From 6f2c027519a26e5ea272e6cbdf65c85365baeb2e Mon Sep 17 00:00:00 2001 From: Svrnty Date: Mon, 1 Jun 2026 07:59:26 -0400 Subject: [PATCH] Record governed execution evidence --- ...TO-GOVERNED-EXECUTION-EVIDENCE-CLOSEOUT.md | 57 ++++++++++++++ .../CTO-GOVERNED-EXECUTION-EVIDENCE-ISSUES.md | 74 ++++++++++++++++++ .../CTO-GOVERNED-EXECUTION-EVIDENCE-PRD.md | 78 +++++++++++++++++++ WORKBOARD.yaml | 10 +++ tools/validate_cto_child.py | 64 +++++++++++++++ 5 files changed, 283 insertions(+) create mode 100644 .sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-CLOSEOUT.md create mode 100644 .sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-ISSUES.md create mode 100644 .sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-PRD.md diff --git a/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-CLOSEOUT.md b/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-CLOSEOUT.md new file mode 100644 index 0000000..9dfe6bf --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-CLOSEOUT.md @@ -0,0 +1,57 @@ +--- +name: CTO Governed Execution Evidence Closeout +status: validated +lifecycle_classification: sot +owner: jp +created: 2026-06-01 +last_reviewed: 2026-06-01 +core_promotion_status: not-promoted +--- + +# CTO Governed Execution Evidence Closeout + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Workboard + +- `CTO-WORK-071` + +## Result + +- governed execution evidence +- one approved Harness run consumed +- status: validated +- CTO-WORK-049 +- CTO-WORK-069 +- r1-src-string-slugify +- Runtime default activation remains false. +- Do not activate Case as default backend. +- This closeout does not authorize another Case run. + +## Target + +- admitted target repository: `/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox` +- target commit: `7706f99b4ca4f1bd8c2d4e0a6d498f94f418b741` +- target repo current state checked +- target repository start clean: true +- target repository ending clean: true + +## Harness Evidence + +- Harness report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/report.json` +- Stage 5 proof: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/stage5-owned-repo-proof.json` +- case_process_started: true +- changed files: `src/strings.py`, `test_strings.py` +- allowed paths passed: true +- forbidden paths passed: true +- no forbidden actions: true +- operator outcome: `accepted` + +## Current Target Validation + +- command: `python3 -m pytest -q` +- result: `3 passed` + +## Scope Guard + +This closeout binds the prior approval to the single successful Harness run. It is not a new approval and does not authorize another Case run. diff --git a/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-ISSUES.md b/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-ISSUES.md new file mode 100644 index 0000000..3b019b2 --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-ISSUES.md @@ -0,0 +1,74 @@ +--- +name: CTO Governed Execution Evidence Issues +status: validated +lifecycle_classification: sot +owner: jp +created: 2026-06-01 +last_reviewed: 2026-06-01 +core_promotion_status: not-promoted +--- + +# CTO Governed Execution Evidence Issues + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Issue: CTO-WORK-070 - Governed Execution Evidence PRD + +Status: validated. + +Acceptance: + +- Define governed execution evidence for the approved Stage 5 run. +- Bind `CTO-WORK-049` and `CTO-WORK-069`. +- Record that one approved Harness run consumed the approval. +- Require the Harness report and Stage 5 proof paths. +- Preserve Runtime default activation remains false. +- State: Do not activate Case as default backend. +- State: This closeout does not authorize another Case run. + +## Issue: CTO-WORK-071 - Governed Execution Evidence Closeout + +Status: validated. + +Acceptance: + +- Record governed execution evidence. +- Reference `r1-src-string-slugify`. +- Reference target commit `7706f99b4ca4f1bd8c2d4e0a6d498f94f418b741`. +- Reference `/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox`. +- Reference `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/report.json`. +- Reference `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/stage5-owned-repo-proof.json`. +- Record case_process_started: true. +- Record changed files: `src/strings.py`, `test_strings.py`. +- Record allowed paths passed: true. +- Record forbidden paths passed: true. +- Record target repository start clean: true. +- Record target repository ending clean: true. +- Record `python3 -m pytest -q`. +- Record `3 passed`. +- State: Runtime