From d2f574802f717047fe1d1dddb3518b991634ac35 Mon Sep 17 00:00:00 2001 From: Svrnty Date: Mon, 1 Jun 2026 07:30:07 -0400 Subject: [PATCH] Plan Hermes WebUI control panel --- .../CTO-HERMES-WEBUI-CONTROL-PANEL-ISSUES.md | 79 +++++++++++++++ .../CTO-HERMES-WEBUI-CONTROL-PANEL-PRD.md | 99 +++++++++++++++++++ WORKBOARD.yaml | 10 ++ tools/validate_cto_child.py | 39 ++++++++ 4 files changed, 227 insertions(+) create mode 100644 .sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-ISSUES.md create mode 100644 .sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-PRD.md diff --git a/.sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-ISSUES.md b/.sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-ISSUES.md new file mode 100644 index 0000000..55a0eab --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-ISSUES.md @@ -0,0 +1,79 @@ +--- +name: cto-hermes-webui-control-panel-issues +tier: local +status: draft +owner: jp +source: .sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-PRD.md +created: 2026-06-01 +last_reviewed: 2026-06-01 +lifecycle_classification: planning +core_promotion_status: not-promoted +description: Child-local issue sequence for a Hermes WebUI consumer panel over the CTO Harness control summary. +--- + +# CTO Hermes WebUI Control Panel Issues + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Issue Sequence + +### CTO-WORK-058 - Hermes WebUI Control Panel PRD + +Type: AFK + +Status: validated. + +Blocked by: CTO-WORK-057 + +What to build: Define the route for a read-only Hermes WebUI consumer panel over the CTO Harness control summary. + +Acceptance criteria: + +- [x] PRD requires the panel to use the Hermes-owned extension/plugin surface, not upstream `hermes-webui` or `hermes-agent` edits. +- [x] PRD requires Harness-backed summary data as the source of truth. +- [x] PRD requires Stage 6 real-governed refresh status to be visible. +- [x] PRD requires replay paths for refresh comparison, real Stage 5 pass report, and Stage 5 proof. +- [x] PRD requires target repository read-only proof status to be visible. +- [x] PRD separates candidate-default refresh eligibility from runtime default activation. +- [x] PRD requires blocked Codex/Pi lane rationale to be visible. +- [x] PRD forbids mutation actions, default activation, upstream source edits, Core promotion, target mutation, and secret exposure. +- [x] Local CTO validator checks the PRD and issue artifact. + +Allowed files: CTO child workspace planning docs and local validator only. + +Validator: `python3 tools/validate_cto_child.py` + +Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit. + +### CTO-WORK-059 - Hermes WebUI CTO Harness Control Panel + +Type: AFK + +Status: candidate. + +Blocked by: CTO-WORK-058 + +What to build: In the Hermes-owned WebUI extension/plugin surface, add a read-only CTO Harness control panel or endpoint consumer over the validated `webui-summary.json` contract. + +Acceptance criteria: + +- [ ] Implementation does not edit upstream `hermes-webui` or `hermes-agent`. +- [ ] Panel or endpoint consumes Harness-backed summary data. +- [ ] Stage 6 real-governed refresh status is visible. +- [ ] Refresh comparison, real Stage 5 pass report, and Stage 5 proof replay paths are visible. +- [ ] Target repository read-only proof status is visible. +- [ ] Candidate-default refresh eligibility is visually separated from runtime default activation. +- [ ] Codex/Pi blocked-lane rationale is visible. +- [ ] Next operator action is visible. +- [ ] No mutation action, approval action, default activation, target mutation, Core mutation, vendor-source mutation, or secret exposure is added. +- [ ] Focused contract/UI validator passes before any aggregate validation. + +Allowed files: Hermes-owned WebUI extension/plugin files and deterministic validators only. Upstream `hermes-webui`, upstream `hermes-agent`, Case source, vendor source, Target Repositories, Cortex Core, and external developer repositories are forbidden. + +Validator: relevant Hermes plugin/WebUI contract validator or a new deterministic validator for the panel data contract. + +Done evidence: Hermes sandcastle commit, focused validator output, rendered/contract artifact path if available, clean merge, and CTO evidence update. + +## Granularity Check + +This is intentionally two slices: one child-local planning route and one Hermes-owned implementation route. It avoids adding mutation controls or upstream WebUI edits while moving the endgoal toward actual Hermes visualization. diff --git a/.sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-PRD.md b/.sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-PRD.md new file mode 100644 index 0000000..fd06e8a --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-PRD.md @@ -0,0 +1,99 @@ +--- +name: cto-hermes-webui-control-panel-prd +tier: local +status: draft +owner: jp +source: .sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md +created: 2026-06-01 +last_reviewed: 2026-06-01 +lifecycle_classification: planning +core_promotion_status: not-promoted +description: Child-local PRD for a Hermes WebUI consumer panel over the CTO Harness control summary. +--- + +# CTO Hermes WebUI Control Panel PRD + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Problem Statement + +Hermes now has a machine-readable CTO Harness control summary with Stage 6 real-governed refresh evidence. The operator still needs a visual control surface that can show the proof state, replay paths, blocked lanes, read-only target proof, and runtime-default status without opening raw JSON by hand. + +## Solution + +Add a bounded Hermes WebUI consumer panel through the existing Hermes extension/plugin surface. The panel must read the Harness-backed summary contract and render evidence state only. Hermes controls visibility and replay. Cortex remains SOT authority. CTO routes. Harness proves. Case remains a gated adapter and is not activated by the panel. + +## Scope + +- Add a WebUI-visible CTO Harness panel or endpoint consumer through the Hermes-owned extension/plugin surface. +- Read the existing `webui-summary.json` contract or a Harness summary command result. +- Display Stage 6 real-governed refresh status. +- Display refresh comparison artifact path, real Stage 5 pass report path, and Stage 5 proof path. +- Display target repository read-only proof status. +- Display candidate-default refresh eligibility separately from runtime default activation. +- Display Codex/Pi blocked-lane rationale. +- Display next operator action. +- Keep all source data Harness-backed. + +## Non-Goals + +- Do not edit upstream `hermes-webui`. +- Do not edit upstream `hermes-agent`. +- Do not activate Case as default backend. +- Do not add approval, mutation, deploy, push, merge, close, PR open, or issue-close actions. +- Do not rerun Case or mutate a Target Repository from the panel. +- Do not expose secrets, endpoints, credential values, or raw Target Repository content. +- Do not promote child-local CTO artifacts into Core. + +## User Stories + +1. As JP, I want a CTO Harness panel in Hermes, so that I can inspect real-refresh proof quickly. +2. As Hermes, I want to render a stable summary contract, so that the UI does not reinterpret raw backend logs. +3. As CTO, I want target read-only proof visible, so that real-repo protection is prominent. +4. As Harness, I want replay links/paths visible, so that evidence can be audited. +5. As Cortex, I want runtime default activation shown as false, so that visual control cannot create authority drift. + +## Acceptance Criteria + +- [ ] PRD requires the panel to use the Hermes-owned extension/plugin surface, not upstream `hermes-webui` or `hermes-agent` edits. +- [ ] PRD requires Harness-backed summary data as the source of truth. +- [ ] PRD requires Stage 6 real-governed refresh status to be visible. +- [ ] PRD requires replay paths for refresh comparison, real Stage 5 pass report, and Stage 5 proof. +- [ ] PRD requires target repository read-only proof status to be visible. +- [ ] PRD separates candidate-default refresh eligibility from runtime default activation. +- [ ] PRD requires blocked Codex/Pi lane rationale to be visible. +- [ ] PRD forbids mutation actions, default activation, upstream source edits, Core promotion, target mutation, and secret exposure. +- [ ] Local CTO validator checks the PRD and issue artifact. + +## Validation + +Planning validator: `python3 tools/validate_cto_child.py`. + +Implementation validation must use the relevant Hermes extension/plugin validator or a small deterministic contract validator. If WebUI runtime validation is unavailable, the implementation must at minimum validate the endpoint/rendered data contract without editing upstream code. + +## Risks + +- A visual panel may imply authority if default activation is not shown as false. +- A panel may expose too much if it renders raw target content instead of artifact paths. +- Editing upstream WebUI would violate the Hermes extension boundary. +- Building mutation controls now would overreach the evidence surface. + +## Dependencies + +- `CTO-WORK-057` control summary real-refresh replay evidence is validated. +- Hermes extension/plugin surface exists for WebUI additions. +- CTO Harness `webui-summary.sh --json` remains validated. + +## Challenge Notes + +Accepted feedback: This is now worth doing because the machine-readable