hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Record real refresh control summary evidence

Browse Source
This commit is contained in:
Svrnty 2026-06-01 07:26:37 -04:00
parent 6d3e10ace1
commit be65b20cff
3 changed files with 122 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
.sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md Normal file
View File

@ -0,0 +1,91 @@
---
name: cto-hermes-real-refresh-control-replay-evidence
tier: local
status: validated
owner: jp
source: .sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-ISSUES.md
created: 2026-06-01
last_reviewed: 2026-06-01
lifecycle_classification: planning
core_promotion_status: not-promoted
description: Child-local evidence that CTO-WORK-057 exposed Stage 6 real-governed refresh evidence through the Hermes CTO Harness control summary.
---
# CTO Hermes Real Refresh Control Replay Evidence
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Result
Status: validated.
Work item: `CTO-WORK-057`
Hermes CTO commit:
```text
1f53307 Expose real refresh in control summary
```
Focused summary validator:
```text
python3 harness/runner/validate-webui-summary.py --json
```
Focused summary JSON:
```text
/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T112443Z-run-all-fake-262885/webui-summary.json
```
Focused Stage 6 real-governed refresh comparison artifact:
```text
/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T112448Z-stage6-real-governed-refresh/stage6-real-governed-refresh-comparison.json
```
Post-merge aggregate Harness command:
```text
./harness/evals/health.sh --json
```
Post-merge aggregate status:
```text
pass
```
Post-merge Stage 6 real-governed refresh comparison artifact:
```text
/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T112541Z-stage6-real-governed-refresh/stage6-real-governed-refresh-comparison.json
```
## Evidence Facts
- summary exposes `case_stage6_real_governed_refresh`
- summary exposes `stage6_real_governed_refresh_comparison_path`
- summary exposes real Stage 5 pass report replay path
- summary exposes real Stage 5 proof replay path
- summary exposes target repository read-only proof status
- summary exposes candidate-default refresh eligibility separately from `runtime_default_activation`
- summary exposes Codex blocked-lane rationale from the refresh artifact
- summary exposes Pi blocked-lane rationale from the refresh artifact
- summary exposes next operator action after real-refresh validation
- summary does not expose secrets, endpoints, credential values, or raw Target Repository content
- summary does not mutate Target Repositories, vendor source, external developer repositories, unowned repositories, or Cortex Core
- runtime default activation: false
## Decision
`CTO-WORK-057` is validated.
Hermes now has a Harness-backed replay summary for Stage 6 real-governed refresh evidence.
Case remains a gated adapter behind the CTO Harness seam.
Runtime default activation remains false.
This evidence does not promote CTO artifacts into Core and does not authorize broader target mutation.

2
WORKBOARD.yaml
View File

@ -283,7 +283,7 @@ items:
owner: "" owner: ""
- id: CTO-WORK-057 - id: CTO-WORK-057
title: Hermes Control Summary Real Refresh Replay Route title: Hermes Control Summary Real Refresh Replay Route
status: candidate status: validated
source: .sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-ISSUES.md source: .sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-ISSUES.md
owner: "" owner: ""

31
tools/validate_cto_child.py
View File

@ -47,6 +47,7 @@ REQUIRED_FILES = [
".sot/03-PROTOCOLS/CTO-HERMES-CONTROL-SURFACE-ISSUES.md", ".sot/03-PROTOCOLS/CTO-HERMES-CONTROL-SURFACE-ISSUES.md",
".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-PRD.md", ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-PRD.md",
".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-ISSUES.md", ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-ISSUES.md",
".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md",
".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md",
".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md",
".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-APPROVAL-PACKET.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-APPROVAL-PACKET.md",
@ -134,6 +135,24 @@ REQUIRED_FIRST_REAL_WORKFLOW_APPROVAL_PACKET_PHRASES = [
"Runtime default activation remains false.", "Runtime default activation remains false.",
] ]
REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_EVIDENCE_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"CTO-WORK-057",
"1f53307 Expose real refresh in control summary",
"validate-webui-summary.py --json",
"webui-summary.json",
"case_stage6_real_governed_refresh",
"stage6_real_governed_refresh_comparison_path",
"real Stage 5 pass report replay path",
"real Stage 5 proof replay path",
"target repository read-only proof status",
"candidate-default refresh eligibility separately from `runtime_default_activation`",
"Codex blocked-lane rationale",
"Pi blocked-lane rationale",
"runtime default activation: false",
"Runtime default activation remains false.",
]
REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_PHRASES = [ REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.", "Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Hermes may display and replay evidence; it must not govern", "Hermes may display and replay evidence; it must not govern",
@ -1109,6 +1128,16 @@ def main() -> int:
if phrase not in text: if phrase not in text:
errors.append(f"missing_hermes_real_refresh_control_replay_issue_phrase:{phrase}") errors.append(f"missing_hermes_real_refresh_control_replay_issue_phrase:{phrase}")
hermes_real_refresh_control_replay_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md"
if hermes_real_refresh_control_replay_evidence.is_file():
text = hermes_real_refresh_control_replay_evidence.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("hermes_real_refresh_control_replay_evidence_missing_not_promoted_frontmatter")
for phrase in REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_EVIDENCE_PHRASES:
checked.append(f"hermes_real_refresh_control_replay_evidence_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_hermes_real_refresh_control_replay_evidence_phrase:{phrase}")
stage6_real_refresh_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-EVIDENCE.md" stage6_real_refresh_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-EVIDENCE.md"
if stage6_real_refresh_evidence.is_file(): if stage6_real_refresh_evidence.is_file():
text = stage6_real_refresh_evidence.read_text(encoding="utf-8") text = stage6_real_refresh_evidence.read_text(encoding="utf-8")
@ -1706,7 +1735,7 @@ def main() -> int:
"CTO-WORK-054": "validated", "CTO-WORK-054": "validated",
"CTO-WORK-055": "validated", "CTO-WORK-055": "validated",
"CTO-WORK-056": "validated", "CTO-WORK-056": "validated",
"CTO-WORK-057": "candidate", "CTO-WORK-057": "validated",
} }
for issue_id, expected in expected_statuses.items(): for issue_id, expected in expected_statuses.items():
checked.append(f"workboard_status:{issue_id}:{expected}") checked.append(f"workboard_status:{issue_id}:{expected}")