--- name: cto-hermes-webui-control-panel-issues tier: local status: draft owner: jp source: .sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-PRD.md created: 2026-06-01 last_reviewed: 2026-06-01 lifecycle_classification: planning core_promotion_status: not-promoted description: Child-local issue sequence for a Hermes WebUI consumer panel over the CTO Harness control summary. --- # CTO Hermes WebUI Control Panel Issues Local planning SOT only. Not a Core Protocol. Not active Core authority. ## Issue Sequence ### CTO-WORK-058 - Hermes WebUI Control Panel PRD Type: AFK Status: validated. Blocked by: CTO-WORK-057 What to build: Define the route for a read-only Hermes WebUI consumer panel over the CTO Harness control summary. Acceptance criteria: - [x] PRD requires the panel to use the Hermes-owned extension/plugin surface, not upstream `hermes-webui` or `hermes-agent` edits. - [x] PRD requires Harness-backed summary data as the source of truth. - [x] PRD requires Stage 6 real-governed refresh status to be visible. - [x] PRD requires replay paths for refresh comparison, real Stage 5 pass report, and Stage 5 proof. - [x] PRD requires target repository read-only proof status to be visible. - [x] PRD separates candidate-default refresh eligibility from runtime default activation. - [x] PRD requires blocked Codex/Pi lane rationale to be visible. - [x] PRD forbids mutation actions, default activation, upstream source edits, Core promotion, target mutation, and secret exposure. - [x] Local CTO validator checks the PRD and issue artifact. Allowed files: CTO child workspace planning docs and local validator only. Validator: `python3 tools/validate_cto_child.py` Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit. ### CTO-WORK-059 - Hermes WebUI CTO Harness Control Panel Type: AFK Status: candidate. Blocked by: CTO-WORK-058 What to build: In the Hermes-owned WebUI extension/plugin surface, add a read-only CTO Harness control panel or endpoint consumer over the validated `webui-summary.json` contract. Acceptance criteria: - [ ] Implementation does not edit upstream `hermes-webui` or `hermes-agent`. - [ ] Panel or endpoint consumes Harness-backed summary data. - [ ] Stage 6 real-governed refresh status is visible. - [ ] Refresh comparison, real Stage 5 pass report, and Stage 5 proof replay paths are visible. - [ ] Target repository read-only proof status is visible. - [ ] Candidate-default refresh eligibility is visually separated from runtime default activation. - [ ] Codex/Pi blocked-lane rationale is visible. - [ ] Next operator action is visible. - [ ] No mutation action, approval action, default activation, target mutation, Core mutation, vendor-source mutation, or secret exposure is added. - [ ] Focused contract/UI validator passes before any aggregate validation. Allowed files: Hermes-owned WebUI extension/plugin files and deterministic validators only. Upstream `hermes-webui`, upstream `hermes-agent`, Case source, vendor source, Target Repositories, Cortex Core, and external developer repositories are forbidden. Validator: relevant Hermes plugin/WebUI contract validator or a new deterministic validator for the panel data contract. Done evidence: Hermes sandcastle commit, focused validator output, rendered/contract artifact path if available, clean merge, and CTO evidence update. ## Granularity Check This is intentionally two slices: one child-local planning route and one Hermes-owned implementation route. It avoids adding mutation controls or upstream WebUI edits while moving the endgoal toward actual Hermes visualization.