hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: hermes:facca7f7432125f74511c73bc8cbe52f15bc0421
Branches Tags
hermes:jp
hermes:main
...
compare: hermes:46b7296cb25eaccdd0939f78ebedd1004876d936
Branches Tags
hermes:main
hermes:jp

7 Commits
facca7f743 ... 46b7296cb2

Author SHA1 Message Date
Svrnty
46b7296cb2 Merge CTO Core route admission guard 2026-06-02 07:11:56 -04:00
Svrnty
d69b6b9ad8 Add CTO Core route admission guard 2026-06-02 07:11:41 -04:00
Svrnty
205ce424e9 Merge CTO Core promotion decision packet 2026-06-02 07:00:46 -04:00
Svrnty
dd58709f0d Add CTO Core promotion decision packet 2026-06-02 07:00:34 -04:00
Svrnty
00d13f6b6f Merge Stage 6 repeatability refresh 2026-06-02 06:48:37 -04:00
Svrnty
c0ea3207d1 Record Stage 6 repeatability refresh 2026-06-02 06:48:26 -04:00
Svrnty
ae08dc4468 Record Stage 5 repeatability proof 2026-06-02 06:20:42 -04:00
18 changed files with 1902 additions and 0 deletions
Show Stats Expand all files Collapse all files

70
.sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-EVIDENCE.md Normal file
View File

@ -0,0 +1,70 @@
---
name: CTO Case Stage5 Repeatability Proof Evidence
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
---
# CTO Case Stage5 Repeatability Proof Evidence
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Workboard
- `CTO-WORK-078`
- `CTO-WORK-079`
- `CTO-WORK-080`
## Result
- Stage 5 repeatability proof
- second governed Stage 5 Case run
- status: validated
- approval_source: JP chat instruction on 2026-06-02 to execute repeatability proof
- r1-slugify-punctuation
- Runtime default activation remains false.
- Do not activate Case as default backend.
- This closeout does not authorize another Case run.
## Route Evidence
- Harness route commit: `99000f7d249d594bfc786f00a3008457accdda11`
- Harness route short commit: `99000f7`
- Fake baseline report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101410Z-r1-slugify-punctuation-2662313/report.json`
- Harness aggregate health: `pass`
- WebUI summary validator: `ok: true`
- WebUI summary path: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101651Z-run-all-fake-2667221/webui-summary.json`
## Execution Evidence
- Harness report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/report.json`
- Stage 5 proof: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/stage5-owned-repo-proof.json`
- target repository: `/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox`
- target commit: `2fa1601844c083ff1936151f9df23b94783216b8`
- target short commit: `2fa1601`
- case_process_started: true
- changed files: `src/strings.py`, `strings.py`, `test_strings.py`
- allowed paths passed: true
- forbidden paths passed: true
- no forbidden actions: true
- target repository start clean: true
- target repository ending clean: true
- operator outcome: `accepted`
- push, merge, deploy, close, PR open attempted: false
- public publication attempted: false
## Validation Evidence
- target command: `python3 -m pytest -q`
- target result: `11 passed`
- target child validator: `ok: true`
- Harness case validator: `passed: true`
- focused Stage 5 validator: `ok: true`
- WebUI plugin focused tests: `7 passed`
## Guard
No Core promotion occurs. Case remains a gated adapter behind the CTO Harness seam.

63
.sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-ISSUES.md Normal file
View File

@ -0,0 +1,63 @@
---
name: CTO Case Stage5 Repeatability Proof Issues
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
---
# CTO Case Stage5 Repeatability Proof Issues
Stage 5 repeatability proof.
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Issue: CTO-WORK-078 - Stage 5 Repeatability Proof PRD
Status: validated.
Acceptance:
- Define second governed Stage 5 Case run.
- Require `r1-slugify-punctuation`.
- Require admitted target repository.
- Require allowed paths.
- Require no Core promotion.
- No Core promotion occurs.
- Require Runtime default activation remains false.
## Issue: CTO-WORK-079 - Stage 5 Repeatability Harness Case Route
Status: validated.
Acceptance:
- Add Harness case `r1-slugify-punctuation`.
- Record Harness route commit `99000f7`.
- Fake baseline passes.
- Aggregate Harness health passes.
- WebUI summary validation passes.
## Issue: CTO-WORK-080 - Stage 5 Repeatability Evidence Closeout
Status: validated.
Acceptance:
- Record second governed Stage 5 Case run.
- Record approval_source: JP chat instruction on 2026-06-02 to execute repeatability proof.
- Reference report `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/report.json`.
- Reference Stage 5 proof `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/stage5-owned-repo-proof.json`.
- Record target commit `2fa1601`.
- Record case_process_started: true.
- Record changed files: `src/strings.py`, `strings.py`, `test_strings.py`.
- Record allowed paths passed: true.
- Record forbidden paths passed: true.
- Record target repository start clean: true.
- Record target repository ending clean: true.
- Record `11 passed`.
- State: Runtime default activation remains false.
- State: Do not activate Case as default backend.
- State: This closeout does not authorize another Case run.

62
.sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-PRD.md Normal file
View File

@ -0,0 +1,62 @@
---
name: CTO Case Stage5 Repeatability Proof PRD
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
---
# CTO Case Stage5 Repeatability Proof PRD
Stage 5 repeatability proof.
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem
The first governed Stage 5 run proved one approved Case mutation. CTO still needs a second governed Stage 5 Case run to prove repeatability without activating Case as default.
## Scope
- Add Harness case `r1-slugify-punctuation`.
- Use admitted target repository `/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox`.
- Limit writes to `strings.py`, `src/strings.py`, and `test_strings.py`.
- Use JP chat instruction on 2026-06-02 to execute the repeatability proof as the approval source.
- Run one Stage 5 Case Harness execution.
- Record Harness report, Stage 5 proof, target commit, validations, and WebUI summary validation.
## Non-goals
- Do not activate Case as default backend.
- Do not promote CTO artifacts into Core.
- No Core promotion occurs.
- Do not authorize another Case run.
- This closeout does not authorize another Case run.
- Do not push, merge, deploy, close, PR open, issue close, or publish.
- Do not store endpoint values, secret values, or credential values in SOT.
## Acceptance Criteria
- `CTO-WORK-078`, `CTO-WORK-079`, and `CTO-WORK-080` are validated.
- Harness route commit records `r1-slugify-punctuation`.
- Fake baseline passes.
- Live Stage 5 Case run passes.
- case_process_started: true.
- changed files: `src/strings.py`, `strings.py`, `test_strings.py`.
- allowed paths passed: true.
- forbidden paths passed: true.
- target repository start clean: true.
- target repository ending clean: true.
- target validation result is `11 passed`.
- Runtime default activation remains false.
- Harness route commit: `99000f7`.
- Target commit: `2fa1601`.
- Harness report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/report.json`.
- Stage 5 proof: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/stage5-owned-repo-proof.json`.
## Validation
- `python3 tools/validate_cto_child.py`
- `python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py`

84
.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-EVIDENCE.md Normal file
View File

@ -0,0 +1,84 @@
---
name: CTO Case Stage6 Repeatability Refresh Evidence
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-ISSUES.md
---
# CTO Case Stage6 Repeatability Refresh Evidence
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Stage 6 repeatability refresh.
## Workboard
- `CTO-WORK-081`
- `CTO-WORK-082`
- `CTO-WORK-083`
- `CTO-WORK-084`
## Result
- status: validated
- Stage 5 repeatability proof
- second governed Stage 5 Case run
- repeatability_count: 2
- repeatability_status: pass
- runtime_default_activation: false
- Runtime default activation remains false.
- core_promotion_status: not-promoted
- No Core promotion occurs.
- Do not activate Case as default backend.
- This closeout does not authorize another Case run.
- no target repository mutation attempted
## Route Evidence
- Hermes implementation commit: `05ab2ff`
- Hermes merge commit: `40b0d9a`
- repeat case: `r1-slugify-punctuation`
- repeat target commit: `2fa1601`
- first target commit: `7706f99`
- focused validator: `python3 harness/runner/validate-case-stage6-real-refresh.py --json`
- focused validator result: `ok: true`
- focused WebUI summary validator: `python3 harness/runner/validate-webui-summary.py --json`
- focused WebUI summary validator result: `ok: true`
- post-merge aggregate Harness health: `pass`
## Artifact Evidence
- first report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/report.json`
- first Stage 5 proof: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/stage5-owned-repo-proof.json`
- repeat report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/report.json`
- repeat Stage 5 proof: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/stage5-owned-repo-proof.json`
- post-merge comparison: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104507Z-stage6-real-governed-refresh/stage6-real-governed-refresh-comparison.json`
- post-merge WebUI summary: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104552Z-run-all-fake-2738738/webui-summary.json`
## Validation Facts
- report shape: pass
- event validity: pass
- allowed-path compliance: pass
- failure closure: pass
- failure matrix coverage carry-forward: pass
- artifact completeness: pass
- forbidden-action closure: pass
- operator acceptance: pass
- approval provenance: pass
- source admission freshness: current
- target validation: pass
- Target Repository read-only status: pass
- fake lane evidence: represented by prior Stage 6 comparison
- Codex lane: blocked with rationale
- Pi lane: blocked with rationale
- runtime default activation: false
- core promotion status: not-promoted
## Approval Provenance Note
Both Stage 5 proof artifacts record approval_source as `JP chat approval on 2026-06-01`. The second repeatability prose records JP chat instruction on 2026-06-02. The validator records proof approval provenance exactly and does not rewrite proof artifacts.

