diff --git a/DISCLOSURE.md b/DISCLOSURE.md new file mode 100644 index 0000000..ccc21be --- /dev/null +++ b/DISCLOSURE.md @@ -0,0 +1,185 @@ +--- +name: disclosure-cto-planb +tier: T2 +status: active +owner: jp +source: generated +last_reviewed: 2026-05-24 +review_by: 2026-08-22 +depends_on: + - disclosure-schema + - profile-distribution-protocol + - cto-planb-contract + - recommendations-cto-2026-05-24 + - audit-cto-2026-05-24 + - cortex-tooling +description: Canonical disclosure of cto-planb — exposed skills + MCP + sovereign APIs + cortex tools + credentials. Drift-checked vs live runtime by pre-push hook check 6. +auto_regen_cmd: "yq '.disclosure' manifest.yaml | " +--- + +# `cto-planb` — Disclosure + +> Live as of 2026-05-24. Source: `cto/manifest.yaml → disclosure:` block (Wave-4 apply). Pre-push hook check 6 (curator/lib/pre-push.sh) enforces this == live `hermes -p cto-planb` runtime. + +## §1 Identity + +| Field | Value | +|---|---| +| Profile ID | `cto-planb` | +| Repo | `~/workspaces/hermes/cto` | +| Scope | `org` | +| Org | `planb` | +| Owner | `jp` | +| Approval authority | `jp` | +| Role type | C-suite (instance #3) | +| State | stateful (`cto.db` — work_queue, agent_runtime, invocations) | +| Version | `1.0.0` (MVP shipped 2026-05-24) | +| North star | reliable, evolving tech — sandcastle-orchestrated code work, JP-approved deploys, never bypass isolation | +| Chat-facing | `false` (kanban-driven; JP chats with steev, not cto) | +| Delegates to | none (sandcastle is a tool, not a sub-agent — CONTRACT.md §1, §9) | +| Sovereign-only | `false` (intentional — see §2) | + +## §2 Inheritance posture + +| Field | Value | Rationale | +|---|---|---| +| `inherit_builtins` | `false` | cto has zero builtins enabled — deny-by-default. Locks in clean posture. | +| `inherit_mcp_toolsets` | `false` | cto has zero MCP — deny-by-default. Closes potential bte-MCP-leak risk that hit ceo/steev. | +| `inherit_dirs` | none | no external_dirs — no bundled-skill exposure | +| `sovereign_only` | `false` | INTENTIONAL. cto-agent itself runs sovereign `qwen3.6-35b-a3b`. The `claudeCode('claude-opus-4-7')` literal in sandcastle invocations names the AGENT INSIDE THE SANDBOX — hosted Claude lives behind sandcastle's isolation boundary (CONTRACT.md §5 + AUDIT §6 sovereignty note). Setting `true` would block the valid v1 design. | + +## §3 Skills (3) + +Per `disclosure.skills` enum. Pre-push check 6.a enforces declared == live `hermes -p cto-planb skills list` enabled set. + +| ID | Source | Role | Sovereign-req | Hosted-API | Justification | +|---|---|---|---|---|---| +| `cto-agent` | local | orchestrator | — | — | Loop operator (decompose → sandcastle → review → PR). CONTRACT.md §1 "thin orchestrator over sandcastle". | +| `cto-python-toolkit` | local | toolkit | false | — | Python stack patterns — closes CONTRACT.md §6 "Python = skill-only" gap. Anchored to bte-mcp, svrnty-hermes-webui-plugin, curator/sweep.py, scripts/sot-precommit.py. | +| `cto-angular-toolkit` | local | toolkit | false | — | Angular stack patterns — closes CONTRACT.md §6 "Angular = skill-only" gap. Anchored to adwright/adwright-console. | + +**Totals.** 3 skills total. Source breakdown: 3 local, 0 hub, 0 builtin, 0 external_dir. + +## §4 MCP servers (0) + +No MCP servers exposed — deny-by-default allowlist is empty. cto orchestrates via sandcastle + shell, not MCP. Matches PROFILE-CATALOG §cto-planb. Closes the bte-MCP-leak risk that hit ceo/steev. + +## §5 Sovereign APIs (1) + +Per `disclosure.sovereign_apis`. Each entry is grep-verified against `called_by` paths. + +| Name | Endpoint | Transport | Mode | Called by | Justification | +|---|---|---|---|---|---| +| `bte-rest` | `http://localhost:5000` | http | read-write | `skills/cto-agent/SKILL.md`, `skills/cto-angular-toolkit/SKILL.md` | BTE REST `/api/export-design-md` cited as the DESIGN.md emit path for UI tasks; not auto-invoked at v1.0 (documented pattern only — CTO would `curl` when a UI task triggers DESIGN.md export). | + +> Sandcastle is NOT listed here in §5 — see §12 (Pending JP review). Per Wave-3 recommendations §3 A2 it is governance-critical and PAUSED awaiting JP's call on documenting it under `sovereign_apis:` with `transport: cli` vs. a schema §4.6 extension (`external_orchestrators:`). + +## §6 Cortex tools (12) + +Per `disclosure.cortex_tools`. 