cto (repo) · cto-planb (Hermes profile)

A Chief Technology Officer agent for Hermes, built for Plan B (Québec fresh prepared-meals). CTO is being upgraded into the primary WebUI coding agent: it reads/searches/patches/runs/verifies scoped work directly, delegates independent review/exploration, uses sandcastle for background isolated branch jobs, and requests JP approval for deploy, push, secret, production-data, cron, or infra actions.

Instance #3 of the C-suite profile distribution family (CMO = #1, CEO = #2, CTO = #3). This repo is cto/; the deployed Hermes profile is cto-planb. Built to the canonical protocol at ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md.

Status: v2.0 migration in progress per CTO-WEBUI-CODING-AGENT-PRD.md. Static validation, required skills, and eval expectations are now part of the profile; live WebUI runtime parity remains gated by eval evidence.

• Identity: AGENT.md — role, mission, boundaries
• Behavior contract: CONTRACT.md — what CTO does, does NOT do, edge cases (tier T1)
• Protocol: ../sot/03-PROTOCOLS/PROFILE-DISTRIBUTION-PROTOCOL.md
• Background job backend: ../sandcastle/ — Matt Pocock's sandboxed agent orchestrator (MIT, pinned v0.5.11; read-only)

Layout

cto/
├── AGENT.md  CONTRACT.md  CLAUDE.md  README.md
├── manifest.yaml  distribution.yaml  install.sh  credbridge.sh
├── lib/cto-worker.sh                 # sandcastle invocation + PR opening + 5W helper
├── skills/
│   ├── cto-agent/SKILL.md            # supervisor and profile protocol
│   ├── cto-direct-coder/SKILL.md     # direct inspect-plan-patch-test-report loop
│   ├── cto-repo-contract/SKILL.md    # workspace contract and protected paths
│   ├── cto-python-toolkit/SKILL.md   # Python stack patterns (workspace-anchored)
│   ├── cto-angular-toolkit/SKILL.md  # Angular stack patterns (adwright-anchored)
│   ├── cto-dotnet-toolkit/SKILL.md   # .NET/CQRS stack patterns (cortex-anchored)
│   ├── cto-frontend-visual-qa/SKILL.md
│   ├── cto-sandbox-job/SKILL.md
│   ├── cto-reviewer/SKILL.md
│   ├── cto-evals/SKILL.md
│   └── cto-capsule-writer/SKILL.md
├── evals/                            # promotion/regression expectations
└── schema.sql                        # cto.db built from this; never committed

Install

git clone https://git.openharbor.io/hermes/cto && cd cto
./install.sh                              # symlink + skills register + hermes profile install
hermes -p cto-planb skills list | grep cto-agent
hermes kanban assignees | grep cto-planb  # verify dispatch-ready

Default install symlinks ~/.hermes/cto-planb → this repo (repo is canonical, edits land live).

Key invariants

• CTO defaults to scoped direct WebUI coding for R1 work and uses Sandcastle for background isolated jobs
• No deploy without JP approval (merge-to-main = deploy gate; CTO never gh pr merge)
• No infrastructure changes without JP approval (DNS, certs, secrets, cron, cloud)
• No edits to ../sandcastle/ (read-only mirror)
• Focused skill set only; no broad inherited skill library
• Every kanban task closes via kanban complete or kanban block — no protocol violations

Roadmap

Component	v1.0 (current)	v1.1 (next)	v2 (deferred)
cto-agent/SKILL.md	supervisor/direct-coder protocol	event/runtime hardening	production parity after evals
Sandcastle invocation	background job backend	provider-swap (docker → vercel for parallel)	—
Toolkit skills	Python + Angular + .NET/CQRS	extract Python/Angular to cortex/L6-svrnty.lib-{python,angular}-framework when usage justifies; .NET remains anchored to existing cortex CQRS tooling	—
Approval gate	kanban_block on deploy-adjacent	richer escalation w/ JP DM	deploy gate (CI/CD wired)
Observability	stdout 5W	metrics endpoint emit	Grafana/Prometheus MCPs
IaC	—	—	Terraform/Pulumi orchestration

Related

• ../sandcastle/CONTEXT.md — sandcastle terminology (read before writing any invocation)
• ../cmo/ — C-suite reference impl #1 (thick capability pattern)
• ../ceo/ — C-suite reference impl #2