Record governed execution approval

2026-06-01 07:55:25 -04:00
parent b7a7354f97
commit 30b488e1b9
5 changed files with 297 additions and 0 deletions
@@ -63,6 +63,9 @@ REQUIRED_FILES = [
    ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-REQUEST-PRD.md",
    ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-REQUEST-ISSUES.md",
    ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-REQUEST-RECORD.md",
+    ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-PRD.md",
+    ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-ISSUES.md",
+    ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-RECORD.md",
    ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md",
    ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md",
    ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-APPROVAL-PACKET.md",
@@ -298,6 +301,26 @@ REQUIRED_GOVERNED_EXECUTION_REQUEST_PHRASES = [
    "JP approval is still required before execution.",
 ]

+REQUIRED_GOVERNED_EXECUTION_APPROVAL_PHRASES = [
+    "Local planning SOT only. Not a Core Protocol. Not active Core authority.",
+    "governed execution approval",
+    "single-task approval capture",
+    "exact approval packet",
+    "I approve CTO-WORK-049 against /home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox for the src/strings.py slugify alignment task.",
+    "approval_granted: true",
+    "execution_allowed: true",
+    "execution_scope: one approved Harness run only",
+    "admitted target repository",
+    "allowed paths",
+    "Harness command",
+    "Runtime default activation remains false.",
+    "Do not activate Case as default backend.",
+    "Do not mutate any path outside the allowed paths.",
+    "Do not edit upstream `hermes-agent`.",
+    "Do not edit upstream `hermes-webui`.",
+    "This record is not execution evidence.",
+]
+
 REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_EVIDENCE_PHRASES = [
    "Local planning SOT only. Not a Core Protocol. Not active Core authority.",
    "CTO-WORK-057",
@@ -1448,6 +1471,44 @@ def main() -> int:
            if phrase not in text:
                errors.append(f"missing_governed_execution_request_record_phrase:{phrase}")

+    governed_execution_approval_prd = ROOT / ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-PRD.md"
+    if governed_execution_approval_prd.is_file():
+        text = governed_execution_approval_prd.read_text(encoding="utf-8")
+        if "core_promotion_status: not-promoted" not in text:
+            errors.append("governed_execution_approval_prd_missing_not_promoted_frontmatter")
+        for phrase in REQUIRED_GOVERNED_EXECUTION_APPROVAL_PHRASES:
+            checked.append(f"governed_execution_approval_prd_phrase:{phrase}")
+            if phrase not in text:
+                errors.append(f"missing_governed_execution_approval_prd_phrase:{phrase}")
+
+    governed_execution_approval_issues = ROOT / ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-ISSUES.md"
+    if governed_execution_approval_issues.is_file():
+        text = governed_execution_approval_issues.read_text(encoding="utf-8")
+        if "core_promotion_status: not-promoted" not in text:
+            errors.append("governed_execution_approval_issues_missing_not_promoted_frontmatter")
+        for phrase in ["CTO-WORK-068", "CTO-WORK-069", *REQUIRED_GOVERNED_EXECUTION_APPROVAL_PHRASES]:
+            checked.append(f"governed_execution_approval_issue_phrase:{phrase}")
+            if phrase not in text:
+                errors.append(f"missing_governed_execution_approval_issue_phrase:{phrase}")
+
+    governed_execution_approval_record = ROOT / ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-RECORD.md"
+    if governed_execution_approval_record.is_file():
+        text = governed_execution_approval_record.read_text(encoding="utf-8")
+        if "core_promotion_status: not-promoted" not in text:
+            errors.append("governed_execution_approval_record_missing_not_promoted_frontmatter")
+        for phrase in [
+            "CTO-WORK-069",
+            "/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox",
+            "src/strings.py",
+            "test_strings.py",
+            "python3 -m pytest -q",
+            "approval_source: JP chat approval",
+            *REQUIRED_GOVERNED_EXECUTION_APPROVAL_PHRASES,
+        ]:
+            checked.append(f"governed_execution_approval_record_phrase:{phrase}")
+            if phrase not in text:
+                errors.append(f"missing_governed_execution_approval_record_phrase:{phrase}")
+
    hermes_real_refresh_control_replay_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md"
    if hermes_real_refresh_control_replay_evidence.is_file():
        text = hermes_real_refresh_control_replay_evidence.read_text(encoding="utf-8")
@@ -2066,6 +2127,8 @@ def main() -> int:
            "CTO-WORK-065": "validated",
            "CTO-WORK-066": "validated",
            "CTO-WORK-067": "validated",
+            "CTO-WORK-068": "validated",
+            "CTO-WORK-069": "validated",
        }
        for issue_id, expected in expected_statuses.items():
            checked.append(f"workboard_status:{issue_id}:{expected}")