From 7fad0c288c6cebc4d563a9330ae6bffb567777a0 Mon Sep 17 00:00:00 2001 From: Svrnty Date: Sun, 31 May 2026 18:46:00 -0400 Subject: [PATCH] Add CTO Case source admission record --- README.md | 3 +- WORKBOARD.yaml | 4 +- .../CTO-CASE-SOURCE-ADMISSION-RECORD.md | 129 ++++++++++++++++++ tools/validate_cto_child.py | 29 ++++ 4 files changed, 162 insertions(+), 3 deletions(-) create mode 100644 sot/03-PROTOCOLS/CTO-CASE-SOURCE-ADMISSION-RECORD.md diff --git a/README.md b/README.md index f327cc6..a3ce725 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,8 @@ This workspace is registered as a child-local planning workspace. Registration d | |-- CTO-CASE-BACKEND-BRIEF.md | |-- CTO-CASE-CANDIDATE-BACKEND-PRD.md | |-- CTO-CASE-CANDIDATE-BACKEND-ISSUES.md -| `-- CTO-HARNESS-EVIDENCE-INTERFACE-CONTRACT.md +| |-- CTO-HARNESS-EVIDENCE-INTERFACE-CONTRACT.md +| `-- CTO-CASE-SOURCE-ADMISSION-RECORD.md `-- tools/ `-- validate_cto_child.py ``` diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml index 9ed39e5..1556bf4 100644 --- a/WORKBOARD.yaml +++ b/WORKBOARD.yaml @@ -21,8 +21,8 @@ items: owner: jp - id: CTO-WORK-005 title: Case Source Admission Record - status: candidate - source: sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-ISSUES.md + status: validated + source: sot/03-PROTOCOLS/CTO-CASE-SOURCE-ADMISSION-RECORD.md owner: jp - id: CTO-WORK-006 title: Case Adapter Contract And Eligibility Decision diff --git a/sot/03-PROTOCOLS/CTO-CASE-SOURCE-ADMISSION-RECORD.md b/sot/03-PROTOCOLS/CTO-CASE-SOURCE-ADMISSION-RECORD.md new file mode 100644 index 0000000..a18833b --- /dev/null +++ b/sot/03-PROTOCOLS/CTO-CASE-SOURCE-ADMISSION-RECORD.md @@ -0,0 +1,129 @@ +--- +name: cto-case-source-admission-record +tier: local +status: draft +owner: jp +source: sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md +created: 2026-05-31 +last_reviewed: 2026-05-31 +lifecycle_classification: planning +core_promotion_status: not-promoted +description: Child-local source admission record for evaluating Case as a candidate CTO backend. +--- + +# CTO Case Source Admission Record + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Purpose + +Record the minimum source admission facts required before Case can progress beyond planning as a Case Candidate Backend. + +This record does not admit Case for execution. It records a pinned public source observation and names the remaining blockers before any non-artificial run. + +## Non-Authority Notice + +This record does not authorize Runtime behavior, WebUI Product behavior, Case execution, real-repo mutation, merge, deploy, push, close, vendor-source mutation, external developer repository mutation, or Core promotion. + +## Source Identity + +| Field | Value | +| --- | --- | +| Source name | Case | +| Source URL | `https://github.com/workos/case.git` | +| Source web URL | `https://github.com/workos/case` | +| Source type | public Git repository | +| Observed branch | `main` | +| Pinned commit | `7959ac917cdeb0983b4aaa20bb9f42021747fed8` | +| Commit date | `2026-05-19T18:05:46-07:00` | +| Retrieval date | `2026-05-31` | +| Retrieval command | `git clone --depth 1 https://github.com/workos/case.git` | +| Integrity reference | pinned Git commit SHA-1 `7959ac917cdeb0983b4aaa20bb9f42021747fed8` | + +## License Note + +License status is unresolved. + +Observed facts from the retrieval: + +- no top-level `LICENSE` or `LICENSE.md` file was found in the shallow clone; +- `package.json` did not expose a license field in the inspected section; +- `package.json` contains `"private": true`. + +Admission consequence: Case is not admitted for non-artificial execution until a human-readable license note is completed and the allowed internal-use posture is explicit. + +## Source Boundary + +Protected source boundary: + +- do not mutate the Case repository; +- do not vendor Case source into Cortex OS Core; +- do not copy Case implementation source into this child workspace; +- do not treat Case source as Cortex OS authority; +- do not run Case against a Target Repository from this record alone. + +Allowed