4.0 KiB
| name | tier | status | owner | source | created | last_reviewed | lifecycle_classification | core_promotion_status | description |
|---|---|---|---|---|---|---|---|---|---|
| cto-case-stage4-disposable-sandbox-issues | local | draft | jp | .sot/03-PROTOCOLS/CTO-CASE-STAGE4-DISPOSABLE-SANDBOX-PRD.md | 2026-06-01 | 2026-06-01 | planning | not-promoted | Child-local issue sequence for Stage 4 Case disposable sandbox repository proof. |
CTO Case Stage 4 Disposable Sandbox Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Issue Sequence
CTO-WORK-035 - Stage 4 Disposable Sandbox PRD
Type: AFK
Status: validated.
Blocked by: CTO-WORK-034
User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.
What to build: Define the Stage 4 disposable sandbox repository proof before implementation starts.
Acceptance criteria:
- PRD states Stage 4 allowed mutation scope is
disposable repository only. - PRD requires Stage 3 validation before Stage 4.
- PRD requires
CTO_HARNESS_ALLOW_CASE=1andCTO_HARNESS_CASE_STAGE=4. - PRD requires approval requested/granted/denied events.
- PRD requires branch policy proof.
- PRD forbids push, merge, deploy, close, PR open, public publication, Target Repository mutation, source repository mutation, Case source mutation, vendor source mutation, Hermes WebUI mutation, and Cortex Core mutation.
- PRD requires full Harness Evidence Interface artifacts.
- PRD requires approval-denied, reviewer-reject, timeout, provider-unavailable, dirty-ending-tree, and disallowed-file failure fixtures.
- Local CTO validator checks Stage 4 PRD and issue artifact.
Allowed files: CTO child workspace planning docs and local validator only.
Validator: python3 tools/validate_cto_child.py
Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit.
CTO-WORK-036 - Stage 4 Harness Disposable Sandbox Route
Type: AFK
Status: blocked.
Blocked by: CTO-WORK-035
User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.
What to build: In /home/svrnty/workspaces/hermes/cto/harness, implement the Stage 4 disposable sandbox repository route behind the existing case engine seam.
Acceptance criteria:
caseremains disabled by default.CTO_HARNESS_ALLOW_CASE=1remains required.CTO_HARNESS_CASE_STAGE=4is required before disposable sandbox Case execution.- Missing Stage 4 gate emits blocked evidence and does not run Case.
- Approval denied blocks before mutation.
- Approval granted is recorded before mutation.
- Branch policy proof is recorded.
- Case mutates only the disposable repository.
- No Target Repository path is inspected or copied.
- No push, merge, deploy, close, PR open, or public publication occurs by default.
- Required artifacts include approval proof, branch proof, sandbox disposal or retention note,
report.json,report.md,events.normalized.jsonl,trace.jsonl,patch.diff,test.log, and backend logs. - Failure fixtures fail closed for approval denied, reviewer reject, timeout, provider unavailable, dirty ending tree, and disallowed file.
- Fake remains the default validation lane and broad health remains green after focused Stage 4 validation.
Allowed files: Hermes CTO harness engine, disposable sandbox fixtures, focused Stage 4 validator, harness docs, and tests. WebUI, Core, Case source, vendor source, source repository, Target Repository, owned noncritical repositories, production repositories, and external developer repositories are forbidden.
Validator: python3 harness/runner/validate-case-stage4.py --harness-root harness --json, then harness/evals/health.sh --json.
Done evidence: Stage 4 pass report, failure fixture reports, approval proof, branch proof, sandbox disposal or retention note, artifact digests, clean worktree, commit.
Granularity Check
This is intentionally two slices: one planning route and one executable harness route. Stage 4 adds approval and disposable repository policy, which are distinct from Stage 3 copied-repo non-mutation proof.