--- name: cto-case-stage3-copied-repo-prd tier: local status: draft owner: jp source: .sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md created: 2026-06-01 last_reviewed: 2026-06-01 lifecycle_classification: planning core_promotion_status: not-promoted description: Child-local PRD for Stage 3 Case copied-repo fixture proof. --- # CTO Case Stage 3 Copied Repo PRD Local planning SOT only. Not a Core Protocol. Not active Core authority. ## Problem Statement Stage 2 proves Case can patch a copied artificial fixture through the CTO Harness. That does not prove Case is safe around a real repository shape. Stage 3 must prove the next narrow behavior: copy an owned local source repository into a fixture workspace, run Case only inside the copied fixture, and prove the source repository remains unchanged. ## Solution Add a Stage 3 copied-repo fixture route for the Hermes CTO harness. The route uses an owned local source repository only as read-only input. The harness copies that source into a runtime fixture, records source non-mutation proof, runs Case against the copied fixture, and accepts only Harness Evidence Interface proof. Stage 3 keeps all earlier gates. `case` remains disabled by default. `CTO_HARNESS_ALLOW_CASE=1` and `CTO_HARNESS_CASE_STAGE=3` are required before copied-repo Case execution. Missing gates mean blocked, not warning. Allowed mutation scope is `copied local repository fixture only`. Writable roots are limited to `runtime_workspace_root` and `run_artifact_dir`. Source repository, Target Repository, Case source, vendor source, external developer repositories, Hermes WebUI, and Cortex Core are read-only or forbidden. ## Scope - Define one copied-repo fixture proof route. - Require Stage 2 validated evidence before Stage 3 execution. - Require source repository ownership and local path classification before copy. - Require clean source repository status before copy. - Require clean copied fixture status before Case starts. - Require source repository HEAD and status proof before and after execution. - Require copied fixture clean ending tree after harness post-processing. - Preserve full Harness Evidence Interface artifacts. - Compare report shape, event order, allowed writes, tests, blockers, digests, and freshness against Stage 2 expectations. - Add dirty-starting-tree, dirty-ending-tree, timeout, and artifact-write-failure failure fixtures. ## Non-Goals - Do not mutate a Target Repository. - Do not mutate the source repository. - Do not use an external developer repository as source. - Do not push, merge, deploy, close, or open a pull request. - Do not resolve license or source admission for real-repo work. - Do not approve Stage 4, Stage 5, Stage 6, default backend status, WebUI Runtime behavior, or Core promotion. ## Acceptance Criteria - Stage 3 entry requires Stage 2 validated. - `CTO_HARNESS_ALLOW_CASE=1` remains required. - `CTO_HARNESS_CASE_STAGE=3` is required. - Missing Stage 3 gate blocks before Case starts. - Source repository is an owned local source, not a Target Repository and not external developer source. - Source repository clean status is recorded before copy. - Source repository HEAD and status are recorded before and after Case execution. - Source repository after-proof matches before-proof. - Copied fixture is created under the run artifact directory. - Case receives only the copied fixture path, task contract, allowed paths, forbidden actions, verification command, and evidence expectations. - Runtime writes are limited to `runtime_workspace_root` and `run_artifact_dir`. - Copied fixture starts clean after copy and baseline commit. - Copied fixture ends clean after harness post-processing. - `report.json` records `backend: case`, `case_process_started`, `source_repository_mutated: false`, `runtime_workspace_root`, `run_artifact_dir`, `changed_files`, `blockers`, `artifact_digests`, and freshness proof. - Required artifacts include `report.json`, `report.md`, `events.normalized.jsonl`, `trace.jsonl`, `patch.diff`, `test.log`, backend logs, source non-mutation proof, clean-start proof, and clean-end proof. - Failure fixtures cover dirty source start, dirty copied fixture start, dirty copied fixture end, timeout, artifact write failure, disallowed file, failed tests, and missing required event. - Fake remains the default validation lane. - No Stage 3 pass may be used as sandbox-repo, owned-repo, default-candidate, or Core promotion evidence beyond its stated scope. ## Validation - Focused validator: `python3 harness/runner/validate-case-stage3.py --harness-root harness --json`. - The Stage 3 validator must require Stage 2 validation first. - The validator must prove missing Stage 3 gate blocks before `case_process_started`. - The validator must prove source repository non-mutation with before/after HEAD and status evidence. - The validator must prove copied fixture clean start and clean end. - The validator must prove no Target Repository path is inspected or copied. - The validator must run required failure fixtures. - The validator must emit compact JSON with `ok`, `checked`, `errors`, pass artifact path, failure artifact paths, and source non-mutation proof path. - Broader Hermes health must run once after focused Stage 3 validation passes. - CTO child validator must require this PRD and issue artifact before Stage 3 implementation is governed. ## Risks - Copied-repo proof can be mistaken for real Target Repository approval. - Source repository mutation could happen through a leaked path if task contracts are weak. - Dirty tree handling can hide untracked files or generated artifacts. - Stage 3 can overfit to one toy repo and miss real-repo policy needs. ## Dependencies - Stage 2 Case artificial fixture is validated. - Harness Evidence Interface Contract is validated. - Case Adapter Contract is validated. - Case Failure Fixture Matrix is validated. - Real Case Qwen Stage 2 pass evidence exists. ## Success Definition Stage 3 is successful when Case changes only a copied local repository fixture, emits full Harness Evidence Interface proof, passes verification, fails closed for required copied-repo failure classes, and proves the source repository was not mutated. Stage 3 does not authorize sandbox, owned-repo, default backend, WebUI Runtime, or Core promotion behavior. ## Challenge Findings - Accepted: source non-mutation proof must include source HEAD and status before and after Case execution. - Accepted: clean copied-fixture start and clean copied-fixture end are separate proofs. - Rejected: running Stage 3 directly on a Target Repository. That skips the proof ladder.