hermes/cto - cto - Gitea: Git with a cup of tea

hermes/cto

Fork 0

Commit Graph

Author	SHA1	Message	Date
Svrnty	b50e32ae74	feat(disclosure): Wave 4 — cto-planb disclosure: block (3 skills + cortex_tools narrow) — sprint 2026-05-24 Wave-4C apply of Wave-3 recommendations for cto-planb. cto is the cleanest profile in the 5-profile fleet — minimal deltas by design (Karpathy Rules 2+3). Active disclosure block: - 3 skills (cto-agent orchestrator + cto-python-toolkit + cto-angular-toolkit) - 0 MCP (deny-by-default; closes bte-MCP-leak risk seen on ceo/steev) - 1 sovereign_api (bte-rest /api/export-design-md — documented pattern) - 12 cortex_tools (13 minus PC-svrnty.tool-cortex-plugin orphan; 2 invoked at runtime: L6-svrnty.core-credentials + PG-svrnty.lib-quality-gates) - 0 active credentials - inherit_builtins: false, inherit_mcp_toolsets: false - sovereign_only: false (INTENTIONAL — claudeCode lives INSIDE sandcastle isolation per CONTRACT.md §5; cto-agent itself runs sovereign qwen3.6) Orphan removal: PC-svrnty.tool-cortex-plugin removed from external_tool_deps (never cited in any cto skill body or lib — per RECOMMENDATIONS §4 C13). Pending JP review (DISCLOSURE.md §12 — paused per Wave-3 hard rule): - §12.1 ADD sandcastle as sovereign_api (governance-critical, may need DISCLOSURE-SCHEMA §4.6 amendment for external_orchestrators surface) - §12.2 KEEP github-pat cred declaration (vault-absent; v2 PR-open needs it) - §12.3 NOTE L6-svrnty.core-credentials runtime mode (cred-adjacent confirm) Refs: - sot/04-STANDARDS/DISCLOSURE-SCHEMA.md (schema_version 1) - sot/04-STANDARDS/DISCLOSURE-TEMPLATE.md - sot/06-REGISTRY/audits/RECOMMENDATIONS-cto-2026-05-24.md - sot/06-REGISTRY/audits/AUDIT-cto-2026-05-24.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-24 15:59:55 -04:00

Author

SHA1

Message

Date

Svrnty

b50e32ae74

feat(disclosure): Wave 4 — cto-planb disclosure: block (3 skills + cortex_tools narrow) — sprint 2026-05-24

Wave-4C apply of Wave-3 recommendations for cto-planb. cto is the cleanest
profile in the 5-profile fleet — minimal deltas by design (Karpathy Rules 2+3).

Active disclosure block:
- 3 skills (cto-agent orchestrator + cto-python-toolkit + cto-angular-toolkit)
- 0 MCP (deny-by-default; closes bte-MCP-leak risk seen on ceo/steev)
- 1 sovereign_api (bte-rest /api/export-design-md — documented pattern)
- 12 cortex_tools (13 minus PC-svrnty.tool-cortex-plugin orphan; 2 invoked
  at runtime: L6-svrnty.core-credentials + PG-svrnty.lib-quality-gates)
- 0 active credentials
- inherit_builtins: false, inherit_mcp_toolsets: false
- sovereign_only: false (INTENTIONAL — claudeCode lives INSIDE sandcastle
  isolation per CONTRACT.md §5; cto-agent itself runs sovereign qwen3.6)

Orphan removal: PC-svrnty.tool-cortex-plugin removed from external_tool_deps
(never cited in any cto skill body or lib — per RECOMMENDATIONS §4 C13).

Pending JP review (DISCLOSURE.md §12 — paused per Wave-3 hard rule):
- §12.1 ADD sandcastle as sovereign_api (governance-critical, may need
  DISCLOSURE-SCHEMA §4.6 amendment for external_orchestrators surface)
- §12.2 KEEP github-pat cred declaration (vault-absent; v2 PR-open needs it)
- §12.3 NOTE L6-svrnty.core-credentials runtime mode (cred-adjacent confirm)

Refs:
- sot/04-STANDARDS/DISCLOSURE-SCHEMA.md (schema_version 1)
- sot/04-STANDARDS/DISCLOSURE-TEMPLATE.md
- sot/06-REGISTRY/audits/RECOMMENDATIONS-cto-2026-05-24.md
- sot/06-REGISTRY/audits/AUDIT-cto-2026-05-24.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-24 15:59:55 -04:00

1 Commits