--- name: cto-first-real-governed-workflow-approval-packet tier: local status: validated owner: jp source: .sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md created: 2026-06-01 last_reviewed: 2026-06-01 lifecycle_classification: planning core_promotion_status: not-promoted description: Child-local approval packet for the first real governed CTO workflow execution. --- # CTO First Real Governed Workflow Approval Packet Local planning SOT only. Not a Core Protocol. Not active Core authority. ## Status Status: validated as an approval packet only. This packet does not authorize execution. `CTO-WORK-049` remains candidate until JP approves the exact Target Repository and task contract. ## Proposed Target Repository - Target Repository: `/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox` - Admission source: `.sot/03-PROTOCOLS/CTO-CASE-STAGE5-TARGET-REPOSITORY-ADMISSION.json` - Admission status: `admitted` - Repository owner: `jp` - Risk classification: `low_risk_noncritical` - Current observed state: clean `main` branch before approval packet creation ## Proposed Task Contract Task: align `src/strings.py` `slugify` behavior with the already-proven root `strings.py` implementation and add coverage for repeated and outer whitespace. Allowed paths: - `src/strings.py` - `test_strings.py` Forbidden actions: - push - merge - deploy - close - pr_open - issue_close - public_publication - credential_change - vendor_source_mutation - cortex_core_mutation Forbidden paths: - `.env` - `.env.*` - `secrets/` - `credentials/` - `deploy/` - `infra/` - `.github/workflows/` - `.git/` Success criteria: - `src/strings.py` uses whitespace-splitting slug behavior equivalent to root `strings.py`. - `test_strings.py` includes coverage for repeated spaces and outer spaces through the `src.strings` implementation. - Target repository ends clean after Harness post-processing. - Harness Evidence Interface artifacts exist. - Hermes Control Surface can expose replay paths after execution. - Runtime default activation remains false. Validation command: ```bash python3 -m pytest -q ``` Rollback expectation: - Revert the single target commit created by the Harness if JP rejects the operator outcome. - Do not push, merge, deploy, publish, or open a PR. ## Required Approval Before execution, JP must approve this exact sentence: ```text I approve CTO-WORK-049 against /home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox for the src/strings.py slugify alignment task. ``` Without that exact approval, execution remains blocked. ## Execution Gate Execution must use only the CTO Harness Case seam with: - `CTO_HARNESS_ALLOW_CASE=1` - `CTO_HARNESS_CASE_STAGE=5` - `CTO_HARNESS_CASE_STAGE5_TARGET_ADMISSION_FILE` pointing to the admitted Target Repository record - `CTO_HARNESS_CASE_STAGE5_OPERATOR_OUTCOME` recorded after verification Case must not choose target, scope, authority, approval, success criteria, or default status. ## Evidence Required After Execution - `report.json` - `report.md` - `events.normalized.jsonl` - `trace.jsonl` - `patch.diff` - `test.log` - backend logs - artifact digests - freshness proof - stage5 owned repo proof - Hermes Control Surface summary path ## Non-Authority Notice This approval packet is child-local planning. It does not promote CTO artifacts into Core, does not activate Case as default backend, and does not authorize mutation before JP approval.