hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
51546ccbf5
cto/.sot/03-PROTOCOLS/CTO-CASE-STAGE5-OWNED-NONCRITICAL-REPO-ISSUES.md
Svrnty 51546ccbf5 Admit Stage 5 target sandbox repo
2026-06-01 05:52:55 -04:00

11 KiB
Raw Blame History

name tier status owner source created last_reviewed lifecycle_classification core_promotion_status description
cto-case-stage5-owned-noncritical-repo-issues local draft jp .sot/03-PROTOCOLS/CTO-CASE-STAGE5-OWNED-NONCRITICAL-REPO-PRD.md 2026-06-01 2026-06-01 planning not-promoted Child-local issue sequence for Stage 5 Case owned noncritical repository proof.

CTO Case Stage 5 Owned Noncritical Repository Issues

Local planning SOT only. Not a Core Protocol. Not active Core authority.

Issue Sequence

CTO-WORK-037 - Stage 5 Owned Noncritical Repo PRD

Type: AFK

Status: validated.

Blocked by: CTO-WORK-036

User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.

What to build: Define the Stage 5 owned noncritical repository proof before implementation starts.

Acceptance criteria:

  • PRD states Stage 5 allowed mutation scope is explicitly owned low-risk repository only.
  • PRD requires Stage 4 validation before Stage 5.
  • PRD requires CTO_HARNESS_ALLOW_CASE=1 and CTO_HARNESS_CASE_STAGE=5.
  • PRD requires Target Repository ownership proof and noncritical classification.
  • PRD requires approval requested/granted/denied events before mutation.
  • PRD requires allowed paths and forbidden actions before mutation.
  • PRD separates operator acceptance or rejection from test pass.
  • PRD forbids push, merge, deploy, close, PR open, issue close, public publication, critical repository mutation, unowned repository mutation, Case source mutation, vendor source mutation, Hermes WebUI mutation, and Cortex Core mutation.
  • PRD requires full Harness Evidence Interface artifacts.
  • PRD requires approval-denied, unowned-repository, critical-repository, disallowed-file, dirty-starting-tree, dirty-ending-tree, failed-tests, timeout, provider-unavailable, and missing-operator-outcome failure fixtures.
  • Local CTO validator checks Stage 5 PRD and issue artifact.

Allowed files: CTO child workspace planning docs and local validator only.

Validator: python3 tools/validate_cto_child.py

Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit.

CTO-WORK-038 - Stage 5 Harness Owned Noncritical Repo Route

Type: HITL

Status: blocked.

Blocked by: CTO-WORK-037, CTO-WORK-039, CTO-WORK-040, and explicit JP selection or approval of an owned low-risk noncritical Target Repository.

User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.

What to build: In /home/svrnty/workspaces/hermes/cto/harness, implement the Stage 5 owned noncritical repository route behind the existing case engine seam.

Acceptance criteria:

  • case remains disabled by default.
  • CTO_HARNESS_ALLOW_CASE=1 remains required.
  • CTO_HARNESS_CASE_STAGE=5 is required before owned noncritical repository execution.
  • Missing Stage 5 gate emits blocked evidence and does not run Case.
  • Target Repository admission proof records owner, path, noncritical classification, allowed paths, forbidden actions, and approval source.
  • Unowned or critical repository admission blocks before mutation.
  • Approval denied blocks before mutation.
  • Approval granted is recorded before mutation.
  • Case mutates only allowed paths inside the admitted Target Repository.
  • No push, merge, deploy, close, PR open, issue close, or public publication occurs by default.
  • Operator acceptance or rejection is recorded after verification.
  • Required artifacts include Target Repository admission proof, approval proof, allowed-path proof, forbidden-action proof, operator outcome, report.json, report.md, events.normalized.jsonl, trace.jsonl, patch.diff, test.log, backend logs, artifact digests, and freshness proof.
  • Failure fixtures fail closed for approval denied, unowned repository, critical repository, disallowed file, dirty starting tree, dirty ending tree, failed tests, timeout, provider unavailable, and missing operator outcome.
  • Fake remains the default validation lane and broad health remains green after focused Stage 5 validation.

Allowed files: Hermes CTO harness engine, owned noncritical repo fixture admission records, focused Stage 5 validator, harness docs, and tests. WebUI, Core, Case source, vendor source, unowned repositories, critical repositories, production repositories, and external developer repositories are forbidden.

Validator: python3 harness/runner/validate-case-stage5.py --harness-root harness --json, then harness/evals/health.sh --json.

Done evidence: Stage 5 pass report, failure fixture reports, Target Repository admission proof, approval proof, allowed-path proof, forbidden-action proof, operator outcome, artifact digests, clean worktree, commit.

CTO-WORK-039 - Stage 5 Target Repository Admission Template

Type: AFK

Status: validated.

Blocked by: CTO-WORK-037

User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.

What to build: Define the validator-readable Target Repository admission template required before Stage 5 can execute against any owned noncritical repository.

Acceptance criteria:

  • Template states it does not admit any repository.
  • Template requires admission_status, target_repository_path, repository_owner, ownership_evidence, risk_classification, noncritical_rationale, allowed_paths, forbidden_paths, forbidden_actions, approval_source, approval_timestamp, operator_outcome_required, and review_trigger.
  • Template requires risk_classification to be low_risk_noncritical.
  • Template requires missing admission, missing ownership evidence, critical classification, empty allowed paths, missing forbidden actions, missing approval, and missing operator outcome requirement to block before case_process_started.
  • Template forbids treating the template as Case execution authority.
  • Local CTO validator checks the template artifact.

Allowed files: CTO child workspace planning docs and local validator only.

Validator: python3 tools/validate_cto_child.py

Done evidence: template artifact, issue reference, validator JSON, clean worktree, commit.

CTO-WORK-040 - Stage 5 Target Repository Admission Record

Type: HITL

Status: validated.

Blocked by: CTO-WORK-039 and explicit JP selection or approval of an owned low-risk noncritical Target Repository.

User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.

What to build: Maintain the concrete Stage 5 Target Repository admission record. The current record is intentionally not_admitted and blocks Stage 5 execution until JP supplies the repository path, ownership proof, noncritical rationale, allowed paths, forbidden paths, and approval metadata.

Acceptance criteria:

  • Admission record exists as JSON.
  • Admission record status is not_admitted by default.
  • Admission record contains no repository path until JP approves one.
  • Admission record contains no secrets or credentials.
  • Admission record includes all required forbidden actions.
  • Admission record requires operator outcome.
  • Local CTO validator checks the safe blocked record state.
  • JP supplies an owned low-risk noncritical repository path.
  • JP supplies ownership evidence.
  • JP supplies noncritical rationale.
  • JP supplies allowed paths and forbidden paths.
  • JP supplies approval source and approval timestamp.
  • Admission record is updated to admitted only after all required fields are present.

Allowed files: CTO child workspace planning docs and local validator only until a concrete Target Repository is approved.

Validator: python3 tools/validate_cto_child.py

Done evidence: admitted Target Repository admission JSON, dedicated sandbox repo initial commit, issue reference, validator JSON, clean worktree, commit.

CTO-WORK-041 - Stage 5 Harness Target Admission Preflight

Type: AFK

Status: validated.

Blocked by: CTO-WORK-039

User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.

What to build: Implement the Stage 5 Harness preflight that blocks missing, invalid, or not_admitted Target Repository admission before Case process start and before owned repository mutation.

Acceptance criteria:

  • case remains disabled by default.
  • CTO_HARNESS_ALLOW_CASE=1 remains required.
  • CTO_HARNESS_CASE_STAGE=5 is recognized only as a gated Stage 5 route.
  • Missing Stage 5 gate emits blocked evidence and does not run Case.
  • Missing Target Repository admission file blocks before case_process_started.
  • not_admitted Target Repository admission blocks before case_process_started.
  • Blocked reports record allowed_mutation_scope: explicitly owned low-risk repository only.
  • Blocked reports do not expose a Target Repository path.
  • Fake remains the default validation lane and broad health remains green after focused Stage 5 preflight validation.

Allowed files: Hermes CTO harness engine, focused Stage 5 validator, harness docs, and tests. WebUI, Core, Case source, vendor source, unowned repositories, critical repositories, production repositories, and external developer repositories are forbidden.

Validator: python3 harness/runner/validate-case-stage5.py --harness-root harness --json, then harness/evals/health.sh --json.

Done evidence:

  • Hermes commit: 6e68a1a Add Case Stage 5 target admission preflight.
  • Focused Stage 5 validator on Hermes main: python3 harness/runner/validate-case-stage5.py --harness-root harness --json.
  • Focused Stage 5 validator status: ok: true.
  • Failure fixture reports: /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T035339Z-r1-string-slugify-3187514/report.json, /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T035339Z-r1-string-slugify-3187546/report.json, and /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T035340Z-r1-string-slugify-3187577/report.json.
  • Post-merge aggregate Harness health: harness/evals/health.sh --json, status pass.
  • Aggregate matrix artifact: /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260601T035347Z-run-all-fake-3188313/report.json.
  • This validates Stage 5 admission preflight only. Stage 5 owned repository execution remains blocked by CTO-WORK-040.

Validation evidence for CTO-WORK-040:

  • Target repo: /home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox.
  • Target repo owner: jp.
  • Target repo risk classification: low_risk_noncritical.
  • Allowed paths: src/, tests/, README.md.
  • Forbidden paths include secret, deploy, infra, workflow, dependency-lock, vendor, and .git/ paths.
  • Admission status: admitted.

Granularity Check

This is intentionally two slices: one planning route and one executable harness route. Stage 5 is not over-granular because it is the first proof involving an admitted owned repository and must separate repository ownership, approval, allowed paths, verification, and operator outcome before default candidacy.