From 41de06d9c9cc19206516af9ce517616d1d2a8386 Mon Sep 17 00:00:00 2001 From: Svrnty Date: Sun, 31 May 2026 23:09:33 -0400 Subject: [PATCH] Add Case Stage 3 copied repo PRD --- .../CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md | 86 ++++++++++++++ .../CTO-CASE-STAGE3-COPIED-REPO-PRD.md | 109 ++++++++++++++++++ .../CTO-CASE-STAGED-PROOF-GATES.md | 7 ++ CONTEXT.md | 4 + README.md | 2 + WORKBOARD.yaml | 10 ++ tools/validate_cto_child.py | 56 +++++++++ 7 files changed, 274 insertions(+) create mode 100644 .sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md create mode 100644 .sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md diff --git a/.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md b/.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md new file mode 100644 index 0000000..8e86b53 --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md @@ -0,0 +1,86 @@ +--- +name: cto-case-stage3-copied-repo-issues +tier: local +status: draft +owner: jp +source: .sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md +created: 2026-06-01 +last_reviewed: 2026-06-01 +lifecycle_classification: planning +core_promotion_status: not-promoted +description: Child-local issue sequence for Stage 3 Case copied-repo fixture proof. +--- + +# CTO Case Stage 3 Copied Repo Issues + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Issue Sequence + +### CTO-WORK-033 - Stage 3 Copied Repo PRD + +Type: AFK + +Status: validated. + +Blocked by: CTO-WORK-012 + +User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13. + +What to build: Define the Stage 3 copied-repo fixture proof before implementation starts. + +Acceptance criteria: + +- [ ] PRD states Stage 3 allowed mutation scope is `copied local repository fixture only`. +- [ ] PRD requires Stage 2 validation before Stage 3. +- [ ] PRD requires `CTO_HARNESS_ALLOW_CASE=1` and `CTO_HARNESS_CASE_STAGE=3`. +- [ ] PRD requires source repository ownership and local source classification. +- [ ] PRD requires source repository HEAD and status before and after Case execution. +- [ ] PRD requires copied fixture clean start and clean end proof. +- [ ] PRD forbids Target Repository, source repository, Case source, vendor source, Hermes WebUI, and Cortex Core mutation. +- [ ] PRD requires full Harness Evidence Interface artifacts. +- [ ] PRD requires dirty-starting-tree, dirty-ending-tree, timeout, artifact-write-failure, disallowed-file, failed-tests, and missing-required-event failure fixtures. +- [ ] Local CTO validator checks Stage 3 PRD and issue artifact. + +Allowed files: CTO child workspace planning docs and local validator only. + +Validator: `python3 tools/validate_cto_child.py` + +Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit. + +### CTO-WORK-034 - Stage 3 Harness Copied Repo Fixture Route + +Type: AFK + +Status: blocked. + +Blocked by: CTO-WORK-033 + +User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13. + +What to build: In `/home/svrnty/workspaces/hermes/cto/harness`, implement the Stage 3 copied-repo fixture route behind the existing `case` engine seam. + +Acceptance criteria: + +- [ ] `case` remains disabled by default. +- [ ] `CTO_HARNESS_ALLOW_CASE=1` remains required. +- [ ] `CTO_HARNESS_CASE_STAGE=3` is required before copied-repo Case execution. +- [ ] Missing Stage 3 gate emits blocked evidence and does not run Case. +- [ ] Source repository is copied before Case starts. +- [ ] Source repository HEAD and status before/after proof match. +- [ ] Case mutates only the copied fixture. +- [ ] Copied fixture starts clean and ends clean after harness post-processing. +- [ ] No Target Repository path is inspected or copied. +- [ ] Required artifacts include source non-mutation proof, clean-start proof, clean-end proof, `report.json`, `report.md`, `events.normalized.jsonl`, `trace.jsonl`, `patch.diff`, `test.log`, and backend logs. +- [ ] Failure fixtures fail closed for dirty source start, dirty copied fixture start, dirty copied fixture end, timeout, artifact write failure, disallowed file, failed tests, and missing required event. +- [ ] Fake remains the default validation lane and broad health remains green after focused Stage 3 validation. + +Allowed files: Hermes CTO harness engine, copied-repo fixtures, focused Stage 3 validator, harness docs, and tests. WebUI, Core, Case source, vendor source, source repository, Target Repository, and external developer repositories are forbidden. + +Validator: `python3 harness/runner/validate-case-stage3.py --harness-root harness --json`, then `harness/evals/health.sh --json`. + +Done evidence: Stage 3 pass report, failure fixture reports, source non-mutation proof, clean-start proof, clean-end proof, artifact digests, clean worktree, commit. + +## Granularity Check + +This is intentionally two slices: one planning route and one executable harness route. It is not over-granular because Stage 3 introduces source repository copy and non-mutation proof, which are distinct from Stage 2 artificial fixture proof. diff --git a/.