diff --git a/.sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-CLOSEOUT.md b/.sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-CLOSEOUT.md new file mode 100644 index 0000000..8b84951 --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-CLOSEOUT.md @@ -0,0 +1,58 @@ +--- +name: CTO Hermes Live Smoke Remote Sync Closeout +status: validated +lifecycle_classification: sot +owner: jp +created: 2026-06-01 +last_reviewed: 2026-06-01 +core_promotion_status: not-promoted +--- + +# CTO Hermes Live Smoke Remote Sync Closeout + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Workboard + +- `CTO-WORK-075` + +## Result + +- Hermes live smoke remote sync evidence +- status: validated +- CTO-WORK-074 +- CTO-WORK-075 +- openharbor/jp synced +- Case runtime default active: false +- target repository mutation: false +- Runtime default activation remains false. +- Do not activate Case as default backend. +- This closeout does not authorize another Case run. + +## Remote Sync Evidence + +- command: `git push openharbor jp` +- result: `d302321..6f694b4 jp -> jp` +- plugin commit: `6f694b4 feat(plugin): surface consumed CTO approval evidence` + +## Temporary Hermes WebUI Boot Smoke Evidence + +- command: `python3 scripts/boot-smoke.py` +- result: `failed: 0` +- temporary Hermes WebUI boot smoke +- `/api/cto/control-summary`: status accepted: true +- `/plugins/svrnty/cto_control_panel.js`: status accepted: true +- `/plugins/svrnty/cto_control_panel.css`: status accepted: true +- authentication-gated `401` and redirect `302` statuses were accepted by the existing plugin smoke contract. + +## Boundary Evidence + +- upstream `hermes-webui` edited: false +- upstream `hermes-agent` edited: false +- plugin-only change already recorded by `CTO-WORK-073`. +- Harness-backed summary data remains the source of truth. +- Hermes visualizes control state; CTO and Harness remain the gates. + +## Scope Guard + +This closeout records remote sync and smoke evidence only. It is not a new approval and does not authorize another Case run. diff --git a/.sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-ISSUES.md b/.sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-ISSUES.md new file mode 100644 index 0000000..76a7f96 --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-ISSUES.md @@ -0,0 +1,69 @@ +--- +name: CTO Hermes Live Smoke Remote Sync Issues +status: validated +lifecycle_classification: sot +owner: jp +created: 2026-06-01 +last_reviewed: 2026-06-01 +core_promotion_status: not-promoted +--- + +# CTO Hermes Live Smoke Remote Sync Issues + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Issue: CTO-WORK-074 - Hermes Live Smoke Remote Sync PRD + +Status: validated. + +Acceptance: + +- Define Hermes live smoke remote sync evidence. +- Require remote push evidence for `openharbor/jp`. +- Require temporary Hermes WebUI boot smoke evidence. +- Require CTO endpoint and panel asset smoke rows. +- Preserve Case runtime default active: false. +- Preserve target repository mutation: false. +- State: Do not activate Case as default backend. +- State: This closeout does not authorize another Case run. + +## Issue: CTO-WORK-075 - Hermes Live Smoke Remote Sync Closeout + +Status: validated. + +Acceptance: + +- Record Hermes live smoke remote sync evidence. +- Reference `git push openharbor jp`. +- Reference `d302321..6f694b4 jp -> jp`. +- Reference `6f694b4 feat(plugin): surface consumed CTO approval evidence`. +- Reference `python3 scripts/boot-smoke.py`. +- Reference `failed: 0`. +- Reference `/api/cto/control-summary`. +- Reference `/plugins/svrnty/cto_control_panel.js`. +- Reference `/plugins/svrnty/cto_control_panel.css`. +- Record upstream `hermes-webui` edited: false. +- Record upstream `hermes-agent` edited: false. + +## Required Phrases + +- Hermes live smoke remote sync evidence +- CTO-WORK-074 +- CTO-WORK-075 +- git push openharbor jp +- d302321..6f694b4 jp -> jp +- 6f694b4 feat(plugin): surface consumed CTO approval evidence +- python3 scripts/boot-smoke.py +- failed: 0 +- /api/cto/control-summary +- /plugins/svrnty/cto_control_panel.js +- /plugins/svrnty/cto_control_panel.css +- status accepted: true +- temporary Hermes WebUI boot smoke +- openharbor/jp synced +- Case runtime default active: false +- target repository mutation: false +- upstream `hermes-webui` edited: false +- upstream `hermes-agent` edited: false +- Do not activate Case as default backend. +- This closeout does not authorize another Case run. diff --git a/.sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-PRD.md b/.sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-PRD.md new file mode 100644 index 0000000..8f6cacf --- /dev/null +++ b/.sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-PRD.md @@ -0,0 +1,82 @@ +--- +name: CTO Hermes Live Smoke Remote Sync PRD +status: validated +lifecycle_classification: sot +owner: jp +created: 2026-06-01 +last_reviewed: 2026-06-01 +core_promotion_status: not-promoted +--- + +# CTO Hermes Live Smoke Remote Sync PRD + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Problem Statement + +Hermes consumed approval evidence is implemented and recorded locally. CTO needs a closeout that proves the plugin branch was synced to its remote and that a temporary Hermes WebUI boot smoke reached the CTO control endpoint and assets. + +## Solution + +Record remote sync and live boot smoke evidence for the Hermes CTO control surface. This proves the plugin can boot under the WebUI smoke path and expose `/api/cto/control-summary`, `cto_control_panel.js`, and `cto_control_panel.css` without editing upstream source. + +## Scope + +- Record remote push to `openharbor/jp`. +- Record Hermes plugin commit `6f694b4 feat(plugin): surface consumed CTO approval evidence`. +- Record boot smoke command `python3 scripts/boot-smoke.py`. +- Record `failed: 0`. +- Record `/api/cto/control-summary` smoke status accepted. +- Record `/plugins/svrnty/cto_control_panel.js` smoke status accepted. +- Record `/plugins/svrnty/cto_control_panel.css` smoke status accepted. +- Preserve that authentication redirects or 401 responses are acceptable smoke statuses under the plugin smoke contract. + +## Non-goals + +- Do not create a new JP approval. +- Do not rerun Case. +- Do not activate Case as default backend. +- Do not mutate target repositories. +- Do not edit upstream `hermes-webui`. +- Do not edit upstream `hermes-agent`. + +## Acceptance Criteria + +- `WORKBOARD.yaml` records `CTO-WORK-074` and `CTO-WORK-075` as validated. +- The closeout records `git push openharbor jp`. +- The closeout records `d302321..6f694b4 jp -> jp`. +- The closeout records `python3 scripts/boot-smoke.py`. +- The closeout records `failed: 0`. +- The closeout records `/api/cto/control-summary`. +- The closeout records `/plugins/svrnty/cto_control_panel.js`. +- The closeout records `/plugins/svrnty/cto_control_panel.css`. +- The closeout states upstream `hermes-webui` edited: false. +- The closeout states upstream `hermes-agent` edited: false. + +## Validation + +- `python3 tools/validate_cto_child.py` +- `python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py` + +## Required Evidence + +- Hermes live smoke remote sync evidence +- CTO-WORK-074 +- CTO-WORK-075 +- git push openharbor jp +- d302321..6f694b4 jp -> jp +- 6f694b4 feat(plugin): surface consumed CTO approval evidence +- python3 scripts/boot-smoke.py +- failed: 0 +- /api/cto/control-summary +- /plugins/svrnty/cto_control_panel.js +- /plugins/svrnty/cto_control_panel.css +- status accepted: true +- temporary Hermes WebUI boot smoke +- openharbor/jp synced +- Case runtime default active: false +- target repository mutation: false +- upstream `hermes-webui` edited: false +- upstream `hermes-agent` edited: false +- Do not activate Case as default backend. +- This closeout does not authorize another Case run. diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml index 336adde..b885979 100644 --- a/WORKBOARD.yaml +++ b/WORKBOARD.yaml @@ -366,3 +366,13 @@ items: status: validated source: .sot/03-PROTOCOLS/CTO-HERMES-CONSUMED-APPROVAL-EVIDENCE-CLOSEOUT.md owner: "" + - id: CTO-WORK-074 + title: Hermes Live Smoke Remote Sync PRD + status: validated + source: .sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-PRD.md + owner: "" + - id: CTO-WORK-075 + title: Hermes Live Smoke Remote Sync Closeout + status: validated + source: .sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-CLOSEOUT.md + owner: "" diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py index d37f677..9b884b1 100644 --- a/tools/validate_cto_child.py +++ b/tools/validate_cto_child.py @@ -72,6 +72,9 @@ REQUIRED_FILES = [ ".sot/03-PROTOCOLS/CTO-HERMES-CONSUMED-APPROVAL-EVIDENCE-PRD.md", ".sot/03-PROTOCOLS/CTO-HERMES-CONSUMED-APPROVAL-EVIDENCE-ISSUES.md", ".sot/03-PROTOCOLS/CTO-HERMES-CONSUMED-APPROVAL-EVIDENCE-CLOSEOUT.md", + ".sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-PRD.md", + ".sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-ISSUES.md", + ".sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-CLOSEOUT.