default activation remains false. +- State: Do not activate Case as default backend. +- State: This closeout does not authorize another Case run. + +## Required Phrases + +- governed execution evidence +- one approved Harness run consumed +- CTO-WORK-049 +- CTO-WORK-069 +- r1-src-string-slugify +- 7706f99b4ca4f1bd8c2d4e0a6d498f94f418b741 +- /home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox +- /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/report.json +- /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/stage5-owned-repo-proof.json +- case_process_started: true +- changed files: `src/strings.py`, `test_strings.py` +- allowed paths passed: true +- forbidden paths passed: true +- target repository start clean: true +- target repository ending clean: true +- python3 -m pytest -q +- 3 passed +- Runtime default activation remains false. +- Do not activate Case as default backend. +- This closeout does not authorize another Case run. diff --git a/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-PRD.md b/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-PRD.md new file mode 100644 index 0000000..64670b8 --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-PRD.md @@ -0,0 +1,78 @@ +--- +name: CTO Governed Execution Evidence PRD +status: validated +lifecycle_classification: sot +owner: jp +created: 2026-06-01 +last_reviewed: 2026-06-01 +core_promotion_status: not-promoted +--- + +# CTO Governed Execution Evidence PRD + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Problem Statement + +The governed execution approval exists, and the approved Stage 5 run already produced Harness evidence. CTO needs a closeout that binds the approval record to the actual Harness evidence and prevents accidental rerun under the same single-task approval. + +## Solution + +Record governed execution evidence for `CTO-WORK-049` and `CTO-WORK-069`. Mark the approval as consumed by the existing `r1-src-string-slugify` Harness pass report. + +## Scope + +- Reference the pass report and Stage 5 proof. +- Reference the admitted target repository. +- Reference target commit `7706f99b4ca4f1bd8c2d4e0a6d498f94f418b741`. +- Record that one approved Harness run consumed the approval. +- Record the current target repo validation command and result. +- Preserve that Runtime default activation remains false. + +## Non-goals + +- Do not rerun Case. +- Do not activate Case as default backend. +- Do not authorize another Case run. +- Do not mutate target repositories in this closeout slice. +- Do not edit upstream `hermes-agent`. +- Do not edit upstream `hermes-webui`. + +## Acceptance Criteria + +- `WORKBOARD.yaml` records `CTO-WORK-070` and `CTO-WORK-071` as validated. +- The closeout references the Harness report. +- The closeout references the Stage 5 proof. +- The closeout states case_process_started: true. +- The closeout states changed files: `src/strings.py`, `test_strings.py`. +- The closeout states allowed paths passed: true and forbidden paths passed: true. +- The closeout records `python3 -m pytest -q` and `3 passed`. +- This closeout does not authorize another Case run. + +## Validation + +- `python3 tools/validate_cto_child.py` +- `python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py` + +## Required Evidence + +- governed execution evidence +- one approved Harness run consumed +- CTO-WORK-049 +- CTO-WORK-069 +- r1-src-string-slugify +- 7706f99b4ca4f1bd8c2d4e0a6d498f94f418b741 +- /home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox +- /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/report.json +- /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/stage5-owned-repo-proof.json +- case_process_started: true +- changed files: `src/strings.py`, `test_strings.py` +- allowed paths passed: true +- forbidden paths passed: true +- target repository start clean: true +- target repository ending clean: true +- python3 -m pytest -q +- 3 passed +- Runtime default activation remains false. +- Do not activate Case as default backend. +- This closeout does not authorize another Case run. diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml index 8c2023a..a864421 100644 --- a/WORKBOARD.yaml +++ b/WORKBOARD.yaml @@ -346,3 +346,13 @@ items: status: validated source: .sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-RECORD.md owner: jp + - id: CTO-WORK-070 + title: Governed Execution Evidence PRD + status: validated + source: .sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-PRD.md + owner: "" + - id: CTO-WORK-071 + title: Governed Execution Evidence Closeout + status: validated + source: .sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-CLOSEOUT.md + owner: "" diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py index 2b54ad1..0c5e831 100644 --- a/tools/validate_cto_child.py +++ b/tools/validate_cto_child.py @@ -66,6 +66,9 @@ REQUIRED_FILES = [ ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-PRD.md", ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-ISSUES.md", ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-RECORD.md", + ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-PRD.md", + ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-ISSUES.md", + ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-CLOSEOUT.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-APPROVAL-PACKET.md", @@ -321,6 +324,30 @@ REQUIRED_GOVERNED_EXECUTION_APPROVAL_PHRASES = [ "This record is not execution evidence.", ] +REQUIRED_GOVERNED_EXECUTION_EVIDENCE_PHRASES = [ + "Local planning SOT only. Not a Core Protocol. Not active Core authority.", + "governed execution evidence", + "one approved Harness run consumed", + "CTO-WORK-049", + "CTO-WORK-069", + "r1-src-string-slugify", + "7706f99b4ca4f1bd8c2d4e0a6d498f94f418b741", + "/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox", + "/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/report.json", + "/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/stage5-owned-repo-proof.json", + "case_process_started: true", + "changed files: `src/strings.py`, `test_strings.py`", + "allowed paths passed: true", + "forbidden paths passed: true", + "target repository start clean: true", + "target repository ending clean: true", + "python3 -m pytest -q", + "3 passed", + "Runtime default activation remains false.", + "Do not activate Case as default backend.", + "This closeout does not authorize another Case run.", +] + REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_EVIDENCE_PHRASES = [ "Local planning SOT only. Not a Core Protocol. Not active Core authority.", "CTO-WORK-057", @@ -1509,6 +1536,41 @@ def main() -> int: if phrase not in text: errors.append(f"missing_governed_execution_approval_record_phrase:{phrase}") + governed_execution_evidence_prd = ROOT / ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-PRD.md" + if governed_execution_evidence_prd.is_file(): + text = governed_execution_evidence_prd.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("governed_execution_evidence_prd_missing_not_promoted_frontmatter") + for phrase in REQUIRED_GOVERNED_EXECUTION_EVIDENCE_PHRASES: + checked.append(f"governed_execution_evidence_prd_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_governed_execution_evidence_prd_phrase:{phrase}") + + governed_execution_evidence_issues = ROOT / ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-ISSUES.md" + if governed_execution_evidence_issues.is_file(): + text = governed_execution_evidence_issues.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("governed_execution_evidence_issues_missing_not_promoted_frontmatter") + for phrase in ["CTO-WORK-070", "CTO-WORK-071", *REQUIRED_GOVERNED_EXECUTION_EVIDENCE_PHRASES]: + checked.append(f"governed_execution_evidence_issue_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_governed_execution_evidence_issue_phrase:{phrase}") + + governed_execution_evidence_closeout = ROOT / ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-CLOSEOUT.md" + if governed_execution_evidence_closeout.is_file(): + text = governed_execution_evidence_closeout.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("governed_execution_evidence_closeout_missing_not_promoted_frontmatter") + for phrase in [ + "CTO-WORK-071", + "status: validated", + "target repo current state checked", + *REQUIRED_GOVERNED_EXECUTION_EVIDENCE_PHRASES, + ]: + checked.append(f"governed_execution_evidence_closeout_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_governed_execution_evidence_closeout_phrase:{phrase}") + hermes_real_refresh_control_replay_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md" if hermes_real_refresh_control_replay_evidence.is_file(): text = hermes_real_refresh_control_replay_evidence.read_text(encoding="utf-8") @@ -2129,6 +2191,8 @@ def main() -> int: "CTO-WORK-067": "validated", "CTO-WORK-068": "validated", "CTO-WORK-069": "validated", + "CTO-WORK-070": "validated", + "CTO-WORK-071": "validated", } for issue_id, expected in expected_statuses.items(): checked.append(f"workboard_status:{issue_id}:{expected}")