375417a29b
C-suite instance #3 — CTO profile distribution. Thin orchestrator over sandcastle for code-modifying work across .NET / Dart / Go / Rust / Python / Angular / Bash stacks. v0.1 = scaffold only. Orchestrator skill is a stub; v1.0 wires executable sandcastle.run() invocation. Scaffold contents (12 files): - AGENT.md, CONTRACT.md (T1, 12 sections), CLAUDE.md, README.md - manifest.yaml (14 external_tool_deps across 9 stacks) - distribution.yaml (Hermes native install contract) - install.sh (idempotent, --dry-run support), credbridge.sh (gh CLI) - schema.sql (work_queue + invocations + agent_runtime) - skills/cto-agent/SKILL.md (stub w/ per-stack routing table) - .gitignore, .env.example External tool catalog covers: - typescript: sandcastle (mattpocock, MIT, v0.5.11) - dotnet: lib-dotnet-cqrs, tool-cqrs-plugin, pi-bte-plugin - dart: lib-cqrs-datasource (gRPC client to .NET CQRS) - go: lib-llm, core-credentials, core-memory, tool-qa - rust: core-runtime (zeroclaw) - bash: tool-bash-plugin - multi: lib-quality-gates (48 gates), lib-skills-engineering (28 patterns) - cortex-os: tool-cortex-plugin DESIGN.md (Google Labs spec) compliance documented — CTO ensures UI work conforms when Stitch / other DESIGN.md consumers are downstream. Companion changes in workspace: - hermes/CLAUDE.md workspace map + .gitignore - sdo/org.yaml: ceo.delegates_to=[cmo, cto], cto agent block - sot/06-REGISTRY/EXTERNAL-REFS/SANDCASTLE.md (T2, active) - sot/06-REGISTRY/CORTEX-TOOLING.md (T2, active) - sot/README.md links updated Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
39 lines
1.2 KiB
Bash
39 lines
1.2 KiB
Bash
#!/usr/bin/env bash
|
|
# credbridge.sh — resolve credctl secrets into env vars for the child command.
|
|
# Secrets are NEVER on argv, NEVER in logs, NEVER persisted. credctl is queried
|
|
# per-call; the secret enters the child process env only for the duration of the call.
|
|
#
|
|
# Usage:
|
|
# credbridge.sh <tool> [args...]
|
|
#
|
|
# v0.1 supports: gh (GitHub CLI) — needs github-pat
|
|
# v2 will add: deploy keys, cloud creds (aws/gcp/etc)
|
|
set -euo pipefail
|
|
|
|
CREDCTL="${CREDCTL:-/home/svrnty/workspaces/cortex/L6-svrnty.core-credentials/credctl}"
|
|
|
|
if [ $# -eq 0 ]; then
|
|
echo "usage: credbridge.sh <tool> [args...]" >&2
|
|
echo " supported tools (v0.1): gh" >&2
|
|
exit 2
|
|
fi
|
|
|
|
TOOL="$1"; shift
|
|
|
|
case "$TOOL" in
|
|
gh)
|
|
# GitHub CLI — needs GITHUB_TOKEN from credctl github-pat
|
|
export GITHUB_TOKEN="$($CREDCTL get github-pat --unmask 2>/dev/null | awk '/^Value:/ {print $2}')"
|
|
if [ -z "${GITHUB_TOKEN:-}" ]; then
|
|
echo "ERROR: github-pat not in credctl. Set with: credctl set github-pat" >&2
|
|
exit 3
|
|
fi
|
|
exec gh "$@"
|
|
;;
|
|
*)
|
|
echo "ERROR: unknown tool '$TOOL'" >&2
|
|
echo "supported tools (v0.1): gh" >&2
|
|
exit 2
|
|
;;
|
|
esac
|