Record governed execution evidence

tools/validate_cto_child.py

@@ -66,6 +66,9 @@ REQUIRED_FILES = [
     ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-PRD.md",
     ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-ISSUES.md",
     ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-RECORD.md",
+    ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-PRD.md",
+    ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-ISSUES.md",
+    ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-CLOSEOUT.md",
     ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md",
     ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md",
     ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-APPROVAL-PACKET.md",
@@ -321,6 +324,30 @@ REQUIRED_GOVERNED_EXECUTION_APPROVAL_PHRASES = [
     "This record is not execution evidence.",
 ]
 
+REQUIRED_GOVERNED_EXECUTION_EVIDENCE_PHRASES = [
+    "Local planning SOT only. Not a Core Protocol. Not active Core authority.",
+    "governed execution evidence",
+    "one approved Harness run consumed",
+    "CTO-WORK-049",
+    "CTO-WORK-069",
+    "r1-src-string-slugify",
+    "7706f99b4ca4f1bd8c2d4e0a6d498f94f418b741",
+    "/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox",
+    "/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/report.json",
+    "/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/stage5-owned-repo-proof.json",
+    "case_process_started: true",
+    "changed files: `src/strings.py`, `test_strings.py`",
+    "allowed paths passed: true",
+    "forbidden paths passed: true",
+    "target repository start clean: true",
+    "target repository ending clean: true",
+    "python3 -m pytest -q",
+    "3 passed",
+    "Runtime default activation remains false.",
+    "Do not activate Case as default backend.",
+    "This closeout does not authorize another Case run.",
+]
+
 REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_EVIDENCE_PHRASES = [
     "Local planning SOT only. Not a Core Protocol. Not active Core authority.",
     "CTO-WORK-057",
@@ -1509,6 +1536,41 @@ def main() -> int:
             if phrase not in text:
                 errors.append(f"missing_governed_execution_approval_record_phrase:{phrase}")
 
+    governed_execution_evidence_prd = ROOT / ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-PRD.md"
+    if governed_execution_evidence_prd.is_file():
+        text = governed_execution_evidence_prd.read_text(encoding="utf-8")
+        if "core_promotion_status: not-promoted" not in text:
+            errors.append("governed_execution_evidence_prd_missing_not_promoted_frontmatter")
+        for phrase in REQUIRED_GOVERNED_EXECUTION_EVIDENCE_PHRASES:
+            checked.append(f"governed_execution_evidence_prd_phrase:{phrase}")
+            if phrase not in text:
+                errors.append(f"missing_governed_execution_evidence_prd_phrase:{phrase}")
+
+    governed_execution_evidence_issues = ROOT / ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-ISSUES.md"
+    if governed_execution_evidence_issues.is_file():
+        text = governed_execution_evidence_issues.read_text(encoding="utf-8")
+        if "core_promotion_status: not-promoted" not in text:
+            errors.append("governed_execution_evidence_issues_missing_not_promoted_frontmatter")
+        for phrase in ["CTO-WORK-070", "CTO-WORK-071", *REQUIRED_GOVERNED_EXECUTION_EVIDENCE_PHRASES]:
+            checked.append(f"governed_execution_evidence_issue_phrase:{phrase}")
+            if phrase not in text:
+                errors.append(f"missing_governed_execution_evidence_issue_phrase:{phrase}")
+
+    governed_execution_evidence_closeout = ROOT / ".sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-EVIDENCE-CLOSEOUT.md"
+    if governed_execution_evidence_closeout.is_file():
+        text = governed_execution_evidence_closeout.read_text(encoding="utf-8")
+        if "core_promotion_status: not-promoted" not in text:
+            errors.append("governed_execution_evidence_closeout_missing_not_promoted_frontmatter")
+        for phrase in [
+            "CTO-WORK-071",
+            "status: validated",
+            "target repo current state checked",
+            *REQUIRED_GOVERNED_EXECUTION_EVIDENCE_PHRASES,
+        ]:
+            checked.append(f"governed_execution_evidence_closeout_phrase:{phrase}")
+            if phrase not in text:
+                errors.append(f"missing_governed_execution_evidence_closeout_phrase:{phrase}")
+
     hermes_real_refresh_control_replay_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md"
     if hermes_real_refresh_control_replay_evidence.is_file():
         text = hermes_real_refresh_control_replay_evidence.read_text(encoding="utf-8")
@@ -2129,6 +2191,8 @@ def main() -> int:
             "CTO-WORK-067": "validated",
             "CTO-WORK-068": "validated",
             "CTO-WORK-069": "validated",
+            "CTO-WORK-070": "validated",
+            "CTO-WORK-071": "validated",
         }
         for issue_id, expected in expected_statuses.items():
             checked.append(f"workboard_status:{issue_id}:{expected}")