planning use: + +- reference the source URL; +- reference the pinned commit; +- inspect public metadata for admission planning; +- define adapter contracts against observed behavior without importing vendor implementation. + +## Allowed Execution Mode + +Current allowed execution mode: planning-only. + +Blocked modes: + +- artificial Case run; +- copied repository fixture run; +- disposable sandbox repository run; +- owned noncritical repository run; +- candidate-default real-repo use. + +Mode unlock requires a later validated adapter contract, source license note, harness evidence validation, explicit gate, and staged proof record. + +## Update Rule + +Changing the pinned Case source requires: + +- previous source URL; +- previous pinned commit or tag; +- new source URL; +- new pinned commit or tag; +- retrieval date; +- retrieval command; +- license note review; +- rerun of applicable adapter fixtures; +- evidence record naming previous and new source IDs. + +No moving branch reference may be used as proof without a pinned commit or tag. + +## Admission Status + +Status: not admitted for execution. + +Reason: source identity is pinned, but license note and executable adapter proof are incomplete. + +## Evidence + +Observed retrieval commands: + +```text +git ls-remote https://github.com/workos/case.git HEAD refs/heads/main refs/tags/* +git clone --depth 1 https://github.com/workos/case.git +git rev-parse HEAD +git show -s --format=%cI HEAD +git remote get-url origin +``` + +Observed source metadata: + +```text +HEAD: 7959ac917cdeb0983b4aaa20bb9f42021747fed8 +origin: https://github.com/workos/case.git +commit date: 2026-05-19T18:05:46-07:00 +package private: true +license file: not found in shallow clone +license field: not observed in inspected package.json +``` diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py index 67cd714..dc05ff9 100644 --- a/tools/validate_cto_child.py +++ b/tools/validate_cto_child.py @@ -19,6 +19,7 @@ REQUIRED_FILES = [ "sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md", "sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-ISSUES.md", "sot/03-PROTOCOLS/CTO-HARNESS-EVIDENCE-INTERFACE-CONTRACT.md", + "sot/03-PROTOCOLS/CTO-CASE-SOURCE-ADMISSION-RECORD.md", ] REQUIRED_BRIEF_PHRASES = [ @@ -80,6 +81,22 @@ REQUIRED_EVIDENCE_INTERFACE_PHRASES = [ "fail closed", ] +REQUIRED_SOURCE_ADMISSION_PHRASES = [ + "Local planning SOT only. Not a Core Protocol. Not active Core authority.", + "This record does not authorize Runtime behavior", + "https://github.com/workos/case.git", + "7959ac917cdeb0983b4aaa20bb9f42021747fed8", + "2026-05-31", + "git clone --depth 1 https://github.com/workos/case.git", + "License status is unresolved.", + "package private: true", + "Status: not admitted for execution.", + "Current allowed execution mode: planning-only.", + "do not mutate the Case repository", + "do not vendor Case source into Cortex OS Core", + "No moving branch reference may be used as proof without a pinned commit or tag.", +] + def main() -> int: checked: list[str] = [] @@ -137,6 +154,16 @@ def main() -> int: if phrase not in text: errors.append(f"missing_evidence_interface_phrase:{phrase}") + source_admission = ROOT / "sot/03-PROTOCOLS/CTO-CASE-SOURCE-ADMISSION-RECORD.md" + if source_admission.is_file(): + text = source_admission.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("source_admission_missing_not_promoted_frontmatter") + for phrase in REQUIRED_SOURCE_ADMISSION_PHRASES: + checked.append(f"source_admission_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_source_admission_phrase:{phrase}") + board = ROOT / "WORKBOARD.yaml" if board.is_file(): text = board.read_text(encoding="utf-8") @@ -148,6 +175,8 @@ def main() -> int: errors.append("workboard_missing_evidence_interface_contract_source") if "CTO-WORK-004" in text and "status: validated" not in text: errors.append("workboard_cto_work_004_not_validated") + if "CTO-CASE-SOURCE-ADMISSION-RECORD.md" not in text: + errors.append("workboard_missing_source_admission_record_source") payload = { "ok": not errors,