---
name: CTO Hermes WebUI Live Smoke Evidence
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-01
last_reviewed: 2026-06-01
core_promotion_status: not-promoted
---

# CTO Hermes WebUI Live Smoke Evidence

Local planning SOT only. Not a Core Protocol. Not active Core authority.

## Scope

This evidence closes `CTO-WORK-061`.

The implementation extends existing plugin smoke coverage for the CTO control panel route and static assets. It does not edit upstream `hermes-webui`, upstream `hermes-agent`, Cortex Core, Case source, or any target repository.

## Implementation Evidence

- Hermes plugin commit: `95fb43d Add CTO WebUI smoke coverage`
- Smoke route: `/api/cto/control-summary`
- Smoke asset: `/plugins/svrnty/cto_control_panel.js`
- Smoke asset: `/plugins/svrnty/cto_control_panel.css`
- Focused test: `tests/unit/test_boot_smoke_cto.py`

## Validation Evidence

- Focused validation: `python3 -m pytest tests/unit/test_boot_smoke_cto.py tests/unit/test_cto_control_summary.py -q`
- Focused result: `4 passed`
- Aggregate validation before commit: `python3 scripts/ast-connection-map.py --check`
- Aggregate result before commit: `CONNECTION-MAP.md is fresh`
- Aggregate validation before commit: `python3 -m pytest tests/ -q`
- Aggregate result before commit: `101 passed, 4 skipped`
- Aggregate validation after merge: `python3 scripts/ast-connection-map.py --check`
- Aggregate result after merge: `CONNECTION-MAP.md is fresh`
- Aggregate validation after merge: `python3 -m pytest tests/ -q`
- Aggregate result after merge: `105 passed`

## Governance Evidence

- Harness-backed summary data remains the source of truth.
- Case runtime default active: false
- target repository mutation: false
- upstream `hermes-webui` edited: false
- upstream `hermes-agent` edited: false
- Hermes remains visualization/control only.
- Cortex remains SOT authority.

## Result

`CTO-WORK-061` is validated because the existing Hermes WebUI smoke path now covers the CTO control panel API and static assets without expanding authority or mutating protected repositories.