hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f8a6d6873d
cto/.sot/03-PROTOCOLS/CTO-CASE-STAGE5-OWNED-NONCRITICAL-REPO-ISSUES.md

6.4 KiB
Raw Blame History

name tier status owner source created last_reviewed lifecycle_classification core_promotion_status description
cto-case-stage5-owned-noncritical-repo-issues local draft jp .sot/03-PROTOCOLS/CTO-CASE-STAGE5-OWNED-NONCRITICAL-REPO-PRD.md 2026-06-01 2026-06-01 planning not-promoted Child-local issue sequence for Stage 5 Case owned noncritical repository proof.

CTO Case Stage 5 Owned Noncritical Repository Issues

Local planning SOT only. Not a Core Protocol. Not active Core authority.

Issue Sequence

CTO-WORK-037 - Stage 5 Owned Noncritical Repo PRD

Type: AFK

Status: validated.

Blocked by: CTO-WORK-036

User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.

What to build: Define the Stage 5 owned noncritical repository proof before implementation starts.

Acceptance criteria:

  • PRD states Stage 5 allowed mutation scope is explicitly owned low-risk repository only.
  • PRD requires Stage 4 validation before Stage 5.
  • PRD requires CTO_HARNESS_ALLOW_CASE=1 and CTO_HARNESS_CASE_STAGE=5.
  • PRD requires Target Repository ownership proof and noncritical classification.
  • PRD requires approval requested/granted/denied events before mutation.
  • PRD requires allowed paths and forbidden actions before mutation.
  • PRD separates operator acceptance or rejection from test pass.
  • PRD forbids push, merge, deploy, close, PR open, issue close, public publication, critical repository mutation, unowned repository mutation, Case source mutation, vendor source mutation, Hermes WebUI mutation, and Cortex Core mutation.
  • PRD requires full Harness Evidence Interface artifacts.
  • PRD requires approval-denied, unowned-repository, critical-repository, disallowed-file, dirty-starting-tree, dirty-ending-tree, failed-tests, timeout, provider-unavailable, and missing-operator-outcome failure fixtures.
  • Local CTO validator checks Stage 5 PRD and issue artifact.

Allowed files: CTO child workspace planning docs and local validator only.

Validator: python3 tools/validate_cto_child.py

Done evidence: PRD, issue artifact, validator JSON, clean worktree, commit.

CTO-WORK-038 - Stage 5 Harness Owned Noncritical Repo Route

Type: HITL

Status: blocked.

Blocked by: CTO-WORK-037, CTO-WORK-039, and explicit JP selection or approval of an owned low-risk noncritical Target Repository.

User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.

What to build: In /home/svrnty/workspaces/hermes/cto/harness, implement the Stage 5 owned noncritical repository route behind the existing case engine seam.

Acceptance criteria:

  • case remains disabled by default.
  • CTO_HARNESS_ALLOW_CASE=1 remains required.
  • CTO_HARNESS_CASE_STAGE=5 is required before owned noncritical repository execution.
  • Missing Stage 5 gate emits blocked evidence and does not run Case.
  • Target Repository admission proof records owner, path, noncritical classification, allowed paths, forbidden actions, and approval source.
  • Unowned or critical repository admission blocks before mutation.
  • Approval denied blocks before mutation.
  • Approval granted is recorded before mutation.
  • Case mutates only allowed paths inside the admitted Target Repository.
  • No push, merge, deploy, close, PR open, issue close, or public publication occurs by default.
  • Operator acceptance or rejection is recorded after verification.
  • Required artifacts include Target Repository admission proof, approval proof, allowed-path proof, forbidden-action proof, operator outcome, report.json, report.md, events.normalized.jsonl, trace.jsonl, patch.diff, test.log, backend logs, artifact digests, and freshness proof.
  • Failure fixtures fail closed for approval denied, unowned repository, critical repository, disallowed file, dirty starting tree, dirty ending tree, failed tests, timeout, provider unavailable, and missing operator outcome.
  • Fake remains the default validation lane and broad health remains green after focused Stage 5 validation.

Allowed files: Hermes CTO harness engine, owned noncritical repo fixture admission records, focused Stage 5 validator, harness docs, and tests. WebUI, Core, Case source, vendor source, unowned repositories, critical repositories, production repositories, and external developer repositories are forbidden.

Validator: python3 harness/runner/validate-case-stage5.py --harness-root harness --json, then harness/evals/health.sh --json.

Done evidence: Stage 5 pass report, failure fixture reports, Target Repository admission proof, approval proof, allowed-path proof, forbidden-action proof, operator outcome, artifact digests, clean worktree, commit.

CTO-WORK-039 - Stage 5 Target Repository Admission Template

Type: AFK

Status: validated.

Blocked by: CTO-WORK-037

User stories covered: CTO Case Candidate Backend PRD stories 4, 5, 7, 8, 9, 10, 11, 13.

What to build: Define the validator-readable Target Repository admission template required before Stage 5 can execute against any owned noncritical repository.

Acceptance criteria:

  • Template states it does not admit any repository.
  • Template requires admission_status, target_repository_path, repository_owner, ownership_evidence, risk_classification, noncritical_rationale, allowed_paths, forbidden_paths, forbidden_actions, approval_source, approval_timestamp, operator_outcome_required, and review_trigger.
  • Template requires risk_classification to be low_risk_noncritical.
  • Template requires missing admission, missing ownership evidence, critical classification, empty allowed paths, missing forbidden actions, missing approval, and missing operator outcome requirement to block before case_process_started.
  • Template forbids treating the template as Case execution authority.
  • Local CTO validator checks the template artifact.

Allowed files: CTO child workspace planning docs and local validator only.

Validator: python3 tools/validate_cto_child.py

Done evidence: template artifact, issue reference, validator JSON, clean worktree, commit.

Granularity Check

This is intentionally two slices: one planning route and one executable harness route. Stage 5 is not over-granular because it is the first proof involving an admitted owned repository and must separate repository ownership, approval, allowed paths, verification, and operator outcome before default candidacy.