Admit Stage 5 target sandbox repo

2026-06-01 05:52:55 -04:00
parent 1fc678fd54
commit 51546ccbf5
4 changed files with 63 additions and 32 deletions
@@ -359,14 +359,14 @@ REQUIRED_STAGE5_TARGET_ADMISSION_TEMPLATE_PHRASES = [
 ]

 REQUIRED_STAGE5_TARGET_ADMISSION_JSON = {
-    "admission_status": "not_admitted",
-    "target_repository_path": "",
-    "repository_owner": "",
-    "ownership_evidence": "",
-    "risk_classification": "",
-    "noncritical_rationale": "",
-    "approval_source": "",
-    "approval_timestamp": "",
+    "admission_status": "admitted",
+    "target_repository_path": "/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox",
+    "repository_owner": "jp",
+    "ownership_evidence": "JP chat approval on 2026-06-01 to create this dedicated Stage 5 target sandbox under /home/svrnty/workspaces/cortex-os.",
+    "risk_classification": "low_risk_noncritical",
+    "noncritical_rationale": "Dedicated owned Stage 5 sandbox repo, not production, no customer data, no secrets, no deploy path, no external users, safe to delete after validation.",
+    "approval_source": "JP chat approval on 2026-06-01",
+    "approval_timestamp": "2026-06-01",
    "operator_outcome_required": True,
 }

@@ -1080,8 +1080,12 @@ def main() -> int:
                checked.append(f"stage5_target_admission_forbidden_action:{action}")
                if action not in forbidden_actions:
                    errors.append(f"stage5_target_admission_missing_forbidden_action:{action}")
-        if payload.get("allowed_paths") != []:
-            errors.append("stage5_target_admission_allowed_paths_must_be_empty_while_not_admitted")
+        allowed_paths = payload.get("allowed_paths")
+        if not isinstance(allowed_paths, list) or allowed_paths != ["src/", "tests/", "README.md"]:
+            errors.append(f"stage5_target_admission_allowed_paths_mismatch:actual_{allowed_paths}")
+        forbidden_paths = payload.get("forbidden_paths")
+        if not isinstance(forbidden_paths, list) or ".git/" not in forbidden_paths or "secrets/" not in forbidden_paths or "deploy/" not in forbidden_paths:
+            errors.append("stage5_target_admission_forbidden_paths_incomplete")
        if not isinstance(payload.get("review_trigger"), str) or not payload.get("review_trigger"):
            errors.append("stage5_target_admission_missing_review_trigger")
        for key in payload:
@@ -1348,7 +1352,7 @@ def main() -> int:
            "CTO-WORK-037": "validated",
            "CTO-WORK-038": "blocked",
            "CTO-WORK-039": "validated",
-            "CTO-WORK-040": "blocked",
+            "CTO-WORK-040": "validated",
            "CTO-WORK-041": "validated",
        }
        for issue_id, expected in expected_statuses.items():