Add Case Stage 3 copied repo PRD

.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md

@@ -0,0 +1,86 @@
+---
+name: cto-case-stage3-copied-repo-issues
+tier: local
+status: draft
+owner: jp
+source: .sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md
+created: 2026-06-01
+last_reviewed: 2026-06-01
+lifecycle_classification: planning
+core_promotion_status: not-promoted
+description: Child-local issue sequence for Stage 3 Case copied-repo fixture proof.
+---
+
+# CTO Case Stage 3 Copied Repo Issues
+
+Local planning SOT only. Not a Core Protocol. Not active Core authority.
+
+## Issue Sequence
+
+### CTO-WORK-033 - Stage 3 Copied Repo PRD
+
+Type: AFK
+
+Status: validated.
+
+Blocked by: CTO-WORK-012
+
+User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.
+
+What to build: Define the Stage 3 copied-repo fixture proof before implementation starts.
+
+Acceptance criteria:
+
+- [ ] PRD states Stage 3 allowed mutation scope is `copied local repository fixture only`.
+- [ ] PRD requires Stage 2 validation before Stage 3.
+- [ ] PRD requires `CTO_HARNESS_ALLOW_CASE=1` and `CTO_HARNESS_CASE_STAGE=3`.
+- [ ] PRD requires source repository ownership and local source classification.
+- [ ] PRD requires source repository HEAD and status before and after Case execution.
+- [ ] PRD requires copied fixture clean start and clean end proof.
+- [ ] PRD forbids Target Repository, source repository, Case source, vendor source, Hermes WebUI, and Cortex Core mutation.
+- [ ] PRD requires full Harness Evidence Interface artifacts.
+- [ ] PRD requires dirty-starting-tree, dirty-ending-tree, timeout, artifact-write-failure, disallowed-file, failed-tests, and missing-required-event failure fixtures.
+- [ ] Local CTO validator checks Stage 3 PRD and issue artifact.
+
+Allowed files: CTO child workspace planning docs and local validator only.
+
+Validator: `python3 tools/validate_cto_child.py`
+
+Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit.
+
+### CTO-WORK-034 - Stage 3 Harness Copied Repo Fixture Route
+
+Type: AFK
+
+Status: blocked.
+
+Blocked by: CTO-WORK-033
+
+User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.
+
+What to build: In `/home/svrnty/workspaces/hermes/cto/harness`, implement the Stage 3 copied-repo fixture route behind the existing `case` engine seam.
+
+Acceptance criteria:
+
+- [ ] `case` remains disabled by default.
+- [ ] `CTO_HARNESS_ALLOW_CASE=1` remains required.
+- [ ] `CTO_HARNESS_CASE_STAGE=3` is required before copied-repo Case execution.
+- [ ] Missing Stage 3 gate emits blocked evidence and does not run Case.
+- [ ] Source repository is copied before Case starts.
+- [ ] Source repository HEAD and status before/after proof match.
+- [ ] Case mutates only the copied fixture.
+- [ ] Copied fixture starts clean and ends clean after harness post-processing.
+- [ ] No Target Repository path is inspected or copied.
+- [ ] Required artifacts include source non-mutation proof, clean-start proof, clean-end proof, `report.json`, `report.md`, `events.normalized.jsonl`, `trace.jsonl`, `patch.diff`, `test.log`, and backend logs.
+- [ ] Failure fixtures fail closed for dirty source start, dirty copied fixture start, dirty copied fixture end, timeout, artifact write failure, disallowed file, failed tests, and missing required event.
+- [ ] Fake remains the default validation lane and broad health remains green after focused Stage 3 validation.
+
+Allowed files: Hermes CTO harness engine, copied-repo fixtures, focused Stage 3 validator, harness docs, and tests. WebUI, Core, Case source, vendor source, source repository, Target Repository, and external developer repositories are forbidden.
+
+Validator: `python3 harness/runner/validate-case-stage3.py --harness-root harness --json`, then `harness/evals/health.sh --json`.
+
+Done evidence: Stage 3 pass report, failure fixture reports, source non-mutation proof, clean-start proof, clean-end proof, artifact digests, clean worktree, commit.
+
+## Granularity Check
+
+This is intentionally two slices: one planning route and one executable harness route. It is not over-granular because Stage 3 introduces source repository copy and non-mutation proof, which are distinct from Stage 2 artificial fixture proof.

