `run.completed` | `fail` | nonzero | `events.normalized.jsonl` is present; validator identifies missing or out-of-order event. |
| reviewer-reject | Case reviewer rejects the result. | `reviewer_rejected` | `verification.completed` | `blocked` | nonzero | backend raw logs record reviewer rejection; normalized evidence records blocked result without approving mutation. |
| approval-denied | Human approval is required and denied. | `approval_denied` | `approval.denied` | `blocked` | nonzero | approval event records actor, scope, mutation mode, timestamp, and denial. |
| timeout | Backend or verification exceeds configured timeout. | `timeout` | `run.completed` | `blocked` | nonzero | `trace.jsonl` records timeout point; `report.json` records timeout blocker. |
| dirty-starting-tree | Target repository is dirty before backend work starts when clean start is required. | `dirty_starting_tree` | `task.contract.created` | `blocked` | nonzero | `trace.jsonl` records preflight failure; no mutation occurs. |
| dirty-ending-tree | Run leaves untracked or unintended dirty state after checks. | `dirty_ending_tree` | `run.completed` | `fail` | nonzero | `trace.jsonl` records ending state check; `report.json` names dirty paths. |
| artifact-write-failure | Required artifact cannot be written. | `artifact_write_failure` | `run.completed` | `fail` | nonzero | `report.json` may be partial only if write failure happens after report creation; trace records failed artifact path. |
| provider-unavailable | Backend provider, model, CLI, or dependency is unavailable. | `provider_unavailable` | `run.completed` | `blocked` | nonzero | backend raw logs record provider failure; no source mutation occurs. |
## Acceptance Rule
A future Case adapter cannot progress to staged proof until these fixture classes have expected evidence defined in the adapter validator.
The first executable implementation may start with a subset only if the staged proof gate explicitly marks the remaining rows as blocked and not accepted for default candidacy.
## Validator Expectations
Current validation is planning-only and checks this matrix exists with required rows.
Later adapter validation must execute or simulate each row and verify:
- blocker reason;
- normalized event;
- report status;
- exit behavior;
- required artifact presence;
- digest presence;
- freshness proof;
- no hidden source mutation.
.sot/03-PROTOCOLS/CTO-CASE-LOCAL-PROVIDER-ROUTE-ISSUES.md
+56
View File
@@ -0,0 +1,56 @@
---
title: CTO Case Local Provider Route Issues
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Local Provider Route Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## CTO-WORK-021 - Case-Compatible Local Provider Adapter Route PRD
Status: validated.
Register the local-provider adapter route as the autonomous option if `CTO-WORK-020` is resolved with `decision_status=local_provider_required`.
Acceptance:
- States that this route applies only when `decision_status=local_provider_required`.
- Requires provider class `local_case_compatible`.
- Uses `CTO-WORK-020` admission JSON gate as authority instead of redefining admission.
- Requires `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE`.
- Requires no external fallback to `anthropic` or `claude-sonnet-4-6`.
- Requires negative gates for missing local adapter config, admission JSON mismatch, and `decision_status != local_provider_required`.
- Completion of this route does not admit a provider/model and does not change `CTO-WORK-020` status.
- Keeps `CTO-WORK-020` blocked until admitted provider/model and real Case Stage 2 pass evidence exist.
- Does not approve or implement any provider.
## CTO-WORK-022 - Case-Compatible Local Provider Adapter Route
Status: blocked.
Build or supply one Case-compatible local provider adapter path only after the decision record selects `local_provider_required`.
Acceptance:
- Decision record has `decision_status=local_provider_required`.
- Provider class is `local_case_compatible`.
- Provider/model admission remains owned by `CTO-WORK-020`.
- Missing local adapter config blocks before `case_process_started`.
- Admission JSON mismatch blocks before `case_process_started`.
- External provider fallback blocks before `case_process_started`.
- Harness report proves `case_model_provider`, `case_model`, and `case_model_admission_status`.
- Harness report proves no fallback to `anthropic` or `claude-sonnet-4-6`.
- No secret is written to SOT, argv, task file, backend logs, report, trace, generated config, or commit.
- Real Case Stage 2 produces a pass report only through the Harness Evidence Interface.
Blocked by:
- `CTO-WORK-020` decision record selecting `local_provider_required`.
- A Case-compatible local provider adapter implementation or supplied local provider endpoint.
.sot/03-PROTOCOLS/CTO-CASE-LOCAL-PROVIDER-ROUTE-PRD.md
+77
View File
@@ -0,0 +1,77 @@
---
title: CTO Case Local Provider Route PRD
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Local Provider Route PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem Statement
`CTO-WORK-020` remains blocked until a provider policy decision exists. If the decision is `local_provider_required`, Cortex CTO needs a narrow route for a Case-compatible local model provider before real Case Stage 2 can run without external provider approval.
## Solution
Define a child-local Case-compatible local provider adapter route. This route does not select a provider, does not implement a provider, and does not admit a provider/model. It uses the existing `CTO-WORK-020` admission JSON gate as authority.
## Scope
- Apply only when `decision_status=local_provider_required`.
- Require provider class `local_case_compatible` only through the `CTO-WORK-020` decision record.
- Require compatibility with WorkOS Case model configuration through the existing `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` gate.
- Require the existing Hermes admitted-pair gate to remain the execution gate.
- Require the adapter path to prove no external provider fallback.
- Require missing local adapter config to block before `case_process_started`.
- Require admission JSON mismatch to block before `case_process_started`.
- Require `decision_status != local_provider_required` to block route execution.
- Require Stage 2 to keep copied artificial fixture scope only.
- Require no Target Repository path exposure.
- No Target Repository path exposure.
- Require no secrets in SOT, argv, task file, report, trace, backend logs, generated config, or commits.
## Non-Goals
- Do not approve a local provider.
- Do not implement a provider adapter.
- Do not admit a provider/model.
- Do not approve Anthropic or any external provider.
- Do not run real Case Stage 2.
- Do not create a provider marketplace or registry.
- Do not change Hermes runtime behavior from this route.
- Do not treat Case as CTO authority.
## Acceptance Criteria
- A local provider adapter route references the `CTO-WORK-020` decision record and admission JSON gate instead of redefining admission fields.
- Completion of this route does not admit a provider/model and does not change `CTO-WORK-020` status.
- The route states that `CTO-WORK-020` remains blocked until admitted provider/model and real Case Stage 2 pass evidence exist.
- The route requires proof that Case used the admitted local provider/model from `CTO-WORK-020` and did not fall back to `anthropic` or `claude-sonnet-4-6`.
- The route requires `case_model_provider`, `case_model`, and `case_model_admission_status` in report evidence.
- The route requires `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE`, `CTO_HARNESS_CASE_MODEL_PROVIDER`, and `CTO_HARNESS_CASE_MODEL`.
- The route requires negative gates for missing local adapter config, admission JSON mismatch, and `decision_status != local_provider_required`.
- The route keeps fake as the default validation lane.
- The route keeps same-run fake baseline comparison required.
## Validation
- `python3 tools/validate_cto_child.py` validates this child-local route.
- Future Hermes focused validation must include `python3 harness/runner/validate-case-provider-adapter.py --harness-root harness --json`.
- Future real local provider validation must use the Harness Evidence Interface and copied artificial fixture Stage 2 only.
## Risks And Dependencies
- WorkOS Case may not support the intended local provider without additional adapter work.
- Local inference may still require credentials, endpoint configuration, or model serving state.
- Local model quality may fail Stage 2 even when the provider route is valid.
- A local provider route does not remove the need for an admission JSON and real pass report.
## Success Definition
If JP chooses `local_provider_required`, the next implementation route is explicit: build or supply one Case-compatible local provider adapter path, then use `CTO-WORK-020` to admit the exact provider/model pair before any real Case Stage 2 retry.
.sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md
+89
View File
@@ -0,0 +1,89 @@
---
title: CTO Case Model Provider Admission Issues
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Model Provider Admission Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## CTO-WORK-019 - Case Model Provider Admission PRD
Status: validated.
Extract the existing `CTO-WORK-018` harness gate into a first-class model provider admission route. This is the SOT route for deciding which provider/model pair may power real Case Stage 2.
Acceptance:
- Records observed fallback provider `anthropic`.
- Records observed fallback model `claude-sonnet-4-6`.
- Requires explicit admitted provider and exact model ID before real Case starts.
- Requires `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL` to match the admission record.
- Requires `backend/provider-model-not-admitted.txt` when admission is missing.
- Requires isolated `CASE_DATA_DIR/config.json` to contain admitted `models.default`.
- Requires negative gates for missing provider/model and unadmitted provider/model.
- Requires no secrets in task file, argv, report, trace, backend logs, SOT, or commits.
- Keeps Case as candidate execution backend, not CTO authority.
## CTO-WORK-020 - Admit Case Model Provider For Real Stage 2
Status: blocked.
Choose and admit the exact provider/model path for real Case Stage 2, then rerun Stage 2 through the Harness Evidence Interface.
Acceptance:
- Admission record names provider, exact model ID, credential source class, allowed network class, approval source, admission timestamp, review trigger, and evidence expectations.
- No provider/model is admitted by default.
- No secret is written to SOT, argv, task file, backend logs, report, trace, or commit.
- `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL` match the admission record.
- Missing or unadmitted provider/model blocks before `case_process_started`.
- Report records `case_model_provider`, `case_model`, and `case_model_admission_status`.
- Real Case Stage 2 produces a pass report only if the admitted provider/model was used.
- Same-run fake baseline comparison remains required.
- No Target Repository path is inspected or copied.
Blocked by:
- Human provider approval if an external provider such as Anthropic is selected.
- A Case-compatible local provider route if external providers are not approved.
## Hermes Implementation Evidence - 2026-05-31
- Hermes commit: `f39d8ab Require admitted Case model pair`.
- `f39d8ab` proves admission gating implementation only; it is not a real Case Stage 2 pass.
- The Hermes adapter now requires `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE`.
- Env provider/model is only the requested pair; the admission JSON is the authority.
- Missing admission blocks before `case_process_started`.
