From 3d64fb25638b6fe125840e089b21299788022a1e Mon Sep 17 00:00:00 2001 From: Svrnty Date: Wed, 17 Jun 2026 09:24:06 -0400 Subject: [PATCH] Record CTO target physical custody --- ...SE-STAGE5-TARGET-REPOSITORY-ADMISSION.json | 8 +- WORKBOARD.yaml | 5 ++ docs/LEGACY-INGEST.md | 20 ++++- ...STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md | 78 ++++++++++++++++--- .../STAGE5-TARGET-SANDBOX-STALE-CASE-STATE.md | 36 +++++---- tools/validate_cto_child.py | 47 +++++++---- 6 files changed, 146 insertions(+), 48 deletions(-) diff --git a/.sot/03-PROTOCOLS/CTO-CASE-STAGE5-TARGET-REPOSITORY-ADMISSION.json b/.sot/03-PROTOCOLS/CTO-CASE-STAGE5-TARGET-REPOSITORY-ADMISSION.json index 4219043..432d3fa 100644 --- a/.sot/03-PROTOCOLS/CTO-CASE-STAGE5-TARGET-REPOSITORY-ADMISSION.json +++ b/.sot/03-PROTOCOLS/CTO-CASE-STAGE5-TARGET-REPOSITORY-ADMISSION.json @@ -37,6 +37,12 @@ "vendor/", ".git/" ], + "physical_custody_status": "preserved-outside-umbrella", + "preserved_target_path": "/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700", + "preserved_target_manifest": "/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700/MANIFEST.md", + "macbook_push_exclude": "cto-stage5-target-sandbox/", + "macbook_push_backup": "/Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh.bak.20260617-cto-target-exclude", + "root_absence_observed_through": "2026-06-17T09:18:23-04:00", "future_execution_authorized": false, "future_execution_requires_new_admission": true, "noncritical_rationale": "Dedicated owned Stage 5 sandbox repo, not production, no customer data, no secrets, no deploy path, no external users, safe to delete after validation.", @@ -45,7 +51,7 @@ "repository_owner": "jp", "review_trigger": "before Stage 5 execution against any different repository, before target repository path change, before allowed path change, before forbidden action change, before risk classification change", "risk_classification": "low_risk_noncritical", - "root_path_dependency": "historical-reference-only", + "root_path_dependency": "closed-preserved-historical-reference-only", "custody_preflight_record": "docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md", "target_repository_path": "/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox" } diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml index f9599bd..1c5a8a0 100644 --- a/WORKBOARD.yaml +++ b/WORKBOARD.yaml @@ -501,3 +501,8 @@ items: status: validated source: docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md owner: "" + - id: CTO-WORK-101 + title: Stage 5 Target Sandbox Physical Custody + status: validated + source: docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md + owner: "" diff --git a/docs/LEGACY-INGEST.md b/docs/LEGACY-INGEST.md index 841e08f..a8c75a1 100644 --- a/docs/LEGACY-INGEST.md +++ b/docs/LEGACY-INGEST.md @@ -83,9 +83,9 @@ Reference cluster: - `.sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-EVIDENCE.md` - `tools/validate_cto_child.py` -Decision: keep the intention; defer movement. +Decision: keep the intention; physical custody complete. -The useful idea is an explicitly owned, noncritical, disposable target repository for Stage 5 proof. The target sandbox is not move-ready while CTO validators, admission records, approval text, replay proof paths, and target task state still depend on `/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox`. +The useful idea is an explicitly owned, noncritical, disposable target repository for Stage 5 proof. The original target path is now historical proof context only, and the preserved payload is outside the umbrella. Current evidence: @@ -115,9 +115,21 @@ archive-stable evidence candidate for the target, but physical movement remains blocked until mirror policy is updated or JP chooses a different MacBook source custody policy. -Move or archive only after CTO replaces the absolute live path with archive-stable evidence or a new admitted target fixture, reruns `python3 tools/validate_cto_child.py`, reruns `python3 tools/validate_cto_stage5_target_sandbox_child.py`, and records that target ownership remains outside CTO and Core. The target-local Case task residue is now declared stale, but the absolute path dependency remains open. +2026-06-17 physical custody result: the MacBook push script now excludes +`cto-stage5-target-sandbox/` with backup +`/Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh.bak.20260617-cto-target-exclude`. +The Steev target moved to +`/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700` +with `MANIFEST.md`. The preserved target validator passes from the preserved +path, pytest passes with cache provider disabled, and the original root path +stayed absent through the observed MacBook push window ending +`2026-06-17T09:18:23-04:00`. -Rejected now: raw move, hard delete, validator path rewrites for cleanup optics, Case rerun, Harness rerun, provider mutation, target source mutation, Core mutation, Seed mutation, readiness claim, release claim. +Current closure: the absolute live path dependency is closed for current +execution authority. Future Stage 5 execution still requires a new admission +record, new approval, current target validation, and fresh Harness evidence. + +Rejected now: hard delete, cleanup-only target mutation, Case rerun, Harness rerun, provider mutation, target source mutation, Core mutation, Seed mutation, readiness claim, release claim. ## Rejection Rules diff --git a/docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md b/docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md index 4ec7484..9bf5905 100644 --- a/docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md +++ b/docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md @@ -6,7 +6,7 @@ Source: CTO-WORK-099. ## Result -Status: custody-preflight-complete. +Status: physical-custody-complete. Original target path remains historical proof context only: @@ -14,7 +14,13 @@ Original target path remains historical proof context only: /home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox ``` -The target sandbox remains in place during this slice. Do not move the target sandbox in this slice. +The target sandbox is preserved outside the umbrella at: + +```text +/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700 +``` + +The original Steev root path is absent after the observed MacBook push window. ## Admission Lifecycle @@ -23,7 +29,7 @@ The Stage 5 target admission now declares: - `admission_lifecycle`: `historical-proof-target` - `future_execution_authorized`: `false` - `future_execution_requires_new_admission`: `true` -- `root_path_dependency`: `historical-reference-only` +- `root_path_dependency`: `closed-preserved-historical-reference-only` Any future Stage 5 execution requires a new admission record, new approval text, current target validation, and fresh Harness evidence. The old @@ -31,13 +37,13 @@ text, current target validation, and fresh Harness evidence. The old ## Custody Decision -Physical relocation remains a separate host-aware custody gate. That gate must: +Physical relocation required a host-aware custody gate. That gate now records: -- preserve the target sandbox outside the umbrella with a manifest; -- prove the preserved target validator still passes from the preserved path; -- prove root absence or record any MacBook sync rehydration; -- keep target ownership outside CTO and Core; -- avoid hard deletion. +- preserved target sandbox outside the umbrella with a manifest; +- preserved target validator passes from the preserved path; +- original root path absence after a MacBook push window; +- target ownership remains outside CTO and Core; +- no hard deletion. No target source mutation, Case rerun, Harness rerun, provider call, runtime start, browser open, branch mutation, Core mutation, readiness claim, or release @@ -56,7 +62,8 @@ claim occurred. - Physical movement is blocked until the mirror policy is updated or JP chooses a different custody policy for the MacBook source. -This check is read-only. No MacBook script mutation occurred in this slice. +This preflight check was read-only. The later physical custody gate added the +`cto-stage5-target-sandbox/` exclude with a backup and `zsh -n` proof. ## Archive-Stable Evidence Candidate @@ -89,5 +96,52 @@ Validators observed during this slice: - `python3 -m pytest -q`: `11 passed`. - `python3 tools/validate_cto_child.py`: `ok: true`. -The archive-stable candidate is enough to stop treating the path as execution -authority. It is not yet a physical custody move proof. +This candidate was superseded by physical custody proof. + +## Physical Custody Proof + +Preserved path: + +```text +/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700 +``` + +Manifest: + +```text +/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700/MANIFEST.md +``` + +MacBook push script backup: + +```text +/Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh.bak.20260617-cto-target-exclude +``` + +Applied rsync exclude: + +```text +--exclude 'cto-stage5-target-sandbox/' \ +``` + +Physical custody evidence: + +- MacBook `zsh -n` on the patched push script: pass. +- MacBook one-shot push after the exclude: pass. +- immediate root absence after move: pass. +- observed root absence window: + - `2026-06-17T09:17:08-04:00`: absent. + - `2026-06-17T09:17:33-04:00`: absent. + - `2026-06-17T09:17:58-04:00`: absent. + - `2026-06-17T09:18:23-04:00`: absent. +- preserved target validator from preserved path: `ok: true`. +- preserved target pytest from preserved path with cache provider disabled: + `11 passed`. +- route-relevant relative sha256 list digest: + `ee69cd97b8349eaf800d25a13810ecd2436388e34cdaac84a4ee735366798d2c`. +- full relative sha256 list digest: + `487148fc897b810a1e3e0f96c86ed0b07e2e153bc5caa3679d26dd91e53c25b4`. + +The original root path is no longer execution authority. Future Stage 5 +execution still requires a new admission record, new approval, current +validation, and fresh Harness evidence. diff --git a/docs/STAGE5-TARGET-SANDBOX-STALE-CASE-STATE.md b/docs/STAGE5-TARGET-SANDBOX-STALE-CASE-STATE.md index a1b21ed..f5a0ebc 100644 --- a/docs/STAGE5-TARGET-SANDBOX-STALE-CASE-STATE.md +++ b/docs/STAGE5-TARGET-SANDBOX-STALE-CASE-STATE.md @@ -8,14 +8,19 @@ Source: CTO-WORK-097. Status: stale-state-declared. -The target sandbox remains present at: +The target sandbox was originally present at: ```text /home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox ``` -The target sandbox is still not move-ready, but the old target-local Case task -state is no longer treated as active work. +The target sandbox is now preserved outside the umbrella at: + +```text +/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700 +``` + +The old target-local Case task state is no longer treated as active work. ## Current Evidence @@ -41,7 +46,7 @@ from 2026-06-01 and 2026-06-02: PR number. These records are stale Case-local task residue. They are not current execution -authority, not active WIP, and not archive-stable completion evidence. +authority and not active WIP. They are preserved as historical residue in the physical custody manifest. ## Decision @@ -54,24 +59,27 @@ The useful intention remains the Stage 5 proof pattern: admitted owned noncritical target, explicit task contract, JP approval, Harness evidence, and no default Runtime activation. -## Remaining Movement Gate +## Physical Custody Gate -2026-06-17 custody preflight: +2026-06-17 custody result: - `docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md` declares the original target path historical proof context only. - `.sot/03-PROTOCOLS/CTO-CASE-STAGE5-TARGET-REPOSITORY-ADMISSION.json` now sets `future_execution_authorized=false` and `future_execution_requires_new_admission=true`. -- The target sandbox was not moved in this slice. +- The target sandbox is preserved outside the umbrella with a manifest. +- The original Steev root path stayed absent after a MacBook push window with + the `cto-stage5-target-sandbox/` rsync exclude active. +- The absolute live path dependency is closed for current execution authority. -Movement remains deferred until CTO replaces the absolute live path dependency -with archive-stable evidence or a new admitted target fixture, then reruns: +Custody validators rerun: - `python3 tools/validate_cto_child.py` -- `python3 tools/validate_cto_stage5_target_sandbox_child.py` +- `python3 tools/validate_cto_stage5_target_sandbox_child.py` from the + preserved target path +- `PYTHONDONTWRITEBYTECODE=1 python3 -m pytest -q -p no:cacheprovider` from the + preserved target path -The future move must preserve the target path outside the umbrella with a -manifest. No hard delete, Core mutation, Harness rerun, Case rerun, provider -call, branch mutation, readiness claim, or release claim is allowed by this -record. +No hard delete, Core mutation, Harness rerun, Case rerun, provider call, branch +mutation, readiness claim, or release claim is allowed by this record. diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py index 2466b92..e822f06 100644 --- a/tools/validate_cto_child.py +++ b/tools/validate_cto_child.py @@ -892,9 +892,15 @@ REQUIRED_STAGE5_TARGET_ADMISSION_JSON = { "approval_source": "JP chat approval on 2026-06-01", "approval_timestamp": "2026-06-01", "operator_outcome_required": True, + "physical_custody_status": "preserved-outside-umbrella", + "preserved_target_path": "/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700", + "preserved_target_manifest": "/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700/MANIFEST.md", + "macbook_push_exclude": "cto-stage5-target-sandbox/", + "macbook_push_backup": "/Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh.bak.20260617-cto-target-exclude", + "root_absence_observed_through": "2026-06-17T09:18:23-04:00", "future_execution_authorized": False, "future_execution_requires_new_admission": True, - "root_path_dependency": "historical-reference-only", + "root_path_dependency": "closed-preserved-historical-reference-only", "custody_preflight_record": "docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md", } @@ -915,46 +921,52 @@ REQUIRED_STAGE5_TARGET_STALE_STATE_PHRASES = [ "Local planning evidence only. Not Core authority. Not Runtime authority.", "Status: stale-state-declared.", "/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox", - "The target sandbox is still not move-ready", + "/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700", "`python3 -m pytest -q` in the target sandbox: `11 passed`.", "`python3 tools/validate_cto_stage5_target_sandbox_child.py` in the target", "`python3 tools/validate_cto_child.py` in CTO: `ok: true`.", "No live process matched the target path", - "not archive-stable completion evidence", + "preserved as historical residue in the physical custody manifest", "Do not edit the target sandbox only to make cleanup look cleaner.", - "Movement remains deferred until CTO replaces the absolute live path dependency", + "Physical Custody Gate", + "absolute live path dependency is closed for current execution authority", + "original Steev root path stayed absent after a MacBook push window", "No hard delete, Core mutation, Harness rerun, Case rerun, provider", ] REQUIRED_STAGE5_TARGET_CUSTODY_PREFLIGHT_PHRASES = [ "Local planning evidence only. Not Core authority. Not Runtime authority.", "Source: CTO-WORK-099.", - "Status: custody-preflight-complete.", + "Status: physical-custody-complete.", "Original target path remains historical proof context only", "/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox", - "Do not move the target sandbox in this slice.", + "/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700", + "original Steev root path is absent after the observed MacBook push window", "`admission_lifecycle`: `historical-proof-target`", "`future_execution_authorized`: `false`", "`future_execution_requires_new_admission`: `true`", - "`root_path_dependency`: `historical-reference-only`", + "`root_path_dependency`: `closed-preserved-historical-reference-only`", "Any future Stage 5 execution requires a new admission record", - "Physical relocation remains a separate host-aware custody gate.", - "preserve the target sandbox outside the umbrella with a manifest", - "prove root absence or record any MacBook sync rehydration", + "Physical relocation required a host-aware custody gate.", + "preserved target sandbox outside the umbrella with a manifest", + "original root path absence after a MacBook push window", "No target source mutation, Case rerun, Harness rerun, provider call", "2026-06-17 host-aware custody check:", "/Users/jean-philippebrule/Steev/Cortex-OS/cto-stage5-target-sandbox", "/Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh", - "does not exclude", "`cto-stage5-target-sandbox/`", - "Physical movement is blocked until the mirror policy is updated", - "This check is read-only. No MacBook script mutation occurred in this slice.", + "MacBook push script backup", + "push-cortex-os-to-steev-once.sh.bak.20260617-cto-target-exclude", + "Applied rsync exclude", + "MacBook `zsh -n` on the patched push script: pass.", + "MacBook one-shot push after the exclude: pass.", + "2026-06-17T09:18:23-04:00", "Archive-Stable Evidence Candidate", "total files: 31.", "route-relevant files excluding generated caches: 24.", "directories: 15.", - "c73b40f5bbdd32bb61a93fc926c108d7cef256bdb4598c71ea66ee29f73444e5", - "1afc53c9e5ea4a9275ffb9d85cf3509c4a66ab1f89e1e118b76f5a7ea2aaa788", + "ee69cd97b8349eaf800d25a13810ecd2436388e34cdaac84a4ee735366798d2c", + "487148fc897b810a1e3e0f96c86ed0b07e2e153bc5caa3679d26dd91e53c25b4", "e9db56431baa9708bd6ce0be7d0379d6d7fa1c9e2b00595bca1932f49242ec84", "c5019bab84472ac4110112c95ebf30c3412f6f5b09dddf9a98411a9f62d830f9", "3180db858dc74381dd736f25311d24d82dbad3eb9166090b9d36448ccee4da66", @@ -964,7 +976,7 @@ REQUIRED_STAGE5_TARGET_CUSTODY_PREFLIGHT_PHRASES = [ "`python3 tools/validate_cto_stage5_target_sandbox_child.py`: `ok: true`.", "`python3 -m pytest -q`: `11 passed`.", "`python3 tools/validate_cto_child.py`: `ok: true`.", - "It is not yet a physical custody move proof.", + "The original root path is no longer execution authority.", ] REQUIRED_PROVIDER_ADMISSION_PRD_PHRASES = [ @@ -3078,7 +3090,7 @@ def main() -> int: checked.append(f"workboard_id:{issue_id}") if issue_id not in text: errors.append(f"missing_workboard_id:{issue_id}") - for issue_id in ["CTO-WORK-098", "CTO-WORK-099", "CTO-WORK-100"]: + for issue_id in ["CTO-WORK-098", "CTO-WORK-099", "CTO-WORK-100", "CTO-WORK-101"]: checked.append(f"workboard_id:{issue_id}") if issue_id not in text: errors.append(f"missing_workboard_id:{issue_id}") @@ -3180,6 +3192,7 @@ def main() -> int: "CTO-WORK-098": "validated", "CTO-WORK-099": "validated", "CTO-WORK-100": "validated", + "CTO-WORK-101": "validated", } for issue_id, expected in expected_statuses.items(): checked.append(f"workboard_status:{issue_id}:{expected}")