hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7 Commits 2 Branches 0 Tags 728 KiB
e058760f79
Commit Graph

7 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Svrnty
e058760f79 feat(install): Wave 7 D6+D4 — cto install.sh disclosure→runtime + model block + subrepo hook — sprint 2026-05-25 
F1 resolve $HERMES_WORKSPACE → skills.external_dirs (inherit_dirs empty for cto; template-consistent w/ cmo/ceo).
F2 compute builtin denylist from disclosure.skills allowlist → ~/.hermes/profiles/cto-planb/config.yaml skills.disabled (cto allowlist has 0 builtins → DENYLIST = all builtins).
F3 propagate disclosure.inherit_mcp_toolsets=false → agent.inherit_mcp_toolsets (closes bte-MCP-leak risk).
F4 install subrepo pre-push disclosure-drift gate at .git/hooks/pre-push (checks 2/3/6 + bypass-marker categorization).
F5 (D4) write sovereign vllm model block (qwen3.6-35b-a3b @ http://100.90.54.40:8000/v1) via yq eval-all merge — matches ceo/curator pattern. Per CONTRACT.md §5, cto-agent runs sovereign qwen3.6; claudeCode hosted lives only inside sandcastle isolation boundary.

All steps idempotent + graceful (WARN+skip on missing tooling). bash -n clean. sot-precommit clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-24 16:59:51 -04:00
Svrnty
aaa1dbf3d0 feat(disclosure): Wave 7 D2 — cto schema v2 + sandcastle external_orchestrator — sprint 2026-05-25 
Schema v2 bump (per sot/04-STANDARDS/DISCLOSURE-SCHEMA.md §4.6) adds the
external_orchestrators surface. Sandcastle was previously parked in
DISCLOSURE.md §12.1 "Pending JP review"; Wave-7 Q2 resolved the open
question in favor of (b) schema §4.6's dedicated external_orchestrators
taxonomy (cleaner separation from HTTP/gRPC sovereign_apis).

Changes:
- manifest.yaml: disclosure.schema_version 1 → 2; add external_orchestrators
  with sandcastle entry (transport=cli, mode=exec, version_pin=v0.5.11,
  sandboxed=true, hosted_api=anthropic, called_by lib/cto-worker.sh).
- DISCLOSURE.md: new canonical §6.5 External orchestrators (sandcastle row +
  governance/pin/check-6.e notes); §5 footer note updated (no longer pending);
  §9 drift table adds external_orchestrators row; §12.1 marked RESOLVED with
  audit-trail stub; last_reviewed bumped to 2026-05-25.

Pin v0.5.11 matches external_tool_deps[0].pin and the workspace CLAUDE.md
hard rule (sandcastle read-only; bumps human-only). sot-precommit clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-24 16:54:14 -04:00
Svrnty
b50e32ae74 feat(disclosure): Wave 4 — cto-planb disclosure: block (3 skills + cortex_tools narrow) — sprint 2026-05-24 
Wave-4C apply of Wave-3 recommendations for cto-planb. cto is the cleanest
profile in the 5-profile fleet — minimal deltas by design (Karpathy Rules 2+3).

Active disclosure block:
- 3 skills (cto-agent orchestrator + cto-python-toolkit + cto-angular-toolkit)
- 0 MCP (deny-by-default; closes bte-MCP-leak risk seen on ceo/steev)
- 1 sovereign_api (bte-rest /api/export-design-md — documented pattern)
- 12 cortex_tools (13 minus PC-svrnty.tool-cortex-plugin orphan; 2 invoked
  at runtime: L6-svrnty.core-credentials + PG-svrnty.lib-quality-gates)
- 0 active credentials
- inherit_builtins: false, inherit_mcp_toolsets: false
- sovereign_only: false (INTENTIONAL — claudeCode lives INSIDE sandcastle
  isolation per CONTRACT.md §5; cto-agent itself runs sovereign qwen3.6)

Orphan removal: PC-svrnty.tool-cortex-plugin removed from external_tool_deps
(never cited in any cto skill body or lib — per RECOMMENDATIONS §4 C13).

Pending JP review (DISCLOSURE.md §12 — paused per Wave-3 hard rule):
- §12.1 ADD sandcastle as sovereign_api (governance-critical, may need
  DISCLOSURE-SCHEMA §4.6 amendment for external_orchestrators surface)
- §12.2 KEEP github-pat cred declaration (vault-absent; v2 PR-open needs it)
- §12.3 NOTE L6-svrnty.core-credentials runtime mode (cred-adjacent confirm)

Refs:
- sot/04-STANDARDS/DISCLOSURE-SCHEMA.md (schema_version 1)
- sot/04-STANDARDS/DISCLOSURE-TEMPLATE.md
- sot/06-REGISTRY/audits/RECOMMENDATIONS-cto-2026-05-24.md
- sot/06-REGISTRY/audits/AUDIT-cto-2026-05-24.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-24 15:59:55 -04:00
Svrnty
31d6ef72a6 docs(cto): CONTRACT.md catch-up to v1.0 MVP — drop scaffold-era language 
Audit cross-check flagged CONTRACT.md still claimed "v0.1 scaffold" + "v1.0
not yet implemented" throughout while README + skill frontmatter + manifest
all already said v1.0 MVP. This commit aligns CONTRACT to the actual ship state:

- frontmatter: status draft → active; description drops "v0.1 = scaffold;
  orchestrator unimplemented" → "v1.0 MVP shipped"
- §"Status:" line: v0.1 scaffold → v1.0 MVP shipped 2026-05-24
- §4 V1 scope: restructure into v1.0 SHIPPED / v1.1+ NEXT / v2+ DEFERRED.
  v1.0 SHIPPED now lists cto-agent executable + cto-python-toolkit +
  cto-angular-toolkit + lib/cto-worker.sh + kanban worker contract +
  approval gate enforcement.
- §5 invocation pattern: "(v1.0 plan)" → "(v1.0 — shipped via lib/cto-worker.sh)"
- §8 routing table: "(v1.0 — not yet implemented)" → "(v1.0 — shipped)"
- §10 build state: drop v0.1 scaffold-only language; "v1.0 MVP (current)"
  lists shipped deliverables; v1.1 next lists iteration loop / multi-stack
  / memory / observability.

Source-of-truth alignment: README v1.0 MVP, manifest v1.0.0, distribution
v1.0.0, skill SKILL.md v1.0.0, install.sh dropped scaffold notes — all
now consistent.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-24 13:40:14 -04:00
Svrnty
10f919746e feat(cto): v1.0 MVP — executable orchestrator + cto-worker.sh helper 
skills/cto-agent/SKILL.md: bumped 0.1.0 → 1.0.0; drop "v0.1 stub" banner;
operating loop now concrete (no more "v1.0 will…"); add explicit kanban
worker contract (kanban_complete | kanban_block required at task end —
fixes the protocol-violation noise observed in CTO validation testing).
Routing table updated: Python → cto-python-toolkit, Angular →
cto-angular-toolkit (the dedicated stack skills built earlier).
Added sot/-spec frontmatter fields (tier T2, status active, owner, source,
last_reviewed) per PROFILE-DISTRIBUTION-PROTOCOL §2.1.

lib/cto-worker.sh: orchestrator helper. 3 commands:
  - sandcastle <work-id> <target> <prompt> [provider] → invoke sandcastle
    via npx tsx + claudeCode + docker (default). Blocks reads against
    read-only siblings (hermes-agent, hermes-webui, marketingskills,
    sandcastle).
  - open-pr <work-id> <target> <title> <body> → resolves github-pat via
    credbridge (never in argv), pushes branch, creates PR. Returns URL.
  - emit-5w <work-id> <status> <summary> → prints 5W block (stdout
    captured by Hermes into kanban completion).

install.sh: invokes `hermes profile install --yes --force` for dispatch
readiness; chmod +x cto-worker.sh; drops v0.1 scaffold messages; sandcastle
sibling now REQUIRED (was just a WARN). Adds matching DRY echoes.

manifest.yaml + distribution.yaml: version 0.1.0 → 1.0.0; distribution_owned
adds lib/.

README.md: status v0.1 scaffold → v1.0 MVP; layout reflects 3 skills + lib/;
roadmap table refactored (v1.0 current / v1.1 next / v2 deferred).

Verified: hermes profile install → "✓ Installed 'cto-planb' v1.0.0".

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-24 13:02:10 -04:00
Svrnty
3a3503aa2e feat(cto): close Python+Angular stack gaps + PROFILE-DISTRIBUTION-PROTOCOL compliance 
AGENT.md: REQUIRED T2 frontmatter per §2.1.
manifest.yaml: REQUIRED governance: block per §2.2. Register new toolkit skills.
install.sh: chmod +x.

skills/cto-python-toolkit/SKILL.md (v0.1): closes Python stack gap inline.
References real workspace projects as exemplars: scripts/sot-precommit.py
(single-file CLI), bte-mcp/server.py + bte_core.py (FastMCP server),
svrnty-hermes-webui-plugin (PEP 621 + pytest.ini_options), curator/sweep.py
(mode flags + dry-run + stdlib-heavy). Sandcastle prompt template + post-
run quality-gate routing via PG-svrnty.lib-quality-gates.

skills/cto-angular-toolkit/SKILL.md (v0.1): closes Angular stack gap inline.
Anchored to adwright/adwright-console as canonical Plan B Angular reference
(Angular 21.2 + signals + standalone components + inject() + gRPC-web via
@protobuf-ts/grpcweb-transport + L6-svrnty.lib-cqrs-datasource). Sandcastle
prompt template + DESIGN.md compliance check for UI work.

CONTRACT.md §6: Python+Angular promoted from  generic → 🟡 skill-only
(no more "gap" marker). Documents path to  deep when cortex/ libs extract.
skills/cto-agent/SKILL.md: routing table updated — Python/Angular rows now
route to the toolkit skills instead of falling through to generic.

CLAUDE.md: site-map footer.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-24 12:37:11 -04:00
Svrnty
375417a29b feat(cto): initial scaffold v0.1.0 
C-suite instance #3 — CTO profile distribution. Thin orchestrator over
sandcastle for code-modifying work across .NET / Dart / Go / Rust /
Python / Angular / Bash stacks.

v0.1 = scaffold only. Orchestrator skill is a stub; v1.0 wires
executable sandcastle.run() invocation.

Scaffold contents (12 files):
- AGENT.md, CONTRACT.md (T1, 12 sections), CLAUDE.md, README.md
- manifest.yaml (14 external_tool_deps across 9 stacks)
- distribution.yaml (Hermes native install contract)
- install.sh (idempotent, --dry-run support), credbridge.sh (gh CLI)
- schema.sql (work_queue + invocations + agent_runtime)
- skills/cto-agent/SKILL.md (stub w/ per-stack routing table)
- .gitignore, .env.example

External tool catalog covers:
- typescript: sandcastle (mattpocock, MIT, v0.5.11)
- dotnet: lib-dotnet-cqrs, tool-cqrs-plugin, pi-bte-plugin
- dart: lib-cqrs-datasource (gRPC client to .NET CQRS)
- go: lib-llm, core-credentials, core-memory, tool-qa
- rust: core-runtime (zeroclaw)
- bash: tool-bash-plugin
- multi: lib-quality-gates (48 gates), lib-skills-engineering (28 patterns)
- cortex-os: tool-cortex-plugin

DESIGN.md (Google Labs spec) compliance documented — CTO ensures UI
work conforms when Stitch / other DESIGN.md consumers are downstream.

Companion changes in workspace:
- hermes/CLAUDE.md workspace map + .gitignore
- sdo/org.yaml: ceo.delegates_to=[cmo, cto], cto agent block
- sot/06-REGISTRY/EXTERNAL-REFS/SANDCASTLE.md (T2, active)
- sot/06-REGISTRY/CORTEX-TOOLING.md (T2, active)
- sot/README.md links updated

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-24 11:35:57 -04:00