Record CTO target mirror blocker

2026-06-17 09:09:20 -04:00
parent aae6d8afaf
commit 336f35b954
4 changed files with 87 additions and 1 deletions
@@ -107,6 +107,14 @@ historical proof context only. The admission record sets
 separate host-aware custody gate because the MacBook mirror can rehydrate root
 paths unless policy is checked first.

+2026-06-17 mirror blocker check: the MacBook source path
+`/Users/jean-philippebrule/Steev/Cortex-OS/cto-stage5-target-sandbox` exists,
+and `/Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh` does not
+exclude `cto-stage5-target-sandbox/`. The custody preflight now records an
+archive-stable evidence candidate for the target, but physical movement remains
+blocked until mirror policy is updated or JP chooses a different MacBook source
+custody policy.
+
 Move or archive only after CTO replaces the absolute live path with archive-stable evidence or a new admitted target fixture, reruns `python3 tools/validate_cto_child.py`, reruns `python3 tools/validate_cto_stage5_target_sandbox_child.py`, and records that target ownership remains outside CTO and Core. The target-local Case task residue is now declared stale, but the absolute path dependency remains open.

 Rejected now: raw move, hard delete, validator path rewrites for cleanup optics, Case rerun, Harness rerun, provider mutation, target source mutation, Core mutation, Seed mutation, readiness claim, release claim.
@@ -42,3 +42,52 @@ Physical relocation remains a separate host-aware custody gate. That gate must:
 No target source mutation, Case rerun, Harness rerun, provider call, runtime
 start, browser open, branch mutation, Core mutation, readiness claim, or release
 claim occurred.
+
+## Host Mirror Check
+
+2026-06-17 host-aware custody check:
+
+- MacBook source path: present at
+  `/Users/jean-philippebrule/Steev/Cortex-OS/cto-stage5-target-sandbox`.
+- MacBook push script:
+  `/Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh`.
+- Current push script excludes known root shadows, but does not exclude
+  `cto-stage5-target-sandbox/`.
+- Physical movement is blocked until the mirror policy is updated or JP chooses
+  a different custody policy for the MacBook source.
+
+This check is read-only. No MacBook script mutation occurred in this slice.
+
+## Archive-Stable Evidence Candidate
+
+Current target evidence, read-only from
+`/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox`:
+
+- total files: 31.
+- route-relevant files excluding generated caches: 24.
+- directories: 15.
+- route-relevant combined sha256:
+  `c73b40f5bbdd32bb61a93fc926c108d7cef256bdb4598c71ea66ee29f73444e5`.
+- full current combined sha256 including generated caches:
+  `1afc53c9e5ea4a9275ffb9d85cf3509c4a66ab1f89e1e118b76f5a7ea2aaa788`.
+- `AGENTS.md` sha256:
+  `e9db56431baa9708bd6ce0be7d0379d6d7fa1c9e2b00595bca1932f49242ec84`.
+- `README.md` sha256:
+  `c5019bab84472ac4110112c95ebf30c3412f6f5b09dddf9a98411a9f62d830f9`.
+- `WORKBOARD.yaml` sha256:
+  `3180db858dc74381dd736f25311d24d82dbad3eb9166090b9d36448ccee4da66`.
+- `strings.py` and `src/strings.py` sha256:
+  `aa8b1ba8108b0fe8a6170e26a9f51c180a60241fa91b9878c1aaf45ef0a42280`.
+- `test_strings.py` sha256:
+  `d76bb7f9959eacc2fe2e0fc70dcc1ff1525f9aef3918cf849eae4e382fd2e704`.
+- `tools/validate_cto_stage5_target_sandbox_child.py` sha256:
+  `09d5dd192a17e460885a657bfad5e929b9832fd6a1ac5b6b86a432213781bdd6`.
+
+Validators observed during this slice:
+
+- `python3 tools/validate_cto_stage5_target_sandbox_child.py`: `ok: true`.
+- `python3 -m pytest -q`: `11 passed`.
+- `python3 tools/validate_cto_child.py`: `ok: true`.
+
+The archive-stable candidate is enough to stop treating the path as execution
+authority. It is not yet a physical custody move proof.