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md", ".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-APPROVAL-PACKET.md", @@ -380,6 +383,30 @@ REQUIRED_HERMES_CONSUMED_APPROVAL_EVIDENCE_PHRASES = [ "This closeout does not authorize another Case run.", ] +REQUIRED_HERMES_LIVE_SMOKE_REMOTE_SYNC_PHRASES = [ + "Local planning SOT only. Not a Core Protocol. Not active Core authority.", + "Hermes live smoke remote sync evidence", + "CTO-WORK-074", + "CTO-WORK-075", + "git push openharbor jp", + "d302321..6f694b4 jp -> jp", + "6f694b4 feat(plugin): surface consumed CTO approval evidence", + "python3 scripts/boot-smoke.py", + "failed: 0", + "/api/cto/control-summary", + "/plugins/svrnty/cto_control_panel.js", + "/plugins/svrnty/cto_control_panel.css", + "status accepted: true", + "temporary Hermes WebUI boot smoke", + "openharbor/jp synced", + "Case runtime default active: false", + "target repository mutation: false", + "upstream `hermes-webui` edited: false", + "upstream `hermes-agent` edited: false", + "Do not activate Case as default backend.", + "This closeout does not authorize another Case run.", +] + REQUIRED_HERMES_REAL_REFRESH_CONTROL_REPLAY_EVIDENCE_PHRASES = [ "Local planning SOT only. Not a Core Protocol. Not active Core authority.", "CTO-WORK-057", @@ -1640,6 +1667,42 @@ def main() -> int: if phrase not in text: errors.append(f"missing_hermes_consumed_approval_closeout_phrase:{phrase}") + hermes_live_smoke_remote_sync_prd = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-PRD.md" + if hermes_live_smoke_remote_sync_prd.is_file(): + text = hermes_live_smoke_remote_sync_prd.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("hermes_live_smoke_remote_sync_prd_missing_not_promoted_frontmatter") + for phrase in REQUIRED_HERMES_LIVE_SMOKE_REMOTE_SYNC_PHRASES: + checked.append(f"hermes_live_smoke_remote_sync_prd_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_hermes_live_smoke_remote_sync_prd_phrase:{phrase}") + + hermes_live_smoke_remote_sync_issues = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-ISSUES.md" + if hermes_live_smoke_remote_sync_issues.is_file(): + text = hermes_live_smoke_remote_sync_issues.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("hermes_live_smoke_remote_sync_issues_missing_not_promoted_frontmatter") + for phrase in REQUIRED_HERMES_LIVE_SMOKE_REMOTE_SYNC_PHRASES: + checked.append(f"hermes_live_smoke_remote_sync_issue_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_hermes_live_smoke_remote_sync_issue_phrase:{phrase}") + + hermes_live_smoke_remote_sync_closeout = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-LIVE-SMOKE-REMOTE-SYNC-CLOSEOUT.md" + if hermes_live_smoke_remote_sync_closeout.is_file(): + text = hermes_live_smoke_remote_sync_closeout.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("hermes_live_smoke_remote_sync_closeout_missing_not_promoted_frontmatter") + for phrase in [ + "status: validated", + "authentication-gated `401` and redirect `302` statuses were accepted", + "Harness-backed summary data remains the source of truth.", + "Hermes visualizes control state; CTO and Harness remain the gates.", + *REQUIRED_HERMES_LIVE_SMOKE_REMOTE_SYNC_PHRASES, + ]: + checked.append(f"hermes_live_smoke_remote_sync_closeout_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_hermes_live_smoke_remote_sync_closeout_phrase:{phrase}") + hermes_real_refresh_control_replay_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md" if hermes_real_refresh_control_replay_evidence.is_file(): text = hermes_real_refresh_control_replay_evidence.read_text(encoding="utf-8") @@ -2264,6 +2327,8 @@ def main() -> int: "CTO-WORK-071": "validated", "CTO-WORK-072": "validated", "CTO-WORK-073": "validated", + "CTO-WORK-074": "validated", + "CTO-WORK-075": "validated", } for issue_id, expected in expected_statuses.items(): checked.append(f"workboard_status:{issue_id}:{expected}")