.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md

@@ -0,0 +1,109 @@
+---
+name: cto-case-stage3-copied-repo-prd
+tier: local
+status: draft
+owner: jp
+source: .sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md
+created: 2026-06-01
+last_reviewed: 2026-06-01
+lifecycle_classification: planning
+core_promotion_status: not-promoted
+description: Child-local PRD for Stage 3 Case copied-repo fixture proof.
+---
+
+# CTO Case Stage 3 Copied Repo PRD
+
+Local planning SOT only. Not a Core Protocol. Not active Core authority.
+
+## Problem Statement
+
+Stage 2 proves Case can patch a copied artificial fixture through the CTO Harness. That does not prove Case is safe around a real repository shape. Stage 3 must prove the next narrow behavior: copy an owned local source repository into a fixture workspace, run Case only inside the copied fixture, and prove the source repository remains unchanged.
+
+## Solution
+
+Add a Stage 3 copied-repo fixture route for the Hermes CTO harness. The route uses an owned local source repository only as read-only input. The harness copies that source into a runtime fixture, records source non-mutation proof, runs Case against the copied fixture, and accepts only Harness Evidence Interface proof.
+
+Stage 3 keeps all earlier gates. `case` remains disabled by default. `CTO_HARNESS_ALLOW_CASE=1` and `CTO_HARNESS_CASE_STAGE=3` are required before copied-repo Case execution. Missing gates mean blocked, not warning.
+
+Allowed mutation scope is `copied local repository fixture only`. Writable roots are limited to `runtime_workspace_root` and `run_artifact_dir`. Source repository, Target Repository, Case source, vendor source, external developer repositories, Hermes WebUI, and Cortex Core are read-only or forbidden.
+
+## Scope
+
+- Define one copied-repo fixture proof route.
+- Require Stage 2 validated evidence before Stage 3 execution.
+- Require source repository ownership and local path classification before copy.
+- Require clean source repository status before copy.
+- Require clean copied fixture status before Case starts.
+- Require source repository HEAD and status proof before and after execution.
+- Require copied fixture clean ending tree after harness post-processing.
+- Preserve full Harness Evidence Interface artifacts.
+- Compare report shape, event order, allowed writes, tests, blockers, digests, and freshness against Stage 2 expectations.
+- Add dirty-starting-tree, dirty-ending-tree, timeout, and artifact-write-failure failure fixtures.
+
+## Non-Goals
+
+- Do not mutate a Target Repository.
+- Do not mutate the source repository.
+- Do not use an external developer repository as source.
+- Do not push, merge, deploy, close, or open a pull request.
+- Do not resolve license or source admission for real-repo work.
+- Do not approve Stage 4, Stage 5, Stage 6, default backend status, WebUI Runtime behavior, or Core promotion.
+
+## Acceptance Criteria
+
+- Stage 3 entry requires Stage 2 validated.
+- `CTO_HARNESS_ALLOW_CASE=1` remains required.
+- `CTO_HARNESS_CASE_STAGE=3` is required.
+- Missing Stage 3 gate blocks before Case starts.
+- Source repository is an owned local source, not a Target Repository and not external developer source.
+- Source repository clean status is recorded before copy.
+- Source repository HEAD and status are recorded before and after Case execution.
+- Source repository after-proof matches before-proof.
+- Copied fixture is created under the run artifact directory.
+- Case receives only the copied fixture path, task contract, allowed paths, forbidden actions, verification command, and evidence expectations.
+- Runtime writes are limited to `runtime_workspace_root` and `run_artifact_dir`.
+- Copied fixture starts clean after copy and baseline commit.
+- Copied fixture ends clean after harness post-processing.
+- `report.json` records `backend: case`, `case_process_started`, `source_repository_mutated: false`, `runtime_workspace_root`, `run_artifact_dir`, `changed_files`, `blockers`, `artifact_digests`, and freshness proof.
+- Required artifacts include `report.json`, `report.md`, `events.normalized.jsonl`, `trace.jsonl`, `patch.diff`, `test.log`, backend logs, source non-mutation proof, clean-start proof, and clean-end proof.
+- Failure fixtures cover dirty source start, dirty copied fixture start, dirty copied fixture end, timeout, artifact write failure, disallowed file, failed tests, and missing required event.
+- Fake remains the default validation lane.
+- No Stage 3 pass may be used as sandbox-repo, owned-repo, default-candidate, or Core promotion evidence beyond its stated scope.
+
+## Validation
+
+- Focused validator: `python3 harness/runner/validate-case-stage3.py --harness-root harness --json`.
+- The Stage 3 validator must require Stage 2 validation first.
+- The validator must prove missing Stage 3 gate blocks before `case_process_started`.
+- The validator must prove source repository non-mutation with before/after HEAD and status evidence.
+- The validator must prove copied fixture clean start and clean end.
+- The validator must prove no Target Repository path is inspected or copied.
+- The validator must run required failure fixtures.
+- The validator must emit compact JSON with `ok`, `checked`, `errors`, pass artifact path, failure artifact paths, and source non-mutation proof path.
+- Broader Hermes health must run once after focused Stage 3 validation passes.
+- CTO child validator must require this PRD and issue artifact before Stage 3 implementation is governed.
+
+## Risks
+
+- Copied-repo proof can be mistaken for real Target Repository approval.
+- Source repository mutation could happen through a leaked path if task contracts are weak.
+- Dirty tree handling can hide untracked files or generated artifacts.
+- Stage 3 can overfit to one toy repo and miss real-repo policy needs.
+
+## Dependencies
+
+- Stage 2 Case artificial fixture is validated.
+- Harness Evidence Interface Contract is validated.
+- Case Adapter Contract is validated.
+- Case Failure Fixture Matrix is validated.
+- Real Case Qwen Stage 2 pass evidence exists.
+
+## Success Definition
+
+Stage 3 is successful when Case changes only a copied local repository fixture, emits full Harness Evidence Interface proof, passes verification, fails closed for required copied-repo failure classes, and proves the source repository was not mutated. Stage 3 does not authorize sandbox, owned-repo, default backend, WebUI Runtime, or Core promotion behavior.
+
+## Challenge Findings
+
+- Accepted: source non-mutation proof must include source HEAD and status before and after Case execution.
+- Accepted: clean copied-fixture start and clean copied-fixture end are separate proofs.
+- Rejected: running Stage 3 directly on a Target Repository. That skips the proof ladder.

.sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md

@@ -130,6 +130,8 @@ Validation evidence:
 
 ## Stage 3 - Copied Repo Fixture
 
+Status: planned. Execution remains blocked until `CTO-WORK-034` produces Harness Evidence Interface pass evidence.
+
 Entry gates:
 
 - Stage 2 is validated.
@@ -146,6 +148,11 @@ Required artifacts:
 - source repository non-mutation proof;
 - failure fixture results.
 
+Planning evidence:
+
+- Stage 3 PRD: `.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md`.
+- Stage 3 issues: `.sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md`.
+
 Validator expectation:
 
 - all changes occur inside copied fixture;

CONTEXT.md

@@ -24,3 +24,7 @@ _Avoid_: loose evidence bundle, backend logs, success claim
 **Target Repository**:
 The owned source repository receiving bounded, approved, evidence-producing code changes.
 _Avoid_: vendor source, hidden workspace, disposable scratch by default
+
+**Copied Repository Fixture**:
+A runtime copy of an owned local source repository used to prove backend behavior without mutating the source repository or a Target Repository.
+_Avoid_: Target Repository, live repo, external developer source

README.md

@@ -42,6 +42,8 @@ This workspace is registered as a child-local planning workspace. Registration d
 |       |-- CTO-CASE-STAGE1-GATED-ENGINE-ISSUES.md
 |       |-- CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-PRD.md
 |       |-- CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-ISSUES.md
+|       |-- CTO-CASE-STAGE3-COPIED-REPO-PRD.md
+|       |-- CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md
 |       |-- CTO-CASE-PROVIDER-ADMISSION-PRD.md
 |       |-- CTO-CASE-PROVIDER-ADMISSION-ISSUES.md
 |       |-- CTO-CASE-PROVIDER-BUILD-PRD.md

WORKBOARD.yaml

@@ -160,3 +160,13 @@ items:
     status: validated
     source: .sot/03-PROTOCOLS/CTO-CASE-AGENT-PROTOCOL-BLOCKER.md
     owner: ""
+  - id: CTO-WORK-033
+    title: Stage 3 Copied Repo PRD
+    status: validated
+    source: .sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md
+    owner: ""
+  - id: CTO-WORK-034
+    title: Stage 3 Harness Copied Repo Fixture Route
+    status: blocked
+    source: .sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md
+    owner: jp

tools/validate_cto_child.py

@@ -28,6 +28,8 @@ REQUIRED_FILES = [
     ".sot/03-PROTOCOLS/CTO-CASE-STAGE1-GATED-ENGINE-ISSUES.md",
     ".sot/03-PROTOCOLS/CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-PRD.md",
     ".sot/03-PROTOCOLS/CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-ISSUES.md",
+    ".sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md",
+    ".sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md",
     ".sot/03-PROTOCOLS/CTO-CASE-PROVIDER-ADMISSION-PRD.md",
     ".sot/03-PROTOCOLS/CTO-CASE-PROVIDER-ADMISSION-ISSUES.md",
     ".sot/03-PROTOCOLS/CTO-CASE-PROVIDER-BUILD-PRD.md",
@@ -268,6 +270,28 @@ REQUIRED_STAGE2_ISSUE_IDS = [
     "CTO-WORK-012",
 ]
 