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md b/.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md new file mode 100644 index 0000000..42909ac --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md @@ -0,0 +1,109 @@ +--- +name: cto-case-stage3-copied-repo-prd +tier: local +status: draft +owner: jp +source: .sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md +created: 2026-06-01 +last_reviewed: 2026-06-01 +lifecycle_classification: planning +core_promotion_status: not-promoted +description: Child-local PRD for Stage 3 Case copied-repo fixture proof. +--- + +# CTO Case Stage 3 Copied Repo PRD + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Problem Statement + +Stage 2 proves Case can patch a copied artificial fixture through the CTO Harness. That does not prove Case is safe around a real repository shape. Stage 3 must prove the next narrow behavior: copy an owned local source repository into a fixture workspace, run Case only inside the copied fixture, and prove the source repository remains unchanged. + +## Solution + +Add a Stage 3 copied-repo fixture route for the Hermes CTO harness. The route uses an owned local source repository only as read-only input. The harness copies that source into a runtime fixture, records source non-mutation proof, runs Case against the copied fixture, and accepts only Harness Evidence Interface proof. + +Stage 3 keeps all earlier gates. `case` remains disabled by default. `CTO_HARNESS_ALLOW_CASE=1` and `CTO_HARNESS_CASE_STAGE=3` are required before copied-repo Case execution. Missing gates mean blocked, not warning. + +Allowed mutation scope is `copied local repository fixture only`. Writable roots are limited to `runtime_workspace_root` and `run_artifact_dir`. Source repository, Target Repository, Case source, vendor source, external developer repositories, Hermes WebUI, and Cortex Core are read-only or forbidden. + +## Scope + +- Define one copied-repo fixture proof route. +- Require Stage 2 validated evidence before Stage 3 execution. +- Require source repository ownership and local path classification before copy. +- Require clean source repository status before copy. +- Require clean copied fixture status before Case starts. +- Require source repository HEAD and status proof before and after execution. +- Require copied fixture clean ending tree after harness post-processing. +- Preserve full Harness Evidence Interface artifacts. +- Compare report shape, event order, allowed writes, tests, blockers, digests, and freshness against Stage 2 expectations. +- Add dirty-starting-tree, dirty-ending-tree, timeout, and artifact-write-failure failure fixtures. + +## Non-Goals + +- Do not mutate a Target Repository. +- Do not mutate the source repository. +- Do not use an external developer repository as source. +- Do not push, merge, deploy, close, or open a pull request. +- Do not resolve license or source admission for real-repo work. +- Do not approve Stage 4, Stage 5, Stage 6, default backend status, WebUI Runtime behavior, or Core promotion. + +## Acceptance Criteria + +- Stage 3 entry requires Stage 2 validated. +- `CTO_HARNESS_ALLOW_CASE=1` remains required. +- `CTO_HARNESS_CASE_STAGE=3` is required. +- Missing Stage 3 gate blocks before Case starts. +- Source repository is an owned local source, not a Target Repository and not external developer source. +- Source repository clean status is recorded before copy. +- Source repository HEAD and status are recorded before and after Case execution. +- Source repository after-proof matches before-proof. +- Copied fixture is created under the run artifact directory. +- Case receives only the copied fixture path, task contract, allowed paths, forbidden actions, verification command, and evidence expectations. +- Runtime writes are limited to `runtime_workspace_root` and `run_artifact_dir`. +- Copied fixture starts clean after copy and baseline commit. +- Copied fixture ends clean after harness post-processing. +- `report.json` records `backend: case`, `case_process_started`, `source_repository_mutated: false`, `runtime_workspace_root`, `run_artifact_dir`, `changed_files`, `blockers`, `artifact_digests`, and freshness proof. +- Required artifacts include `report.json`, `report.md`, `events.normalized.jsonl`, `trace.jsonl`, `patch.diff`, `test.log`, backend logs, source non-mutation proof, clean-start proof, and clean-end proof. +- Failure fixtures cover dirty source start, dirty copied fixture start, dirty