102
.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-ISSUES.md Normal file
View File

@ -0,0 +1,102 @@
---
name: CTO Case Stage6 Repeatability Refresh Issues
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-PRD.md
---
# CTO Case Stage6 Repeatability Refresh Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Stage 6 repeatability refresh.
## Issue: CTO-WORK-081 - Stage 6 Repeatability Refresh PRD
Type: AFK.
Status: validated.
Acceptance:
- Register `CTO-WORK-081`, `CTO-WORK-082`, `CTO-WORK-083`, and `CTO-WORK-084`.
- Define pinned inputs for `r1-src-string-slugify` and `r1-slugify-punctuation`.
- Require report shape, event validity, allowed-path compliance, failure closure, failure matrix coverage carry-forward, artifact completeness, forbidden-action closure, operator acceptance, approval provenance, source admission freshness, target validation, and Target Repository read-only status.
- Require fake lane evidence, Codex blocked rationale, and Pi blocked rationale.
- Require computed `repeatability_status` as `pass`, `blocked`, or `fail`.
- Require `repeatability_count: 2` for success.
- Require `runtime default activation: false`.
- Require `core_promotion_status: not-promoted`.
- Forbid new Case mutation, default activation, Core promotion, target mutation, push, merge, deploy, close, PR open, issue close, publication, vendor-source mutation, external developer repository mutation, unowned repository mutation, endpoint exposure, secret exposure, credential exposure, and raw Target Repository content exposure.
## Issue: CTO-WORK-082 - Stage 6 Repeatability Harness Route
Type: AFK.
Status: validated.
Blocked by: `CTO-WORK-081`.
Acceptance:
- Extend `validate-case-stage6-real-refresh.py`.
- Keep compatibility fields `real_stage5_pass_report` and `real_stage5_proof`.
- Add `repeat_stage5_pass_report` and `repeat_stage5_proof`.
- Add `real_stage5_passes`.
- Add `repeatability_required: 2`.
- Add `repeatability_count: 2`.
- Add `repeatability_status: pass`.
- Add `repeatability_passed: true`.
- Add `runtime_default_activation: false`.
- Add `core_promotion_status: not-promoted`.
- Focused validator passes.
- Aggregate Harness health passes before commit and after merge.
## Issue: CTO-WORK-083 - Hermes Repeatability Control Summary
Type: AFK.
Status: validated.
Blocked by: `CTO-WORK-082`.
Acceptance:
- Hermes Control Surface summary reads the extended real-governed refresh artifact.
- Summary exposes `repeatability_count: 2`.
- Summary exposes `repeatability_status: pass`.
- Summary exposes `candidate_default_repeatability_eligible: true`.
- Summary exposes `runtime_default_activation: false`.
- Summary exposes `core_promotion_status: not-promoted`.
- Summary keeps Codex lane and Pi lane blocked with rationale.
- Summary validator checks repeatability fields.
## Issue: CTO-WORK-084 - Stage 6 Repeatability Evidence Closeout
Type: AFK.
Status: validated.
Blocked by: `CTO-WORK-083`.
Acceptance:
- Evidence references Hermes implementation commit `05ab2ff`.
- Evidence references Hermes merge commit `40b0d9a`.
- Evidence references comparison artifact `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104507Z-stage6-real-governed-refresh/stage6-real-governed-refresh-comparison.json`.
- Evidence references WebUI summary artifact `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104552Z-run-all-fake-2738738/webui-summary.json`.
- Evidence records `repeatability_count: 2`.
- Evidence records `repeatability_status: pass`.
- Evidence records `runtime_default_activation: false`.
- Evidence records `core_promotion_status: not-promoted`.
- Evidence records no target repository mutation attempted.
- Evidence records no forbidden action.
- CTO validator checks PRD, issues, evidence, and Workboard statuses.
## Granularity Check
This sequence separates planning, Harness evidence refresh, Control Surface exposure, and closeout evidence. The Hermes code shipped the Harness and summary changes together because the summary is a read-only projection over the same artifact.

95
.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-PRD.md Normal file
View File

@ -0,0 +1,95 @@
---
name: CTO Case Stage6 Repeatability Refresh PRD
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-EVIDENCE.md
---
# CTO Case Stage6 Repeatability Refresh PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Stage 6 repeatability refresh.
## Problem
CTO has two governed Stage 5 Case passes in the admitted Target Repository. Existing Stage 6 real-governed refresh evidence consumed only the first pass. CTO needs a read-only refresh that proves repeatability across both passes before any later candidate-default decision discussion.
## Solution
Extend the existing Stage 6 real-governed refresh seam. The seam reads two pinned Harness Evidence Interface report and proof pairs, verifies both governed passes against Stage 6 dimensions, records computed repeatability status, and exposes repeatability through the Hermes Control Surface summary.
## Pinned Inputs
- first case_id: `r1-src-string-slugify`
- first run_id: `20260601T105222Z-r1-src-string-slugify-180161`
- first report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/report.json`
- first Stage 5 proof: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/stage5-owned-repo-proof.json`
- first target commit: `7706f99`
- first expected changed files: `src/strings.py`, `test_strings.py`
- repeat case_id: `r1-slugify-punctuation`
- repeat run_id: `20260602T101450Z-r1-slugify-punctuation-2663598`
- repeat report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/report.json`
- repeat Stage 5 proof: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/stage5-owned-repo-proof.json`
- repeat target commit: `2fa1601`
- repeat expected changed files: `src/strings.py`, `strings.py`, `test_strings.py`
## Scope
- Validate both report/proof pairs.
- Verify report shape, event validity, allowed-path compliance, failure closure, failure matrix coverage carry-forward, artifact completeness, forbidden-action closure, operator acceptance, approval provenance, source admission freshness, target validation, and Target Repository read-only status.
- Require fake lane evidence from prior Stage 6.
- Keep Codex lane blocked with rationale.
- Keep Pi lane blocked with rationale.
- Record computed `repeatability_status` as `pass`, `blocked`, or `fail`.
- Record `repeatability_count: 2` when both pinned passes validate.
- Record `runtime default activation: false`.
- Record `core_promotion_status: not-promoted`.
- Expose repeatability count, status, comparison path, and default activation false through Hermes Control Surface summary.
## Non-Goals
- Do not run a new Case mutation.
- Do not activate Case as default backend.
- Do not promote CTO artifacts into Core.
- Do not mutate a Target Repository.
- Do not push, merge, deploy, close, PR open, issue close, publish, mutate vendor source, mutate external developer repositories, mutate unowned repositories, expose endpoint values, expose secret values, expose credential values, or expose raw Target Repository content.
- Do not replace Core authority with CTO, Hermes, Harness, Case, Pi, Codex, or any execution backend.
## Acceptance Criteria
- `CTO-WORK-081`, `CTO-WORK-082`, `CTO-WORK-083`, and `CTO-WORK-084` are validated.
- `validate-case-stage6-real-refresh.py` consumes both pinned report/proof pairs.
- `validate-case-stage6-real-refresh.py` records `repeatability_count: 2`.
- `validate-case-stage6-real-refresh.py` records `repeatability_status: pass`.
- `validate-case-stage6-real-refresh.py` records `runtime_default_activation: false`.
- `validate-case-stage6-real-refresh.py` records `core_promotion_status: not-promoted`.
- Hermes Control Surface summary records `repeatability_count: 2`.
- Hermes Control Surface summary records `repeatability_status: pass`.
- Hermes Control Surface summary records `candidate_default_repeatability_eligible: true`.
- Hermes Control Surface summary records `runtime_default_activation: false`.
- Validators reject missing artifacts, failed pass facts, target mutation, default activation, Core promotion, forbidden actions, missing approval provenance, stale source admission, and secret-shaped keys.
## Validation
- `python3 harness/runner/validate-case-stage6-real-refresh.py --json`
- `python3 harness/runner/validate-webui-summary.py --json`
- `harness/evals/health.sh --json`
- `python3 tools/validate_cto_child.py`
- `python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py`
## Risks
- Repeatability evidence can be misread as default authority. Mitigation: record runtime default activation false in every artifact.
- A second pass can overstate readiness if failure closure is ignored. Mitigation: require prior Stage 6 failure closure.
- Artifact paths can drift. Mitigation: validators load files from pinned artifact paths.
- Approval provenance can drift between prose and proof. Mitigation: validator records proof `approval_source` exactly and evidence records the mismatch.
- Control Surface wording can imply governance. Mitigation: Core promotion remains not-promoted.
## Success Definition
CTO has validated child-local evidence that Case passed two distinct governed Stage 5 tasks through the CTO Harness seam, Hermes exposes that repeatability evidence read-only, runtime default activation remains false, and Core promotion remains not-promoted.

129
.sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-CLOSEOUT.md Normal file
View File

