hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e058760f79
cto/README.md
Svrnty 10f919746e feat(cto): v1.0 MVP — executable orchestrator + cto-worker.sh helper 
skills/cto-agent/SKILL.md: bumped 0.1.0 → 1.0.0; drop "v0.1 stub" banner;
operating loop now concrete (no more "v1.0 will…"); add explicit kanban
worker contract (kanban_complete | kanban_block required at task end —
fixes the protocol-violation noise observed in CTO validation testing).
Routing table updated: Python → cto-python-toolkit, Angular →
cto-angular-toolkit (the dedicated stack skills built earlier).
Added sot/-spec frontmatter fields (tier T2, status active, owner, source,
last_reviewed) per PROFILE-DISTRIBUTION-PROTOCOL §2.1.

lib/cto-worker.sh: orchestrator helper. 3 commands:
  - sandcastle <work-id> <target> <prompt> [provider] → invoke sandcastle
    via npx tsx + claudeCode + docker (default). Blocks reads against
    read-only siblings (hermes-agent, hermes-webui, marketingskills,
    sandcastle).
  - open-pr <work-id> <target> <title> <body> → resolves github-pat via
    credbridge (never in argv), pushes branch, creates PR. Returns URL.
  - emit-5w <work-id> <status> <summary> → prints 5W block (stdout
    captured by Hermes into kanban completion).

install.sh: invokes `hermes profile install --yes --force` for dispatch
readiness; chmod +x cto-worker.sh; drops v0.1 scaffold messages; sandcastle
sibling now REQUIRED (was just a WARN). Adds matching DRY echoes.

manifest.yaml + distribution.yaml: version 0.1.0 → 1.0.0; distribution_owned
adds lib/.

README.md: status v0.1 scaffold → v1.0 MVP; layout reflects 3 skills + lib/;
roadmap table refactored (v1.0 current / v1.1 next / v2 deferred).

Verified: hermes profile install → "✓ Installed 'cto-planb' v1.0.0".

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-24 13:02:10 -04:00

64 lines
3.9 KiB
Markdown
Raw Blame History

# cto (repo) · cto-planb (Hermes profile)
A **Chief Technology Officer** agent for [Hermes](https://git.openharbor.io/hermes/hermes), built for Plan B (Québec fresh prepared-meals). **Thin orchestrator:** decomposes JP/CEO tech goals, invokes [`sandcastle`](../sandcastle/) to run code-modifying agents in isolated Docker/Podman/Vercel sandboxes, judges resulting diffs, opens PRs for human review, and requests JP approval for any deploy. Never deploys directly.
**Instance #3 of the C-suite profile distribution family** (CMO = #1, CEO = #2, CTO = #3). This repo is `cto/`; the deployed Hermes profile is `cto-planb`. Built to the canonical protocol at [`../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md`](../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md).
> **Status:** v1.0 MVP. Executable `cto-agent` orchestrator + `cto-worker.sh` sandcastle helper + 2 toolkit skills (Python + Angular, anchored to real workspace codebases). Approval gate enforced via kanban `block` for deploy-adjacent escalations; CTO never `gh pr merge` autonomously.
- **Identity:** [`AGENT.md`](AGENT.md) — role, mission, boundaries
- **Behavior contract:** [`CONTRACT.md`](CONTRACT.md) — what CTO does, does NOT do, edge cases (tier T1)
- **Protocol:** [`../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md`](../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md)
- **Primary tool:** [`../sandcastle/`](../sandcastle/) — Matt Pocock's sandboxed agent orchestrator (MIT, pinned v0.5.11; read-only)
## Layout
```
cto/
├── AGENT.md CONTRACT.md CLAUDE.md README.md
├── manifest.yaml distribution.yaml install.sh credbridge.sh
├── lib/cto-worker.sh # sandcastle invocation + PR opening + 5W helper
├── skills/
│ ├── cto-agent/SKILL.md # orchestrator (v1.0 executable)
│ ├── cto-python-toolkit/SKILL.md # Python stack patterns (workspace-anchored)
│ └── cto-angular-toolkit/SKILL.md # Angular stack patterns (adwright-anchored)
└── schema.sql # cto.db built from this; never committed
```
## Install
```bash
git clone https://git.openharbor.io/hermes/cto && cd cto
./install.sh # symlink + skills register + hermes profile install
hermes -p cto-planb skills list | grep cto-agent
hermes kanban assignees | grep cto-planb # verify dispatch-ready
```
Default install **symlinks** `~/.hermes/cto-planb` → this repo (repo is canonical, edits land live).
## Key invariants
- CTO orchestrates via sandcastle, never edits host code directly
- No deploy without JP approval (merge-to-main = deploy gate; CTO never `gh pr merge`)
- No infrastructure changes without JP approval (DNS, certs, secrets, cron, cloud)
- No edits to `../sandcastle/` (read-only mirror)
- Thin orchestrator (3 skills: cto-agent + 2 stack toolkits), NOT a 40-skill library
- Every kanban task closes via `kanban complete` or `kanban block` — no protocol violations
## Roadmap
| Component | v1.0 (current) | v1.1 (next) | v2 (deferred) |
|---|---|---|---|
| `cto-agent/SKILL.md` | executable | iteration loop (auto-rerun on test-failure) | sub-agent profiles (coder/reviewer/deployer) |
| Sandcastle invocation | docker default via cto-worker.sh | provider-swap (docker → vercel for parallel) | — |
| Toolkit skills | Python + Angular | extract to cortex/L6-svrnty.lib-{python,angular}-framework | — |
| Approval gate | kanban_block on deploy-adjacent | richer escalation w/ JP DM | deploy gate (CI/CD wired) |
| Observability | stdout 5W | metrics endpoint emit | Grafana/Prometheus MCPs |
| IaC | — | — | Terraform/Pulumi orchestration |
## Related
- [`../sandcastle/CONTEXT.md`](../sandcastle/CONTEXT.md) — sandcastle terminology (read before writing any invocation)
- [`../cmo/`](../cmo/) — C-suite reference impl #1 (thick capability pattern)
- [`../ceo/`](../ceo/) — C-suite reference impl #2 (thin orchestrator pattern — CTO follows this)
Reference in New Issue View Git Blame Copy Permalink