hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
cto/docs/STAGE5-TARGET-SANDBOX-CUSTODY-PREFLIGHT.md
T
Svrnty 3d64fb2563 Record CTO target physical custody
2026-06-17 09:24:06 -04:00

4.9 KiB
Raw Permalink Blame History

CTO Stage 5 Target Sandbox Custody Preflight

Local planning evidence only. Not Core authority. Not Runtime authority.

Source: CTO-WORK-099.

Result

Status: physical-custody-complete.

Original target path remains historical proof context only:

/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox

The target sandbox is preserved outside the umbrella at:

/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700

The original Steev root path is absent after the observed MacBook push window.

Admission Lifecycle

The Stage 5 target admission now declares:

  • admission_lifecycle: historical-proof-target
  • future_execution_authorized: false
  • future_execution_requires_new_admission: true
  • root_path_dependency: closed-preserved-historical-reference-only

Any future Stage 5 execution requires a new admission record, new approval text, current target validation, and fresh Harness evidence. The old 2026-06-01 approval remains proof history only.

Custody Decision

Physical relocation required a host-aware custody gate. That gate now records:

  • preserved target sandbox outside the umbrella with a manifest;
  • preserved target validator passes from the preserved path;
  • original root path absence after a MacBook push window;
  • target ownership remains outside CTO and Core;
  • no hard deletion.

No target source mutation, Case rerun, Harness rerun, provider call, runtime start, browser open, branch mutation, Core mutation, readiness claim, or release claim occurred.

Host Mirror Check

2026-06-17 host-aware custody check:

  • MacBook source path: present at /Users/jean-philippebrule/Steev/Cortex-OS/cto-stage5-target-sandbox.
  • MacBook push script: /Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh.
  • Current push script excludes known root shadows, but does not exclude cto-stage5-target-sandbox/.
  • Physical movement is blocked until the mirror policy is updated or JP chooses a different custody policy for the MacBook source.

This preflight check was read-only. The later physical custody gate added the cto-stage5-target-sandbox/ exclude with a backup and zsh -n proof.

Archive-Stable Evidence Candidate

Current target evidence, read-only from /home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox:

  • total files: 31.
  • route-relevant files excluding generated caches: 24.
  • directories: 15.
  • route-relevant combined sha256: c73b40f5bbdd32bb61a93fc926c108d7cef256bdb4598c71ea66ee29f73444e5.
  • full current combined sha256 including generated caches: 1afc53c9e5ea4a9275ffb9d85cf3509c4a66ab1f89e1e118b76f5a7ea2aaa788.
  • AGENTS.md sha256: e9db56431baa9708bd6ce0be7d0379d6d7fa1c9e2b00595bca1932f49242ec84.
  • README.md sha256: c5019bab84472ac4110112c95ebf30c3412f6f5b09dddf9a98411a9f62d830f9.
  • WORKBOARD.yaml sha256: 3180db858dc74381dd736f25311d24d82dbad3eb9166090b9d36448ccee4da66.
  • strings.py and src/strings.py sha256: aa8b1ba8108b0fe8a6170e26a9f51c180a60241fa91b9878c1aaf45ef0a42280.
  • test_strings.py sha256: d76bb7f9959eacc2fe2e0fc70dcc1ff1525f9aef3918cf849eae4e382fd2e704.
  • tools/validate_cto_stage5_target_sandbox_child.py sha256: 09d5dd192a17e460885a657bfad5e929b9832fd6a1ac5b6b86a432213781bdd6.

Validators observed during this slice:

  • python3 tools/validate_cto_stage5_target_sandbox_child.py: ok: true.
  • python3 -m pytest -q: 11 passed.
  • python3 tools/validate_cto_child.py: ok: true.

This candidate was superseded by physical custody proof.

Physical Custody Proof

Preserved path:

/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700

Manifest:

/home/svrnty/workspaces/cortex-os-retired/2026-06-17/cto-stage5-target-sandbox-preserved-091700/MANIFEST.md

MacBook push script backup:

/Users/jean-philippebrule/Steev/push-cortex-os-to-steev-once.sh.bak.20260617-cto-target-exclude

Applied rsync exclude:

--exclude 'cto-stage5-target-sandbox/' \

Physical custody evidence:

  • MacBook zsh -n on the patched push script: pass.
  • MacBook one-shot push after the exclude: pass.
  • immediate root absence after move: pass.
  • observed root absence window:
    • 2026-06-17T09:17:08-04:00: absent.
    • 2026-06-17T09:17:33-04:00: absent.
    • 2026-06-17T09:17:58-04:00: absent.
    • 2026-06-17T09:18:23-04:00: absent.
  • preserved target validator from preserved path: ok: true.
  • preserved target pytest from preserved path with cache provider disabled: 11 passed.
  • route-relevant relative sha256 list digest: ee69cd97b8349eaf800d25a13810ecd2436388e34cdaac84a4ee735366798d2c.
  • full relative sha256 list digest: 487148fc897b810a1e3e0f96c86ed0b07e2e153bc5caa3679d26dd91e53c25b4.

The original root path is no longer execution authority. Future Stage 5 execution still requires a new admission record, new approval, current validation, and fresh Harness evidence.

Reference in New Issue View Git Blame Copy Permalink