@ -0,0 +1,129 @@
---
name: CTO Core Promotion Decision Packet Closeout
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
source: .sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-RECORD.md
---
# CTO Core Promotion Decision Packet Closeout
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Core Promotion Decision Packet.
## Workboard
- `CTO-WORK-085`
- `CTO-WORK-086`
- `CTO-WORK-087`
- `CTO-WORK-088`
## Result
- status: validated
- validated child-local repeatability evidence; not Core promotion; not Runtime default activation
- decision_status: core_promotion_requested
- ready_for_core_review: true
- recommended_next_decision: open_governed_core_prd_route
- recommendation_status: candidate_only_until_core_route_admission_guard_passes
- candidate_default_repeatability_eligible: true
- repeatability_count: 2
- repeatability_status: pass
- runtime_default_activation: false
- core_promotion_status: not-promoted
- Runtime default activation remains false.
- No Core promotion occurs.
- No Core mutation occurs.
- no target repository mutation attempted
- no Case execution attempted
- Do not activate Case as default backend.
- This closeout does not authorize another Case run.
## Evidence Map
| Evidence | Status | Pointer |
| --- | --- | --- |
| Governed execution evidence | validated | `CTO-WORK-071` |
| Hermes live smoke remote sync | validated | `CTO-WORK-075` |
| CTO endgoal completion audit | validated | `CTO-WORK-077` |
| Stage 5 repeatability evidence | validated | `CTO-WORK-080` |
| Stage 6 repeatability PRD | validated | `CTO-WORK-081` |
| Stage 6 repeatability Harness route | validated | `CTO-WORK-082` |
| Hermes repeatability control summary | validated | `CTO-WORK-083` |
| Stage 6 repeatability evidence closeout | validated | `CTO-WORK-084` |
## Artifact Evidence
- Stage 6 repeatability comparison artifact: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104507Z-stage6-real-governed-refresh/stage6-real-governed-refresh-comparison.json`
- Hermes WebUI summary artifact: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104552Z-run-all-fake-2738738/webui-summary.json`
- first governed Stage 5 report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/report.json`
- repeat governed Stage 5 report: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/report.json`
- first target commit: `7706f99`
- repeat target commit: `2fa1601`
- Hermes implementation commit: `05ab2ff`
- Hermes merge commit: `40b0d9a`
- CTO baseline merge commit before this packet: `00d13f6`
## Readiness Facts
- Cortex governs: proven
- CTO routes: proven
- Hermes controls: proven
- Harness proves: proven
- Case executes only after proof: proven
- bounded code changes with evidence: proven
- target repos stay owned and protected: proven
- default status is earned not assumed: proven
- candidate-default evidence: proven
- repeatability_count: 2
- repeatability_status: pass
- candidate_default_repeatability_eligible: true
- runtime_default_activation: false
- core_promotion_status: not-promoted
- Codex lane: blocked with rationale
- Pi lane: blocked with rationale
## Future Core Route Requirements
Any future Core route must:
- start from the Core workspace, not this CTO workspace;
- pass a Core Route Admission Guard showing an idle governed Core route and no active conflicting Core worktree;
- classify the promoted object class before mutation;
- obey the Core Sequence Protocol;
- update Core SOT only through a governed Core PRD and SOT Issue route;
- add Core validator coverage before any promotion claim;
- produce Core Evidence before any Core authority claim;
- keep runtime default activation separate from candidate-default readiness;
- preserve no-secret, no-endpoint-value, no-raw-Target-Repository-content rules;
- preserve rollback by keeping Case disabled until a later governed route changes runtime default activation.
## Blockers Before Promotion
- No Core PRD exists for CTO promotion.
- No Core SOT Issue exists for CTO promotion.
- No Core validator for CTO promotion exists.
- No Core Evidence file exists for CTO promotion.
- No Core Sequence Protocol route has selected CTO promotion as current work.
- Runtime default activation remains false.
## Explicit Non-Authority
This packet is a decision packet, not execution evidence, not Core Evidence, not a Core Protocol, not a runtime switch, and not a promotion approval.
Do not push, merge, deploy, close, PR open, issue close, publish, mutate vendor source, mutate external developer repositories, mutate unowned repositories, expose endpoint values, expose secret values, expose credential values, or expose raw Target Repository content.
Do not treat Case, Hermes, Pi, Codex, Harness, or CTO as Cortex OS authority.
## Validation
- `python3 tools/validate_cto_child.py`: required
- `python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py`: required before final claim
## Decision
CTO evidence is ready for Core review. The next pragmatic move is candidate-only: open a governed Core PRD route only after the Core Route Admission Guard passes and only if JP or a governed Core route chooses to pursue promotion. Until that separate route exists and passes Core validators, Core promotion remains not-promoted and runtime default activation remains false.

111
.sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-ISSUES.md Normal file
View File

@ -0,0 +1,111 @@
---
name: CTO Core Promotion Decision Packet Issues
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
source: .sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-PRD.md
---
# CTO Core Promotion Decision Packet Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Core Promotion Decision Packet.
## Issue: CTO-WORK-085 - Core Promotion Decision Packet PRD
Type: AFK.
Status: validated.
Acceptance:
- Define child-local packet scope.
- Add Core Promotion Decision Packet to `CONTEXT.md`.
- Define allowed decision states: `not_decided`, `core_promotion_requested`, and `core_promotion_deferred`.
- Require `ready_for_core_review: true`.
- Require candidate_default_repeatability_eligible: true.
- Require repeatability_count: 2.
- Require repeatability_status: pass.
- Require runtime_default_activation: false.
- Require core_promotion_status: not-promoted.
- Require recommended_next_decision: open_governed_core_prd_route.
- Require Core Sequence Protocol route required.
- Require Core validator coverage required.
- Require runtime default activation requires a separate governed Core route.
- Forbid Core mutation, Target Repository mutation, Case execution, default activation, push, merge, deploy, close, PR open, issue close, publication, vendor-source mutation, external developer repository mutation, unowned repository mutation, endpoint exposure, secret exposure, credential exposure, and raw Target Repository content exposure.
## Issue: CTO-WORK-086 - Core Promotion Decision Record
Type: AFK.
Status: validated.
Blocked by: `CTO-WORK-085`.
Acceptance:
- Create the Core Promotion Decision Record.
- Record `decision_status: core_promotion_requested`.
- Record allowed decision states: `not_decided`, `core_promotion_requested`, and `core_promotion_deferred`.
- Record resolver: JP or governed Core route.
- Record `ready_for_core_review: true`.
- Record candidate_default_repeatability_eligible: true.
- Record repeatability_count: 2.
- Record repeatability_status: pass.
- Record runtime_default_activation: false.
- Record core_promotion_status: not-promoted.
- Record recommended_next_decision: open_governed_core_prd_route.
- Record Core Sequence Protocol route required.
- Record Core validator coverage required.
- Record no Core mutation, no Target Repository mutation, no Case execution, and no default activation.
## Issue: CTO-WORK-087 - Core Promotion Decision Packet Closeout
Type: AFK.
Status: validated.
Blocked by: `CTO-WORK-086`.
Acceptance:
- Create the Core Promotion Decision Packet closeout.
- Map evidence from `CTO-WORK-071`, `CTO-WORK-075`, `CTO-WORK-077`, `CTO-WORK-080`, `CTO-WORK-081`, `CTO-WORK-082`, `CTO-WORK-083`, and `CTO-WORK-084`.
- Reference Stage 6 repeatability comparison artifact.
- Reference Hermes WebUI summary artifact.
- Record validated child-local repeatability evidence; not Core promotion; not Runtime default activation.
- State Runtime default activation remains false.
- State No Core promotion occurs.
- State Do not activate Case as default backend.
- State This closeout does not authorize another Case run.
## Issue: CTO-WORK-088 - Core Promotion Decision Packet Validation
Type: AFK.
Status: validated.
Blocked by: `CTO-WORK-087`.
Acceptance:
- Update `tools/validate_cto_child.py`.
- Register `CTO-WORK-085`, `CTO-WORK-086`, `CTO-WORK-087`, and `CTO-WORK-088`.
- Require PRD, issue sequence, decision record, and closeout phrases.
- Require Workboard statuses validated.
- Require `python3 tools/validate_cto_child.py` to pass.
- Require `python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py` before final claim.
## Granularity Check
This sequence is one vertical CTO route: define the decision packet contract, record the fail-closed decision state, close out the packet against existing evidence, and validate the packet. It deliberately avoids a Core implementation slice because Core promotion is a separate governed decision.
## Challenge Notes
- `$to-issues` output stays AFK because the work is child-local documentation plus validator coverage.
- `$improve-codebase-architecture` feedback accepted: do not add a new runtime seam when the SOT plus validator seam is enough.
- `$grill-with-docs` feedback accepted: use `ready_for_core_review` and `Core Promotion Decision Packet`, not promoted, approved, or runtime default active.

134
.sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-PRD.md Normal file
View File

