hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2beb72064b
cto/README.md
Svrnty 4ed306928a Upgrade CTO webui coding profile
2026-05-25 12:57:33 -04:00

73 lines
4.5 KiB
Markdown
Raw Blame History

# cto (repo) · cto-planb (Hermes profile)
A **Chief Technology Officer** agent for [Hermes](https://git.openharbor.io/hermes/hermes), built for Plan B (Québec fresh prepared-meals). CTO is being upgraded into the primary WebUI coding agent: it reads/searches/patches/runs/verifies scoped work directly, delegates independent review/exploration, uses [`sandcastle`](../sandcastle/) for background isolated branch jobs, and requests JP approval for deploy, push, secret, production-data, cron, or infra actions.
**Instance #3 of the C-suite profile distribution family** (CMO = #1, CEO = #2, CTO = #3). This repo is `cto/`; the deployed Hermes profile is `cto-planb`. Built to the canonical protocol at [`../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md`](../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md).
> **Status:** v2.0 migration in progress per `CTO-WEBUI-CODING-AGENT-PRD.md`. Static validation, required skills, and eval expectations are now part of the profile; live WebUI runtime parity remains gated by eval evidence.
- **Identity:** [`AGENT.md`](AGENT.md) — role, mission, boundaries
- **Behavior contract:** [`CONTRACT.md`](CONTRACT.md) — what CTO does, does NOT do, edge cases (tier T1)
- **Protocol:** [`../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md`](../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md)
- **Background job backend:** [`../sandcastle/`](../sandcastle/) — Matt Pocock's sandboxed agent orchestrator (MIT, pinned v0.5.11; read-only)
## Layout
```
cto/
├── AGENT.md CONTRACT.md CLAUDE.md README.md
├── manifest.yaml distribution.yaml install.sh credbridge.sh
├── lib/cto-worker.sh # sandcastle invocation + PR opening + 5W helper
├── skills/
│ ├── cto-agent/SKILL.md # supervisor and profile protocol
│ ├── cto-direct-coder/SKILL.md # direct inspect-plan-patch-test-report loop
│ ├── cto-repo-contract/SKILL.md # workspace contract and protected paths
│ ├── cto-python-toolkit/SKILL.md # Python stack patterns (workspace-anchored)
│ ├── cto-angular-toolkit/SKILL.md # Angular stack patterns (adwright-anchored)
│ ├── cto-dotnet-toolkit/SKILL.md # .NET/CQRS stack patterns (cortex-anchored)
│ ├── cto-frontend-visual-qa/SKILL.md
│ ├── cto-sandbox-job/SKILL.md
│ ├── cto-reviewer/SKILL.md
│ ├── cto-evals/SKILL.md
│ └── cto-capsule-writer/SKILL.md
├── evals/ # promotion/regression expectations
└── schema.sql # cto.db built from this; never committed
```
## Install
```bash
git clone https://git.openharbor.io/hermes/cto && cd cto
./install.sh # symlink + skills register + hermes profile install
hermes -p cto-planb skills list | grep cto-agent
hermes kanban assignees | grep cto-planb # verify dispatch-ready
```
Default install **symlinks** `~/.hermes/cto-planb` → this repo (repo is canonical, edits land live).
## Key invariants
- CTO defaults to scoped direct WebUI coding for R1 work and uses Sandcastle for background isolated jobs
- No deploy without JP approval (merge-to-main = deploy gate; CTO never `gh pr merge`)
- No infrastructure changes without JP approval (DNS, certs, secrets, cron, cloud)
- No edits to `../sandcastle/` (read-only mirror)
- Focused skill set only; no broad inherited skill library
- Every kanban task closes via `kanban complete` or `kanban block` — no protocol violations
## Roadmap
| Component | v1.0 (current) | v1.1 (next) | v2 (deferred) |
|---|---|---|---|
| `cto-agent/SKILL.md` | supervisor/direct-coder protocol | event/runtime hardening | production parity after evals |
| Sandcastle invocation | background job backend | provider-swap (docker → vercel for parallel) | — |
| Toolkit skills | Python + Angular + .NET/CQRS | extract Python/Angular to cortex/L6-svrnty.lib-{python,angular}-framework when usage justifies; .NET remains anchored to existing cortex CQRS tooling | — |
| Approval gate | kanban_block on deploy-adjacent | richer escalation w/ JP DM | deploy gate (CI/CD wired) |
| Observability | stdout 5W | metrics endpoint emit | Grafana/Prometheus MCPs |
| IaC | — | — | Terraform/Pulumi orchestration |
## Related
- [`../sandcastle/CONTEXT.md`](../sandcastle/CONTEXT.md) — sandcastle terminology (read before writing any invocation)
- [`../cmo/`](../cmo/) — C-suite reference impl #1 (thick capability pattern)
- [`../ceo/`](../ceo/) — C-suite reference impl #2
Reference in New Issue View Git Blame Copy Permalink