+REQUIRED_STAGE3_PRD_PHRASES = [
+    "Local planning SOT only. Not a Core Protocol. Not active Core authority.",
+    "Stage 3 must prove the next narrow behavior",
+    "copied local repository fixture only",
+    "CTO_HARNESS_ALLOW_CASE=1",
+    "CTO_HARNESS_CASE_STAGE=3",
+    "Source repository HEAD and status are recorded before and after Case execution.",
+    "Source repository after-proof matches before-proof.",
+    "Copied fixture starts clean",
+    "Copied fixture ends clean",
+    "source_repository_mutated: false",
+    "dirty-starting-tree",
+    "dirty-ending-tree",
+    "artifact-write-failure",
+    "Stage 3 does not authorize sandbox, owned-repo, default backend, WebUI Runtime, or Core promotion behavior.",
+]
+
+REQUIRED_STAGE3_ISSUE_IDS = [
+    "CTO-WORK-033",
+    "CTO-WORK-034",
+]
+
 REQUIRED_PROVIDER_ADMISSION_PRD_PHRASES = [
     "Local planning SOT only. Not a Core Protocol. Not active Core authority.",
     "https://github.com/workos/case.git",
@@ -864,6 +888,28 @@ def main() -> int:
             if issue_id not in text:
                 errors.append(f"missing_stage2_issue_id:{issue_id}")
 
+    stage3_prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-PRD.md"
+    if stage3_prd.is_file():
+        text = stage3_prd.read_text(encoding="utf-8")
+        if "core_promotion_status: not-promoted" not in text:
+            errors.append("stage3_prd_missing_not_promoted_frontmatter")
+        for phrase in REQUIRED_STAGE3_PRD_PHRASES:
+            checked.append(f"stage3_prd_phrase:{phrase}")
+            if phrase not in text:
+                errors.append(f"missing_stage3_prd_phrase:{phrase}")
+
+    stage3_issues = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md"
+    if stage3_issues.is_file():
+        text = stage3_issues.read_text(encoding="utf-8")
+        if "core_promotion_status: not-promoted" not in text:
+            errors.append("stage3_issues_missing_not_promoted_frontmatter")
+        if "Local planning SOT only. Not a Core Protocol. Not active Core authority." not in text:
+            errors.append("stage3_issues_missing_local_planning_notice")
+        for issue_id in REQUIRED_STAGE3_ISSUE_IDS:
+            checked.append(f"stage3_issue_id:{issue_id}")
+            if issue_id not in text:
+                errors.append(f"missing_stage3_issue_id:{issue_id}")
+
     provider_admission_prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-PROVIDER-ADMISSION-PRD.md"
     if provider_admission_prd.is_file():
         text = provider_admission_prd.read_text(encoding="utf-8")
@@ -1059,6 +1105,10 @@ def main() -> int:
             checked.append(f"workboard_id:{issue_id}")
             if issue_id not in text:
                 errors.append(f"missing_workboard_id:{issue_id}")
+        for issue_id in REQUIRED_STAGE3_ISSUE_IDS:
+            checked.append(f"workboard_id:{issue_id}")
+            if issue_id not in text:
+                errors.append(f"missing_workboard_id:{issue_id}")
         for issue_id in REQUIRED_PROVIDER_ADMISSION_ISSUE_IDS:
             checked.append(f"workboard_id:{issue_id}")
             if issue_id not in text:
@@ -1108,6 +1158,8 @@ def main() -> int:
             "CTO-WORK-027": "validated",
             "CTO-WORK-029": "validated",
             "CTO-WORK-030": "validated",
+            "CTO-WORK-033": "validated",
+            "CTO-WORK-034": "blocked",
         }
         for issue_id, expected in expected_statuses.items():
             checked.append(f"workboard_status:{issue_id}:{expected}")
@@ -1134,6 +1186,10 @@ def main() -> int:
             errors.append("workboard_missing_stage2_prd_source")
         if "CTO-CASE-STAGE2-ARTIFICIAL-FIXTURE-ISSUES.md" not in text:
             errors.append("workboard_missing_stage2_issues_source")
+        if "CTO-CASE-STAGE3-COPIED-REPO-PRD.md" not in text:
+            errors.append("workboard_missing_stage3_prd_source")
+        if "CTO-CASE-STAGE3-COPIED-REPO-ISSUES.md" not in text:
+            errors.append("workboard_missing_stage3_issues_source")
         if "CTO-CASE-PROVIDER-ADMISSION-PRD.md" not in text:
             errors.append("workboard_missing_provider_admission_prd_source")
         if "CTO-CASE-PROVIDER-ADMISSION-ISSUES.md" not in text: