hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46b7296cb2
cto/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-REQUEST-PRD.md
Svrnty b7a7354f97 Record governed execution request
2026-06-01 07:51:09 -04:00

56 lines
2.0 KiB
Markdown
Raw Blame History

---
name: CTO Governed Execution Request PRD
status: validated
lifecycle_classification: sot
owner: jp
created: 2026-06-01
last_reviewed: 2026-06-01
core_promotion_status: not-promoted
---
# CTO Governed Execution Request PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem
The CTO stack has an exact approval packet and Hermes can show it, but there is no durable governed execution request that records the proposed action before any backend runs.
The next useful step is a governed execution request that creates a non-mutating execution request record. The record must preserve the exact approval packet, admitted target repository, allowed paths, Harness command, proof pointers, and blocked actions.
## Scope
- Create a local CTO planning record for the approved candidate task shape.
- Keep `approval_granted: false`.
- Keep `execution_allowed: false`.
- Name the admitted target repository and allowed paths.
- Name the Harness command that would run only after approval.
- Preserve that JP approval is still required before execution.
## Non-goals
- Do not execute Case.
- Do not activate Case as default backend.
- Do not mutate target repositories.
- Do not edit upstream `hermes-agent`.
- Do not edit upstream `hermes-webui`.
- Do not change Core authority.
## Acceptance Criteria
- `WORKBOARD.yaml` records `CTO-WORK-066` and `CTO-WORK-067` as validated.
- The governed execution request includes `approval_granted: false`.
- The governed execution request includes `execution_allowed: false`.
- Runtime default activation remains false.
- JP approval is still required before execution.
- Local validation checks the new record and its guardrails.
## Validation
- `python3 tools/validate_cto_child.py`
- `python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py`
## Risk
The main risk is accidentally treating request creation as execution approval. The guardrail is explicit: Do not execute Case. Do not mutate target repositories. JP approval is still required before execution.
Reference in New Issue View Git Blame Copy Permalink