- Mismatched admission blocks before `case_process_started`.
- Report evidence records `case_model_provider`, `case_model`, and `case_model_admission_status`.
- Status vocabulary includes `admitted`, `missing_admission`, `mismatch`, `invalid_admission`, and `not_admitted`.
- Secret scan covers `report.json`, `report.md`, `trace.jsonl`, backend logs, Case stdout/stderr, and generated Case config.
- Focused validator passed: `python3 harness/runner/validate-case-provider-adapter.py --harness-root harness --json`.
- Aggregate validator passed: `harness/evals/health.sh --json`.
- Focused validator artifact: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T235421Z-r1-string-slugify-1875638`.
- Aggregate validator artifact: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T235448Z-r1-string-slugify-1876884`.
- `CTO-WORK-020` remains blocked until a provider/model is explicitly approved and real Case Stage 2 produces a pass report.
## CTO-WORK-020 Decision Record Template
This template belongs to `CTO-WORK-020`; it is not a new provider approval.
Required fields:
- `decision_status`: `not_decided`, `external_provider_approved`, or `local_provider_required`.
- `provider_class`: `external_anthropic` or `local_case_compatible`.
- `provider`: exact provider string, or empty while blocked.
- `model`: exact model string, or empty while blocked.
- `approval_source`: JP approval reference or governed Core route reference.
- `credential_source_class`: credential class only; no secret value.
- `allowed_network_class`: allowed network class for this provider.
- `review_trigger`: expiry, date, or condition that forces review.
- `evidence_sources`: references to existing admission/build evidence, not copied runtime evidence.
- `effect`: `CTO-WORK-020 remains blocked until admitted provider/model and real Stage 2 pass report exist`.
.sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-PRD.md
+128
View File
@@ -0,0 +1,128 @@
---
title: CTO Case Model Provider Admission PRD
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Model Provider Admission PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem Statement
`CTO-WORK-018` validated a harness gate that blocks missing model configuration, but the CTO route still needs a first-class admission record for the model provider itself. Evidence showed WorkOS Case silently defaulted to provider `anthropic` and model `claude-sonnet-4-6` when the harness did not write a model registry. That path is an unadmitted external model path for CTO proof.
## Solution
Extract the model provider decision into a child-local admission route. The route requires an explicit admitted provider/model pair, redacted credential policy, isolated Case config proof, negative gates, and real Stage 2 retry conditions before any real Case run can claim progress.
## Scope
- Admit only one named Case model provider and exact model ID at a time.
- Require admission before `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL` may be used for real Case.
- Preserve fail-closed behavior through `backend/provider-model-not-admitted.txt`.
- Require unadmitted provider/model blocks before `case_process_started`.
- Require the adapter to write admitted `models.default` into isolated `CASE_DATA_DIR/config.json`.
- Require provider evidence in `report.json`, backend logs, `trace.jsonl`, and artifact digests.
- Require secret-redaction evidence for task file, argv, report, trace, and backend logs.
- Keep Stage 2 mutation scope limited to copied artificial fixture only.
- Keep executable admission separate from model provider admission.
- Keep `ca run --task <task-file> --mode unattended` as the only real Case Stage 2 command shape.
- Preserve same-run fake baseline comparison.
## Non-Goals
- Do not approve Anthropic, Claude, local inference, or any other provider by default.
- Do not create a broad provider marketplace or registry abstraction.
- Do not store credentials in SOT, task files, argv, commits, reports, traces, or backend logs.
- Do not grant Case CTO authority.
- Do not authorize copied repo, sandbox repo, owned repo, default backend, WebUI product, or Core promotion behavior.
- Do not bypass the Harness Evidence Interface.
- Do not mutate Case source, Cortex Core, vendor source, or target repositories.
## Acceptance Criteria
- A model provider admission record names provider, exact model ID, credential source class, allowed network class, approval source, admission timestamp, and expiry or review trigger.
- Missing provider/model admission blocks before `case_process_started`.
- Unadmitted provider/model blocks before `case_process_started`.
- Missing credentials, unexpected fallback model, missing config write, or absent provider evidence blocks.
- Stage 2 report records `case_model_provider`, `case_model`, `case_model_admission_status`, `case_process_started`, `backend_exit_code`, `allowed_writes_passed`, `changed_files`, and `blockers`.
- Real Case Stage 2 cannot pass unless the report proves the admitted provider/model was used.
- Real Case Stage 2 remains blocked unless a pass report exists.
- Fake remains the default validation lane.
- Same-run fake baseline comparison remains required.
- No secrets appear in task file, argv, report, trace, backend logs, SOT, or commits.
## Validation
- `python3 tools/validate_cto_child.py` validates this child-local route.
- Hermes focused validation must include `python3 harness/runner/validate-case-provider-adapter.py --harness-root harness --json`.
- Required negative gates: missing provider/model blocks before `case_process_started`; unadmitted provider/model blocks before `case_process_started`; no secrets appear in task file, argv, report, trace, backend logs.
- Real provider validation must include `CTO_HARNESS_ALLOW_CASE=1 CTO_HARNESS_CASE_STAGE=2 CTO_HARNESS_CASE_BIN=<admitted-ca> CTO_HARNESS_CASE_MODEL_PROVIDER=<admitted-provider> CTO_HARNESS_CASE_MODEL=<admitted-model> harness/evals/run-case.sh r1-string-slugify --engine case --json`.
- Aggregate validation remains `harness/evals/health.sh --json` after focused gates pass.
## Risks And Dependencies
- Human approval may be required before any external provider is admitted.
- Local provider use may require a separate Case-compatible provider adapter or credentials path.
- Case defaults may change; model evidence must be read from actual run artifacts, not assumed from docs.
- Provider credentials may be unavailable in the current terminal.
- License status remains unresolved for broader execution modes.
## Success Definition
Real Case Stage 2 remains blocked until a named provider/model is admitted, then passes only when the Harness Evidence Interface proves the admitted provider/model executed the copied artificial fixture without forbidden writes, target inspection, fallback model use, or secret leakage.
## Current Evidence - 2026-05-31
- Existing gate: `CTO-WORK-018 - Case Model Provider Admission Gate`.
- Real Case defaulted to provider `anthropic` and model `claude-sonnet-4-6` without an explicit model registry.
- Runtime report path: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T234205Z-r1-string-slugify-1834617/report.json`.
- Hermes model gate commit: `4500082 Gate Case execution on admitted model`.
- Model gate variables: `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.
- Model gate marker: `backend/provider-model-not-admitted.txt`.
- Validator check: `model_provider_gate_blocks`.
## Hermes Implementation Evidence - 2026-05-31
- Hermes commit: `f39d8ab Require admitted Case model pair`.
- `f39d8ab` proves admission gating implementation only; it is not a real Case Stage 2 pass.
- Admission file variable: `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE`.
- Env provider/model is now a requested pair, not admission authority.
- The admission JSON is the authority for real Case Stage 2 model admission.
- The requested `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL` must match the admitted JSON provider and model.
- Admission status values: `admitted`, `missing_admission`, `mismatch`, `invalid_admission`, `not_admitted`.
- Missing admission and mismatched admission block before `case_process_started`.
- Stage 2 reports include `case_model_provider`, `case_model`, and `case_model_admission_status` for pass and blocked paths.
- Secret scan covers `report.json`, `report.md`, `trace.jsonl`, backend logs, Case stdout/stderr, and generated Case config.
- Focused Hermes validator passed: `python3 harness/runner/validate-case-provider-adapter.py --harness-root harness --json`.
- Post-merge Hermes aggregate validator passed: `harness/evals/health.sh --json`.
- Focused validator artifact: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T235421Z-r1-string-slugify-1875638`.
- Aggregate validator artifact: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T235448Z-r1-string-slugify-1876884`.
- `CTO-WORK-020` remains blocked because no real provider/model has been approved and no real Case Stage 2 pass report exists.
## Decision Record Template For CTO-WORK-020
This template clarifies the decision required by `CTO-WORK-020`; it does not approve a provider.
- `decision_status`: `not_decided`, `external_provider_approved`, or `local_provider_required`.
- `provider_class`: `external_anthropic` or `local_case_compatible`.
- `provider`: exact provider string, or empty while blocked.
- `model`: exact model string, or empty while blocked.
- `approval_source`: JP approval reference or governed Core route reference.
- `credential_source_class`: credential class only; no secret value.
- `allowed_network_class`: allowed network class for this provider.
- `review_trigger`: expiry, date, or condition that forces review.
- `evidence_sources`: references to existing admission/build evidence, not copied runtime evidence.
- `effect`: `CTO-WORK-020 remains blocked until admitted provider/model and real Stage 2 pass report exist`.
Allowed pending states:
- `not_decided`: no provider/model may run.
- `local_provider_required`: no external provider may run; create a Case-compatible local provider route first.
- `external_provider_approved`: may proceed only when the approval source, credential source class, allowed network class, and admission JSON are recorded.
.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-ADMISSION-ISSUES.md
+53
View File
@@ -0,0 +1,53 @@
---
title: CTO Case Provider Admission Issues
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Provider Admission Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## CTO-WORK-013 - Case Provider Admission PRD
Status: validated.
Register the provider-admission product requirement that separates discovery evidence from executable admission.
Acceptance:
- Records WorkOS Case source as `https://github.com/workos/case.git`.
- Records pinned commit `7959ac917cdeb0983b4aaa20bb9f42021747fed8`.
- Records that the CLI binary is `ca`.
- Records that `case` on public npm is not WorkOS Case.
- Records that Bun and `bun run build:binary` are required for `dist/ca`.
- Records that Stage 2 must use `ca run --task <task-file>`.
## CTO-WORK-014 - Hermes Case CLI Task Adapter Route
Status: validated.
Implement the smallest Hermes CTO harness change that converts the Stage 2 artificial fixture contract into a Case task file and invokes the admitted Case provider with the correct command shape.
Acceptance:
- `CTO_HARNESS_CASE_BIN` points to an admitted `ca` executable.
- Stage 2 invokes `ca run --task <task-file>`.
