hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d2f574802f
cto/.sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md
Svrnty e2cd0d059c Add first real workflow approval packet
2026-06-01 06:33:51 -04:00

3.7 KiB
Raw Blame History

name tier status owner source created last_reviewed lifecycle_classification core_promotion_status description
cto-first-real-governed-workflow-issues local draft jp .sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-PRD.md 2026-06-01 2026-06-01 planning not-promoted Child-local issue sequence for the first real governed CTO workflow delegation.

CTO First Real Governed Workflow Issues

Local planning SOT only. Not a Core Protocol. Not active Core authority.

Issue Sequence

CTO-WORK-048 - First Real Governed Workflow PRD

Type: AFK

Status: validated.

Blocked by: CTO-WORK-047

What to build: Define the gated route for one real governed coding workflow without executing it or changing backend default status.

Acceptance criteria:

  • PRD requires precise brief or issue.
  • PRD requires current Target Repository admission.
  • PRD requires JP/Hermes approval before mutation.
  • PRD requires Case execution through CTO Harness only.
  • PRD requires Harness Evidence Interface artifacts for acceptance.
  • PRD requires Hermes Control Surface replay paths after execution.
  • PRD keeps runtime default activation false.
  • Local CTO validator checks the PRD.

Validator: python3 tools/validate_cto_child.py

CTO-WORK-049 - First Real Governed Workflow Execution

Type: HITL

Status: candidate.

Blocked by: CTO-WORK-048

What to build: Execute one bounded real coding task through CTO, Hermes approval, CTO Harness, and Case, then record evidence without activating Case as default.

Acceptance criteria:

  • A concrete owned low-risk Target Repository is selected.
  • Target Repository admission is current and references no secrets.
  • A precise task contract exists with allowed paths, forbidden actions, success criteria, validation command, and rollback expectation.
  • JP/Hermes approval is recorded before mutation.
  • Case runs only through CTO Harness.
  • Runtime default activation remains false.
  • Harness Evidence Interface artifacts exist and pass focused validation.
  • Hermes Control Surface exposes replay paths for the run.
  • Operator acceptance or rejection is recorded after verification.
  • Aggregate Harness health passes once before merge and once after merge.

Validator: future focused real-workflow Harness validator, then harness/evals/health.sh --json.

Human gate: JP must approve the concrete Target Repository and task contract before execution.

Readiness packet:

  • CTO-WORK-050 defines the proposed Target Repository, task contract, allowed paths, forbidden actions, validation command, rollback expectation, and exact JP approval sentence.
  • CTO-WORK-049 remains candidate until that approval is given and runtime evidence exists.

CTO-WORK-050 - First Real Governed Workflow Approval Packet

Type: HITL

Status: validated.

Blocked by: CTO-WORK-049

What to build: Define the exact approval packet for the first real governed workflow without mutating the Target Repository.

Acceptance criteria:

  • Packet names the concrete Target Repository.
  • Packet references the existing Target Repository admission source.
  • Packet defines a precise task contract.
  • Packet defines allowed paths.
  • Packet defines forbidden actions and forbidden paths.
  • Packet defines validation command.
  • Packet defines rollback expectation.
  • Packet provides exact JP approval sentence.
  • Packet states execution remains blocked without approval.

Validator: python3 tools/validate_cto_child.py

Granularity Check

This is intentionally two slices. CTO-WORK-048 is planning and route definition. CTO-WORK-049 is the first real execution and remains candidate because it needs JP approval and runtime target selection.