@ -0,0 +1,134 @@
---
name: CTO Core Promotion Decision Packet PRD
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-EVIDENCE.md
---
# CTO Core Promotion Decision Packet PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Core Promotion Decision Packet.
## Problem Statement
CTO now has validated child-local evidence through Stage 6 repeatability: two governed Stage 5 Case passes, a read-only Stage 6 repeatability refresh, Hermes Control Surface replay data, runtime default activation false, and Core promotion status not-promoted. Without one compact decision packet, the next operator or Core route has to reconstruct readiness from many artifacts and can misread candidate-default readiness as promotion or runtime default authority.
## Solution
Create a child-local Core Promotion Decision Packet that maps validated CTO evidence to one future governed Core review decision. The packet records `decision_status: core_promotion_requested`, `ready_for_core_review: true`, `candidate_default_repeatability_eligible: true`, `runtime_default_activation: false`, and `core_promotion_status: not-promoted`. It recommends opening a separate governed Core PRD route only after a Core Route Admission Guard passes. It does not mutate Core, promote CTO artifacts, activate Case as runtime default, or authorize another Case run.
## Scope
- Register `CTO-WORK-085`, `CTO-WORK-086`, `CTO-WORK-087`, and `CTO-WORK-088`.
- Define the packet as child-local CTO planning only.
- Define allowed decision states: `not_decided`, `core_promotion_requested`, and `core_promotion_deferred`.
- Set the current decision state to `core_promotion_requested` as a request for Core review, not as promotion approval.
- Map evidence from `CTO-WORK-071`, `CTO-WORK-075`, `CTO-WORK-077`, `CTO-WORK-080`, `CTO-WORK-081`, `CTO-WORK-082`, `CTO-WORK-083`, and `CTO-WORK-084`.
- Include repeatability_count: 2.
- Include repeatability_status: pass.
- Include candidate_default_repeatability_eligible: true.
- Include runtime_default_activation: false.
- Include Core promotion status not-promoted.
- Reference the Stage 6 repeatability comparison artifact.
- Reference the Hermes WebUI summary artifact.
- Record the recommended next decision as `open_governed_core_prd_route`.
- State Core Sequence Protocol route required before any Core mutation.
- State Core validator coverage required before any Core promotion claim.
- State runtime default activation requires a separate governed Core route.
- State no new target repository mutation occurs.
- State no Core file mutation occurs in this CTO slice.
- Preserve secrets, endpoints, credential values, and raw Target Repository content out of SOT.
## Non-Goals
- Do not promote CTO artifacts into Core.
- Do not activate Case as default backend.
- Do not run Case.
- Do not mutate target repositories.
- Do not mutate `../core/`.
- Do not edit upstream `hermes-webui`.
- Do not edit upstream `hermes-agent`.
- Do not create Runtime behavior.
- Do not create a new backend, provider, adapter, harness command, or WebUI control.
- Do not push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, external developer repository mutation, unowned repository mutation, endpoint exposure, secret exposure, credential exposure, or raw Target Repository content exposure.
- Do not treat Case, Hermes, Pi, Codex, Harness, or CTO as Cortex OS authority.
## User Stories
1. As JP, I want one compact readiness packet, so that I can decide whether to open a governed Core review without reading every CTO artifact first.
2. As Cortex OS Core, I want child-local evidence to remain child-local until routed, so that promotion cannot happen by wording.
3. As CTO, I want candidate-default readiness separated from runtime default activation, so that repeatability evidence cannot become execution authority.
4. As Hermes, I want replay paths preserved in the packet, so that proof can be inspected without copying runtime artifacts into SOT.
5. As a future Core agent, I want explicit blockers and required validators, so that a Core PRD route can start from a clear contract.
## Implementation Decisions
- The packet is a SOT document in the CTO workspace, not a generated artifact and not a Core Protocol.
- The packet is the interface for this slice; no runtime module, adapter, or new command is introduced.
- The decision record uses only `not_decided`, `core_promotion_requested`, and `core_promotion_deferred`.
- The packet records `ready_for_core_review: true` rather than `promoted`, `approved`, or `runtime_default_active`.
- The packet maps evidence by Workboard IDs and replay artifact paths instead of copying runtime JSON, proof logs, or raw Target Repository content.
- The packet's next action is a decision route: `open_governed_core_prd_route`.
- The packet's next action is candidate-only until the Core Route Admission Guard passes.
- Any later promotion must happen from the Core workspace under the Core Sequence Protocol, Core object classification, Core validators, and Core Evidence.
## Testing Decisions
- Test at the highest existing seam: `python3 tools/validate_cto_child.py`.
- Validator coverage must require the packet files, Workboard IDs, readiness fields, authority guards, replay paths, and forbidden-action language.
- Core caveman prose discipline remains required before claim or final answer.
- No Harness aggregate is required for this slice because no Hermes, Harness, Case, or Target Repository behavior changes.
## Challenge Review
- `$zoom-out`: accepted. The packet maps the vertical chain: Cortex governs, CTO routes, Hermes controls, Harness proves, Case executes, Target Repository stays owned.
- `$improve-codebase-architecture`: accepted. The deepest useful interface is the existing SOT plus validator seam; adding a runtime abstraction would create shallow machinery.
- `$grill-with-docs`: accepted. `Core Promotion Decision Packet` is added to `CONTEXT.md`, and the canonical readiness term is `ready_for_core_review`.
- Reviewer feedback accepted: use a separate decision record and closeout so the decision state is fail-closed and the validation proof is explicit.
- Reviewer feedback accepted: preserve exact guard phrases `No Core promotion occurs.`, `Do not activate Case as default backend.`, and `This closeout does not authorize another Case run.`
- Rejected feedback: promote directly into Core now. This is an irreversible authority choice and requires a governed Core route.
- Rejected feedback: activate Case as runtime default now. Repeatability proves review readiness only; default activation needs separate Core authority.
## Acceptance Criteria
- `WORKBOARD.yaml` records `CTO-WORK-085`, `CTO-WORK-086`, `CTO-WORK-087`, and `CTO-WORK-088` as validated.
- `CONTEXT.md` defines Core Promotion Decision Packet.
- The PRD, issue sequence, decision record, and closeout all state Local planning SOT only. Not a Core Protocol. Not active Core authority.
- The decision record defines only `not_decided`, `core_promotion_requested`, and `core_promotion_deferred`.
- The packet records `decision_status: core_promotion_requested`.
- The packet records `ready_for_core_review: true`.
- The packet records `candidate_default_repeatability_eligible: true`.
- The packet records `repeatability_count: 2`.
- The packet records `repeatability_status: pass`.
- The packet records `runtime_default_activation: false`.
- The packet records `core_promotion_status: not-promoted`.
- The packet records `recommended_next_decision: open_governed_core_prd_route`.
- The packet states Core Sequence Protocol route required.
- The packet states Core validator coverage required.
- The packet states runtime default activation requires a separate governed Core route.
- The packet references the Stage 6 repeatability comparison artifact.
- The packet references the Hermes WebUI summary artifact.
- The packet states no Core mutation, no Target Repository mutation, no Case execution, and no default activation occur in this slice.
- The CTO validator checks the PRD, issue sequence, decision record, closeout, and Workboard statuses.
## Validation
- `python3 tools/validate_cto_child.py`
- `python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py`
## Risks And Dependencies
- Readiness language can be misread as promotion. Mitigation: require `ready_for_core_review`, `core_promotion_status: not-promoted`, and runtime default activation false.
- The future Core route can conflict with current Core Sequence Protocol priorities. Mitigation: the packet recommends review only and requires Core Sequence Protocol routing before Core mutation.
- Evidence paths can drift. Mitigation: packet records exact replay artifact paths and Workboard IDs.
- New CTO text can overstate authority. Mitigation: CTO validator requires authority guard phrases and forbidden-action language.
## Success Definition
CTO has one validated Core Promotion Decision Packet that says candidate-default evidence is ready for Core review, while Core promotion remains not-promoted, runtime default activation remains false, no Core or Target Repository mutation occurs, and any promotion must begin as a separate governed Core PRD route.

59
.sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-RECORD.md Normal file
View File

@ -0,0 +1,59 @@
---
name: CTO Core Promotion Decision Record
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
source: .sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-ISSUES.md
---
# CTO Core Promotion Decision Record
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Core Promotion Decision Packet.
## Decision State
- decision_status: core_promotion_requested
- allowed_decision_states: `not_decided`, `core_promotion_requested`, `core_promotion_deferred`
- resolver: JP or governed Core route
- ready_for_core_review: true
- recommended_next_decision: open_governed_core_prd_route
- recommendation_status: candidate_only_until_core_route_admission_guard_passes
- candidate_default_repeatability_eligible: true
- repeatability_count: 2
- repeatability_status: pass
- runtime_default_activation: false
- core_promotion_status: not-promoted
## Consequences
- `not_decided` means no Core promotion request exists.
- `core_promotion_requested` means CTO requests a future governed Core review. It does not grant Core authority.
- `core_promotion_deferred` means CTO evidence remains child-local and no Core route should be opened from this packet.
## Required Future Core Route
- Core Sequence Protocol route required.
- Core validator coverage required.
- Core Evidence required.
- Core PRD required.
- Core SOT Issue required.
- runtime default activation requires a separate governed Core route.
- Core promotion, if chosen later, must happen only in `core/` or a governed Core worktree, not `cto/`.
- Core route admission requires an idle governed Core route and no active conflicting Core worktree.
## Guardrails
- No Core promotion occurs.
- No Core mutation occurs.
- Runtime default activation remains false.
- Do not activate Case as default backend.
- no target repository mutation attempted
- no Case execution attempted
- This closeout does not authorize another Case run.
- This record does not authorize another Case run.
- Do not expose endpoint values, secret values, credential values, or raw Target Repository content.

66
.sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-CLOSEOUT.md Normal file
View File

@ -0,0 +1,66 @@
---
name: CTO Core Route Admission Guard Closeout
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
source: .sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD.md
---
# CTO Core Route Admission Guard Closeout
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Core Route Admission Guard.
## Workboard
- `CTO-WORK-089`
- `CTO-WORK-090`
- `CTO-WORK-091`
- `CTO-WORK-092`
## Result
- status: validated
- core_route_admission_status: not_admitted
- guard_status: blocked
- blocked_reason: active_or_conflicting_core_work_present
- do_not_touch_other_agent_work: true
- ready_for_core_route_review: true
- recommended_next_decision: open_governed_core_prd_route
- next_allowed_action: wait_or_open_later_core_route_when_idle
- idle_governed_core_route_required: true
- no_active_conflicting_core_worktree_required: true
- runtime_default_activation: false
- core_promotion_status: not-promoted
- No Core mutation occurs.
- No Core reservation occurs.
- No Core promotion occurs.
- Do not mutate `../core/`.
- Runtime default activation remains false.
- Do not activate Case as default backend.
- This closeout does not authorize another Case run.
## Evidence References
- `CTO-WORK-085`
- `CTO-WORK-086`
- `CTO-WORK-087`
- `CTO-WORK-088`
- `CTO-WORK-089`
- `CTO-WORK-090`
- Core Promotion Decision Packet remains child-local.
- Core route admission is blocked until future read-only checks pass.
- S135 conflict avoidance remains required when `CORE-WORK-172` or `core/worktrees/core-keyvault-authmd-promotion-135` is active.
## Validation
- `python3 tools/validate_cto_child.py`: required
- `python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py`: required before final claim
## Decision
Do not touch other agent work. Do not open or mutate a Core route from CTO while active or conflicting Core work exists. `recommended_next_decision: open_governed_core_prd_route` remains candidate-only until the guard passes.

101
.sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-ISSUES.md Normal file
View File

@ -0,0 +1,101 @@
---
name: CTO Core Route Admission Guard Issues
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
source: .sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-PRD.md
---
# CTO Core Route Admission Guard Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Core Route Admission Guard.
## Issue: CTO-WORK-089 - Core Route Admission Guard PRD
Type: AFK.
Status: validated.
Acceptance:
- Define Core Route Admission Guard.
- Require `core_route_admission_status: not_admitted`.
- Require `guard_status: blocked`.
- Require `blocked_reason: active_or_conflicting_core_work_present`.
- Require `do_not_touch_other_agent_work: true`.
- Require `ready_for_core_route_review: true`.
- Require `recommended_next_decision: open_governed_core_prd_route`.
- Require candidate-only recommendation until guard passes.
- Require `idle_governed_core_route_required: true`.
- Require `no_active_conflicting_core_worktree_required: true`.
- Require `runtime_default_activation: false`.
- Require `core_promotion_status: not-promoted`.
- Require `next_allowed_action: wait_or_open_later_core_route_when_idle`.
- Forbid Core mutation, Core reservation, Core promotion, other-agent worktree mutation, other-agent process termination, Case default activation, Case execution, target repository mutation, and mutation of `../core/`.
## Issue: CTO-WORK-090 - Core Route Admission Guard Record
Type: AFK.
Status: validated.
Blocked by: `CTO-WORK-089`.
Acceptance:
- Create the Core Route Admission Guard record.
- Record fail-closed status.
- Record `core_route_admission_status: not_admitted`.
- Record `ready_for_core_route_review: true`.
- Record `recommended_next_decision: open_governed_core_prd_route`.
- Record future read-only checks: Core worktree list, Core main status, active Core worktree status, Core Sequence Protocol route, and running Core validation processes.
- Record idle governed Core route required.
- Record no active conflicting Core worktree required.
- Record no Core mutation.
- Record no Core reservation.
- Record no Core promotion.
- Record Runtime default activation remains false.
- Record Do not activate Case as default backend.
## Issue: CTO-WORK-091 - Core Route Admission Guard Closeout
Type: AFK.
Status: validated.
Blocked by: `CTO-WORK-090`.
Acceptance:
- Create closeout.
- Reference `CTO-WORK-085`, `CTO-WORK-086`, `CTO-WORK-087`, `CTO-WORK-088`, `CTO-WORK-089`, and `CTO-WORK-090`.
- Record active or conflicting Core work blocks this route.
- Record S135 conflict avoidance.
- Record `next_allowed_action: wait_or_open_later_core_route_when_idle`.
- Record no Core mutation, no Core reservation, no Core promotion, and no runtime default activation.
## Issue: CTO-WORK-092 - Core Route Admission Guard Validation
Type: AFK.
Status: validated.
Blocked by: `CTO-WORK-091`.
Acceptance:
- Update `tools/validate_cto_child.py`.
- Register `CTO-WORK-089`, `CTO-WORK-090`, `CTO-WORK-091`, and `CTO-WORK-092`.
- Require PRD, issue, guard, and closeout phrases.
- Require Workboard statuses validated.
- Require `python3 tools/validate_cto_child.py` to pass.
- Require Core caveman prose discipline before final claim.
## Granularity Check
This is one vertical child-local guard: define the guard, record the fail-closed route state, close out the evidence, and validate it. It does not edit Core and does not overlap active Core S135 work.

128
.sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-PRD.md Normal file
View File

@ -0,0 +1,128 @@
---
name: CTO Core Route Admission Guard PRD
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
source: .sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-CLOSEOUT.md
---
# CTO Core Route Admission Guard PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Core Route Admission Guard.
## Problem Statement
CTO has a validated Core Promotion Decision Packet that says Case candidate-default evidence is ready for Core review. Core currently also has independent active work. Without a child-local admission guard, CTO can accidentally treat a ready packet as permission to open or mutate a Core route while another Core route is active.
## Solution
Add a child-local Core Route Admission Guard. The guard records the checks required before CTO may request a Core review route. It blocks while any active or conflicting Core worktree, Core validation process, Core Sequence Protocol route, or dirty Core main state exists. It does not reserve Core, edit Core, merge Core, or authorize runtime default activation.
## Scope
- Register `CTO-WORK-089`, `CTO-WORK-090`, `CTO-WORK-091`, and `CTO-WORK-092`.
- Add Core Route Admission Guard to `CONTEXT.md`.
- Define `core_route_admission_status: not_admitted`.
- Define `guard_status: blocked`.
- Define `blocked_reason: active_or_conflicting_core_work_present`.
- Define `ready_for_core_route_review: true`.
- Define `recommended_next_decision: open_governed_core_prd_route`.
- Require that recommendation to be candidate-only until the Core Route Admission Guard passes.
- Require `idle_governed_core_route_required: true`.
- Require `no_active_conflicting_core_worktree_required: true`.
- Require S135 conflict avoidance when `core/worktrees/core-keyvault-authmd-promotion-135` or `CORE-WORK-172` is active.
- Require read-only checks before any future Core route request: Core worktree list, Core main status, Core active worktree status, Core Sequence Protocol route, and running Core validation processes.
- Require the guard to fail closed when ownership is uncertain.
- Require `do_not_touch_other_agent_work: true`.
- Require no Core mutation.
- Require no Core reservation.
- Require no Core promotion.
- Require Do not mutate `../core/`.
- Require Core validator coverage.
- No Core mutation occurs.
- No Core reservation occurs.
- No Core promotion occurs.
- Require runtime_default_activation: false.
- Require core_promotion_status: not-promoted.
- Require the next allowed action to be `wait_or_open_later_core_route_when_idle`.
## Non-Goals
- Do not mutate Core.
- Do not mutate another agent worktree.
- Do not stop another agent process.
- Do not reserve Core.
- Do not open a Core PRD.
- Do not promote CTO artifacts into Core.
- Do not activate Case as default backend.
- Do not run Case.
- Do not mutate target repositories.
- Do not push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, external developer repository mutation, unowned repository mutation, endpoint exposure, secret exposure, credential exposure, or raw Target Repository content exposure.
## User Stories
1. As JP, I want CTO to refuse Core-route work when another agent owns the active Core lane, so other work is not disturbed.
2. As CTO, I want a fail-closed admission check, so a ready packet cannot become Core mutation authority.
3. As a future Core agent, I want explicit route prerequisites, so Core review starts only from a clean and selected route.
4. As Cortex OS Core, I want Core Sequence Protocol authority preserved, so child-local readiness cannot override current Core work.
## Implementation Decisions
- Use the existing CTO SOT plus validator seam; no runtime module is added.
- The guard status is `blocked` because active or conflicting Core work was observed during route selection.
- The guard records admission checks as requirements, not as a live lock or Core reservation.
- The guard may be superseded only by a later governed Core route or a later CTO record showing Core is idle and selected.
## Testing Decisions
- Test through `python3 tools/validate_cto_child.py`.
- Validator coverage must require guard files, Workboard statuses, fail-closed language, and no-Core-mutation language.
- Core caveman prose discipline remains required before final claim.
- No Core aggregate validation is required because this slice does not edit Core.
## Challenge Review
- `$zoom-out`: accepted. The guard sits between the CTO Core Promotion Decision Packet and any future Core PRD route.
- `$improve-codebase-architecture`: accepted. A SOT plus validator guard is the right seam; a live lock would create Core behavior from CTO.
- `$grill-with-docs`: accepted. The canonical term is Core Route Admission Guard.
- Rejected feedback: continue the active Core S135 worktree. JP explicitly said not to touch other agent work.
- Rejected feedback: create a Core reservation. CTO has no authority to reserve Core from child-local planning.
## Acceptance Criteria
- `WORKBOARD.yaml` records `CTO-WORK-089`, `CTO-WORK-090`, `CTO-WORK-091`, and `CTO-WORK-092` as validated.
- `CONTEXT.md` defines Core Route Admission Guard.
- Guard records `core_route_admission_status: not_admitted`.
- Guard records `guard_status: blocked`.
- Guard records `blocked_reason: active_or_conflicting_core_work_present`.
- Guard records `do_not_touch_other_agent_work: true`.
- Guard records `ready_for_core_route_review: true`.
- Guard records `runtime_default_activation: false`.
- Guard records `core_promotion_status: not-promoted`.
- Guard records `next_allowed_action: wait_or_open_later_core_route_when_idle`.
- Guard records `recommended_next_decision: open_governed_core_prd_route`.
- Guard records `idle_governed_core_route_required: true`.
- Guard records `no_active_conflicting_core_worktree_required: true`.
- Guard states no Core mutation, no Core reservation, no Core promotion, and no runtime default activation occur.
- Guard requires future read-only checks before any Core route request.
- CTO validator checks PRD, issues, guard, closeout, and Workboard statuses.
## Validation
- `python3 tools/validate_cto_child.py`
- `python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py`
## Risks And Dependencies
- The guard can be mistaken for Core authority. Mitigation: validator requires not-promoted status and no Core reservation language.
- Core state can change after this record. Mitigation: future route requests must re-check Core state read-only.
- Another agent's process can be misidentified. Mitigation: ownership uncertainty blocks rather than authorizes action.
## Success Definition
CTO has a validated child-local guard that prevents the Core Promotion Decision Packet from becoming a Core route request while Core has active or conflicting work. Core promotion remains not-promoted and runtime default activation remains false.

71
.sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD.md Normal file
View File

@ -0,0 +1,71 @@
---
name: CTO Core Route Admission Guard
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-02
last_reviewed: 2026-06-02
core_promotion_status: not-promoted
source: .sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-ISSUES.md
---
# CTO Core Route Admission Guard
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Core Route Admission Guard.
## Workboard
- `CTO-WORK-089`
- `CTO-WORK-090`
## Route State
- core_route_admission_status: not_admitted
- guard_status: blocked
- blocked_reason: active_or_conflicting_core_work_present
- do_not_touch_other_agent_work: true
- ready_for_core_route_review: true
- recommended_next_decision: open_governed_core_prd_route
- next_allowed_action: wait_or_open_later_core_route_when_idle
- idle_governed_core_route_required: true
- no_active_conflicting_core_worktree_required: true
- runtime_default_activation: false
- core_promotion_status: not-promoted
- No Core mutation occurs.
- No Core reservation occurs.
- No Core promotion occurs.
- Do not mutate `../core/`.
- Runtime default activation remains false.
- Do not activate Case as default backend.
- This guard does not authorize another Case run.
## Admission Checks Required Before Future Core Route Request
- Core worktree list read-only check.
- Core main status read-only check.
- Active Core worktree status read-only check.
- Core Sequence Protocol route check.
- Running Core validation process check.
- Idle governed Core route check.
- No active conflicting Core worktree check.
- S135 conflict avoidance check for `CORE-WORK-172` and `core/worktrees/core-keyvault-authmd-promotion-135`.
- Core validator coverage check after a future Core route exists.
- Ownership uncertainty blocks action.
## Blocked Actions
- Do not mutate Core.
- Do not mutate another agent worktree.
- Do not stop another agent process.
- Do not reserve Core.
- Do not open a Core PRD from CTO.
- Do not promote CTO artifacts into Core.
- Do not activate Case as default backend.
- Do not run Case.
- Do not mutate target repositories.
## Decision
The CTO Core Promotion Decision Packet remains ready for Core review, but `recommended_next_decision: open_governed_core_prd_route` is candidate-only. Core route admission is blocked until a later read-only check proves Core is idle or explicitly selected by Core authority.

8
CONTEXT.md
View File

@ -36,3 +36,11 @@ _Avoid_: Core authority, runtime default switch, backend approval source
**Governed Workflow Delegation**:
A bounded real coding task routed through CTO, approved through Hermes/operator policy, executed by an eligible backend, and accepted only through CTO Harness evidence.
_Avoid_: autonomous default execution, unmanaged Case task, direct repo mutation
**Core Promotion Decision Packet**:
A child-local CTO artifact that maps validated CTO evidence to a future governed Core decision route. It may request Core review, but it does not grant Core authority or runtime default activation.
_Avoid_: promotion approval, Core authority, runtime default switch
**Core Route Admission Guard**:
A child-local CTO guard that blocks a future Core review request when Core has active or conflicting work. It records route readiness checks, but it does not reserve Core, mutate Core, or override Core Sequence Protocol authority.
_Avoid_: Core reservation, Core work claim, promotion authority

8
README.md
View File

@ -54,6 +54,14 @@ This workspace is registered as a child-local planning workspace. Registration d
| |-- CTO-CASE-STAGE5-TARGET-REPOSITORY-ADMISSION.json
| |-- CTO-CASE-STAGE6-CANDIDATE-DEFAULT-PRD.md
| |-- CTO-CASE-STAGE6-CANDIDATE-DEFAULT-ISSUES.md
| |-- CTO-CORE-PROMOTION-DECISION-PACKET-PRD.md
| |-- CTO-CORE-PROMOTION-DECISION-PACKET-ISSUES.md
| |-- CTO-CORE-PROMOTION-DECISION-RECORD.md
| |-- CTO-CORE-PROMOTION-DECISION-PACKET-CLOSEOUT.md
| |-- CTO-CORE-ROUTE-ADMISSION-GUARD-PRD.md
| |-- CTO-CORE-ROUTE-ADMISSION-GUARD-ISSUES.md
| |-- CTO-CORE-ROUTE-ADMISSION-GUARD.md
| |-- CTO-CORE-ROUTE-ADMISSION-GUARD-CLOSEOUT.md
| |-- CTO-HERMES-CONTROL-SURFACE-PRD.md
| |-- CTO-HERMES-CONTROL-SURFACE-ISSUES.md
| |-- CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md

75
WORKBOARD.yaml
View File

@ -386,3 +386,78 @@ items:
status: validated
source: .sot/03-PROTOCOLS/CTO-ENDGOAL-COMPLETION-AUDIT-CLOSEOUT.md
owner: ""
- id: CTO-WORK-078
title: Stage 5 Repeatability Proof PRD
status: validated
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-PRD.md
owner: ""
- id: CTO-WORK-079
title: Stage 5 Repeatability Harness Case Route
status: validated
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-ISSUES.md
owner: ""
- id: CTO-WORK-080
title: Stage 5 Repeatability Evidence Closeout
status: validated
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-EVIDENCE.md
owner: ""
- id: CTO-WORK-081
title: Stage 6 Repeatability Refresh PRD
status: validated
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-PRD.md
owner: ""
- id: CTO-WORK-082
title: Stage 6 Repeatability Harness Route
status: validated
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-ISSUES.md
owner: ""
- id: CTO-WORK-083
title: Hermes Repeatability Control Summary
status: validated
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-ISSUES.md
owner: ""
- id: CTO-WORK-084
title: Stage 6 Repeatability Evidence Closeout
status: validated
source: .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-EVIDENCE.md
owner: ""
- id: CTO-WORK-085
title: Core Promotion Decision Packet PRD
status: validated
source: .sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-PRD.md
owner: ""
- id: CTO-WORK-086
title: Core Promotion Decision Record
status: validated
source: .sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-RECORD.md
owner: ""
- id: CTO-WORK-087
title: Core Promotion Decision Packet Closeout
status: validated
source: .sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-CLOSEOUT.md
owner: ""
- id: CTO-WORK-088
title: Core Promotion Decision Packet Validation
status: validated
source: .sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-ISSUES.md
owner: ""
- id: CTO-WORK-089
title: Core Route Admission Guard PRD
status: validated
source: .sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-PRD.md
owner: ""
- id: CTO-WORK-090
title: Core Route Admission Guard Record
status: validated
source: .sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD.md
owner: ""
- id: CTO-WORK-091
title: Core Route Admission Guard Closeout
status: validated
source: .sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-CLOSEOUT.md
owner: ""
- id: CTO-WORK-092
title: Core Route Admission Guard Validation
status: validated
source: .sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-ISSUES.md
owner: ""

536
tools/validate_cto_child.py
View File

@ -78,6 +78,20 @@ REQUIRED_FILES = [
".sot/03-PROTOCOLS/CTO-ENDGOAL-COMPLETION-AUDIT-PRD.md",
".sot/03-PROTOCOLS/CTO-ENDGOAL-COMPLETION-AUDIT-ISSUES.md",
".sot/03-PROTOCOLS/CTO-ENDGOAL-COMPLETION-AUDIT-CLOSEOUT.md",
".sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-PRD.md",
".sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-ISSUES.md",
".sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-EVIDENCE.md",
".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-PRD.md",
".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-ISSUES.md",
".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-EVIDENCE.md",
".sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-PRD.md",
".sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-ISSUES.md",
".sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-RECORD.md",
".sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-CLOSEOUT.md",
".sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-PRD.md",
".sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-ISSUES.md",
".sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD.md",
".sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-CLOSEOUT.md",
".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md",
".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md",
".sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-APPROVAL-PACKET.md",
@ -1299,6 +1313,349 @@ REQUIRED_SPARK_ENDPOINT_CONFIG_ISSUE_PHRASES = [
"Non-secret readiness check on 2026-06-01 showed `CTO_HARNESS_CASE_LOCAL_BASE_URL=missing`.",
]
REQUIRED_STAGE5_REPEATABILITY_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"CTO-WORK-078",
"CTO-WORK-079",
"CTO-WORK-080",
"Stage 5 repeatability proof",
"second governed Stage 5 Case run",
"r1-slugify-punctuation",
"99000f7",
"2fa1601",
"/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/report.json",
"/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/stage5-owned-repo-proof.json",
"case_process_started: true",
"changed files: `src/strings.py`, `strings.py`, `test_strings.py`",
"allowed paths passed: true",
"forbidden paths passed: true",
"target repository start clean: true",
"target repository ending clean: true",
"11 passed",
"Runtime default activation remains false.",
"Do not activate Case as default backend.",
"This closeout does not authorize another Case run.",
"No Core promotion occurs.",
]
REQUIRED_STAGE6_REPEATABILITY_REFRESH_PRD_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Stage 6 repeatability refresh",
"CTO-WORK-081",
"CTO-WORK-082",
"CTO-WORK-083",
"CTO-WORK-084",
"r1-src-string-slugify",
"r1-slugify-punctuation",
"/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T105222Z-r1-src-string-slugify-180161/report.json",
"/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T101450Z-r1-slugify-punctuation-2663598/report.json",
"report shape",
"event validity",
"allowed-path compliance",
"failure closure",
"failure matrix coverage carry-forward",
"artifact completeness",
"forbidden-action closure",
"operator acceptance",
"approval provenance",
"source admission freshness",
"repeatability_count: 2",
"repeatability_status: pass",
"runtime_default_activation: false",
"core_promotion_status: not-promoted",
]
REQUIRED_STAGE6_REPEATABILITY_REFRESH_ISSUE_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Stage 6 repeatability refresh",
"CTO-WORK-081",
"CTO-WORK-082",
"CTO-WORK-083",
"CTO-WORK-084",
"validate-case-stage6-real-refresh.py",
"real_stage5_passes",
"repeat_stage5_pass_report",
"repeat_stage5_proof",
"repeatability_required: 2",
"repeatability_count: 2",
"repeatability_status: pass",
"repeatability_passed: true",
"runtime_default_activation: false",
"core_promotion_status: not-promoted",
"05ab2ff",
"40b0d9a",
"/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104507Z-stage6-real-governed-refresh/stage6-real-governed-refresh-comparison.json",
"/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104552Z-run-all-fake-2738738/webui-summary.json",
]
REQUIRED_STAGE6_REPEATABILITY_REFRESH_EVIDENCE_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Stage 6 repeatability refresh",
"CTO-WORK-081",
"CTO-WORK-082",
"CTO-WORK-083",
"CTO-WORK-084",
"05ab2ff",
"40b0d9a",
"r1-slugify-punctuation",
"2fa1601",
"7706f99",
"/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104507Z-stage6-real-governed-refresh/stage6-real-governed-refresh-comparison.json",
"/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104552Z-run-all-fake-2738738/webui-summary.json",
"repeatability_count: 2",
"repeatability_status: pass",
"runtime_default_activation: false",
"core_promotion_status: not-promoted",
"no target repository mutation attempted",
"report shape: pass",
"event validity: pass",
"approval provenance: pass",
"source admission freshness: current",
"Codex lane: blocked with rationale",
"Pi lane: blocked with rationale",
"JP chat approval on 2026-06-01",
]
REQUIRED_CORE_PROMOTION_DECISION_PACKET_PRD_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Core Promotion Decision Packet",
"CTO-WORK-085",
"CTO-WORK-086",
"CTO-WORK-087",
"CTO-WORK-088",
"not_decided",
"core_promotion_requested",
"core_promotion_deferred",
"ready_for_core_review: true",
"candidate_default_repeatability_eligible: true",
"repeatability_count: 2",
"repeatability_status: pass",
"runtime_default_activation: false",
"core_promotion_status: not-promoted",
"recommended_next_decision: open_governed_core_prd_route",
"Core Sequence Protocol route required",
"Core validator coverage required",
"runtime default activation requires a separate governed Core route",
"No Harness aggregate is required for this slice",
"Do not promote CTO artifacts into Core.",
"Do not activate Case as default backend.",
"Do not mutate `../core/`.",
"No Core promotion occurs.",
"This closeout does not authorize another Case run.",
]
REQUIRED_CORE_PROMOTION_DECISION_PACKET_ISSUE_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Core Promotion Decision Packet",
"CTO-WORK-085",
"CTO-WORK-086",
"CTO-WORK-087",
"CTO-WORK-088",
"not_decided",
"core_promotion_requested",
"core_promotion_deferred",
"ready_for_core_review: true",
"candidate_default_repeatability_eligible: true",
"repeatability_count: 2",
"repeatability_status: pass",
"runtime_default_activation: false",
"core_promotion_status: not-promoted",
"recommended_next_decision: open_governed_core_prd_route",
"Core Sequence Protocol route required",
"Core validator coverage required",
"runtime default activation requires a separate governed Core route",
"validated child-local repeatability evidence; not Core promotion; not Runtime default activation",
"Runtime default activation remains false.",
"No Core promotion occurs.",
"Do not activate Case as default backend.",
"This closeout does not authorize another Case run.",
"python3 tools/validate_cto_child.py",
]
REQUIRED_CORE_PROMOTION_DECISION_RECORD_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Core Promotion Decision Packet",
"decision_status: core_promotion_requested",
"allowed_decision_states: `not_decided`, `core_promotion_requested`, `core_promotion_deferred`",
"resolver: JP or governed Core route",
"ready_for_core_review: true",
"recommended_next_decision: open_governed_core_prd_route",
"candidate_default_repeatability_eligible: true",
"repeatability_count: 2",
"repeatability_status: pass",
"runtime_default_activation: false",
"core_promotion_status: not-promoted",
"Core Sequence Protocol route required.",
"Core validator coverage required.",
"Core promotion, if chosen later, must happen only in `core/` or a governed Core worktree, not `cto/`.",
"No Core promotion occurs.",
"No Core mutation occurs.",
"Runtime default activation remains false.",
"Do not activate Case as default backend.",
"no target repository mutation attempted",
"no Case execution attempted",
"This closeout does not authorize another Case run.",
]
REQUIRED_CORE_PROMOTION_DECISION_PACKET_CLOSEOUT_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Core Promotion Decision Packet",
"CTO-WORK-085",
"CTO-WORK-086",
"CTO-WORK-087",
"CTO-WORK-088",
"validated child-local repeatability evidence; not Core promotion; not Runtime default activation",
"decision_status: core_promotion_requested",
"ready_for_core_review: true",
"recommended_next_decision: open_governed_core_prd_route",
"candidate_default_repeatability_eligible: true",
"repeatability_count: 2",
"repeatability_status: pass",
"runtime_default_activation: false",
"core_promotion_status: not-promoted",
"Runtime default activation remains false.",
"No Core promotion occurs.",
"No Core mutation occurs.",
"no target repository mutation attempted",
"no Case execution attempted",
"Do not activate Case as default backend.",
"This closeout does not authorize another Case run.",
"CTO-WORK-071",
"CTO-WORK-075",
"CTO-WORK-077",
"CTO-WORK-080",
"CTO-WORK-081",
"CTO-WORK-082",
"CTO-WORK-083",
"CTO-WORK-084",
"/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104507Z-stage6-real-governed-refresh/stage6-real-governed-refresh-comparison.json",
"/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260602T104552Z-run-all-fake-2738738/webui-summary.json",
"7706f99",
"2fa1601",
"05ab2ff",
"40b0d9a",
"00d13f6",
"Cortex governs: proven",
"Harness proves: proven",
"Case executes only after proof: proven",
"candidate-default evidence: proven",
"Codex lane: blocked with rationale",
"Pi lane: blocked with rationale",
"Core Sequence Protocol",
"No Core PRD exists for CTO promotion.",
"No Core SOT Issue exists for CTO promotion.",
"No Core validator for CTO promotion exists.",
"No Core Evidence file exists for CTO promotion.",
"No Core Sequence Protocol route has selected CTO promotion as current work.",
]
REQUIRED_CORE_ROUTE_ADMISSION_GUARD_PRD_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Core Route Admission Guard",
"CTO-WORK-089",
"CTO-WORK-090",
"CTO-WORK-091",
"CTO-WORK-092",
"core_route_admission_status: not_admitted",
"guard_status: blocked",
"blocked_reason: active_or_conflicting_core_work_present",
"do_not_touch_other_agent_work: true",
"ready_for_core_route_review: true",
"recommended_next_decision: open_governed_core_prd_route",
"idle_governed_core_route_required: true",
"no_active_conflicting_core_worktree_required: true",
"S135 conflict avoidance",
"Core Sequence Protocol route",
"Core validator coverage",
"No Core mutation occurs.",
"No Core reservation",
"No Core promotion occurs.",
"Do not mutate `../core/`.",
"runtime_default_activation: false",
"core_promotion_status: not-promoted",
"Do not activate Case as default backend.",
"No Core aggregate validation is required because this slice does not edit Core.",
]
REQUIRED_CORE_ROUTE_ADMISSION_GUARD_ISSUE_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Core Route Admission Guard",
"CTO-WORK-089",
"CTO-WORK-090",
"CTO-WORK-091",
"CTO-WORK-092",
"core_route_admission_status: not_admitted",
"guard_status: blocked",
"blocked_reason: active_or_conflicting_core_work_present",
"do_not_touch_other_agent_work: true",
"ready_for_core_route_review: true",
"recommended_next_decision: open_governed_core_prd_route",
"candidate-only recommendation until guard passes",
"idle governed Core route required",
"no active conflicting Core worktree required",
"S135 conflict avoidance",
"Runtime default activation remains false.",
"Do not activate Case as default backend.",
"python3 tools/validate_cto_child.py",
]
REQUIRED_CORE_ROUTE_ADMISSION_GUARD_RECORD_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Core Route Admission Guard",
"CTO-WORK-089",
"CTO-WORK-090",
"core_route_admission_status: not_admitted",
"guard_status: blocked",
"blocked_reason: active_or_conflicting_core_work_present",
"do_not_touch_other_agent_work: true",
"ready_for_core_route_review: true",
"recommended_next_decision: open_governed_core_prd_route",
"next_allowed_action: wait_or_open_later_core_route_when_idle",
"idle_governed_core_route_required: true",
"no_active_conflicting_core_worktree_required: true",
"runtime_default_activation: false",
"core_promotion_status: not-promoted",
