--- name: cto-case-stage6-real-governed-refresh-prd tier: local status: draft owner: jp source: .sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PASS-EVIDENCE.md created: 2026-06-01 last_reviewed: 2026-06-01 lifecycle_classification: planning core_promotion_status: not-promoted description: Child-local PRD for refreshing Stage 6 candidate-default evidence against the first real governed Stage 5 pass. --- # CTO Case Stage 6 Real Governed Refresh PRD Local planning SOT only. Not a Core Protocol. Not active Core authority. ## Problem Statement Stage 6 candidate-default comparison was validated before the first real governed Stage 5 Case execution passed. That was useful, but the CTO Product Surface now has stronger evidence: `CTO-WORK-049` validated a real approved owned-repo task through the CTO Harness Case seam. Candidate-default readiness should be refreshed against that real pass before any later default discussion. ## Solution Create a bounded Stage 6 refresh route. The route imports the `CTO-WORK-049` pass report and Stage 5 proof, compares them against the existing Stage 6 candidate-default criteria, records whether Case still qualifies as candidate-default evidence, and keeps runtime default activation false. The refresh is evidence-only; it does not mutate target repositories or promote Core authority. ## Scope - Require `CTO-WORK-049` pass evidence as the refresh input. - Require Harness Evidence Interface artifacts, not conversational claims. - Compare the real Stage 5 pass against Stage 6 criteria: report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance. - Preserve existing fake, Codex, and Pi lane rationale where applicable. - Record candidate-default refresh output as child-local evidence only. - Keep runtime default activation false. - Keep Core promotion, target mutation, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, and unowned repository mutation out of scope. ## Non-Goals - Do not make Case the default backend. - Do not create a new backend seam. - Do not rerun an unapproved real target mutation. - Do not replace Stage 6 comparison evidence with a single happy-path result. - Do not build Hermes WebUI behavior in this slice. - Do not promote CTO artifacts into Core. ## Acceptance Criteria - [ ] Refresh requires `CTO-WORK-049` to be validated. - [ ] Refresh consumes the real pass report path and Stage 5 proof path from `CTO-FIRST-REAL-GOVERNED-WORKFLOW-PASS-EVIDENCE.md`. - [ ] Refresh verifies report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance. - [ ] Refresh records fake, Codex, and Pi comparison status where applicable or blocked with rationale. - [ ] Refresh records `runtime default activation: false`. - [ ] Refresh records no target mutation, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, or unowned repository mutation. - [ ] Local CTO validator checks this PRD and issue artifact. ## Validation Planning validator: `python3 tools/validate_cto_child.py`. Future Hermes focused validator should be a small Stage 6 refresh command that reads existing evidence and writes a comparison artifact without mutating a target repository. The refresh command must run read-only without mutating a Target Repository. ## Risks - A refresh artifact may be mistaken for default activation unless the false runtime-default field is explicit. - A single real pass can strengthen Stage 6 evidence but cannot replace failure matrix coverage. - Re-running real mutation without new approval would violate the governed workflow route. - Missing comparison-lane rationale can make candidate-default status look stronger than the evidence supports. ## Dependencies - `CTO-WORK-049` first real governed workflow execution is validated. - `CTO-WORK-043` Stage 6 candidate-default comparison remains validated. - Harness Evidence Interface remains active. - Stage 5 proof and pass report remain available. - Existing operator acceptance remains recorded. ## Challenge Notes Accepted feedback: The useful next slice is an evidence refresh, not default activation, because the real governed Stage 5 pass happened after the original Stage 6 comparison. Accepted feedback: The refresh must be read-only over existing artifacts. Re-running Case against the target would require a new approval packet. Rejected feedback: Building Hermes WebUI now is too broad for this slice because the missing proof is candidate-default evidence freshness, not visualization capacity. Rejected feedback: Promoting this into Core now is premature because CTO remains child-local planning and runtime default activation remains false. ## Success Definition This slice succeeds when CTO has a validated child-local PRD and issue route for refreshing Stage 6 candidate-default evidence against the first real governed Stage 5 Case pass, without authority drift or new target mutation.