--- name: cto-case-stage5-owned-noncritical-repo-prd tier: local status: draft owner: jp source: .sot/03-PROTOCOLS/CTO-CASE-STAGED-PROOF-GATES.md created: 2026-06-01 last_reviewed: 2026-06-01 lifecycle_classification: planning core_promotion_status: not-promoted description: Child-local PRD for Stage 5 Case owned noncritical repository proof. --- # CTO Case Stage 5 Owned Noncritical Repository PRD Local planning SOT only. Not a Core Protocol. Not active Core authority. ## Problem Statement Stage 4 proves Case can change a disposable sandbox repository after approval. The next proof must show whether Case can safely work in an explicitly owned, low-risk, noncritical repository without expanding authority, bypassing approval, or treating a green test run as operator acceptance. ## Solution Add Stage 5 planning for an owned noncritical repository route behind the existing CTO Harness `case` seam. Stage 5 allowed mutation scope is `explicitly owned low-risk repository only`. Case may execute only when Stage 4 is validated, the Target Repository admission record proves ownership and noncritical status, JP approval is recorded, allowed paths are explicit, and the Harness records full evidence. ## Scope - Define Stage 5 entry gates, non-goals, acceptance criteria, validation, risks, dependencies, and success definition. - Require `CTO_HARNESS_ALLOW_CASE=1` and `CTO_HARNESS_CASE_STAGE=5` before owned repository execution. - Require explicit Target Repository ownership proof and noncritical classification. - Require allowed paths and forbidden actions before mutation. - Require approval requested/granted/denied events before mutation. - Require operator acceptance or rejection after the run. - Require full Harness Evidence Interface artifacts. - Keep fake as the default validation lane. ## Non-Goals - Do not make Case the default backend. - Do not authorize production, critical, customer, vendor, external developer, or unowned repository mutation. - Do not authorize push, merge, deploy, close, PR open, public publication, or issue closure by default. - Do not mutate Cortex Core, Hermes WebUI, Case source, vendor source, or external repositories. - Do not treat test pass as operator acceptance. - Do not promote child-local planning into Core. ## User Stories 1. As JP, I want Case tested in an owned noncritical repository, so that real-repo risk is proven before default candidacy. 2. As Cortex, I want ownership and noncritical classification recorded, so that execution never targets unknown repositories. 3. As Hermes, I want approval and replay evidence, so that every mutation is visible and reversible. 4. As CTO Harness, I want allowed paths and forbidden actions encoded before execution, so that Case cannot widen scope conversationally. 5. As an operator, I want post-run acceptance or rejection separated from test pass, so that proof and approval remain distinct. ## Acceptance Criteria - [ ] Stage 5 requires Stage 4 validation evidence before execution. - [ ] Stage 5 allowed mutation scope is `explicitly owned low-risk repository only`. - [ ] `CTO_HARNESS_ALLOW_CASE=1` remains required. - [ ] `CTO_HARNESS_CASE_STAGE=5` is required before owned noncritical repository execution. - [ ] Missing Stage 5 gate emits blocked evidence and does not run Case. - [ ] Target Repository admission records owner, repository path, noncritical classification, allowed paths, forbidden actions, and approval source. - [ ] Approval denied blocks before mutation. - [ ] Approval granted is recorded before mutation. - [ ] Case mutates only allowed paths inside the admitted Target Repository. - [ ] No push, merge, deploy, close, PR open, issue close, or public publication occurs by default. - [ ] Operator acceptance or rejection is recorded after verification. - [ ] Required artifacts include Target Repository admission proof, approval proof, allowed-path proof, forbidden-action proof, operator outcome, `report.json`, `report.md`, `events.normalized.jsonl`, `trace.jsonl`, `patch.diff`, `test.log`, backend logs, artifact digests, and freshness proof. - [ ] Failure fixtures fail closed for approval denied, unowned repository, critical repository, disallowed file, dirty starting tree, dirty ending tree, failed tests, timeout, provider unavailable, and missing operator outcome. ## Validation Planning validator: `python3 tools/validate_cto_child.py`. Implementation validator planned for Hermes: `python3 harness/runner/validate-case-stage5.py --harness-root harness --json`, then `harness/evals/health.sh --json` after focused Stage 5 validation passes. ## Risks - Owned repository proof may be mistaken for default backend readiness. - Operator acceptance may be blurred with test pass. - Allowed paths may be too broad and hide real-repo risk. - Local repository state may be dirty before execution. - Provider instability may obscure Harness policy failures. ## Dependencies - Stage 4 disposable sandbox proof is validated. - Harness Evidence Interface contract remains active. - Case source admission record remains current. - Case adapter contract remains active. - Failure fixture matrix remains active. - JP selects or approves an owned low-risk noncritical Target Repository before execution. ## Success Definition Stage 5 is successful when Case changes only approved paths inside an explicitly owned low-risk noncritical repository, records approval before mutation, records operator acceptance or rejection after verification, preserves Harness evidence, and fails closed for missing ownership, missing approval, disallowed paths, dirty repository state, provider failure, or missing operator outcome.