hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46b7296cb2
cto/.sot/03-PROTOCOLS/CTO-CASE-STAGE6-REAL-GOVERNED-REFRESH-PRD.md
Svrnty 0e7d5d00ce Plan Stage 6 real governed refresh
2026-06-01 06:59:10 -04:00

5.0 KiB
Raw Blame History

name tier status owner source created last_reviewed lifecycle_classification core_promotion_status description
cto-case-stage6-real-governed-refresh-prd local draft jp .sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PASS-EVIDENCE.md 2026-06-01 2026-06-01 planning not-promoted Child-local PRD for refreshing Stage 6 candidate-default evidence against the first real governed Stage 5 pass.

CTO Case Stage 6 Real Governed Refresh PRD

Local planning SOT only. Not a Core Protocol. Not active Core authority.

Problem Statement

Stage 6 candidate-default comparison was validated before the first real governed Stage 5 Case execution passed. That was useful, but the CTO Product Surface now has stronger evidence: CTO-WORK-049 validated a real approved owned-repo task through the CTO Harness Case seam. Candidate-default readiness should be refreshed against that real pass before any later default discussion.

Solution

Create a bounded Stage 6 refresh route. The route imports the CTO-WORK-049 pass report and Stage 5 proof, compares them against the existing Stage 6 candidate-default criteria, records whether Case still qualifies as candidate-default evidence, and keeps runtime default activation false. The refresh is evidence-only; it does not mutate target repositories or promote Core authority.

Scope

  • Require CTO-WORK-049 pass evidence as the refresh input.
  • Require Harness Evidence Interface artifacts, not conversational claims.
  • Compare the real Stage 5 pass against Stage 6 criteria: report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance.
  • Preserve existing fake, Codex, and Pi lane rationale where applicable.
  • Record candidate-default refresh output as child-local evidence only.
  • Keep runtime default activation false.
  • Keep Core promotion, target mutation, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, and unowned repository mutation out of scope.

Non-Goals

  • Do not make Case the default backend.
  • Do not create a new backend seam.
  • Do not rerun an unapproved real target mutation.
  • Do not replace Stage 6 comparison evidence with a single happy-path result.
  • Do not build Hermes WebUI behavior in this slice.
  • Do not promote CTO artifacts into Core.

Acceptance Criteria

  • Refresh requires CTO-WORK-049 to be validated.
  • Refresh consumes the real pass report path and Stage 5 proof path from CTO-FIRST-REAL-GOVERNED-WORKFLOW-PASS-EVIDENCE.md.
  • Refresh verifies report shape, event validity, allowed-path compliance, failure closure, artifact completeness, forbidden-action closure, and operator acceptance.
  • Refresh records fake, Codex, and Pi comparison status where applicable or blocked with rationale.
  • Refresh records runtime default activation: false.
  • Refresh records no target mutation, push, merge, deploy, close, PR open, issue close, public publication, vendor-source mutation, or unowned repository mutation.
  • Local CTO validator checks this PRD and issue artifact.

Validation

Planning validator: python3 tools/validate_cto_child.py.

Future Hermes focused validator should be a small Stage 6 refresh command that reads existing evidence and writes a comparison artifact without mutating a target repository.

The refresh command must run read-only without mutating a Target Repository.

Risks

  • A refresh artifact may be mistaken for default activation unless the false runtime-default field is explicit.
  • A single real pass can strengthen Stage 6 evidence but cannot replace failure matrix coverage.
  • Re-running real mutation without new approval would violate the governed workflow route.
  • Missing comparison-lane rationale can make candidate-default status look stronger than the evidence supports.

Dependencies

  • CTO-WORK-049 first real governed workflow execution is validated.
  • CTO-WORK-043 Stage 6 candidate-default comparison remains validated.
  • Harness Evidence Interface remains active.
  • Stage 5 proof and pass report remain available.
  • Existing operator acceptance remains recorded.

Challenge Notes

Accepted feedback: The useful next slice is an evidence refresh, not default activation, because the real governed Stage 5 pass happened after the original Stage 6 comparison.

Accepted feedback: The refresh must be read-only over existing artifacts. Re-running Case against the target would require a new approval packet.

Rejected feedback: Building Hermes WebUI now is too broad for this slice because the missing proof is candidate-default evidence freshness, not visualization capacity.

Rejected feedback: Promoting this into Core now is premature because CTO remains child-local planning and runtime default activation remains false.

Success Definition

This slice succeeds when CTO has a validated child-local PRD and issue route for refreshing Stage 6 candidate-default evidence against the first real governed Stage 5 Case pass, without authority drift or new target mutation.