summary contract exists and is validated. + +Accepted feedback: The panel must be read-only and replay-oriented; approval and mutation controls require a later governed route. + +Rejected feedback: Editing upstream `hermes-webui` is not acceptable because Hermes customizations belong in the extension/plugin surface. + +Rejected feedback: Calling this complete from the CLI summary alone is insufficient because the endgoal explicitly requires Hermes visualization/ease of control. + +## Success Definition + +This slice succeeds when CTO has a validated route for adding a read-only Hermes WebUI consumer panel over the CTO Harness summary, preserving Cortex authority, Harness proof, target protection, and runtime default activation false. diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml index a1ddb38..7213452 100644 --- a/WORKBOARD.yaml +++ b/WORKBOARD.yaml @@ -286,4 +286,14 @@ items: status: validated source: .sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-ISSUES.md owner: "" + - id: CTO-WORK-058 + title: Hermes WebUI Control Panel PRD + status: validated + source: .sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-PRD.md + owner: "" + - id: CTO-WORK-059 + title: Hermes WebUI CTO Harness Control Panel + status: candidate + source: .sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-ISSUES.md + owner: "" diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py index 346ebf7..abb509a 100644 --- a/tools/validate_cto_child.py +++ b/tools/validate_cto_child.py @@ -48,6 +48,8 @@ REQUIRED_FILES = [ ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-PRD.md", ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-ISSUES.md", ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md", + ".sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-PRD.md", + ".sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-ISSUES.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-APPROVAL-PACKET.md", @@ -135,6 +137,21 @@ REQUIRED_FIRST_REAL_WORKFLOW_APPROVAL_PACKET_PHRASES = [ "Runtime default activation remains false.", ] +REQUIRED_HERMES_WEBUI_CONTROL_PANEL_PHRASES = [ + "Local planning SOT only. Not a Core Protocol. Not active Core authority.", + "Hermes WebUI consumer panel", + "Hermes-owned extension/plugin surface", + "Do not edit upstream `hermes-webui`.", + "Do not edit upstream `hermes-agent`.", + "Harness-backed summary data as the source of truth", + "Stage 6 real-governed refresh status", + "refresh comparison, real Stage 5 pass report, and Stage 5 proof", + "target repository read-only proof status", + "candidate-default refresh eligibility from runtime default activation", + "blocked Codex/Pi lane rationale", + "Do not activate Case as default backend.", +] + REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_EVIDENCE_PHRASES = [ "Local planning SOT only. Not a Core Protocol. Not active Core authority.", "CTO-WORK-057", @@ -1128,6 +1145,26 @@ def main() -> int: if phrase not in text: errors.append(f"missing_hermes_real_refresh_control_replay_issue_phrase:{phrase}") + hermes_webui_control_panel_prd = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-PRD.md" + if hermes_webui_control_panel_prd.is_file(): + text = hermes_webui_control_panel_prd.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("hermes_webui_control_panel_prd_missing_not_promoted_frontmatter") + for phrase in REQUIRED_HERMES_WEBUI_CONTROL_PANEL_PHRASES: + checked.append(f"hermes_webui_control_panel_prd_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_hermes_webui_control_panel_prd_phrase:{phrase}") + + hermes_webui_control_panel_issues = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-ISSUES.md" + if hermes_webui_control_panel_issues.is_file(): + text = hermes_webui_control_panel_issues.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("hermes_webui_control_panel_issues_missing_not_promoted_frontmatter") + for phrase in ["CTO-WORK-058", "CTO-WORK-059", "upstream `hermes-webui`", "upstream `hermes-agent`", "runtime default activation"]: + checked.append(f"hermes_webui_control_panel_issue_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_hermes_webui_control_panel_issue_phrase:{phrase}") + hermes_real_refresh_control_replay_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md" if hermes_real_refresh_control_replay_evidence.is_file(): text = hermes_real_refresh_control_replay_evidence.read_text(encoding="utf-8") @@ -1736,6 +1773,8 @@ def main() -> int: "CTO-WORK-055": "validated", "CTO-WORK-056": "validated", "CTO-WORK-057": "validated", + "CTO-WORK-058": "validated", + "CTO-WORK-059": "candidate", } for issue_id, expected in expected_statuses.items(): checked.append(f"workboard_status:{issue_id}:{expected}")