Record Hermes control summary proof

.sot/03-PROTOCOLS/CTO-HERMES-CONTROL-SURFACE-ISSUES.md

@@ -50,7 +50,7 @@ Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit.
 
 Type: AFK
 
-Status: candidate.
+Status: validated.
 
 Blocked by: CTO-WORK-044
 
@@ -60,22 +60,31 @@ What to build: In `/home/svrnty/workspaces/hermes/cto/harness`, extend the WebUI
 
 Acceptance criteria:
 
-- [ ] Summary command remains Harness-backed and deterministic.
-- [ ] Summary exposes proof ladder status through Stage 6.
-- [ ] Summary exposes Stage 6 candidate-default eligibility.
-- [ ] Summary exposes runtime default activation as `false` unless a later governed route changes it.
-- [ ] Summary exposes matrix report and Stage 6 comparison report paths.
-- [ ] Summary exposes blocked Codex/Pi lane rationale when not applicable.
-- [ ] Summary exposes next recommended operator action.
-- [ ] Summary does not expose secrets, endpoints, credential values, or raw Target Repository content.
-- [ ] Summary does not mutate Target Repositories, vendor source, external developer repositories, or Cortex Core.
-- [ ] Focused summary validator passes and aggregate Harness health remains green.
+- [x] Summary command remains Harness-backed and deterministic.
+- [x] Summary exposes proof ladder status through Stage 6.
+- [x] Summary exposes Stage 6 candidate-default eligibility.
+- [x] Summary exposes runtime default activation as `false` unless a later governed route changes it.
+- [x] Summary exposes matrix report and Stage 6 comparison report paths.
+- [x] Summary exposes blocked Codex/Pi lane rationale when not applicable.
+- [x] Summary exposes next recommended operator action.
+- [x] Summary does not expose secrets, endpoints, credential values, or raw Target Repository content.
+- [x] Summary does not mutate Target Repositories, vendor source, external developer repositories, or Cortex Core.
+- [x] Focused summary validator passes and aggregate Harness health remains green.
 
 Allowed files: Hermes CTO harness summary command, summary validator, summary contract/docs, and command index. WebUI Runtime code, Core, Case source, vendor source, Target Repositories, and external developer repositories are forbidden.
 
 Validator: `python3 harness/runner/validate-webui-summary.py --json`, then `harness/evals/health.sh --json`.
 
-Done evidence: summary JSON, focused validator JSON, aggregate health JSON, clean worktree, commit.
+Done evidence:
+
+- Hermes commit: `3cbd799 Add harness-backed Hermes control summary`
+- Focused validator: `python3 harness/runner/validate-webui-summary.py --json`
+- Focused summary JSON: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T102157Z-run-all-fake-92576/webui-summary.json`
+- Focused matrix report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T102157Z-run-all-fake-92576/report.json`
+- Focused Stage 6 comparison report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T102202Z-stage6-candidate-default-92871/stage6-candidate-default-comparison.json`
+- Post-merge aggregate health command: `harness/evals/health.sh --json`
+- Post-merge aggregate matrix report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T102236Z-run-all-fake-95146/report.json`
+- Post-merge aggregate Stage 6 comparison report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T102256Z-stage6-candidate-default-96653/stage6-candidate-default-comparison.json`
 
 ## Granularity Check
 

WORKBOARD.yaml

@@ -222,6 +222,6 @@ items:
     owner: ""
   - id: CTO-WORK-045
     title: Harness-Backed Hermes Control Summary
-    status: candidate
+    status: validated
     source: .sot/03-PROTOCOLS/CTO-HERMES-CONTROL-SURFACE-ISSUES.md
     owner: jp

tools/validate_cto_child.py

@@ -1455,7 +1455,7 @@ def main() -> int:
             "CTO-WORK-042": "validated",
             "CTO-WORK-043": "validated",
             "CTO-WORK-044": "validated",
-            "CTO-WORK-045": "candidate",
+            "CTO-WORK-045": "validated",
         }
         for issue_id, expected in expected_statuses.items():
             checked.append(f"workboard_status:{issue_id}:{expected}")