"No Core mutation occurs.",
"No Core reservation occurs.",
"No Core promotion occurs.",
"Do not mutate `../core/`.",
"Runtime default activation remains false.",
"Do not activate Case as default backend.",
"This guard does not authorize another Case run.",
"S135 conflict avoidance check for `CORE-WORK-172` and `core/worktrees/core-keyvault-authmd-promotion-135`.",
"Ownership uncertainty blocks action.",
]
REQUIRED_CORE_ROUTE_ADMISSION_GUARD_CLOSEOUT_PHRASES = [
"Local planning SOT only. Not a Core Protocol. Not active Core authority.",
"Core Route Admission Guard",
"CTO-WORK-089",
"CTO-WORK-090",
"CTO-WORK-091",
"CTO-WORK-092",
"core_route_admission_status: not_admitted",
"guard_status: blocked",
"blocked_reason: active_or_conflicting_core_work_present",
"do_not_touch_other_agent_work: true",
"ready_for_core_route_review: true",
"recommended_next_decision: open_governed_core_prd_route",
"next_allowed_action: wait_or_open_later_core_route_when_idle",
"idle_governed_core_route_required: true",
"no_active_conflicting_core_worktree_required: true",
"runtime_default_activation: false",
"core_promotion_status: not-promoted",
"No Core mutation occurs.",
"No Core reservation occurs.",
"No Core promotion occurs.",
"Do not mutate `../core/`.",
"Runtime default activation remains false.",
"Do not activate Case as default backend.",
"This closeout does not authorize another Case run.",
"S135 conflict avoidance remains required when `CORE-WORK-172` or `core/worktrees/core-keyvault-authmd-promotion-135` is active.",
"Do not touch other agent work.",
"candidate-only until the guard passes",
]
def workboard_status(text: str, issue_id: str) -> str | None:
pattern = rf"- id: {re.escape(issue_id)}\n(?: .+\n)*? status: ([^\n]+)"
@ -1787,6 +2144,146 @@ def main() -> int:
if phrase not in text:
errors.append(f"missing_stage6_real_refresh_evidence_phrase:{phrase}")
stage5_repeatability_prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-PRD.md"
if stage5_repeatability_prd.is_file():
text = stage5_repeatability_prd.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("stage5_repeatability_prd_missing_not_promoted_frontmatter")
for phrase in REQUIRED_STAGE5_REPEATABILITY_PHRASES:
checked.append(f"stage5_repeatability_prd_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_stage5_repeatability_prd_phrase:{phrase}")
stage5_repeatability_issues = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-ISSUES.md"
if stage5_repeatability_issues.is_file():
text = stage5_repeatability_issues.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("stage5_repeatability_issues_missing_not_promoted_frontmatter")
for phrase in REQUIRED_STAGE5_REPEATABILITY_PHRASES:
checked.append(f"stage5_repeatability_issue_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_stage5_repeatability_issue_phrase:{phrase}")
stage5_repeatability_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE5-REPEATABILITY-PROOF-EVIDENCE.md"
if stage5_repeatability_evidence.is_file():
text = stage5_repeatability_evidence.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("stage5_repeatability_evidence_missing_not_promoted_frontmatter")
for phrase in REQUIRED_STAGE5_REPEATABILITY_PHRASES:
checked.append(f"stage5_repeatability_evidence_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_stage5_repeatability_evidence_phrase:{phrase}")
stage6_repeatability_prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-PRD.md"
if stage6_repeatability_prd.is_file():
text = stage6_repeatability_prd.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("stage6_repeatability_prd_missing_not_promoted_frontmatter")
for phrase in REQUIRED_STAGE6_REPEATABILITY_REFRESH_PRD_PHRASES:
checked.append(f"stage6_repeatability_prd_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_stage6_repeatability_prd_phrase:{phrase}")
stage6_repeatability_issues = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-ISSUES.md"
if stage6_repeatability_issues.is_file():
text = stage6_repeatability_issues.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("stage6_repeatability_issues_missing_not_promoted_frontmatter")
for phrase in REQUIRED_STAGE6_REPEATABILITY_REFRESH_ISSUE_PHRASES:
checked.append(f"stage6_repeatability_issue_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_stage6_repeatability_issue_phrase:{phrase}")
stage6_repeatability_evidence = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-STAGE6-REPEATABILITY-REFRESH-EVIDENCE.md"
if stage6_repeatability_evidence.is_file():
text = stage6_repeatability_evidence.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("stage6_repeatability_evidence_missing_not_promoted_frontmatter")
for phrase in REQUIRED_STAGE6_REPEATABILITY_REFRESH_EVIDENCE_PHRASES:
checked.append(f"stage6_repeatability_evidence_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_stage6_repeatability_evidence_phrase:{phrase}")
core_promotion_decision_packet_prd = ROOT / ".sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-PRD.md"
if core_promotion_decision_packet_prd.is_file():
text = core_promotion_decision_packet_prd.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("core_promotion_decision_packet_prd_missing_not_promoted_frontmatter")
for phrase in REQUIRED_CORE_PROMOTION_DECISION_PACKET_PRD_PHRASES:
checked.append(f"core_promotion_decision_packet_prd_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_core_promotion_decision_packet_prd_phrase:{phrase}")
core_promotion_decision_packet_issues = ROOT / ".sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-ISSUES.md"
if core_promotion_decision_packet_issues.is_file():
text = core_promotion_decision_packet_issues.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("core_promotion_decision_packet_issues_missing_not_promoted_frontmatter")
for phrase in REQUIRED_CORE_PROMOTION_DECISION_PACKET_ISSUE_PHRASES:
checked.append(f"core_promotion_decision_packet_issue_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_core_promotion_decision_packet_issue_phrase:{phrase}")
core_promotion_decision_record = ROOT / ".sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-RECORD.md"
if core_promotion_decision_record.is_file():
text = core_promotion_decision_record.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("core_promotion_decision_record_missing_not_promoted_frontmatter")
for phrase in REQUIRED_CORE_PROMOTION_DECISION_RECORD_PHRASES:
checked.append(f"core_promotion_decision_record_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_core_promotion_decision_record_phrase:{phrase}")
core_promotion_decision_packet_closeout = ROOT / ".sot/03-PROTOCOLS/CTO-CORE-PROMOTION-DECISION-PACKET-CLOSEOUT.md"
if core_promotion_decision_packet_closeout.is_file():
text = core_promotion_decision_packet_closeout.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("core_promotion_decision_packet_closeout_missing_not_promoted_frontmatter")
for phrase in REQUIRED_CORE_PROMOTION_DECISION_PACKET_CLOSEOUT_PHRASES:
checked.append(f"core_promotion_decision_packet_closeout_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_core_promotion_decision_packet_closeout_phrase:{phrase}")
core_route_admission_guard_prd = ROOT / ".sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-PRD.md"
if core_route_admission_guard_prd.is_file():
text = core_route_admission_guard_prd.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("core_route_admission_guard_prd_missing_not_promoted_frontmatter")
for phrase in REQUIRED_CORE_ROUTE_ADMISSION_GUARD_PRD_PHRASES:
checked.append(f"core_route_admission_guard_prd_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_core_route_admission_guard_prd_phrase:{phrase}")
core_route_admission_guard_issues = ROOT / ".sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-ISSUES.md"
if core_route_admission_guard_issues.is_file():
text = core_route_admission_guard_issues.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("core_route_admission_guard_issues_missing_not_promoted_frontmatter")
for phrase in REQUIRED_CORE_ROUTE_ADMISSION_GUARD_ISSUE_PHRASES:
checked.append(f"core_route_admission_guard_issue_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_core_route_admission_guard_issue_phrase:{phrase}")
core_route_admission_guard = ROOT / ".sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD.md"
if core_route_admission_guard.is_file():
text = core_route_admission_guard.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("core_route_admission_guard_missing_not_promoted_frontmatter")
for phrase in REQUIRED_CORE_ROUTE_ADMISSION_GUARD_RECORD_PHRASES:
checked.append(f"core_route_admission_guard_record_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_core_route_admission_guard_record_phrase:{phrase}")
core_route_admission_guard_closeout = ROOT / ".sot/03-PROTOCOLS/CTO-CORE-ROUTE-ADMISSION-GUARD-CLOSEOUT.md"
if core_route_admission_guard_closeout.is_file():
text = core_route_admission_guard_closeout.read_text(encoding="utf-8")
if "core_promotion_status: not-promoted" not in text:
errors.append("core_route_admission_guard_closeout_missing_not_promoted_frontmatter")
for phrase in REQUIRED_CORE_ROUTE_ADMISSION_GUARD_CLOSEOUT_PHRASES:
checked.append(f"core_route_admission_guard_closeout_phrase:{phrase}")
if phrase not in text:
errors.append(f"missing_core_route_admission_guard_closeout_phrase:{phrase}")
prd = ROOT / ".sot/03-PROTOCOLS/CTO-CASE-CANDIDATE-BACKEND-PRD.md"
if prd.is_file():
text = prd.read_text(encoding="utf-8")
@ -2320,6 +2817,14 @@ def main() -> int:
checked.append(f"workboard_id:{issue_id}")
if issue_id not in text:
errors.append(f"missing_workboard_id:{issue_id}")
for issue_id in ["CTO-WORK-085", "CTO-WORK-086", "CTO-WORK-087", "CTO-WORK-088"]:
checked.append(f"workboard_id:{issue_id}")
if issue_id not in text:
errors.append(f"missing_workboard_id:{issue_id}")
for issue_id in ["CTO-WORK-089", "CTO-WORK-090", "CTO-WORK-091", "CTO-WORK-092"]:
checked.append(f"workboard_id:{issue_id}")
if issue_id not in text:
errors.append(f"missing_workboard_id:{issue_id}")
expected_statuses = {
"CTO-WORK-001": "validated",
"CTO-WORK-002": "validated",
@ -2395,6 +2900,21 @@ def main() -> int:
"CTO-WORK-075": "validated",
"CTO-WORK-076": "validated",
"CTO-WORK-077": "validated",
"CTO-WORK-078": "validated",
"CTO-WORK-079": "validated",
"CTO-WORK-080": "validated",
"CTO-WORK-081": "validated",
"CTO-WORK-082": "validated",
"CTO-WORK-083": "validated",
"CTO-WORK-084": "validated",
"CTO-WORK-085": "validated",
"CTO-WORK-086": "validated",
"CTO-WORK-087": "validated",
"CTO-WORK-088": "validated",
"CTO-WORK-089": "validated",
"CTO-WORK-090": "validated",
"CTO-WORK-091": "validated",
"CTO-WORK-092": "validated",
}
for issue_id, expected in expected_statuses.items():
checked.append(f"workboard_status:{issue_id}:{expected}")
@ -2473,6 +2993,22 @@ def main() -> int:
errors.append("workboard_missing_qwen_local_admission_json_source")
if "CTO-CASE-SPARK-ENDPOINT-CONFIG-ISSUES.md" not in text:
errors.append("workboard_missing_spark_endpoint_config_issues_source")
if "CTO-CORE-PROMOTION-DECISION-PACKET-PRD.md" not in text:
errors.append("workboard_missing_core_promotion_decision_packet_prd_source")
if "CTO-CORE-PROMOTION-DECISION-PACKET-ISSUES.md" not in text:
errors.append("workboard_missing_core_promotion_decision_packet_issues_source")
if "CTO-CORE-PROMOTION-DECISION-RECORD.md" not in text:
errors.append("workboard_missing_core_promotion_decision_record_source")
if "CTO-CORE-PROMOTION-DECISION-PACKET-CLOSEOUT.md" not in text:
errors.append("workboard_missing_core_promotion_decision_packet_closeout_source")
if "CTO-CORE-ROUTE-ADMISSION-GUARD-PRD.md" not in text:
errors.append("workboard_missing_core_route_admission_guard_prd_source")
if "CTO-CORE-ROUTE-ADMISSION-GUARD-ISSUES.md" not in text:
errors.append("workboard_missing_core_route_admission_guard_issues_source")
if "CTO-CORE-ROUTE-ADMISSION-GUARD.md" not in text:
errors.append("workboard_missing_core_route_admission_guard_source")
if "CTO-CORE-ROUTE-ADMISSION-GUARD-CLOSEOUT.md" not in text:
errors.append("workboard_missing_core_route_admission_guard_closeout_source")
payload = {
"ok": not errors,