- The adapter does not pass a raw prompt as argv.
- Missing provider, wrong provider, wrong command shape, or wrong task contract blocks.
- The Stage 2 pass report is produced only by real Case execution.
- Provider-unavailable fail-closed behavior remains tested.
- No Target Repository path is inspected or copied.
## Validation Evidence - 2026-05-31
- Hermes commit: `5d04515 Add Stage 2 Case task adapter contract`.
- Adapter writes Case task state for the copied artificial fixture and invokes `ca run --task <task-file> --mode unattended`.
- `validate-case-provider-adapter.py` passed with a local test double for command shape and task contract.
- `harness/evals/health.sh --json` passed after merge and includes `case_provider_adapter.passed: true`.
- `validate-case-stage2.py` remains blocked without an admitted real Case provider; this is expected and preserves fail-closed behavior.
.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-ADMISSION-PRD.md
+67
View File
@@ -0,0 +1,67 @@
---
title: CTO Case Provider Admission PRD
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Provider Admission PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Purpose
Unblock Stage 2 by admitting a real WorkOS Case executable through a governed provider route, without treating Case as Cortex authority and without mutating any target repository.
## Current Evidence
- Source repo: `https://github.com/workos/case.git`.
- Pinned source commit: `7959ac917cdeb0983b4aaa20bb9f42021747fed8`.
- Package name: `case`.
- Package status: `private: true`.
- Public npm package `case` is not WorkOS Case.
- Case CLI binary name is `ca`, because `case` is a shell reserved word.
- Case setup requires Bun.
- Case standalone executable is produced by `bun run build:binary` as `dist/ca`.
- Case task execution uses `ca run --task <task-file>` or `ca session <repo-path> --task <task-file>`.
## Problem
The Hermes CTO harness has a provider-unavailable failure path, but it does not yet have an admitted durable Case provider. `CTO_HARNESS_CASE_BIN` alone is insufficient if the adapter passes a raw prompt as argv. WorkOS Case expects a task file and a Case command shape, not an arbitrary prompt string.
## Product Requirement
Create a provider admission route that proves the exact executable, command contract, and task contract before Stage 2 can pass.
## Required Contract
- The provider path must be explicit and durable; `/tmp` clones are discovery evidence only.
- The provider must be pinned to `7959ac917cdeb0983b4aaa20bb9f42021747fed8` or a later recorded pin.
- The provider must identify itself as WorkOS Case, not the unrelated npm package.
- The adapter must call `ca run --task <task-file>` for Stage 2 artificial fixture work.
- The adapter must not pass the task brief as a raw positional prompt.
- The task file must contain no Target Repository path for Stage 2.
- The run must preserve `Stage 2 allowed mutation scope is copied artificial case only`.
- Missing Bun, missing `dist/ca`, wrong commit, wrong command shape, or wrong task file means blocked.
- Case may execute only inside the Harness Evidence Interface.
- Case may recommend. Case must not approve itself.
## Acceptance Evidence
- Provider admission report records executable path, source URL, pinned commit, build command, binary digest, and command shape.
- Stage 2 pass report exists only after a real `ca run --task <task-file>` execution.
- Provider-unavailable report remains available and fail-closed.
- Fake remains the default validation lane.
- No Cortex Core, Case source, vendor source, or Target Repository file is mutated.
## Explicit Non-Goals
- Do not vendor Case source into Cortex OS Core.
- Do not install or use the unrelated npm `case` package.
- Do not skip Stage 2.
- Do not authorize copied repo, sandbox repo, owned repo, default backend, WebUI product, or Core promotion behavior.
- Do not treat Case as CTO authority.
.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-BUILD-ISSUES.md
+109
View File
@@ -0,0 +1,109 @@
---
title: CTO Case Provider Build Issues
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Provider Build Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## CTO-WORK-015 - Durable Case Provider Build PRD
Status: validated.
Register the provider build route that separates source discovery from executable admission.
Acceptance:
- Records WorkOS Case source `https://github.com/workos/case.git`.
- Records pinned commit `7959ac917cdeb0983b4aaa20bb9f42021747fed8`.
- Records local build dependency status: Node `v20.19.5` present, Bun missing.
- Requires `bun run build:binary` to produce `dist/ca` before real Stage 2 can pass.
- Requires SHA-256 digest for admitted `dist/ca`.
- Keeps `/tmp` clone as discovery evidence only.
## CTO-WORK-016 - Real Case Provider Stage 2 Run
Status: blocked.
Build or supply a durable admitted WorkOS Case `ca` executable, then run the existing Hermes CTO Stage 2 artificial fixture through real Case.
Acceptance:
- Bun is available, or a durable admitted `dist/ca` path is supplied with source pin and digest.
- `CTO_HARNESS_CASE_BIN` points to the admitted `ca` executable.
- Stage 2 invokes `ca run --task <task-file> --mode unattended`.
- Real Case execution produces a Stage 2 pass report through the Harness Evidence Interface.
- Provider-unavailable fail-closed behavior remains tested.
- Fake remains the default validation lane.
- No Target Repository path is inspected or copied.
Blocked by:
- Missing local `bun` executable, unless a prebuilt admitted `dist/ca` is supplied.
## Provider Build Evidence - 2026-05-31
- Reversible Bun bootstrap succeeded under `/tmp/cto-bun`; no global Bun install was required.
- `/tmp/workos-case` source pin remained `7959ac917cdeb0983b4aaa20bb9f42021747fed8`.
- `bun run build:binary` produced `/tmp/workos-case/dist/ca`.
- Built binary digest: `9811f870af2f85616e359d42ba70566c9af08ca20d8660456929a56ec761513f`.
- `/tmp/workos-case/dist/ca --help` identified the executable as Case `ca`.
- `/tmp/workos-case` remains discovery/build evidence only because build modified `src/generated/package-assets.ts`.
- Real Stage 2 run with `CTO_HARNESS_CASE_BIN=/tmp/workos-case/dist/ca` hung and was terminated. It created artifact directory `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T233721Z-r1-string-slugify-1814067` without `report.json`.
- `CTO-WORK-016` remains blocked because no real Case Stage 2 pass report exists.
## CTO-WORK-017 - Case Provider Timeout Fail-Closed Route
Status: validated.
Harden the Hermes CTO Case adapter so a hung real Case provider fails closed with normal evidence instead of leaving an orphan artifact directory without `report.json`.
Acceptance:
- Case provider execution is bounded by `CTO_HARNESS_CASE_TIMEOUT_SECONDS`.
- Timeout writes `backend/provider-timeout.txt`.
- Timeout still emits `report.json` through the Harness Evidence Interface.
- `validate-case-provider-adapter.py` checks a sleeping provider path.
- `harness/evals/health.sh --json` passes after merge and includes `provider_timeout_fail_closed`.
- This does not mark real Case Stage 2 as passed.
Validation Evidence:
- Hermes commit: `d23c492 Fail closed on Case provider timeout`.
- Post-merge `harness/evals/health.sh --json` passed.
## Real Provider Runtime Evidence - 2026-05-31
- Real Case Stage 2 run with `/tmp/workos-case/dist/ca` and `CTO_HARNESS_CASE_TIMEOUT_SECONDS=8` produced report `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T234205Z-r1-string-slugify-1834617/report.json`.
- Case started provider `anthropic` with model `claude-sonnet-4-6`.
- Adapter-generated `backend/case-data/config.json` contained no model registry, so Case used its built-in default model.
- The run timed out before patch application; tests failed because `strings.py` was unchanged.
- This is an unadmitted external model path for CTO harness proof and must be blocked before Case process start.
## CTO-WORK-018 - Case Model Provider Admission Gate
Status: validated.
Harden the Hermes CTO Case adapter so real Case execution cannot silently fall back to its built-in Anthropic default model.
Acceptance:
- Real Case execution requires `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.
- Missing model admission writes `backend/provider-model-not-admitted.txt`.
- Missing model admission blocks before `case_process_started`.
- Adapter writes `models.default` into isolated `CASE_DATA_DIR/config.json`.
- `validate-case-provider-adapter.py` checks `model_provider_gate_blocks`.
- `harness/evals/health.sh --json` passes after merge.
- This does not mark real Case Stage 2 as passed.
Validation Evidence:
- Hermes commit: `4500082 Gate Case execution on admitted model`.
- Post-merge `harness/evals/health.sh --json` passed.
.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-BUILD-PRD.md
+93
View File
@@ -0,0 +1,93 @@
---
title: CTO Case Provider Build PRD
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Provider Build PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem Statement
Stage 2 now has a validated Case task adapter, but it still cannot complete with real WorkOS Case because no durable admitted `ca` executable exists. Discovery found Node `v20.19.5`, no local `bun` executable, no `dist/ca`, no PATH `ca`, and a pinned WorkOS Case source checkout at commit `7959ac917cdeb0983b4aaa20bb9f42021747fed8` under `/tmp`, which is discovery evidence only.
## Solution
Create a governed provider build and admission route that can produce or accept a durable WorkOS Case `ca` executable, record its source pin and SHA-256 digest, and then allow the Hermes CTO harness to run Stage 2 with `CTO_HARNESS_CASE_BIN` only after identity and command-shape checks pass.
## Scope
- Build or admit WorkOS Case from `https://github.com/workos/case.git` at pinned commit `7959ac917cdeb0983b4aaa20bb9f42021747fed8` or a later recorded pin.
- Require Bun before `bun install` or `bun run build:binary` can run.
- Record the resulting `dist/ca` path and SHA-256 digest.
- Prove the executable is WorkOS Case, not the unrelated npm `case` package.
- Run Stage 2 through the existing Hermes CTO Harness Evidence Interface.
- Preserve `ca run --task <task-file> --mode unattended` as the only Stage 2 command shape.
- Require the task file to expose only copied artificial fixture inputs, allowed paths, forbidden actions, verification command, and evidence expectations.
## Non-Goals
- Do not vendor Case source into Cortex OS Core.
- Do not install or use the unrelated public npm `case` package.
- Do not mutate vendor source.
- Do not skip Stage 2.
