CTO profile distribution — Plan B Chief Technology Officer agent. Thin orchestrator over sandcastle for code-modifying work across .NET, Dart/Flutter, Go, Rust, Bash, Python, Angular stacks. v0.1 scaffold.
31d6ef72a6
Audit cross-check flagged CONTRACT.md still claimed "v0.1 scaffold" + "v1.0 not yet implemented" throughout while README + skill frontmatter + manifest all already said v1.0 MVP. This commit aligns CONTRACT to the actual ship state: - frontmatter: status draft → active; description drops "v0.1 = scaffold; orchestrator unimplemented" → "v1.0 MVP shipped" - §"Status:" line: v0.1 scaffold → v1.0 MVP shipped 2026-05-24 - §4 V1 scope: restructure into v1.0 SHIPPED / v1.1+ NEXT / v2+ DEFERRED. v1.0 SHIPPED now lists cto-agent executable + cto-python-toolkit + cto-angular-toolkit + lib/cto-worker.sh + kanban worker contract + approval gate enforcement. - §5 invocation pattern: "(v1.0 plan)" → "(v1.0 — shipped via lib/cto-worker.sh)" - §8 routing table: "(v1.0 — not yet implemented)" → "(v1.0 — shipped)" - §10 build state: drop v0.1 scaffold-only language; "v1.0 MVP (current)" lists shipped deliverables; v1.1 next lists iteration loop / multi-stack / memory / observability. Source-of-truth alignment: README v1.0 MVP, manifest v1.0.0, distribution v1.0.0, skill SKILL.md v1.0.0, install.sh dropped scaffold notes — all now consistent. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| lib | ||
| skills | ||
| .env.example | ||
| .gitignore | ||
| AGENT.md | ||
| CLAUDE.md | ||
| CONTRACT.md | ||
| credbridge.sh | ||
| distribution.yaml | ||
| install.sh | ||
| manifest.yaml | ||
| README.md | ||
| schema.sql | ||
cto (repo) · cto-planb (Hermes profile)
A Chief Technology Officer agent for Hermes, built for Plan B (Québec fresh prepared-meals). Thin orchestrator: decomposes JP/CEO tech goals, invokes sandcastle to run code-modifying agents in isolated Docker/Podman/Vercel sandboxes, judges resulting diffs, opens PRs for human review, and requests JP approval for any deploy. Never deploys directly.
Instance #3 of the C-suite profile distribution family (CMO = #1, CEO = #2, CTO = #3). This repo is cto/; the deployed Hermes profile is cto-planb. Built to the canonical protocol at ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md.
Status: v1.0 MVP. Executable
cto-agentorchestrator +cto-worker.shsandcastle helper + 2 toolkit skills (Python + Angular, anchored to real workspace codebases). Approval gate enforced via kanbanblockfor deploy-adjacent escalations; CTO nevergh pr mergeautonomously.
- Identity:
AGENT.md— role, mission, boundaries - Behavior contract:
CONTRACT.md— what CTO does, does NOT do, edge cases (tier T1) - Protocol:
../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md - Primary tool:
../sandcastle/— Matt Pocock's sandboxed agent orchestrator (MIT, pinned v0.5.11; read-only)
Layout
cto/
├── AGENT.md CONTRACT.md CLAUDE.md README.md
├── manifest.yaml distribution.yaml install.sh credbridge.sh
├── lib/cto-worker.sh # sandcastle invocation + PR opening + 5W helper
├── skills/
│ ├── cto-agent/SKILL.md # orchestrator (v1.0 executable)
│ ├── cto-python-toolkit/SKILL.md # Python stack patterns (workspace-anchored)
│ └── cto-angular-toolkit/SKILL.md # Angular stack patterns (adwright-anchored)
└── schema.sql # cto.db built from this; never committed
Install
git clone https://git.openharbor.io/hermes/cto && cd cto
./install.sh # symlink + skills register + hermes profile install
hermes -p cto-planb skills list | grep cto-agent
hermes kanban assignees | grep cto-planb # verify dispatch-ready
Default install symlinks ~/.hermes/cto-planb → this repo (repo is canonical, edits land live).
Key invariants
- CTO orchestrates via sandcastle, never edits host code directly
- No deploy without JP approval (merge-to-main = deploy gate; CTO never
gh pr merge) - No infrastructure changes without JP approval (DNS, certs, secrets, cron, cloud)
- No edits to
../sandcastle/(read-only mirror) - Thin orchestrator (3 skills: cto-agent + 2 stack toolkits), NOT a 40-skill library
- Every kanban task closes via
kanban completeorkanban block— no protocol violations
Roadmap
| Component | v1.0 (current) | v1.1 (next) | v2 (deferred) |
|---|---|---|---|
cto-agent/SKILL.md |
executable | iteration loop (auto-rerun on test-failure) | sub-agent profiles (coder/reviewer/deployer) |
| Sandcastle invocation | docker default via cto-worker.sh | provider-swap (docker → vercel for parallel) | — |
| Toolkit skills | Python + Angular | extract to cortex/L6-svrnty.lib-{python,angular}-framework | — |
| Approval gate | kanban_block on deploy-adjacent | richer escalation w/ JP DM | deploy gate (CI/CD wired) |
| Observability | stdout 5W | metrics endpoint emit | Grafana/Prometheus MCPs |
| IaC | — | — | Terraform/Pulumi orchestration |
Related
../sandcastle/CONTEXT.md— sandcastle terminology (read before writing any invocation)../cmo/— C-suite reference impl #1 (thick capability pattern)../ceo/— C-suite reference impl #2 (thin orchestrator pattern — CTO follows this)