Add blocked Stage 5 target admission record
This commit is contained in:
Svrnty
@@ -55,7 +55,7 @@ Type: HITL
|
||||
|
||||
Status: blocked.
|
||||
|
||||
Blocked by: CTO-WORK-037, CTO-WORK-039, and explicit JP selection or approval of an owned low-risk noncritical Target Repository.
|
||||
Blocked by: CTO-WORK-037, CTO-WORK-039, CTO-WORK-040, and explicit JP selection or approval of an owned low-risk noncritical Target Repository.
|
||||
|
||||
User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.
|
||||
|
||||
@@ -112,6 +112,41 @@ Validator: `python3 tools/validate_cto_child.py`
|
||||
|
||||
Done evidence: template artifact, issue reference, validator JSON, clean worktree, commit.
|
||||
|
||||
|
||||
### CTO-WORK-040 - Stage 5 Target Repository Admission Record
|
||||
|
||||
Type: HITL
|
||||
|
||||
Status: blocked.
|
||||
|
||||
Blocked by: CTO-WORK-039 and explicit JP selection or approval of an owned low-risk noncritical Target Repository.
|
||||
|
||||
User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.
|
||||
|
||||
What to build: Maintain the concrete Stage 5 Target Repository admission record. The current record is intentionally `not_admitted` and blocks Stage 5 execution until JP supplies the repository path, ownership proof, noncritical rationale, allowed paths, forbidden paths, and approval metadata.
|
||||
|
||||
Acceptance criteria:
|
||||
|
||||
- [x] Admission record exists as JSON.
|
||||
- [x] Admission record status is `not_admitted` by default.
|
||||
- [x] Admission record contains no repository path until JP approves one.
|
||||
- [x] Admission record contains no secrets or credentials.
|
||||
- [x] Admission record includes all required forbidden actions.
|
||||
- [x] Admission record requires operator outcome.
|
||||
- [x] Local CTO validator checks the safe blocked record state.
|
||||
- [ ] JP supplies an owned low-risk noncritical repository path.
|
||||
- [ ] JP supplies ownership evidence.
|
||||
- [ ] JP supplies noncritical rationale.
|
||||
- [ ] JP supplies allowed paths and forbidden paths.
|
||||
- [ ] JP supplies approval source and approval timestamp.
|
||||
- [ ] Admission record is updated to `admitted` only after all required fields are present.
|
||||
|
||||
Allowed files: CTO child workspace planning docs and local validator only until a concrete Target Repository is approved.
|
||||
|
||||
Validator: `python3 tools/validate_cto_child.py`
|
||||
|
||||
Done evidence for current blocked state: admission JSON, issue reference, validator JSON, clean worktree, commit.
|
||||
|
||||
## Granularity Check
|
||||
|
||||
This is intentionally two slices: one planning route and one executable harness route. Stage 5 is not over-granular because it is the first proof involving an admitted owned repository and must separate repository ownership, approval, allowed paths, verification, and operator outcome before default candidacy.
|
||||
|
||||
@@ -0,0 +1,26 @@
|
||||
{
|
||||
"admission_status": "not_admitted",
|
||||
"target_repository_path": "",
|
||||
"repository_owner": "",
|
||||
"ownership_evidence": "",
|
||||
"risk_classification": "",
|
||||
"noncritical_rationale": "",
|
||||
"allowed_paths": [],
|
||||
"forbidden_paths": [],
|
||||
"forbidden_actions": [
|
||||
"push",
|
||||
"merge",
|
||||
"deploy",
|
||||
"close",
|
||||
"pr_open",
|
||||
"issue_close",
|
||||
"public_publication",
|
||||
"credential_change",
|
||||
"vendor_source_mutation",
|
||||
"cortex_core_mutation"
|
||||
],
|
||||
"approval_source": "",
|
||||
"approval_timestamp": "",
|
||||
"operator_outcome_required": true,
|
||||
"review_trigger": "before Stage 5 execution, before target repository path change, before allowed path change, before forbidden action change, before risk classification change"
|
||||
}
|
||||
Reference in New Issue
Block a user