Admit Stage 5 target sandbox repo
This commit is contained in:
Svrnty
@@ -117,7 +117,7 @@ Done evidence: template artifact, issue reference, validator JSON, clean worktre
|
||||
|
||||
Type: HITL
|
||||
|
||||
Status: blocked.
|
||||
Status: validated.
|
||||
|
||||
Blocked by: CTO-WORK-039 and explicit JP selection or approval of an owned low-risk noncritical Target Repository.
|
||||
|
||||
@@ -134,18 +134,18 @@ Acceptance criteria:
|
||||
- [x] Admission record includes all required forbidden actions.
|
||||
- [x] Admission record requires operator outcome.
|
||||
- [x] Local CTO validator checks the safe blocked record state.
|
||||
- [ ] JP supplies an owned low-risk noncritical repository path.
|
||||
- [ ] JP supplies ownership evidence.
|
||||
- [ ] JP supplies noncritical rationale.
|
||||
- [ ] JP supplies allowed paths and forbidden paths.
|
||||
- [ ] JP supplies approval source and approval timestamp.
|
||||
- [ ] Admission record is updated to `admitted` only after all required fields are present.
|
||||
- [x] JP supplies an owned low-risk noncritical repository path.
|
||||
- [x] JP supplies ownership evidence.
|
||||
- [x] JP supplies noncritical rationale.
|
||||
- [x] JP supplies allowed paths and forbidden paths.
|
||||
- [x] JP supplies approval source and approval timestamp.
|
||||
- [x] Admission record is updated to `admitted` only after all required fields are present.
|
||||
|
||||
Allowed files: CTO child workspace planning docs and local validator only until a concrete Target Repository is approved.
|
||||
|
||||
Validator: `python3 tools/validate_cto_child.py`
|
||||
|
||||
Done evidence for current blocked state: admission JSON, issue reference, validator JSON, clean worktree, commit.
|
||||
Done evidence: admitted Target Repository admission JSON, dedicated sandbox repo initial commit, issue reference, validator JSON, clean worktree, commit.
|
||||
|
||||
|
||||
### CTO-WORK-041 - Stage 5 Harness Target Admission Preflight
|
||||
@@ -186,6 +186,15 @@ Done evidence:
|
||||
- Aggregate matrix artifact: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T035347Z-run-all-fake-3188313/report.json`.
|
||||
- This validates Stage 5 admission preflight only. Stage 5 owned repository execution remains blocked by `CTO-WORK-040`.
|
||||
|
||||
Validation evidence for `CTO-WORK-040`:
|
||||
|
||||
- Target repo: `/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox`.
|
||||
- Target repo owner: `jp`.
|
||||
- Target repo risk classification: `low_risk_noncritical`.
|
||||
- Allowed paths: `src/`, `tests/`, `README.md`.
|
||||
- Forbidden paths include secret, deploy, infra, workflow, dependency-lock, vendor, and `.git/` paths.
|
||||
- Admission status: `admitted`.
|
||||
|
||||
## Granularity Check
|
||||
|
||||
This is intentionally two slices: one planning route and one executable harness route. Stage 5 is not over-granular because it is the first proof involving an admitted owned repository and must separate repository ownership, approval, allowed paths, verification, and operator outcome before default candidacy.
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"admission_status": "not_admitted",
|
||||
"target_repository_path": "",
|
||||
"repository_owner": "",
|
||||
"ownership_evidence": "",
|
||||
"risk_classification": "",
|
||||
"noncritical_rationale": "",
|
||||
"allowed_paths": [],
|
||||
"forbidden_paths": [],
|
||||
"admission_status": "admitted",
|
||||
"allowed_paths": [
|
||||
"src/",
|
||||
"tests/",
|
||||
"README.md"
|
||||
],
|
||||
"approval_source": "JP chat approval on 2026-06-01",
|
||||
"approval_timestamp": "2026-06-01",
|
||||
"forbidden_actions": [
|
||||
"push",
|
||||
"merge",
|
||||
@@ -19,8 +19,26 @@
|
||||
"vendor_source_mutation",
|
||||
"cortex_core_mutation"
|
||||
],
|
||||
"approval_source": "",
|
||||
"approval_timestamp": "",
|
||||
"forbidden_paths": [
|
||||
".env",
|
||||
".env.*",
|
||||
"secrets/",
|
||||
"credentials/",
|
||||
"deploy/",
|
||||
"infra/",
|
||||
".github/workflows/",
|
||||
"package-lock.json",
|
||||
"pnpm-lock.yaml",
|
||||
"yarn.lock",
|
||||
"node_modules/",
|
||||
"vendor/",
|
||||
".git/"
|
||||
],
|
||||
"noncritical_rationale": "Dedicated owned Stage 5 sandbox repo, not production, no customer data, no secrets, no deploy path, no external users, safe to delete after validation.",
|
||||
"operator_outcome_required": true,
|
||||
"review_trigger": "before Stage 5 execution, before target repository path change, before allowed path change, before forbidden action change, before risk classification change"
|
||||
"ownership_evidence": "JP chat approval on 2026-06-01 to create this dedicated Stage 5 target sandbox under /home/svrnty/workspaces/cortex-os.",
|
||||
"repository_owner": "jp",
|
||||
"review_trigger": "before Stage 5 execution against any different repository, before target repository path change, before allowed path change, before forbidden action change, before risk classification change",
|
||||
"risk_classification": "low_risk_noncritical",
|
||||
"target_repository_path": "/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user