- Do not authorize copied repo, sandbox repo, owned repo, default backend, WebUI product, or Core promotion behavior.
- Do not treat Case as CTO authority.
## Acceptance Criteria
- Provider build report records source URL, pinned commit, build command, `dist/ca` path, binary digest, Node version, Bun version, and build timestamp.
- Missing Bun blocks before build; it does not degrade to warning.
- Missing `dist/ca`, wrong source commit, wrong provider identity, non-executable binary, missing credentials, wrong command shape, or wrong task contract blocks.
- Current Hermes source admission status remains `not_admitted` until the provider build report is recorded.
- Stage 2 with `CTO_HARNESS_CASE_BIN=<admitted-ca>` produces a pass report only through real Case execution.
- Stage 2 without provider continues to fail closed as `provider unavailable`.
- Fake remains the default validation lane.
- Same-run fake baseline comparison remains required.
- Stage 2 records `report.json`, `report.md`, `events.normalized.jsonl`, `trace.jsonl`, `patch.diff`, `test.log`, backend raw logs, artifact digests, and freshness proof.
- Stage 2 records `source_admission_status`, `case_process_started`, `backend_exit_code`, `allowed_writes_passed`, `changed_files`, and `blockers`.
- No Cortex Core, Case source, vendor source, or Target Repository file is mutated by admission.
## Validation
- `python3 tools/validate_cto_child.py` validates this child-local route.
- Hermes provider validation must include `python3 harness/runner/validate-case-provider-adapter.py --harness-root harness --json`.
- Real provider validation must include `CTO_HARNESS_ALLOW_CASE=1 CTO_HARNESS_CASE_STAGE=2 CTO_HARNESS_CASE_BIN=<admitted-ca> harness/evals/run-case.sh r1-string-slugify --engine case --json`.
- Aggregate validation remains `harness/evals/health.sh --json` after focused gates pass.
## Risks And Dependencies
- Bun is not currently available on this host; provider build is blocked until Bun is installed or an admitted `dist/ca` is supplied.
- WorkOS Case is `private: true`; public npm `case` is unrelated.
- License status remains unresolved for broader execution modes.
- Case may need model credentials for real execution; no secrets may be placed in docs, argv, logs, or task files.
## Success Definition
Stage 2 moves from provider-unavailable blocked status to a real Case pass report while preserving the same harness evidence shape, allowed-write control, artifact digests, no-target-inspection proof, and fail-closed behavior.
## Current Provider Evidence Addendum - 2026-05-31
- Built binary digest observed: `9811f870af2f85616e359d42ba70566c9af08ca20d8660456929a56ec761513f`.
- Hung real-provider artifact directory: `20260531T233721Z-r1-string-slugify-1814067`.
- `CTO-WORK-016` remains blocked because no real Case Stage 2 pass report exists.
- `CTO-WORK-017 - Case Provider Timeout Fail-Closed Route` records the harness hardening response.
- Timeout control: `CTO_HARNESS_CASE_TIMEOUT_SECONDS`.
- Timeout marker: `backend/provider-timeout.txt`.
- Timeout validator check: `provider_timeout_fail_closed`.
- Hermes evidence commit: `d23c492 Fail closed on Case provider timeout`.
## Current Model Admission Evidence Addendum - 2026-05-31
- Real Case defaulted to provider `anthropic` and model `claude-sonnet-4-6` when no model registry was written.
- Runtime report path: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T234205Z-r1-string-slugify-1834617/report.json`.
- Required model admission variables: `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.
- Model gate marker: `backend/provider-model-not-admitted.txt`.
- Model gate validator check: `model_provider_gate_blocks`.
- Hermes evidence commit: `4500082 Gate Case execution on admitted model`.
.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md
+84
View File
@@ -0,0 +1,84 @@
---
title: CTO Case Provider Decision Packet Issues
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Provider Decision Packet Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## CTO-WORK-023 - Case Provider Decision Packet PRD
Status: validated.
Register the compact decision packet for resolving the `CTO-WORK-020` provider policy blocker without approving a provider/model.
Acceptance:
- States `not_decided` is current safe state.
- Lists only `external_provider_approved` and `local_provider_required` as active branches.
- Says it does not approve or admit any provider/model.
- Says it is not Stage 2 pass evidence.
- Requires a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`.
- References existing evidence paths and commits instead of copying runtime evidence.
- Keeps `CTO-WORK-020` as provider/model admission authority.
- Keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as execution admission gate.
- Requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission.
- Requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits.
- States `CTO-WORK-022` stays blocked unless `decision_status=local_provider_required`.
- States real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist.
- States no Target Repository path may be inspected or copied.
## CTO-WORK-024 - Resolve Case Provider Decision
Status: blocked.
JP or a governed Core route chooses one `CTO-WORK-020` decision branch and records the required non-secret fields.
Acceptance:
- Decision record selects exactly one branch: `external_provider_approved` or `local_provider_required`.
- `not_decided` remains the safe default until a decision is recorded.
- Decision record is structured and uses only `not_decided`, `external_provider_approved`, or `local_provider_required`.
- Decision record references existing evidence paths and commits instead of copying runtime evidence.
- If `external_provider_approved`, the record names exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations.
- If `local_provider_required`, the record sets provider class `local_case_compatible` and keeps exact provider/model empty until a local provider/model is supplied and admitted.
- No secret value is written to SOT, task file, argv, report, trace, backend logs, generated config, or commit.
- `CTO-WORK-020` remains blocked until admitted provider/model and real Stage 2 pass report exist.
- `CTO-WORK-022` remains blocked unless `decision_status=local_provider_required`.
- Real Case Stage 2 remains blocked unless `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.
Blocked by:
- JP choosing external provider approval or local provider requirement.
- Governed Core route if the decision must be promoted before provider use.
## CTO-WORK-025 - Current Case Provider Decision Record
Status: validated.
Record the current fail-closed `CTO-WORK-020` decision state as `not_decided`.
Acceptance:
- Decision record has `decision_status`: `not_decided`.
- Provider class, provider, model, approval source, credential source class, allowed network class, and review trigger remain empty while blocked.
- Evidence sources reference existing admission and decision packet files only.
- Record says `not_decided` means no provider/model may run.
- Record says it is not provider/model admission, not Stage 2 pass evidence, and not approval for external or local provider use.
- Record says `CTO-WORK-024` remains blocked because this record does not select `external_provider_approved` or `local_provider_required`.
- Record says only JP or a governed Core route may change it away from `not_decided`.
- Record allows only `external_provider_approved` or `local_provider_required` as future non-`not_decided` values.
- Record requires no secret value in SOT, task file, argv, report, trace, backend logs, generated config, or commit.
- Record says no Target Repository path may be inspected or copied.
- Record keeps `CTO-WORK-020` as provider/model admission authority.
- Record keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as execution admission gate.
- Record keeps `CTO-WORK-024` blocked while `decision_status=not_decided`.
- Record keeps `CTO-WORK-022` blocked unless `decision_status=local_provider_required`.
- Record keeps real Case Stage 2 blocked until admitted provider/model and Harness Evidence Interface pass report exist.
.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md
+130
View File
@@ -0,0 +1,130 @@
---
title: CTO Case Provider Decision Packet PRD
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Provider Decision Packet PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem Statement
`CTO-WORK-020` is blocked by a provider policy decision. The route has two valid branches: approve one exact external provider/model path, or require a Case-compatible local provider route. Without a compact decision packet, the next operator choice can become ambiguous and accidentally look like provider approval.
## Solution
Create a child-local decision packet that makes the `CTO-WORK-020` choice explicit, bounded, and auditable. The packet does not approve a provider/model and is not Stage 2 pass evidence. It only records the decision options, required evidence fields, consequences, and blocked next actions for JP or a governed Core route to resolve later.
## Scope
- Summarize the current `CTO-WORK-020` blocker.
- Present only two active decision branches: `external_provider_approved` and `local_provider_required`.
- Preserve `not_decided` as the current safe state.
- Require a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`.
- Require exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before any admission.
- Reference existing evidence paths and commits; do not copy runtime evidence into the packet.
- Require no secret value in SOT, task file, argv, report, trace, backend logs, generated config, or commit.
- Keep `CTO-WORK-020` as the admission authority.
- Keep the `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` admission JSON gate as execution authority.
- Keep `CTO-WORK-022` blocked unless `decision_status=local_provider_required`.
- Keep real Case Stage 2 blocked unless a provider/model is admitted and a pass report exists through the Harness Evidence Interface.
- State that no Target Repository path may be inspected or copied.
## Non-Goals
- Do not approve Anthropic, Claude, local inference, or any other provider.
- Do not admit a provider/model.
- Do not implement a provider adapter.
- Do not run real Case Stage 2.
- Do not create a provider marketplace, registry, or scoring framework.
- Do not change Hermes runtime behavior.
- Do not mutate Cortex Core, Case source, vendor source, external developer repositories, or Target Repositories.
- Do not treat Case, Hermes, Pi, Codex, or any backend as Cortex authority.
## Decision Branches
### Branch A - External Provider Approved
Use only if JP or a governed Core route approves an external provider path.
Required decision fields:
- `decision_status`: `external_provider_approved`.
- `provider_class`: `external_anthropic`.
- `provider`: exact provider string.
- `model`: exact model string.
- `approval_source`: JP approval reference or governed Core route reference.
- `credential_source_class`: credential class only; no secret value.
- `allowed_network_class`: approved outbound network class.
- `review_trigger`: expiry, date, or condition that forces review.
- `evidence_sources`: existing admission/build evidence references.
- `effect`: `CTO-WORK-020 remains blocked until admitted provider/model and real Stage 2 pass report exist`.
Consequences:
- `CTO-WORK-022` stays blocked.
- Hermes may attempt real Case Stage 2 only after admission JSON exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.
- Any fallback to `anthropic` or `claude-sonnet-4-6` without matching admission blocks before `case_process_started`.
### Branch B - Local Provider Required
Use only if external provider use is not approved.
Required decision fields:
- `decision_status`: `local_provider_required`.
