hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46b7296cb2
cto/.sot/03-PROTOCOLS/CTO-CASE-STAGE4-DISPOSABLE-SANDBOX-ISSUES.md
Svrnty ba0499802c Record Case Stage 4 pass evidence
2026-05-31 23:38:22 -04:00

4.9 KiB
Raw Blame History

name tier status owner source created last_reviewed lifecycle_classification core_promotion_status description
cto-case-stage4-disposable-sandbox-issues local draft jp .sot/03-PROTOCOLS/CTO-CASE-STAGE4-DISPOSABLE-SANDBOX-PRD.md 2026-06-01 2026-06-01 planning not-promoted Child-local issue sequence for Stage 4 Case disposable sandbox repository proof.

CTO Case Stage 4 Disposable Sandbox Issues

Local planning SOT only. Not a Core Protocol. Not active Core authority.

Issue Sequence

CTO-WORK-035 - Stage 4 Disposable Sandbox PRD

Type: AFK

Status: validated.

Blocked by: CTO-WORK-034

User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.

What to build: Define the Stage 4 disposable sandbox repository proof before implementation starts.

Acceptance criteria:

  • PRD states Stage 4 allowed mutation scope is disposable repository only.
  • PRD requires Stage 3 validation before Stage 4.
  • PRD requires CTO_HARNESS_ALLOW_CASE=1 and CTO_HARNESS_CASE_STAGE=4.
  • PRD requires approval requested/granted/denied events.
  • PRD requires branch policy proof.
  • PRD forbids push, merge, deploy, close, PR open, public publication, Target Repository mutation, source repository mutation, Case source mutation, vendor source mutation, Hermes WebUI mutation, and Cortex Core mutation.
  • PRD requires full Harness Evidence Interface artifacts.
  • PRD requires approval-denied, reviewer-reject, timeout, provider-unavailable, dirty-ending-tree, and disallowed-file failure fixtures.
  • Local CTO validator checks Stage 4 PRD and issue artifact.

Allowed files: CTO child workspace planning docs and local validator only.

Validator: python3 tools/validate_cto_child.py

Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit.

CTO-WORK-036 - Stage 4 Harness Disposable Sandbox Route

Type: AFK

Status: validated.

Blocked by: CTO-WORK-035

User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.

What to build: In /home/svrnty/workspaces/hermes/cto/harness, implement the Stage 4 disposable sandbox repository route behind the existing case engine seam.

Acceptance criteria:

  • case remains disabled by default.
  • CTO_HARNESS_ALLOW_CASE=1 remains required.
  • CTO_HARNESS_CASE_STAGE=4 is required before disposable sandbox Case execution.
  • Missing Stage 4 gate emits blocked evidence and does not run Case.
  • Approval denied blocks before mutation.
  • Approval granted is recorded before mutation.
  • Branch policy proof is recorded.
  • Case mutates only the disposable repository.
  • No Target Repository path is inspected or copied.
  • No push, merge, deploy, close, PR open, or public publication occurs by default.
  • Required artifacts include approval proof, branch proof, sandbox disposal or retention note, report.json, report.md, events.normalized.jsonl, trace.jsonl, patch.diff, test.log, and backend logs.
  • Failure fixtures fail closed for approval denied, reviewer reject, timeout, provider unavailable, dirty ending tree, and disallowed file.
  • Fake remains the default validation lane and broad health remains green after focused Stage 4 validation.

Allowed files: Hermes CTO harness engine, disposable sandbox fixtures, focused Stage 4 validator, harness docs, and tests. WebUI, Core, Case source, vendor source, source repository, Target Repository, owned noncritical repositories, production repositories, and external developer repositories are forbidden.

Validator: python3 harness/runner/validate-case-stage4.py --harness-root harness --json, then harness/evals/health.sh --json.

Done evidence:

  • Hermes commit: 033fec8 Add Case Stage 4 disposable sandbox proof.
  • Focused Stage 4 validator on Hermes main: python3 harness/runner/validate-case-stage4.py --harness-root harness --json.
  • Focused Stage 4 validator status: ok: true.
  • Stage 4 pass artifact: /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T033647Z-r1-string-slugify-3113348.
  • Stage 4 proof artifact: /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T033647Z-r1-string-slugify-3113348/stage4-disposable-sandbox-proof.json.
  • Failure fixture reports: /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T033647Z-r1-string-slugify-3112997/report.json and /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T033647Z-r1-string-slugify-3113296/report.json.
  • Post-merge aggregate Harness health: harness/evals/health.sh --json, status pass.
  • Aggregate matrix artifact: /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T033659Z-run-all-fake-3114983/report.json.

Granularity Check

This is intentionally two slices: one planning route and one executable harness route. Stage 4 adds approval and disposable repository policy, which are distinct from Stage 3 copied-repo non-mutation proof.