hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b7a7354f97
cto/.sot/03-PROTOCOLS/CTO-GOVERNED-EXECUTION-REQUEST-PRD.md
Svrnty b7a7354f97 Record governed execution request
2026-06-01 07:51:09 -04:00

2.0 KiB
Raw Blame History

name status lifecycle_classification owner created last_reviewed core_promotion_status
CTO Governed Execution Request PRD validated sot jp 2026-06-01 2026-06-01 not-promoted

CTO Governed Execution Request PRD

Local planning SOT only. Not a Core Protocol. Not active Core authority.

Problem

The CTO stack has an exact approval packet and Hermes can show it, but there is no durable governed execution request that records the proposed action before any backend runs.

The next useful step is a governed execution request that creates a non-mutating execution request record. The record must preserve the exact approval packet, admitted target repository, allowed paths, Harness command, proof pointers, and blocked actions.

Scope

  • Create a local CTO planning record for the approved candidate task shape.
  • Keep approval_granted: false.
  • Keep execution_allowed: false.
  • Name the admitted target repository and allowed paths.
  • Name the Harness command that would run only after approval.
  • Preserve that JP approval is still required before execution.

Non-goals

  • Do not execute Case.
  • Do not activate Case as default backend.
  • Do not mutate target repositories.
  • Do not edit upstream hermes-agent.
  • Do not edit upstream hermes-webui.
  • Do not change Core authority.

Acceptance Criteria

  • WORKBOARD.yaml records CTO-WORK-066 and CTO-WORK-067 as validated.
  • The governed execution request includes approval_granted: false.
  • The governed execution request includes execution_allowed: false.
  • Runtime default activation remains false.
  • JP approval is still required before execution.
  • Local validation checks the new record and its guardrails.

Validation

  • python3 tools/validate_cto_child.py
  • python3 /home/svrnty/workspaces/cortex-os/core/tools/check_s69_caveman_prose_discipline.py

Risk

The main risk is accidentally treating request creation as execution approval. The guardrail is explicit: Do not execute Case. Do not mutate target repositories. JP approval is still required before execution.