- `provider_class`: `local_case_compatible`.
- `provider`: empty until a local provider is supplied and admitted.
- `model`: empty until a local model is supplied and admitted.
- `approval_source`: JP approval reference or governed Core route reference.
- `credential_source_class`: local credential or no-secret class only.
- `allowed_network_class`: local-only or explicitly bounded network class.
- `review_trigger`: expiry, date, or condition that forces review.
- `evidence_sources`: references to existing admission/local-provider-route evidence.
- `effect`: `CTO-WORK-020 remains blocked until local provider/model admission and real Stage 2 pass report exist`.
Consequences:
- `CTO-WORK-022` becomes the next implementation candidate.
- No external fallback to `anthropic` or `claude-sonnet-4-6` is allowed.
- Missing local adapter config blocks before `case_process_started`.
- Admission JSON mismatch blocks before `case_process_started`.
## Acceptance Criteria
- Packet states `not_decided` is current safe state.
- Packet lists only `external_provider_approved` and `local_provider_required` as active branches.
- Packet says it does not approve or admit any provider/model.
- Packet says it is not Stage 2 pass evidence.
- Packet requires a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`.
- Packet references existing evidence paths and commits instead of copying runtime evidence.
- Packet keeps `CTO-WORK-020` as the provider/model admission authority.
- Packet keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as the execution admission gate.
- Packet requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission.
- Packet requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits.
- Packet states `CTO-WORK-022` stays blocked unless `decision_status=local_provider_required`.
- Packet states real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist.
- Packet states no Target Repository path may be inspected or copied.
## Validation
- `python3 tools/validate_cto_child.py` validates this child-local route.
- Future branch execution must use existing Hermes focused validators for provider admission and local-provider adapter gates.
- Future real Case validation must use the Harness Evidence Interface, same-run fake baseline comparison, and copied artificial fixture Stage 2 only.
## Risks And Dependencies
- JP approval or governed Core approval remains required for external provider use.
- Local provider use may require a separate Case-compatible endpoint or adapter implementation.
- A decision packet can reduce ambiguity but cannot supply credentials, provider availability, or model quality.
- The WorkOS Case default provider behavior may change; actual run evidence remains authoritative.
## Success Definition
The `CTO-WORK-020` human-only blocker is represented as one precise decision packet: no provider/model is approved, no execution is authorized, and the next valid implementation path is unambiguous once JP chooses external provider approval or local provider requirement.
.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-RECORD.md
+55
View File
@@ -0,0 +1,55 @@
---
title: CTO Case Provider Decision Record
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Provider Decision Record
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Current Decision State
- `decision_status`: `not_decided`.
- `provider_class`: empty while blocked.
- `provider`: empty while blocked.
- `model`: empty while blocked.
- `approval_source`: empty while blocked.
- `credential_source_class`: empty while blocked; no secret value.
- `allowed_network_class`: empty while blocked.
- `review_trigger`: empty while blocked.
- `evidence_sources`: `CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md`, `CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md`, `CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md`.
- `effect`: `CTO-WORK-020 remains blocked until admitted provider/model and real Stage 2 pass report exist`.
## Meaning
`not_decided` means no provider/model may run. This record is not provider/model admission, not Stage 2 pass evidence, and not approval for external or local provider use.
`CTO-WORK-024` remains blocked because this record does not select `external_provider_approved` or `local_provider_required`.
## Required Change To Leave Not Decided
Only JP or a governed Core route may change this record away from `not_decided`.
Allowed future values:
- `external_provider_approved`.
- `local_provider_required`.
Any future non-`not_decided` state must include exact non-secret fields required by `CTO-WORK-020`: provider/model when applicable, approval source, credential source class, allowed network class, review trigger, and evidence expectations.
## Safety Constraints
- No secret value may appear in SOT, task file, argv, report, trace, backend logs, generated config, or commit.
- No Target Repository path may be inspected or copied.
- `CTO-WORK-020` remains provider/model admission authority.
- `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` remains execution admission gate.
- `CTO-WORK-024` remains blocked while `decision_status=not_decided`.
- `CTO-WORK-022` remains blocked unless `decision_status=local_provider_required`.
- Real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist.
- Existing evidence paths and commits are referenced only; runtime evidence is not copied into this record.
.sot/03-PROTOCOLS/CTO-CASE-SOURCE-ADMISSION-RECORD.md
+129
View File
@@ -0,0 +1,129 @@
---
name: cto-case-source-admission-record
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local source admission record for evaluating Case as a candidate CTO backend.
---
# CTO Case Source Admission Record
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Purpose
Record the minimum source admission facts required before Case can progress beyond planning as a Case Candidate Backend.
This record does not admit Case for execution. It records a pinned public source observation and names the remaining blockers before any non-artificial run.
## Non-Authority Notice
This record does not authorize Runtime behavior, WebUI Product behavior, Case execution, real-repo mutation, merge, deploy, push, close, vendor-source mutation, external developer repository mutation, or Core promotion.
## Source Identity
| Field | Value |
| --- | --- |
| Source name | Case |
| Source URL | `https://github.com/workos/case.git` |
| Source web URL | `https://github.com/workos/case` |
| Source type | public Git repository |
| Observed branch | `main` |
| Pinned commit | `7959ac917cdeb0983b4aaa20bb9f42021747fed8` |
| Commit date | `2026-05-19T18:05:46-07:00` |
| Retrieval date | `2026-05-31` |
| Retrieval command | `git clone --depth 1 https://github.com/workos/case.git` |
| Integrity reference | pinned Git commit SHA-1 `7959ac917cdeb0983b4aaa20bb9f42021747fed8` |
## License Note
License status is unresolved.
Observed facts from the retrieval:
- no top-level `LICENSE` or `LICENSE.md` file was found in the shallow clone;
- `package.json` did not expose a license field in the inspected section;
- `package.json` contains `"private": true`.
Admission consequence: Case is not admitted for non-artificial execution until a human-readable license note is completed and the allowed internal-use posture is explicit.
## Source Boundary
Protected source boundary:
- do not mutate the Case repository;
- do not vendor Case source into Cortex OS Core;
- do not copy Case implementation source into this child workspace;
- do not treat Case source as Cortex OS authority;
- do not run Case against a Target Repository from this record alone.
Allowed planning use:
- reference the source URL;
- reference the pinned commit;
- inspect public metadata for admission planning;
- define adapter contracts against observed behavior without importing vendor implementation.
## Allowed Execution Mode
Current allowed execution mode: planning-only.
Blocked modes:
- artificial Case run;
- copied repository fixture run;
- disposable sandbox repository run;
- owned noncritical repository run;
- candidate-default real-repo use.
Mode unlock requires a later validated adapter contract, source license note, harness evidence validation, explicit gate, and staged proof record.
## Update Rule
Changing the pinned Case source requires:
- previous source URL;
- previous pinned commit or tag;
- new source URL;
- new pinned commit or tag;
- retrieval date;
- retrieval command;
- license note review;
- rerun of applicable adapter fixtures;
- evidence record naming previous and new source IDs.
No moving branch reference may be used as proof without a pinned commit or tag.
## Admission Status
Status: not admitted for execution.
Reason: source identity is pinned, but license note and executable adapter proof are incomplete.
## Evidence
Observed retrieval commands:
```text
git ls-remote https://github.com/workos/case.git HEAD refs/heads/main refs/tags/*
git clone --depth 1 https://github.com/workos/case.git
git rev-parse HEAD
git show -s --format=%cI HEAD
git remote get-url origin
```
Observed source metadata:
```text
HEAD: 7959ac917cdeb0983b4aaa20bb9f42021747fed8
origin: https://github.com/workos/case.git
commit date: 2026-05-19T18:05:46-07:00
package private: true
license file: not found in shallow clone
license field: not observed in inspected package.json
```
.sot/03-PROTOCOLS/CTO-CASE-STAGE1-GATED-ENGINE-ISSUES.md
+79
View File
@@ -0,0 +1,79 @@
---
name: cto-case-stage1-gated-engine-issues
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE1-GATED-ENGINE-PRD.md
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local issue sequence for Stage 1 gated Case engine proof.
---
# CTO Case Stage 1 Gated Engine Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Issue Sequence
### CTO-WORK-009 - Stage 1 Gated Case Engine PRD
Type: AFK
Blocked by: CTO-WORK-008
User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 9, 11.
What to build: Define the Stage 1 gated Case engine proof as a child-local PRD and issue sequence before implementation starts.
Acceptance criteria:
- [ ] PRD states Stage 1 allowed mutation scope is `none`.
- [ ] PRD states Case is not executed.
- [ ] PRD requires blocked default-deny behavior.
- [ ] PRD requires evidence artifacts and no source mutation proof.
- [ ] PRD names `backend.gate.blocked` and `CTO_HARNESS_ALLOW_CASE=1`.
- [ ] Local CTO validator checks the PRD and issue artifact.
Allowed files: CTO child workspace planning docs and local validator only.
Validator: `python3 tools/validate_cto_child.py`
Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit.
### CTO-WORK-010 - Stage 1 Harness Implementation Route
Type: AFK
Blocked by: CTO-WORK-009
User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 9, 11.
What to build: In `/home/svrnty/workspaces/hermes/cto/harness`, implement a no-op gated `case` backend that proves default-deny behavior, evidence emission, and no source mutation.
Acceptance criteria:
- [ ] `case` backend is registered but disabled by default.
- [ ] `harness.yaml` uses `gated_by_env: CTO_HARNESS_ALLOW_CASE`.
- [ ] Usage text, argument validation, `harness.yaml`, and engine dispatch all recognize `case`.
- [ ] `--engine case` is rejected unless `CTO_HARNESS_ALLOW_CASE=1`.
- [ ] Missing gate produces blocked status.
- [ ] Missing gate emits `backend.gate.blocked` with `backend`, `gate`, `reason`, `mutation_mode`, and `case_executed: false`.
- [ ] Required Stage 1 artifacts are produced, including `report.md` and `backend/case-gate.log`.
- [ ] Fake remains default validation lane.
- [ ] No Case process runs.
- [ ] `report.json` records `source_admission_status: not_admitted` and `case_process_started: false`.
- [ ] No files under harness source checkout, target repo, Case source, vendor source, or Cortex Core are changed during execution.
- [ ] Gate runs before case workspace copy, `git init`, runner invocation, target repository inspection, or Case process start.
- [ ] Focused validator runs command-level checks for default fake, blocked `--engine case` without env, and enabled no-op Stage 1 behavior.
Allowed files: `harness.yaml`, `harness/evals/run-case.sh`, focused Stage 1 validator, docs, and tests under the routed Hermes CTO harness. WebUI, Core, Case source, vendor source, and target repositories are forbidden.
Validator: focused Stage 1 harness validator, plus local harness validation.
Done evidence: Stage 1 report JSON, normalized events, artifact digests, no-mutation proof, clean worktree, commit.
## Granularity Check
This is intentionally two slices: one governed planning route, one future executable harness implementation. Combining them would skip the PRD-to-issue control loop.
.sot/03-PROTOCOLS/CTO-CASE-STAGE1-GATED-ENGINE-PRD.md
+92
View File
@@ -0,0 +1,92 @@
---
name: cto-case-stage1-gated-engine-prd
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local PRD for Stage 1 gated Case engine proof with no mutation and no Case execution.
---
# CTO Case Stage 1 Gated Engine PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem Statement
The CTO planning path now defines the Case candidate backend, evidence interface, source admission record, adapter contract, failure matrix, and staged proof gates. The next risk is jumping from planning into executable Case integration too broadly. Stage 1 must prove only the smallest safe executable behavior: the harness can recognize a gated `case` backend, reject it by default, and produce evidence for that rejection without mutating source or running Case.
## Solution
Define a no-mutation Stage 1 implementation slice for the Hermes CTO harness route. The slice creates a no-op gated `case` backend path that proves default-deny behavior and evidence emission. It does not run Case, does not inspect target repositories, does not patch files, and does not broaden Hermes WebUI behavior.
## Scope
- Register `case` as a gated backend in the future harness implementation.
- Require `CTO_HARNESS_ALLOW_CASE=1` before `--engine case` can proceed past the Stage 1 gate.
- Produce a blocked report when the gate is missing.
- Produce normalized events and artifacts for the blocked preflight.
- Prove no source mutation.
- Keep fake as the default validation lane.
- Route future implementation through `/home/svrnty/workspaces/hermes/cto/harness` after reading that workspace guidance and validators.
## Non-Goals
- Do not run Case.
- Do not create real PRs.
- Do not mutate a Target Repository.
- Do not add WebUI Product behavior.
- Do not resolve the Case license blocker.
- Do not implement artificial fixture execution.
- Do not promote any artifact into Core.
- Do not vendor Case source.
## Acceptance Criteria
- Stage 1 keeps allowed mutation scope as `none`.
- `case` is disabled by default.
- Missing gate produces blocked status, not warning.
- Harness evidence includes `report.json`, `report.md`, `events.normalized.jsonl`, `trace.jsonl`, no-op `patch.diff`, no-op `test.log`, and `backend/case-gate.log`.
- Report records `backend: case`, `status: blocked`, `backend_exit_code`, `blockers`, artifact paths, digests, freshness proof, `source_admission_status: not_admitted`, and `case_process_started: false`.
- Normalized events include `run.started`, `task.contract.created`, `backend.gate.blocked`, and `run.completed`.
- `backend.gate.blocked` includes `backend`, `gate`, `reason`, `mutation_mode`, and `case_executed: false`.
- Stage 1 blocked preflight may omit patch, diff, and verification events only when `report.json` records explicit `not_applicable` reasons.
- Stage 1 gate runs before case workspace copy, `git init`, runner invocation, target repository inspection, or Case process start.
- No files under harness source checkout, target repo, Case source, vendor source, or Cortex Core are changed by the Stage 1 run. Only runtime artifact directory writes are allowed.
- Implementation-time edits may touch only the routed harness files named by the implementation issue.
- Validator proves `--engine case` is rejected unless `CTO_HARNESS_ALLOW_CASE=1`.
- Validator proves fake remains the default validation lane.
- Validator proves `case` is selected through the same engine dispatch path as `fake`, `codex`, and `pi`; no separate command, script path, or special-case bypass.
- Implementation remains outside Cortex OS Core and does not claim Runtime or product readiness.
## Validation
- Focused Stage 1 validator must check gated `case` registration, default-deny behavior, required artifact set, normalized events, no source mutation, fake default retention, and blocked status.
- Focused Stage 1 validator must run command-level checks: default harness without engine still selects `fake`; `--engine case` without env emits blocked evidence; `CTO_HARNESS_ALLOW_CASE=1 --engine case` still does not run Case in Stage 1.
- Focused Stage 1 validator must inspect `harness.yaml`, CLI usage text, argument validation, and engine dispatch.
- Existing child-local CTO validator must require this PRD and issue artifact before later Stage 1 implementation is considered governed.
- Post-implementation validation must run the focused Stage 1 validator before any broader harness validation.
## Risks
- A no-op adapter can be mistaken for Case execution.
- A gate can become warning-only instead of blocking.
- Evidence can become path-only without digest or freshness proof.
- Harness code can accidentally make `case` available by default.
- Stage 1 success can be misused to justify artificial fixture or real-repo work.
## Dependencies
- Validated Harness Evidence Interface Contract.
- Validated Case Adapter Contract.
- Validated Case Failure Fixture Matrix.
- Validated Staged Proof Gate Records.
- Future implementation route in the harness workspace.
- Focused Stage 1 validator spec or stub before implementation edits.
## Success Definition
Stage 1 is successful when the future harness can prove `case` is recognized as a backend, denied by default, evidence-producing, and non-mutating. Stage 1 does not make Case executable and does not resolve Case source admission.
.sot/03-PROTOCOLS/CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-ISSUES.md
+86
View File
@@ -0,0 +1,86 @@
---
name: cto-case-stage2-artificial-fixture-issues
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-PRD.md
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local issue sequence for Stage 2 Case artificial fixture proof.
---
# CTO Case Stage 2 Artificial Fixture Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Issue Sequence
### CTO-WORK-011 - Stage 2 Artificial Fixture PRD
Type: AFK
Blocked by: CTO-WORK-010
User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.
What to build: Define the Stage 2 artificial fixture proof before implementation starts.
Acceptance criteria:
- [ ] PRD states Stage 2 allowed mutation scope is `copied artificial case only`.
- [ ] PRD requires Stage 1 validation before Stage 2.
- [ ] PRD requires `CTO_HARNESS_ALLOW_CASE=1` and `CTO_HARNESS_CASE_STAGE=2`.
- [ ] PRD defines allowed roots as `runtime_workspace_root` and `run_artifact_dir`.
- [ ] PRD keeps fake as the default validation lane.
- [ ] PRD forbids Target Repository, Case source, vendor source, external developer repo, Hermes WebUI, and Cortex Core mutation.
- [ ] PRD requires no-target-inspection proof from task contract, command arguments, runtime inputs, environment, and config.
- [ ] PRD requires full Harness Evidence Interface artifacts, digests, freshness proof, and allowed-write proof.
- [ ] PRD requires same-run fake baseline comparison.
- [ ] PRD requires no-diff, disallowed-file, failed-tests, missing-test-command, missing-required-event, and provider-unavailable failure fixtures.
- [ ] Local CTO validator checks Stage 2 PRD and issue artifact.
Allowed files: CTO child workspace planning docs and local validator only.
Validator: `python3 tools/validate_cto_child.py`
Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit.
### CTO-WORK-012 - Stage 2 Harness Artificial Fixture Route
Type: AFK
Blocked by: CTO-WORK-011
User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.
What to build: In `/home/svrnty/workspaces/hermes/cto/harness`, implement the Stage 2 Case artificial fixture route behind the existing `case` engine seam.
Acceptance criteria:
- [ ] `case` remains disabled by default.
- [ ] `CTO_HARNESS_ALLOW_CASE=1` remains required.
- [ ] `CTO_HARNESS_CASE_STAGE=2` is required before artificial fixture Case execution.
- [ ] Missing Stage 2 gate emits blocked evidence and does not run Case.
- [ ] Passing Stage 2 run mutates only the copied artificial runtime workspace.
- [ ] No Target Repository path is inspected or copied.
- [ ] Task contract, command arguments, runtime inputs, environment, and config expose no Target Repository path.
- [ ] Writable roots are limited to `runtime_workspace_root` and `run_artifact_dir`.
- [ ] No files under harness source checkout, target repo, Case source, vendor source, external developer repositories, or Cortex Core are changed during execution.
- [ ] Required artifacts include `report.json`, `report.md`, `events.normalized.jsonl`, `trace.jsonl`, `patch.diff`, `test.log`, and backend raw logs under `backend/`.
- [ ] `report.json` records `backend: case`, `source_admission_status: not_admitted`, `case_process_started`, `allowed_writes_passed`, changed files, blockers, artifact digests, and freshness proof.
- [ ] Pass events include `run.started`, `task.contract.created`, `plan.updated`, `patch.applied`, `git.diff.checked`, `verification.completed`, and `run.completed`.
- [ ] Same-run fake baseline comparison records fake and Case artifact paths.
- [ ] Failure fixtures fail closed for no diff, disallowed file, failed tests, missing test command, missing required event, and provider unavailable.
- [ ] Fake remains the default validation lane and broad health remains green after focused Stage 2 validation.
Allowed files: Hermes CTO harness engine, artificial fixtures, focused Stage 2 validator, harness docs, and tests. WebUI, Core, Case source, vendor source, and Target Repositories are forbidden.
Validator: `python3 harness/runner/validate-case-stage2.py --harness-root harness --json`, then `harness/evals/health.sh --json`.
Done evidence: Stage 2 pass report, failure fixture reports, artifact digests, no-mutation proof, clean worktree, commit.
## Granularity Check
This is intentionally two slices: one planning route and one executable harness route. It is not over-granular because Stage 2 is the first Case execution boundary and must be reviewed before any copied-repo work.
