hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cto/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-APPROVAL-PRD.md
Svrnty 30b488e1b9 Record governed execution approval
2026-06-01 07:55:25 -04:00

3.0 KiB
Raw Permalink Blame History

name status lifecycle_classification owner created last_reviewed core_promotion_status
CTO Governed Execution Approval PRD validated sot jp 2026-06-01 2026-06-01 not-promoted

CTO Governed Execution Approval PRD

Local planning SOT only. Not a Core Protocol. Not active Core authority.

Problem Statement

The governed execution request records the exact target, paths, and command, but it intentionally keeps approval closed. The CTO stack needs a governed execution approval record before the next Harness run can mutate an owned Target Repository.

Solution

Create a single-task approval capture for the exact approval packet already issued by JP. This governed execution approval permits one approved Harness run only and does not make Case a default backend.

Scope

  • Record the exact approval packet.
  • Record approval_granted: true.
  • Record execution_allowed: true.
  • Record execution_scope: one approved Harness run only.
  • Preserve the admitted target repository.
  • Preserve the allowed paths.
  • Preserve the Harness command.
  • Preserve that this record is not execution evidence.

Non-goals

  • Do not execute Case in this approval-capture slice.
  • Do not activate Case as default backend.
  • Do not mutate any path outside the allowed paths.
  • Do not edit upstream hermes-agent.
  • Do not edit upstream hermes-webui.
  • Do not promote this local record into Core authority.

Acceptance Criteria

  • WORKBOARD.yaml records CTO-WORK-068 and CTO-WORK-069 as validated.
  • The governed execution approval includes the exact approval packet.
  • The governed execution approval includes approval_granted: true.
  • The governed execution approval includes execution_allowed: true.
  • Runtime default activation remains false.
  • The next execution is constrained to one approved Harness run only.

Validation

  • python3 tools/validate_cto_child.py
  • python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py

Risks

The main risk is approval scope creep. The record prevents that by making the approval single-task, path-bound, and Harness-bound. This record is not execution evidence.

Success Definition

CTO has a durable approval capture that can unlock the next real Harness execution slice without changing Core authority, runtime default state, or upstream vendor source.

Required Approval Packet

I approve CTO-WORK-049 against /home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox for the src/strings.py slugify alignment task.
  • governed execution approval
  • single-task approval capture
  • exact approval packet
  • approval_granted: true
  • execution_allowed: true
  • execution_scope: one approved Harness run only
  • admitted target repository
  • allowed paths
  • Harness command
  • Runtime default activation remains false.
  • Do not activate Case as default backend.
  • Do not mutate any path outside the allowed paths.
  • Do not edit upstream hermes-agent.
  • Do not edit upstream hermes-webui.
  • This record is not execution evidence.