2 invoked at runtime; 10 mount-and-cite routing targets the sandcastle sub-agent reads when cto mounts them in a prompt. + +| ID | Stack | Invoked at runtime | Mode | Referenced in | Justification | +|---|---|---|---|---|---| +| `L6-svrnty.lib-dotnet-cqrs` | dotnet | false | read | `skills/cto-agent/SKILL.md` | .NET CQRS routing target — sandcastle sub-agent reads patterns when mounted | +| `L5-svrnty.tool-cqrs-plugin` | dotnet | false | read | `skills/cto-agent/SKILL.md` | .NET scaffolding plugin — routing target | +| `pi-bte-plugin` | dotnet | false | read | `skills/cto-agent/SKILL.md`, `skills/cto-angular-toolkit/SKILL.md` | DTCG validation + voice schema lint + DESIGN.md export — routing target + DESIGN.md emit path | +| `L6-svrnty.lib-cqrs-datasource` | dart | false | read | `skills/cto-agent/SKILL.md`, `skills/cto-angular-toolkit/SKILL.md` | Flutter gRPC client + Angular gRPC-web reference — routing target | +| `L6-svrnty.lib-llm` | go | false | read | `skills/cto-agent/SKILL.md` | Go multi-provider LLM interface — routing target for Go tasks | +| `L6-svrnty.core-credentials` | go | **true** | read+exec | `credbridge.sh` | Runtime-invoked via `credctl` CLI from `credbridge.sh` — every `cmd_open_pr` resolves github-pat through this lib | +| `L6-svrnty.core-memory` | go | false | read | `skills/cto-agent/SKILL.md` | Go memory lib — routing target; `requires_tools: memory_tool` is Hermes-side, not direct call | +| `PG-svrnty.tool-qa` | go | false | read | `skills/cto-agent/SKILL.md` | QA orchestrator — routing target for Go QA work | +| `L6-svrnty.core-runtime` | rust | false | read | `skills/cto-agent/SKILL.md` | zeroclaw runtime — routing target for Rust tasks | +| `PG-svrnty.lib-quality-gates` | multi | **true** | read+exec | `skills/cto-python-toolkit/SKILL.md`, `skills/cto-angular-toolkit/SKILL.md` | Runtime-invoked post-sandcastle via `$QG/bin/run-gates --stack python|typescript --repo X --branch Y` | +| `L5-svrnty.lib-skills-engineering` | multi | false | read | `skills/cto-agent/SKILL.md` | 28-pattern engineering reference — routing target | +| `L5-svrnty.tool-bash-plugin` | bash | false | read | `skills/cto-agent/SKILL.md` | Bash scripting plugin — routing target for Bash tasks | + +**Removed (Wave-4):** `PC-svrnty.tool-cortex-plugin` — declared in legacy `external_tool_deps` but never cited in any cto skill body or lib (orphan). Removed per Wave-3 recommendations §4 C13. Reversible by re-adding the entry to `external_tool_deps`. + +## §7 Credentials (0) + +No active credential declarations in this disclosure block. `github-pat` (optional, vault-absent) is parked under §12 Pending JP review per Wave-3 recommendations §5 K1 — cred-adjacent rows require JP sign-off before joining the active allowlist. Legacy `credentials.optional: [github-pat]` block remains for installer back-compat (per DISCLOSURE-SCHEMA §7). + +## §8 Cron (0) + +No cron jobs. cto runs on-demand or on kanban tick (CONTRACT.md §3 + manifest `cron: []`). + +## §9 Drift status + +| Surface | Declared | Live | Status | +|---|---|---|---| +| Skills | 3 | 3 | in-sync (live verified by AUDIT-cto-2026-05-24.md §1) | +| MCP servers | 0 | 0 | in-sync (live verified by AUDIT §2) | +| MCP tools (total) | 0 | 0 | in-sync | +| Credentials | 0 | 1 vault-absent