.sot/03-PROTOCOLS/CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-PRD.md
+110
View File
@@ -0,0 +1,110 @@
---
name: cto-case-stage2-artificial-fixture-prd
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local PRD for Stage 2 Case artificial fixture execution proof.
---
# CTO Case Stage 2 Artificial Fixture PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem Statement
Stage 1 proves that the Hermes CTO harness can recognize `case`, deny it by default, and emit evidence without running Case. The next risk is enabling Case too broadly. Stage 2 must prove only one narrow executable behavior: Case may run against a copied artificial fixture, through the existing harness engine seam, while preserving evidence shape, allowed-write control, fake default behavior, and fail-closed fixture outcomes.
## Solution
Define a Stage 2 implementation slice for `/home/svrnty/workspaces/hermes/cto/harness`. The slice may execute Case only against copied artificial fixture inputs already owned by the harness. It must not inspect or mutate a Target Repository, copied local repo fixture, disposable repo, owned noncritical repo, vendor source, Case source, or Cortex Core.
Stage 2 keeps the `case` backend gated by `CTO_HARNESS_ALLOW_CASE=1` and adds a stricter execution gate named `CTO_HARNESS_CASE_STAGE=2`. Missing Stage 2 gate means blocked, not warning. The fake lane remains the default validation lane and comparison baseline.
Allowed roots are explicit: Stage 2 may write only to `runtime_workspace_root` and `run_artifact_dir`. `runtime_workspace_root` is the copied artificial case workspace created under the harness runtime root. `run_artifact_dir` is the single run evidence directory. All other writes are forbidden, including harness source checkout, Target Repository paths, Case source, vendor source, external developer repositories, and Cortex Core.
## Scope
- Add one artificial fixture task contract for Case adapter proof.
- Allow mutation only inside the copied artificial runtime workspace.
- Preserve the Harness Evidence Interface artifact set.
- Compare Case report shape, event order, allowed writes, verification output, blockers, artifact digests, and freshness proof against fake fixture expectations.
- Use a same-run fake baseline on the same artificial fixture as the comparison artifact.
- Add focused Stage 2 validator checks before broader harness health validation.
- Add failure fixture expectations for no diff, disallowed file, failed tests, missing test command, missing required event, and provider unavailable.
- Keep implementation in the Hermes CTO harness route.
## Non-Goals
- Do not run Case on a Target Repository.
- Do not run Case on a copied local repository fixture.
- Do not create, push, merge, deploy, or close a pull request.
- Do not mutate Case source, vendor source, external developer repositories, Cortex Core, or Hermes WebUI product surfaces.
- Do not resolve Case source admission for real-repo execution.
- Do not promote any artifact into Core.
- Do not make Case a default backend.
## Acceptance Criteria
- Stage 2 entry requires Stage 1 validated.
- Stage 2 allowed mutation scope is `copied artificial case only`.
- Stage 2 allowed roots are `runtime_workspace_root` and `run_artifact_dir`.
- `case` remains disabled by default.
- `CTO_HARNESS_ALLOW_CASE=1` remains required.
- `CTO_HARNESS_CASE_STAGE=2` is required before Case adapter execution.
- Missing Stage 2 gate produces blocked status, not warning.
- Fake remains the default validation lane.
- Case runs only through the same engine dispatch path as fake, Codex, and Pi.
- Case receives only artificial fixture input, allowed paths, forbidden actions, verification command, and evidence expectations.
- No Target Repository path is inspected or copied.
- The focused validator proves the task contract contains no Target Repository path and that runtime inputs, command arguments, environment, and config expose only `runtime_workspace_root` and `run_artifact_dir` as writable roots.
- No files under harness source checkout, target repo, Case source, vendor source, external developer repositories, or Cortex Core are changed by Stage 2 execution.
- Runtime writes are limited to the copied artificial workspace and the run artifact directory.
- `report.json` records `backend: case`, `status`, `backend_exit_code`, `allowed_writes_passed`, `changed_files`, `blockers`, `source_admission_status: not_admitted`, `case_process_started`, artifact paths, artifact digests, and freshness proof.
- Required artifacts include `report.json`, `report.md`, `events.normalized.jsonl`, `trace.jsonl`, `patch.diff`, `test.log`, and backend raw logs under `backend/`.
- Normalized events include `run.started`, `task.contract.created`, `plan.updated`, `patch.applied`, `git.diff.checked`, `verification.completed`, and `run.completed` for pass cases.
- Blocked preflight emits `backend.gate.blocked`.
- Failure fixtures cover no diff, disallowed file, failed tests, missing test command, missing required event, and provider unavailable.
- Failure fixture reports fail closed with blocker reason, nonzero exit where executable, and complete evidence artifacts.
- Same-run fake baseline evidence records the fake run artifact path, the Case run artifact path, and whether report shape, event order, allowed writes, verification output, blockers, artifact digests, and freshness proof match expectations.
## Validation
- Focused Stage 2 validator command is `python3 harness/runner/validate-case-stage2.py --harness-root harness --json`.
- Focused Stage 2 validator output must include `ok`, `checked`, `errors`, pass report paths, failure report paths, same-run fake baseline path, and no-target-inspection proof.
- Focused Stage 2 validator must run `python3 harness/runner/validate-case-stage1.py --harness-root harness --json` first and require it to pass.
- Focused Stage 2 validator must prove fake remains default.
- Focused Stage 2 validator must prove `--engine case` without `CTO_HARNESS_ALLOW_CASE=1` remains blocked.
- Focused Stage 2 validator must prove `CTO_HARNESS_ALLOW_CASE=1` without `CTO_HARNESS_CASE_STAGE=2` remains blocked for execution.
- Focused Stage 2 validator must run one passing artificial fixture through `case` only when both gates are set.
- Focused Stage 2 validator must inspect artifact shape, event order, allowed writes, verification log, digest fields, and freshness proof.
- Focused Stage 2 validator must compare the Case run to a same-run fake baseline on the same fixture.
- Focused Stage 2 validator must run failure fixture checks for no diff, disallowed file, failed tests, missing test command, missing required event, and provider unavailable.
- Focused Stage 2 validator must prove no Target Repository path is present in task contract, command arguments, runtime inputs, environment, or harness config used by the run.
- Broader harness health validation must run after the focused Stage 2 validator is green.
- Cortex CTO child validator must require this PRD and issue artifact before Stage 2 implementation is considered governed.
## Risks
- Stage 2 can be mistaken for real-repo readiness.
- A live Case invocation can leak beyond the artificial fixture if workspace and allowed paths are weak.
- A passing fixture can hide missing failure closure.
- Stage 2 can accidentally make `case` default or bypass fake comparison.
- Missing Case credentials or provider availability can block executable proof.
## Dependencies
- Stage 1 Gated Case Engine is validated.
- Harness Evidence Interface Contract is validated.
- Case Adapter Contract is validated.
- Case Failure Fixture Matrix is validated.
- Stage 1 focused validator exists in the Hermes CTO harness.
- Human-provided credentials or local provider configuration may be required for real Case execution; missing credentials must produce a blocked provider-unavailable result, not a fake pass.
## Success Definition
Stage 2 is successful when Case can execute one copied artificial fixture through the CTO harness, produce the same evidence interface expected from fake fixtures, and fail closed for required artificial failure classes. Stage 2 does not authorize copied repo, sandbox repo, owned repo, default backend, WebUI product, or Core promotion behavior.
.sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md
+265
View File
@@ -0,0 +1,265 @@
---
name: cto-case-staged-proof-gates
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local staged proof gate records for Case candidate backend progression.
---
# CTO Case Staged Proof Gates
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Purpose
Define the staged proof gates Case must pass before it can be discussed as a candidate default backend.
Default status is earned, not assumed. No stage grants Core authority, WebUI Runtime behavior, real-repo mutation outside its stated scope, merge, deploy, push, close, vendor-source mutation, external developer repository mutation, or Core promotion.
## Gate Rules
- Stages must be completed in order.
- Each stage must preserve the CTO Harness Evidence Interface.
- Each stage must respect the Case Source Admission Record.
- Each stage must use the CTO Case Adapter Contract and Eligibility Decision.
- Each stage must account for the CTO Case Failure Fixture Matrix.
- Missing evidence means blocked, not partially accepted.
- Later stages must not reinterpret earlier stage success as broader mutation permission.
## Stage Summary
| Stage | Name | Allowed mutation scope | Promotion condition |
| --- | --- | --- | --- |
| 1 | Gated Case engine | none | Harness accepts `--engine case` only when explicitly enabled and default-deny proof passes. |
| 2 | Artificial fixture | copied artificial case only | Case adapter matches existing fake fixture behavior through the Harness Evidence Interface. |
| 3 | Copied repo fixture | copied local repository fixture only | No source repository mutation; clean start/end and failure fixtures pass. |
| 4 | Disposable sandbox repo | disposable repository only | Approval, branch, fail-closed, and artifact behavior pass in a throwaway repository. |
| 5 | Owned noncritical repo | explicitly owned low-risk repository only | Operator accepts bounded proof with source admission, approval, and allowed paths. |
| 6 | Candidate default | scoped real-repo use only | Case matches or beats fake, Codex, and Pi where applicable on evidence completeness and failure closure. |
## Stage 1 - Gated Case Engine
Entry gates:
- Harness Evidence Interface Contract is validated.
- Case Adapter Contract is validated.
- Case Source Admission Record exists.
- Case Failure Fixture Matrix exists.
Allowed mutation scope: none.
Required artifacts:
- `report.json`;
- `events.normalized.jsonl`;
- `trace.jsonl`;
- no-op `patch.diff`;
- no-op `test.log`;
- backend raw logs showing default-deny preflight.
Validator expectation:
- `case` is registered as a gated engine;
- `--engine case` is rejected unless explicitly enabled;
- no source files are changed;
- missing gate produces blocked status.
Required failure classes:
- provider unavailable;
- missing required event;
- artifact write failure.
Promotion condition:
- Harness accepts `--engine case` only when explicitly enabled and default-deny proof passes.
