hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cto/.sot/03-PROTOCOLS/CTO-HERMES-WEBUI-CONTROL-PANEL-PRD.md
Svrnty d2f574802f Plan Hermes WebUI control panel
2026-06-01 07:30:07 -04:00

5.2 KiB
Raw Permalink Blame History

name tier status owner source created last_reviewed lifecycle_classification core_promotion_status description
cto-hermes-webui-control-panel-prd local draft jp .sot/03-PROTOCOLS/CTO-HERMES-REAL-REFRESH-CONTROL-REPLAY-EVIDENCE.md 2026-06-01 2026-06-01 planning not-promoted Child-local PRD for a Hermes WebUI consumer panel over the CTO Harness control summary.

CTO Hermes WebUI Control Panel PRD

Local planning SOT only. Not a Core Protocol. Not active Core authority.

Problem Statement

Hermes now has a machine-readable CTO Harness control summary with Stage 6 real-governed refresh evidence. The operator still needs a visual control surface that can show the proof state, replay paths, blocked lanes, read-only target proof, and runtime-default status without opening raw JSON by hand.

Solution

Add a bounded Hermes WebUI consumer panel through the existing Hermes extension/plugin surface. The panel must read the Harness-backed summary contract and render evidence state only. Hermes controls visibility and replay. Cortex remains SOT authority. CTO routes. Harness proves. Case remains a gated adapter and is not activated by the panel.

Scope

  • Add a WebUI-visible CTO Harness panel or endpoint consumer through the Hermes-owned extension/plugin surface.
  • Read the existing webui-summary.json contract or a Harness summary command result.
  • Display Stage 6 real-governed refresh status.
  • Display refresh comparison artifact path, real Stage 5 pass report path, and Stage 5 proof path.
  • Display target repository read-only proof status.
  • Display candidate-default refresh eligibility separately from runtime default activation.
  • Display Codex/Pi blocked-lane rationale.
  • Display next operator action.
  • Keep all source data Harness-backed.

Non-Goals

  • Do not edit upstream hermes-webui.
  • Do not edit upstream hermes-agent.
  • Do not activate Case as default backend.
  • Do not add approval, mutation, deploy, push, merge, close, PR open, or issue-close actions.
  • Do not rerun Case or mutate a Target Repository from the panel.
  • Do not expose secrets, endpoints, credential values, or raw Target Repository content.
  • Do not promote child-local CTO artifacts into Core.

User Stories

  1. As JP, I want a CTO Harness panel in Hermes, so that I can inspect real-refresh proof quickly.
  2. As Hermes, I want to render a stable summary contract, so that the UI does not reinterpret raw backend logs.
  3. As CTO, I want target read-only proof visible, so that real-repo protection is prominent.
  4. As Harness, I want replay links/paths visible, so that evidence can be audited.
  5. As Cortex, I want runtime default activation shown as false, so that visual control cannot create authority drift.

Acceptance Criteria

  • PRD requires the panel to use the Hermes-owned extension/plugin surface, not upstream hermes-webui or hermes-agent edits.
  • PRD requires Harness-backed summary data as the source of truth.
  • PRD requires Stage 6 real-governed refresh status to be visible.
  • PRD requires replay paths for refresh comparison, real Stage 5 pass report, and Stage 5 proof.
  • PRD requires target repository read-only proof status to be visible.
  • PRD separates candidate-default refresh eligibility from runtime default activation.
  • PRD requires blocked Codex/Pi lane rationale to be visible.
  • PRD forbids mutation actions, default activation, upstream source edits, Core promotion, target mutation, and secret exposure.
  • Local CTO validator checks the PRD and issue artifact.

Validation

Planning validator: python3 tools/validate_cto_child.py.

Implementation validation must use the relevant Hermes extension/plugin validator or a small deterministic contract validator. If WebUI runtime validation is unavailable, the implementation must at minimum validate the endpoint/rendered data contract without editing upstream code.

Risks

  • A visual panel may imply authority if default activation is not shown as false.
  • A panel may expose too much if it renders raw target content instead of artifact paths.
  • Editing upstream WebUI would violate the Hermes extension boundary.
  • Building mutation controls now would overreach the evidence surface.

Dependencies

  • CTO-WORK-057 control summary real-refresh replay evidence is validated.
  • Hermes extension/plugin surface exists for WebUI additions.
  • CTO Harness webui-summary.sh --json remains validated.

Challenge Notes

Accepted feedback: This is now worth doing because the machine-readable summary contract exists and is validated.

Accepted feedback: The panel must be read-only and replay-oriented; approval and mutation controls require a later governed route.

Rejected feedback: Editing upstream hermes-webui is not acceptable because Hermes customizations belong in the extension/plugin surface.

Rejected feedback: Calling this complete from the CLI summary alone is insufficient because the endgoal explicitly requires Hermes visualization/ease of control.

Success Definition

This slice succeeds when CTO has a validated route for adding a read-only Hermes WebUI consumer panel over the CTO Harness summary, preserving Cortex authority, Harness proof, target protection, and runtime default activation false.