copied fixture end, timeout, artifact write failure, disallowed file, failed tests, and missing required event. +- Fake remains the default validation lane. +- No Stage 3 pass may be used as sandbox-repo, owned-repo, default-candidate, or Core promotion evidence beyond its stated scope. + +## Validation + +- Focused validator: `python3 harness/runner/validate-case-stage3.py --harness-root harness --json`. +- The Stage 3 validator must require Stage 2 validation first. +- The validator must prove missing Stage 3 gate blocks before `case_process_started`. +- The validator must prove source repository non-mutation with before/after HEAD and status evidence. +- The validator must prove copied fixture clean start and clean end. +- The validator must prove no Target Repository path is inspected or copied. +- The validator must run required failure fixtures. +- The validator must emit compact JSON with `ok`, `checked`, `errors`, pass artifact path, failure artifact paths, and source non-mutation proof path. +- Broader Hermes health must run once after focused Stage 3 validation passes. +- CTO child validator must require this PRD and issue artifact before Stage 3 implementation is governed. + +## Risks + +- Copied-repo proof can be mistaken for real Target Repository approval. +- Source repository mutation could happen through a leaked path if task contracts are weak. +- Dirty tree handling can hide untracked files or generated artifacts. +- Stage 3 can overfit to one toy repo and miss real-repo policy needs. + +## Dependencies + +- Stage 2 Case artificial fixture is validated. +- Harness Evidence Interface Contract is validated. +- Case Adapter Contract is validated. +- Case Failure Fixture Matrix is validated. +- Real Case Qwen Stage 2 pass evidence exists. + +## Success Definition + +Stage 3 is successful when Case changes only a copied local repository fixture, emits full Harness Evidence Interface proof, passes verification, fails closed for required copied-repo failure classes, and proves the source repository was not mutated. Stage 3 does not authorize sandbox, owned-repo, default backend, WebUI Runtime, or Core promotion behavior. + +## Challenge Findings + +- Accepted: source non-mutation proof must include source HEAD and status before and after Case execution. +- Accepted: clean copied-fixture start and clean copied-fixture end are separate proofs. +- Rejected: running Stage 3 directly on a Target Repository. That skips the proof ladder. diff --git a/.sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md b/.sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md index 390869e..9c299c0 100644 --- a/.sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md +++ b/.sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md @@ -130,6 +130,8 @@ Validation evidence: ## Stage 3 - Copied Repo Fixture +Status: planned. Execution remains blocked until `CTO-WORK-034` produces Harness Evidence Interface pass evidence. + Entry gates: - Stage 2 is validated. @@ -146,6 +148,11 @@ Required artifacts: - source repository non-mutation proof; - failure fixture results. +Planning evidence: + +- Stage 3 PRD: `.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md`. +- Stage 3 issues: `.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md`. + Validator expectation: - all changes occur inside copied fixture; diff --git a/CONTEXT.md b/CONTEXT.md index 29b58be..14bce16 100644 --- a/CONTEXT.md +++ b/CONTEXT.md @@ -24,3 +24,7 @@ _Avoid_: loose evidence bundle, backend logs, success claim **Target Repository**: The owned source repository receiving bounded, approved, evidence-producing code changes. _Avoid_: vendor source, hidden workspace, disposable scratch by default + +**Copied Repository Fixture**: +A runtime copy of an owned local source repository used to prove backend behavior without mutating the source repository or a Target Repository. +_Avoid_: Target Repository, live repo, external developer source diff --git a/README.md b/README.md index 9611b39..9318444 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,8 @@ This workspace is registered as a child-local planning workspace. Registration d | |-- CTO-CASE-STAGE1-GATED-ENGINE-ISSUES.md | |-- CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-PRD.md | |-- CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-ISSUES.md +| |-- CTO-CASE-STAGE3-COPIED-REPO-PRD.md +| |-- CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md | |-- CTO-CASE-PROVIDER-ADMISSION-PRD.md | |-- CTO-CASE-PROVIDER-ADMISSION-ISSUES.md | |-- CTO-CASE-PROVIDER-BUILD-PRD.md diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml index 29af6f9..4e7e8d3 100644 --- a/WORKBOARD.yaml +++ b/WORKBOARD.yaml @@ -160,3 +160,13 @@ items: status: validated source: .sot/03-PROTOCOLS/CTO-CASE-AGENT-PROTOCOL-BLOCKER.md owner: "" + - id: CTO-WORK-033 + title: Stage 3 Copied Repo PRD + status: validated + source: .sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md + owner: "" + - id: CTO-WORK-034 + title: Stage 3 Harness Copied Repo Fixture Route + status: blocked + source: .sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md + owner: jp diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py index db473d5..3dd1c15 100644 --- a/tools/validate_cto_child.py +++ b/tools/validate_cto_child.py @@ -28,6 +28,8 @@ REQUIRED_FILES = [ ".sot/03-PROTOCOLS/CTO-CASE-STAGE1-GATED-ENGINE-ISSUES.md", ".sot/03-PROTOCOLS/CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-PRD.md", ".sot/03-PROTOCOLS/CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-ISSUES.md", + ".sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md", + ".sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md", ".sot/03-PROTOCOLS/CTO-CASE-PROVIDER-ADMISSION-PRD.md", ".sot/03-PROTOCOLS/CTO-CASE-PROVIDER-ADMISSION-ISSUES.md", ".sot/03-PROTOCOLS/CTO-CASE-PROVIDER-BUILD-PRD.md", @@ -268,6 +270,28 @@ REQUIRED_STAGE2_ISSUE_IDS = [ "CTO-WORK-012", ] +REQUIRED_STAGE3_PRD_PHRASES = [ + "Local planning SOT only. Not a Core Protocol. Not active Core authority.", + "Stage 3 must prove the next narrow behavior", + "copied local repository fixture only", + "CTO_HARNESS_ALLOW_CASE=1", + "CTO_HARNESS_CASE_STAGE=3", + "Source repository HEAD and status are recorded before and after Case execution.", + "Source repository after-proof matches before-proof.", + "Copied fixture starts clean", + "Copied fixture ends clean", + "source_repository_mutated: false", + "dirty-starting-tree", + "dirty-ending-tree", + "artifact-write-failure", + "Stage 3 does not authorize sandbox, owned-repo, default backend, WebUI Runtime, or Core promotion behavior.", +] + +REQUIRED_STAGE3_ISSUE_IDS = [ + "CTO-WORK-033", + "CTO-WORK-034", +] + REQUIRED_PROVIDER_ADMISSION_PRD_PHRASES = [ "Local planning SOT only. Not a Core Protocol. Not active Core authority.", "https://github.com/workos/case.git", @@ -864,6 +888,28 @@ def main() -> int: if issue_id not in text: errors.append(f"missing_stage2_issue_id:{issue_id}") + stage3_prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md" + if stage3_prd.is_file(): + text = stage3_prd.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("stage3_prd_missing_not_promoted_frontmatter") + for phrase in REQUIRED_STAGE3_PRD_PHRASES: + checked.append(f"stage3_prd_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_stage3_prd_phrase:{phrase}") + + stage3_issues = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md" + if stage3_issues.is_file(): + text = stage3_issues.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("stage3_issues_missing_not_promoted_frontmatter") + if "Local planning SOT only. Not a Core Protocol. Not active Core authority." not in text: + errors.append("stage3_issues_missing_local_planning_notice") + for issue_id in REQUIRED_STAGE3_ISSUE_IDS: + checked.append(f"stage3_issue_id:{issue_id}") + if issue_id not in text: + errors.append(f"missing_stage3_issue_id:{issue_id}") + provider_admission_prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-PROVIDER-ADMISSION-PRD.md" if provider_admission_prd.is_file(): text = provider_admission_prd.read_text(encoding="utf-8") @@ -1059,6 +1105,10 @@ def main() -> int: checked.append(f"workboard_id:{issue_id}") if issue_id not in text: errors.append(f"missing_workboard_id:{issue_id}") + for issue_id in REQUIRED_STAGE3_ISSUE_IDS: + checked.append(f"workboard_id:{issue_id}") + if issue_id not in text: + errors.append(f"missing_workboard_id:{issue_id}") for issue_id in REQUIRED_PROVIDER_ADMISSION_ISSUE_IDS: checked.append(f"workboard_id:{issue_id}") if issue_id not in text: @@ -1108,6 +1158,8 @@ def main() -> int: "CTO-WORK-027": "validated", "CTO-WORK-029": "validated", "CTO-WORK-030": "validated", + "CTO-WORK-033": "validated", + "CTO-WORK-034": "blocked", } for issue_id, expected in expected_statuses.items(): checked.append(f"workboard_status:{issue_id}:{expected}") @@ -1134,6 +1186,10 @@ def main() -> int: errors.append("workboard_missing_stage2_prd_source") if "CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-ISSUES.md" not in text: errors.append("workboard_missing_stage2_issues_source") + if "CTO-CASE-STAGE3-COPIED-REPO-PRD.md" not in text: + errors.append("workboard_missing_stage3_prd_source") + if "CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md" not in text: + errors.append("workboard_missing_stage3_issues_source") if "CTO-CASE-PROVIDER-ADMISSION-PRD.md" not in text: errors.append("workboard_missing_provider_admission_prd_source") if "CTO-CASE-PROVIDER-ADMISSION-ISSUES.md" not in text: