hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
375417a29b
cto/CLAUDE.md
Svrnty 375417a29b feat(cto): initial scaffold v0.1.0 
C-suite instance #3 — CTO profile distribution. Thin orchestrator over
sandcastle for code-modifying work across .NET / Dart / Go / Rust /
Python / Angular / Bash stacks.

v0.1 = scaffold only. Orchestrator skill is a stub; v1.0 wires
executable sandcastle.run() invocation.

Scaffold contents (12 files):
- AGENT.md, CONTRACT.md (T1, 12 sections), CLAUDE.md, README.md
- manifest.yaml (14 external_tool_deps across 9 stacks)
- distribution.yaml (Hermes native install contract)
- install.sh (idempotent, --dry-run support), credbridge.sh (gh CLI)
- schema.sql (work_queue + invocations + agent_runtime)
- skills/cto-agent/SKILL.md (stub w/ per-stack routing table)
- .gitignore, .env.example

External tool catalog covers:
- typescript: sandcastle (mattpocock, MIT, v0.5.11)
- dotnet: lib-dotnet-cqrs, tool-cqrs-plugin, pi-bte-plugin
- dart: lib-cqrs-datasource (gRPC client to .NET CQRS)
- go: lib-llm, core-credentials, core-memory, tool-qa
- rust: core-runtime (zeroclaw)
- bash: tool-bash-plugin
- multi: lib-quality-gates (48 gates), lib-skills-engineering (28 patterns)
- cortex-os: tool-cortex-plugin

DESIGN.md (Google Labs spec) compliance documented — CTO ensures UI
work conforms when Stitch / other DESIGN.md consumers are downstream.

Companion changes in workspace:
- hermes/CLAUDE.md workspace map + .gitignore
- sdo/org.yaml: ceo.delegates_to=[cmo, cto], cto agent block
- sot/06-REGISTRY/EXTERNAL-REFS/SANDCASTLE.md (T2, active)
- sot/06-REGISTRY/CORTEX-TOOLING.md (T2, active)
- sot/README.md links updated

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-24 11:35:57 -04:00

3.7 KiB
Raw Blame History

cto (repo) · cto-planb (Hermes profile)

Hermes classification: profile distribution (C-suite, instance #3, Plan B-scoped) Inherits Karpathy 4 rules from ~/.claude/CLAUDE.md — read them before coding.

What this is

CTO agent for Plan B — thin orchestrator. Decomposes JP/CEO tech goals, invokes sandcastle to run code-modifying agents in isolated sandboxes, judges resulting diffs, opens PRs, requests JP approval for any deploy. Never deploys directly. Instance #3 of the C-suite profile distribution family.

Naming: the repo dir is cto/ (generic). The deployed Hermes profile is cto-planb (Plan B-scoped, driven by distribution.yaml → name). Future orgs would clone this repo and set name: cto-<org> in their distribution.yaml.

Status: v0.1 — scaffold only. Orchestrator skill stub exists but is not executable. v1.0 milestone = wire sandcastle.run() into skills/cto-agent/.

Hard rules

  • CTO NEVER edits host repo code directly — always via sandcastle in an isolated sandbox
  • CTO NEVER merges to main without JP approve (definition of "deploy" per CONTRACT.md §3)
  • CTO NEVER touches infrastructure (DNS, certs, secrets, cron, cloud) — escalate always
  • CTO NEVER edits ../sandcastle/ — read-only workspace hard rule (mattpocock/sandcastle pinned v0.5.11)
  • cto.db never committed — created by install.sh, managed at runtime
  • The CTO's "skill" is judgment + sandcastle invocation, not execution — do NOT add large skill libraries here (CEO precedent)
  • Structural changes follow ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md

Structure

cto/
├── manifest.yaml                    # profile: cto-planb, kind: profile-distribution
├── distribution.yaml                # Hermes native install contract
├── AGENT.md                         # CTO identity (role, mission, boundaries)
├── CONTRACT.md                      # CTO behavior contract — tier T1 (this file wins)
├── install.sh                       # idempotent installer → ~/.hermes/cto-planb symlink (skeleton)
├── credbridge.sh                    # secrets bridge (skeleton — github-pat only in v1)
├── schema.sql                       # cto.db schema (work_queue, agent_runtime, invocations)
├── skills/
│   └── cto-agent/                   # orchestrator skill (SKILL.md = stub until v1.0)
└── cron/                            # empty for v1 (CEO precedent — on-demand only)

Gotchas

  • Sandcastle is at ../sandcastle/ (sibling). Read its CONTEXT.md before writing any sandcastle.run() invocation — the terminology (sandbox provider, branch strategy, agent provider) matters
  • cto/ does NOT inherit cmo/'s 40-skill complexity — keep it thin like ceo/ (1 skill: cto-agent)
  • v0.1 has NO executable orchestrator — running hermes -p cto-planb skills list will show cto-agent but invocations will no-op gracefully
  • credbridge in v1 resolves only github-pat; other creds (deploy, cloud) deferred to v2 per CONTRACT.md §4
  • When v1.0 work starts: write skills/cto-agent/SKILL.md body (currently stub), test sandcastle.run() against a throwaway repo, then wire kanban dispatch

When to update this CLAUDE.md vs other docs

  • This file: gotchas, hard rules, structure overview — what a Claude session needs to navigate the repo
  • AGENT.md: identity (role, mission, principal) — what CTO IS
  • CONTRACT.md: behavior contract — what CTO DOES and does NOT do, decisions, anti-patterns (tier T1)
  • manifest.yaml: machine-readable identity + install hooks
  • distribution.yaml: Hermes native install contract (separate from manifest by design)
  • README.md: human-facing intro + install instructions