124 lines
3.4 KiB
Markdown
124 lines
3.4 KiB
Markdown
---
|
|
name: cto-first-real-governed-workflow-approval-packet
|
|
tier: local
|
|
status: validated
|
|
owner: jp
|
|
source: .sot/03-PROTOCOLS/CTO-FIRST-REAL-GOVERNED-WORKFLOW-ISSUES.md
|
|
created: 2026-06-01
|
|
last_reviewed: 2026-06-01
|
|
lifecycle_classification: planning
|
|
core_promotion_status: not-promoted
|
|
description: Child-local approval packet for the first real governed CTO workflow execution.
|
|
---
|
|
|
|
# CTO First Real Governed Workflow Approval Packet
|
|
|
|
Local planning SOT only. Not a Core Protocol. Not active Core authority.
|
|
|
|
## Status
|
|
|
|
Status: validated as an approval packet only.
|
|
|
|
This packet does not authorize execution. `CTO-WORK-049` remains candidate until JP approves the exact Target Repository and task contract.
|
|
|
|
## Proposed Target Repository
|
|
|
|
- Target Repository: `/home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox`
|
|
- Admission source: `.sot/03-PROTOCOLS/CTO-CASE-STAGE5-TARGET-REPOSITORY-ADMISSION.json`
|
|
- Admission status: `admitted`
|
|
- Repository owner: `jp`
|
|
- Risk classification: `low_risk_noncritical`
|
|
- Current observed state: clean `main` branch before approval packet creation
|
|
|
|
## Proposed Task Contract
|
|
|
|
Task: align `src/strings.py` `slugify` behavior with the already-proven root `strings.py` implementation and add coverage for repeated and outer whitespace.
|
|
|
|
Allowed paths:
|
|
|
|
- `src/strings.py`
|
|
- `test_strings.py`
|
|
|
|
Forbidden actions:
|
|
|
|
- push
|
|
- merge
|
|
- deploy
|
|
- close
|
|
- pr_open
|
|
- issue_close
|
|
- public_publication
|
|
- credential_change
|
|
- vendor_source_mutation
|
|
- cortex_core_mutation
|
|
|
|
Forbidden paths:
|
|
|
|
- `.env`
|
|
- `.env.*`
|
|
- `secrets/`
|
|
- `credentials/`
|
|
- `deploy/`
|
|
- `infra/`
|
|
- `.github/workflows/`
|
|
- `.git/`
|
|
|
|
Success criteria:
|
|
|
|
- `src/strings.py` uses whitespace-splitting slug behavior equivalent to root `strings.py`.
|
|
- `test_strings.py` includes coverage for repeated spaces and outer spaces through the `src.strings` implementation.
|
|
- Target repository ends clean after Harness post-processing.
|
|
- Harness Evidence Interface artifacts exist.
|
|
- Hermes Control Surface can expose replay paths after execution.
|
|
- Runtime default activation remains false.
|
|
|
|
Validation command:
|
|
|
|
```bash
|
|
python3 -m pytest -q
|
|
```
|
|
|
|
Rollback expectation:
|
|
|
|
- Revert the single target commit created by the Harness if JP rejects the operator outcome.
|
|
- Do not push, merge, deploy, publish, or open a PR.
|
|
|
|
## Required Approval
|
|
|
|
Before execution, JP must approve this exact sentence:
|
|
|
|
```text
|
|
I approve CTO-WORK-049 against /home/svrnty/workspaces/cortex-os/cto-stage5-target-sandbox for the src/strings.py slugify alignment task.
|
|
```
|
|
|
|
Without that exact approval, execution remains blocked.
|
|
|
|
## Execution Gate
|
|
|
|
Execution must use only the CTO Harness Case seam with:
|
|
|
|
- `CTO_HARNESS_ALLOW_CASE=1`
|
|
- `CTO_HARNESS_CASE_STAGE=5`
|
|
- `CTO_HARNESS_CASE_STAGE5_TARGET_ADMISSION_FILE` pointing to the admitted Target Repository record
|
|
- `CTO_HARNESS_CASE_STAGE5_OPERATOR_OUTCOME` recorded after verification
|
|
|
|
Case must not choose target, scope, authority, approval, success criteria, or default status.
|
|
|
|
## Evidence Required After Execution
|
|
|
|
- `report.json`
|
|
- `report.md`
|
|
- `events.normalized.jsonl`
|
|
- `trace.jsonl`
|
|
- `patch.diff`
|
|
- `test.log`
|
|
- backend logs
|
|
- artifact digests
|
|
- freshness proof
|
|
- stage5 owned repo proof
|
|
- Hermes Control Surface summary path
|
|
|
|
## Non-Authority Notice
|
|
|
|
This approval packet is child-local planning. It does not promote CTO artifacts into Core, does not activate Case as default backend, and does not authorize mutation before JP approval.
|