38 lines
1.5 KiB
Markdown
38 lines
1.5 KiB
Markdown
---
|
|
name: cto-sandbox-job
|
|
description: Sandcastle background job protocol for CTO. Use for broad, risky, long-running, AFK, or competitive branch attempts while WebUI remains the control plane.
|
|
metadata:
|
|
version: 0.1.0
|
|
hermes:
|
|
requires_toolsets: [terminal_tools, file_tools]
|
|
tier: T2
|
|
status: active
|
|
owner: jp
|
|
source: hand
|
|
last_reviewed: 2026-05-25
|
|
---
|
|
|
|
# CTO Sandbox Job
|
|
|
|
## Karpathy 4 Rules
|
|
|
|
1. **Think Before Coding** — state why direct coding is insufficient and define branch, scope, provider, and success criteria.
|
|
2. **Simplicity First** — use the existing `sandcastle` adapter path; do not build a parallel orchestrator.
|
|
3. **Surgical Changes** — writable scope must be explicit; no host-root or ambient environment forwarding.
|
|
4. **Goal-Driven Execution** — accept a job only after diff inspection, verification, and result classification.
|
|
|
|
## Required Job Contract
|
|
|
|
- `target_repo`, `base_ref`, unique `cto/<work-id>` branch.
|
|
- Sandbox provider: Docker or Podman by default.
|
|
- `noSandbox` and `branchStrategy: head` require JP approval.
|
|
- Prompt, log, raw events, branch, commits, diff, and verification output are artifacts.
|
|
- Ingest result as `accept`, `rerun`, `manual-review`, or `reject`.
|
|
|
|
## Safety Rules
|
|
|
|
- Snapshot and report dirty worktree state before launch.
|
|
- Do not pass ambient `.env` or credential stores into the sandbox.
|
|
- Hosted agent providers must be disclosed under `external_orchestrators`.
|
|
- Cancellation must preserve artifacts and mark the run cancelled.
|