declared in legacy block | acceptable (Pending JP — see §12) | + +> Pre-push hook check 6 last run: pending (Wave-4 first apply, 2026-05-24). Curator sweep will populate. + +## §10 Sovereign-purity audit + +- cto-owned code layer (`cto/skills/`, `cto/lib/`): **CLEAN** — orchestrator runs sovereign `qwen3.6-35b-a3b`; no hosted-API calls from cto's own surface. +- Bundled-skill exposure layer: **N/A** — `inherit_dirs: []`, `inherit_builtins: false`, no bundled skills exposed. +- `sovereign_only: false` is INTENTIONAL — `claudeCode('claude-opus-4-7')` lives inside the sandcastle isolation boundary, not on cto's own surface. The sandcastle sandbox + git branch + PR + JP approval gate = the 4-layer safety stack (AUDIT §8.3). + +## §11 Governance refs + +- Vision: `../sot/01-ROADMAP/CORTEX-OS-ROADMAP.md`, `../sot/02-FRAMEWORK/CORTEX-OS-FRAMEWORK.md` +- Governing protocols: `../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md` +- Standards: `../sot/04-STANDARDS/FRONTMATTER-SPEC.md`, `../sot/04-STANDARDS/SOT-ENFORCEMENT.md`, `../sot/04-STANDARDS/DISCLOSURE-SCHEMA.md` +- Brand master ref: `../sot/07-BRAND/PLANB-BRAND-SYNTHESIS.md` + +## §12 Pending JP review + +Rows surfaced by Wave-3 audit/recommendations but paused awaiting JP sign-off. These are NOT in the active `disclosure:` block yet. + +### §12.1 ADD — sandcastle as `sovereign_api` (governance-critical) + +Per `RECOMMENDATIONS-cto-2026-05-24.md §3 A2` and `AUDIT-cto-2026-05-24.md §8`. + +| Field | Proposed value | +|---|---| +| name | `sandcastle` | +| transport | `cli` (via `npx tsx -e "..."` per `lib/cto-worker.sh:50-62`) | +| endpoint | `../sandcastle` (read-only sibling, pinned v0.5.11) | +| mode | `exec` | +| called_by | `lib/cto-worker.sh` (one actual runtime invocation at lines 50-62 + 3 env/wrapper refs) | +| justification | sandcastle is cto's **primary execution mechanism** (CONTRACT.md §5 + §11 anti-patterns: "CTO never edits host code directly — always via sandcastle"). Currently only present in legacy `external_tool_deps`. DISCLOSURE-SCHEMA §4 has no `sandcastle` surface type; closest fit = `sovereign_apis` with `transport: cli` + governance note. | + +**Open question for JP:** prefer (a) document under `sovereign_apis:` with `transport: cli` (zero schema churn — Karpathy Rule 2 default) OR (b) DISCLOSURE-SCHEMA §4.6 amendment adding `external_orchestrators:` surface (cleaner taxonomy, defers this row to a future wave)? Recommendation: (a). + +### §12.2 KEEP — `github-pat` credential declaration (cred-adjacent PAUSE) + +Per `RECOMMENDATIONS-cto-2026-05-24.md §5 K1`. + +| Field | Proposed value | +|---|---| +| vault_name | `github-pat` | +| status | `optional` | +| scope | `read` | +| used_by | `credbridge.sh` (case `gh)`), `lib/cto-worker.sh` (open-pr command) | +| governance | required for v2 PR-open path (`gh pr create` via credbridge). Currently absent from vault — `cto-worker.sh open-pr` fails-fast with documented error. Vault provisioning is JP's responsibility before first real PR-opening task. | + +**Open question for JP:** confirm KEEP declaration even though vault-absent? Recommendation: YES — v2 needs it; cto-worker.sh fails fast with a clear error if missing. Once approved, the cred row moves from §7 (empty) into the active `disclosure.credentials:` block. Pre-push check 6.d will then enforce `credctl list` exact-match. + +### §12.3 NOTE — `L6-svrnty.core-credentials` runtime mode + +Already KEEP at `invoked_at_runtime: true`, `mode: read+exec` in §6 above — but JP sign-off requested per Wave-3 audit hard rule (credential-adjacent). No change pending; confirm-only. + +## §13 Open issues + next steps + +- **Catalog drift (Wave-5 rollup):** PROFILE-CATALOG.md §cto-planb row says "v0.1 scaffold"; live = v1.0 (manifest version 1.0.0). Deferred to Wave-5 per `RECOMMENDATIONS-cto-2026-05-24.md §10`. +- **`.cto/` work dir convention:** `cto-agent/SKILL.md:75` references `${CTO_HOME}/work/${WORK_ID}/prompt.md` but `install.sh` does not `mkdir -p` that path. Soft gap; first sandcastle run will need to mkdir. Note for Wave-4 cleanup. +- **JP sign-off needed** on §12.1, §12.2, §12.3 before next-wave disclosure refresh. + +## §14 Related + +- [`../sot/04-STANDARDS/DISCLOSURE-SCHEMA.md`](../sot/04-STANDARDS/DISCLOSURE-SCHEMA.md) — schema definition +- [`../sot/04-STANDARDS/DISCLOSURE-TEMPLATE.md`](../sot/04-STANDARDS/DISCLOSURE-TEMPLATE.md) — template this doc instantiates +- [`../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md`](../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md) — protocol disclosure extends +- [`../sot/06-REGISTRY/PROFILE-CATALOG.md`](../sot/06-REGISTRY/PROFILE-CATALOG.md) — fleet rollup +- [`../sot/06-REGISTRY/CORTEX-TOOLING.md`](../sot/06-REGISTRY/CORTEX-TOOLING.md) — 13-tool catalog (12 cited in §6; orphan removed) +- [`../sot/06-REGISTRY/audits/AUDIT-cto-2026-05-24.md`](../sot/06-REGISTRY/audits/AUDIT-cto-2026-05-24.md) — Wave-1 live inventory +- [`../sot/06-REGISTRY/audits/RECOMMENDATIONS-cto-2026-05-24.md`](../sot/06-REGISTRY/audits/RECOMMENDATIONS-cto-2026-05-24.md) — Wave-3 KEEP/REMOVE/ADD/NARROW decisions +- [`../sot/06-REGISTRY/EXTERNAL-REFS/SANDCASTLE.md`](../sot/06-REGISTRY/EXTERNAL-REFS/SANDCASTLE.md) — sandcastle registry entry (§12.1 governance ref) +- [`./manifest.yaml`](./manifest.yaml) — machine-readable `disclosure:` block +- [`./AGENT.md`](./AGENT.md) — identity (T2) +- [`./CONTRACT.md`](./CONTRACT.md) — behavior contract (T1) diff --git a/manifest.yaml b/manifest.yaml index e7b4930..e578fd8 100644 --- a/manifest.yaml +++ b/manifest.yaml @@ -105,10 +105,8 @@ external_tool_deps: path: ../../cortex/L5-svrnty.tool-bash-plugin stack: bash role: Bash script engineering plugin (9 categories — init/gate/hook/cron/probe/seal/deploy/test/orchestrate) - - repo: PC-svrnty.tool-cortex-plugin - path: ../../cortex/PC-svrnty.tool-cortex-plugin - stack: cortex-os - role: Cortex sovereign OS installer — identity/sectors/detection/activation bootstrap + # PC-svrnty.tool-cortex-plugin REMOVED 2026-05-24 (Wave-4 orphan cleanup) — never cited in any cto skill body + # See sot/06-REGISTRY/audits/RECOMMENDATIONS-cto-2026-05-24.md §0.2 + §4 C13 # Stacks NOT yet covered by dedicated cortex/ tooling: # - Python: handled via sandcastle generic Claude Code path; no Python framework lib @@ -134,3 +132,137 @@ config: # portable per-install settings credentials: # provisioned via `credctl set ` — never shipped required: [] # v1 has no required creds (no deploy/cloud yet) optional: [github-pat] # for opening PRs via gh CLI when CTO ships v2 + +# Disclosure block (Wave-4 — per sot/04-STANDARDS/DISCLOSURE-SCHEMA.md schema_version 1). +# Authoritative runtime-truth contract; pre-push hook check 6 verifies declared == live. +# Derived from Wave-3 recommendations: sot/06-REGISTRY/audits/RECOMMENDATIONS-cto-2026-05-24.md +disclosure: + scope: org + schema_version: 1 + chat_facing: false # cto is kanban-driven; JP chats with steev, not cto (CONTRACT.md §3) + delegates_to: [] # cto consumes sandcastle as a tool, not a sub-agent (CONTRACT.md §1, §9) + inherit_builtins: false # deny-by-default; cto has zero builtins enabled + inherit_mcp_toolsets: false # deny-by-default; closes the bte-MCP-leak risk seen on ceo/steev + sovereign_only: false # INTENTIONAL — cto uses claudeCode('claude-opus-4-7') INSIDE sandcastle + # isolation (CONTRACT.md §5). cto-agent itself runs sovereign qwen3.6. + inherit_dirs: [] # no external_dirs + + skills: + - id: cto-agent + source: local + path: skills/cto-agent + role: orchestrator + - id: cto-python-toolkit + source: local + path: skills/cto-python-toolkit + role: toolkit + justification: "Python stack patterns — closes CONTRACT.md §6 'Python = skill-only' gap; anchored to bte-mcp, svrnty-hermes-webui-plugin, curator/sweep.py, scripts/sot-precommit.py" + - id: cto-angular-toolkit + source: local + path: skills/cto-angular-toolkit + role: toolkit + justification: "Angular stack patterns — closes CONTRACT.md §6 'Angular = skill-only' gap; anchored to adwright/adwright-console" + + mcp_servers: [] # cto orchestrates via sandcastle + shell, not MCP + + sovereign_apis: + - name: bte-rest + endpoint: "http://localhost:5000" + transport: http + mode: read-write + called_by: + - skills/cto-agent/SKILL.md + - skills/cto-angular-toolkit/SKILL.md + justification: "BTE REST endpoint /api/export-design-md — cited as the DESIGN.md emit path for UI tasks; not auto-invoked at v1.0 (documented pattern only)" + + cortex_tools: + - id: L6-svrnty.lib-dotnet-cqrs + stack: dotnet + invoked_at_runtime: false + mode: read + referenced_in: + - skills/cto-agent/SKILL.md + justification: ".NET CQRS routing target — sandcastle sub-agent reads patterns when mounted" + - id: L5-svrnty.tool-cqrs-plugin + stack: dotnet + invoked_at_runtime: false + mode: read + referenced_in: + - skills/cto-agent/SKILL.md + justification: ".NET scaffolding plugin — routing target" + - id: pi-bte-plugin + stack: dotnet + invoked_at_runtime: false + mode: read + referenced_in: + - skills/cto-agent/SKILL.md + - skills/cto-angular-toolkit/SKILL.md + justification: "DTCG validation + voice schema lint + DESIGN.md export — routing target + DESIGN.md emit path" + - id: L6-svrnty.lib-cqrs-datasource + stack: dart + invoked_at_runtime: false + mode: read + referenced_in: + - skills/cto-agent/SKILL.md + - skills/cto-angular-toolkit/SKILL.md + justification: "Flutter gRPC client + Angular gRPC-web reference — routing target" + - id: L6-svrnty.lib-llm + stack: go + invoked_at_runtime: false + mode: read + referenced_in: + - skills/cto-agent/SKILL.md + justification: "Go multi-provider LLM interface — routing target for Go tasks" + - id: L6-svrnty.core-credentials + stack: go + invoked_at_runtime: true + mode: read+exec + referenced_in: + - credbridge.sh + justification: "Runtime-invoked via credctl CLI from credbridge.sh — every cmd_open_pr resolves github-pat through this lib" + - id: L6-svrnty.core-memory + stack: go + invoked_at_runtime: false + mode: read + referenced_in: + - skills/cto-agent/SKILL.md + justification: "Go memory lib — routing target; requires_tools memory_tool is Hermes-side, not direct call" + - id: PG-svrnty.tool-qa + stack: go + invoked_at_runtime: false + mode: read + referenced_in: + - skills/cto-agent/SKILL.md + justification: "QA orchestrator — routing target for Go QA work" + - id: L6-svrnty.core-runtime + stack: rust + invoked_at_runtime: false + mode: read + referenced_in: + - skills/cto-agent/SKILL.md + justification: "zeroclaw runtime — routing target for Rust tasks" + - id: PG-svrnty.lib-quality-gates + stack: multi + invoked_at_runtime: true + mode: read+exec + referenced_in: + - skills/cto-python-toolkit/SKILL.md + - skills/cto-angular-toolkit/SKILL.md + justification: "Runtime-invoked post-sandcastle via $QG/bin/run-gates --stack python|typescript --repo X --branch Y" + - id: L5-svrnty.lib-skills-engineering + stack: multi + invoked_at_runtime: false + mode: read + referenced_in: + - skills/cto-agent/SKILL.md + justification: "28-pattern engineering reference — routing target" + - id: L5-svrnty.tool-bash-plugin + stack: bash + invoked_at_runtime: false + mode: read + referenced_in: + - skills/cto-agent/SKILL.md + justification: "Bash scripting plugin — routing target for Bash tasks" + + credentials: [] # github-pat declaration parked under Pending JP review in DISCLOSURE.md §12 + # (cred-adjacent PAUSE per Wave-3 recommendations §5 K1)