## Stage 2 - Artificial Fixture
Entry gates:
- Stage 1 is validated.
- Artificial fixture task contract exists.
- Allowed paths and verification command are explicit.
Allowed mutation scope: copied artificial case only.
Required artifacts:
- full Harness Evidence Interface artifact set;
- changed files list;
- allowed-write proof;
- verification log;
- digest and freshness proof.
Validator expectation:
- artificial fixture can pass through the Case adapter;
- fake lane remains default validation lane;
- Case output matches report shape, event validity, allowed-path compliance, failure closure, and artifact completeness expected from fake fixtures.
Required failure classes:
- no diff;
- disallowed file;
- failed tests;
- missing test command;
- missing required event.
Promotion condition:
- Case adapter matches existing fake fixture behavior through the Harness Evidence Interface.
## Stage 3 - Copied Repo Fixture
Entry gates:
- Stage 2 is validated.
- Copied repository fixture is created from an owned local source.
- Source repository remains read-only during fixture creation.
Allowed mutation scope: copied local repository fixture only.
Required artifacts:
- full Harness Evidence Interface artifact set;
- clean starting tree proof for copied fixture;
- clean ending tree proof;
- source repository non-mutation proof;
- failure fixture results.
Validator expectation:
- all changes occur inside copied fixture;
- no hidden mutation occurs in source repository;
- dirty-starting-tree and dirty-ending-tree failures are detected.
Required failure classes:
- dirty starting tree;
- dirty ending tree;
- timeout;
- artifact write failure.
Promotion condition:
- copied repo fixture proves no source repo mutation and clean start/end behavior.
## Stage 4 - Disposable Sandbox Repo
Entry gates:
- Stage 3 is validated.
- Disposable repository ownership and disposal policy are explicit.
- Approval events are enabled for mutation mode.
Allowed mutation scope: disposable repository only.
Required artifacts:
- full Harness Evidence Interface artifact set;
- approval event proof;
- branch policy proof;
- sandbox disposal or retention note;
- failure matrix coverage for sandbox mode.
Validator expectation:
- mutation occurs only in disposable repository;
- approval denied fails closed;
- branch policy is recorded;
- no merge, push, deploy, or close occurs unless explicitly allowed by the task contract.
Required failure classes:
- approval denied;
- reviewer reject;
- timeout;
- provider unavailable.
Promotion condition:
- disposable sandbox repo proves approval, branch, fail-closed, and artifact behavior.
## Stage 5 - Owned Noncritical Repo
Entry gates:
- Stage 4 is validated.
- Target Repository ownership is explicit.
- Repository is low risk and noncritical.
- Human approval is recorded before mutation.
- Source license note is resolved for the requested execution mode.
Allowed mutation scope: explicitly owned low-risk repository only.
Required artifacts:
- full Harness Evidence Interface artifact set;
- Target Repository ownership proof;
- approval event proof;
- allowed paths and forbidden actions;
- post-run operator acceptance or rejection.
Validator expectation:
- mutation stays inside allowed paths;
- no direct push, merge, deploy, or close occurs unless task contract explicitly allows it;
- operator approval and outcome are replayable.
Required failure classes:
- disallowed file;
- failed tests;
- approval denied;
- dirty ending tree.
Promotion condition:
- operator accepts bounded proof with source admission, approval, and allowed paths.
## Stage 6 - Candidate Default
Entry gates:
- Stage 5 is validated.
- Comparison fixtures exist for fake, Codex, and Pi where applicable.
- Case source admission is current.
- Failure matrix coverage is complete or explicitly blocked with rationale.
Allowed mutation scope: scoped real-repo use only.
Required artifacts:
- full Harness Evidence Interface artifact set;
- comparative evidence against fake, Codex, and Pi where applicable;
- failure closure evidence;
- source admission freshness;
- operator acceptance.
Validator expectation:
- Case matches or beats existing lanes on report shape;
- Case matches or beats existing lanes on event validity;
- Case matches or beats existing lanes on allowed-path compliance;
- Case matches or beats existing lanes on failure closure;
- Case matches or beats existing lanes on artifact completeness.
Required failure classes:
- all failure matrix rows, unless a row is explicitly blocked by a governed stage record.
Promotion condition:
- Case may be discussed as candidate default only after comparison evidence shows it matches or beats fake, Codex, and Pi where applicable on evidence completeness and failure closure.
## Final Guard
These staged proof gates do not implement Case and do not authorize execution. They define the minimum route for later implementation.
Any future implementation must start with Stage 1 and must not skip to real-repo execution.
.sot/03-PROTOCOLS/CTO-HARNESS-EVIDENCE-INTERFACE-CONTRACT.md
+163
View File
@@ -0,0 +1,163 @@
---
name: cto-harness-evidence-interface-contract
tier: local
status: draft
owner: jp
source: .sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md
created: 2026-05-31
last_reviewed: 2026-05-31
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local contract for the stable CTO Harness evidence interface required before Case adapter execution.
---
# CTO Harness Evidence Interface Contract
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Purpose
Define the stable evidence interface that any future Case adapter must satisfy before execution work starts.
This contract makes the CTO Harness the owner of backend proof. Case may supply logs and results, but the CTO Harness must normalize, validate, and record evidence before any result can be trusted.
## Non-Authority Notice
This contract does not authorize Runtime behavior, WebUI Product behavior, Case execution, real-repo mutation, merge, deploy, push, close, vendor-source mutation, external developer repository mutation, or Core promotion.
## Interface Boundary
The Harness Evidence Interface is the only accepted proof surface for backend comparison.
Backend internals stay behind the harness seam. Case lifecycle phases, reviewer comments, raw provider logs, and backend-specific run metadata may be stored as raw artifacts, but callers must not need them to decide whether a run passed.
## Required Artifact Set
Every accepted backend run must produce these artifacts under one run artifact directory:
| Artifact | Required | Purpose |
| --- | --- | --- |
| `report.json` | yes | Machine-readable summary and evidence index. |
| `report.md` | yes | Human-readable summary. |
| `events.normalized.jsonl` | yes | Replayable normalized event stream. |
| `patch.diff` | yes | Exact source diff, even when empty for a fail-closed no-diff case. |
| `test.log` | yes | Verification output or explicit missing-test blocker. |
| `trace.jsonl` | yes | Harness-level trace of major actions and checks. |
| `backend/` | yes | Backend-specific raw logs and metadata. |
Artifacts must live outside tracked source by default. For Hermes CTO harness parity, the expected runtime root pattern is:
```text
~/.hermes/profiles/cto-planb/harness-runs/<run_id>/
```
## Required `report.json` Fields
`report.json` must include:
| Field | Meaning |
| --- | --- |
| `case_id` | Case or task identifier. |
| `run_id` | Unique run identifier. |
| `status` | `pass`, `fail`, or `blocked`. |
| `backend` | Backend adapter name. |
| `run_started_at` | UTC timestamp captured before backend work starts. |
| `run_finished_at` | UTC timestamp captured after harness checks finish. |
| `backend_exit_code` | Raw backend process exit code when applicable. |
| `artifacts_dir` | Run artifact directory. |
| `changed_files` | Files changed by the run. |
| `allowed_writes_passed` | Whether changed files stayed within allowed writes. |
| `approval_status` | `not-required`, `requested`, `granted`, or `denied`. |
| `verification` | Verification commands and pass/fail results. |
| `blockers` | Human-readable fail-closed blockers. |
| `artifact_paths` | Paths for required artifacts. |
| `artifact_digests` | SHA-256 digests for required artifacts. |
| `freshness` | Proof that artifacts were written or checked after `run_started_at`. |
Additional fields are allowed. Callers must not require additional fields unless a later governed contract updates this file.
## Digest Manifest
`artifact_digests` must include SHA-256 digests for:
- `report.json`;
- `events.normalized.jsonl`;
- `patch.diff`;
- `test.log`;
- `trace.jsonl`;
- each raw backend log required by the adapter contract.
Digest proof is not sufficient by itself. `freshness` must also show that each required artifact was written or checked after `run_started_at`.
## Required Normalized Events
Every accepted run must emit these normalized events in order where applicable:
1. `run.started`
2. `task.contract.created`
3. `plan.updated`
4. `approval.requested`
5. `approval.granted` or `approval.denied`
6. `patch.applied`
7. `git.diff.checked`
8. `verification.completed`
9. `run.completed`
Approval events are required only for mutation modes that need human approval. If approval is denied, the run must fail closed and emit `run.completed` with a failed or blocked status.
## Fail-Closed Semantics
The harness must fail closed for:
- no diff when a diff is required;
- disallowed file change;
- failed tests;
- missing test command;
- missing required event;
- backend reviewer reject;
- approval denied;
- timeout;
- dirty starting tree;
- dirty ending tree;
- artifact write failure;
- provider unavailable.
Each fail-closed result must record:
- blocker reason in `report.json`;
- normalized event when the failure class has an event;
- report status of `fail` or `blocked`;
- nonzero exit behavior where the adapter contract marks the failure executable.
## Approval Semantics
Case may recommend. Case must not approve itself.
The only accepted human approval signal is a CTO Harness or Hermes/operator approval event:
- `approval.requested`
- `approval.granted`
- `approval.denied`
Each approval event must include actor, scope, mutation mode, timestamp, and expiry when expiry is applicable.
No merge, push, deploy, close, or real-repo mutation is allowed without explicit task-contract permission.
## Adapter Acceptance Rule
A future Case adapter is not accepted until:
- `case` is registered as a gated engine;
- the harness accepts `--engine case` without a parallel runner path;
- the adapter is default-denied unless explicitly enabled;
- the adapter writes the required artifact set;
- the adapter satisfies required `report.json` fields;
- the adapter emits required normalized events;
- the adapter records digest and freshness proof;
- the adapter fails closed for the required failure classes.
## Validation Expectations
Current validation is planning-only and checks this contract exists.
Later adapter validation must add executable checks for artifact shape, event order, allowed writes, approval events, digest fields, freshness proof, and fail-closed fixture behavior.