hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0e7d5d00ce
cto/.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-ISSUES.md
Svrnty 0e7d5d00ce Plan Stage 6 real governed refresh
2026-06-01 06:59:10 -04:00

3.4 KiB
Raw Blame History

name tier status owner source created last_reviewed lifecycle_classification core_promotion_status description
cto-case-stage6-real-governed-refresh-issues local draft jp .sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md 2026-06-01 2026-06-01 planning not-promoted Child-local issue sequence for refreshing Stage 6 candidate-default evidence against real governed Stage 5 proof.

CTO Case Stage 6 Real Governed Refresh Issues

Local planning SOT only. Not a Core Protocol. Not active Core authority.

Issue Sequence

CTO-WORK-054 - Stage 6 Real Governed Refresh PRD

Type: AFK

Status: validated.

Blocked by: CTO-WORK-049, CTO-WORK-043

What to build: Define the read-only evidence refresh route for comparing the first real governed Stage 5 pass against Stage 6 candidate-default criteria.

Acceptance criteria:

  • PRD requires CTO-WORK-049 validated evidence.
  • PRD requires the real pass report and Stage 5 proof paths.
  • PRD requires report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance checks.
  • PRD keeps runtime default activation false.
  • PRD forbids target mutation, Core promotion, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, and unowned repository mutation.
  • Local CTO validator checks the PRD and issue artifact.

Allowed files: CTO child workspace planning docs and local validator only.

Validator: python3 tools/validate_cto_child.py

Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit.

CTO-WORK-055 - Stage 6 Real Governed Refresh Evidence Route

Type: HITL

Status: candidate.

Blocked by: CTO-WORK-054

What to build: In the Hermes CTO Harness, add a read-only Stage 6 refresh command that imports the real CTO-WORK-049 pass report and Stage 5 proof, compares them against Stage 6 candidate-default criteria, and writes a refresh artifact.

Acceptance criteria:

  • Command reads existing Harness Evidence Interface artifacts without mutating a Target Repository.
  • Command verifies report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance.
  • Command records fake, Codex, and Pi comparison status where applicable or blocked with rationale.
  • Command records runtime_default_activation: false.
  • Command records no target mutation, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, or unowned repository mutation.
  • Focused validator passes before any aggregate Harness validation.
  • Aggregate Harness validation runs once after focused validation passes and once after merge.

Allowed files: Hermes CTO Harness refresh validator, comparison code, and docs. Core, vendor source, Case source, target repositories, production repositories, external developer repositories, and WebUI behavior are forbidden.

Validator: future focused Hermes Stage 6 refresh validator, then harness/evals/health.sh --json.

Done evidence: Hermes sandcastle commit, focused validator output, refresh artifact path, aggregate Harness health output, clean merge, and CTO evidence update.

Granularity Check

This is two slices because the planning route is now clear and cheap, while the executable Hermes refresh route touches a separate governed workspace and should use its own sandcastle.