3.7 KiB
3.7 KiB
| name | tier | status | owner | source | created | last_reviewed | lifecycle_classification | core_promotion_status | description |
|---|---|---|---|---|---|---|---|---|---|
| cto-case-stage5-target-repository-admission-template | local | draft | jp | .sot/03-PROTOCOLS/CTO-CASE-STAGE5-OWNED-NONCRITICAL-REPO-PRD.md | 2026-06-01 | 2026-06-01 | planning | not-promoted | Child-local Stage 5 Target Repository admission template. This template does not admit any repository. |
CTO Case Stage 5 Target Repository Admission Template
Local planning SOT only. Not a Core Protocol. Not active Core authority.
Status
This artifact is a template only. No Target Repository is admitted by this file. Stage 5 execution remains blocked until JP records a concrete admission record using this template and the Harness validates it.
Purpose
Stage 5 needs a precise human decision before Case may touch an owned repository. This template converts that decision into validator-readable fields without storing secrets, credentials, or broad repository authority.
Required Admission Fields
admission_status:admittedornot_admitted.target_repository_path: absolute local path, recorded only in the concrete admission record.repository_owner: human or organization owner.ownership_evidence: compact reference proving JP controls or is authorized to mutate the repository.risk_classification: must below_risk_noncritical.noncritical_rationale: why this repository is safe for Stage 5.allowed_paths: explicit file or directory paths Case may mutate.forbidden_paths: explicit paths Case must not mutate.forbidden_actions: must include push, merge, deploy, close, PR open, issue close, public publication, credential change, vendor-source mutation, and Cortex Core mutation.approval_source: JP approval reference.approval_timestamp: timestamp or date of approval.operator_outcome_required: must betrue.review_trigger: condition that invalidates the admission.
Required Negative Gates
- Missing admission record blocks before
case_process_started. admission_status != admittedblocks beforecase_process_started.- Missing ownership evidence blocks before
case_process_started. risk_classification != low_risk_noncriticalblocks beforecase_process_started.- Empty
allowed_pathsblocks beforecase_process_started. - Missing forbidden action blocks before
case_process_started. - Missing approval source blocks before
case_process_started. - Missing operator outcome requirement blocks before
case_process_started.
Concrete Record Skeleton
{
"admission_status": "not_admitted",
"target_repository_path": "",
"repository_owner": "",
"ownership_evidence": "",
"risk_classification": "",
"noncritical_rationale": "",
"allowed_paths": [],
"forbidden_paths": [],
"forbidden_actions": [
"push",
"merge",
"deploy",
"close",
"pr_open",
"issue_close",
"public_publication",
"credential_change",
"vendor_source_mutation",
"cortex_core_mutation"
],
"approval_source": "",
"approval_timestamp": "",
"operator_outcome_required": true,
"review_trigger": ""
}
Non-Admission Rules
- This template does not admit a Target Repository.
- This template does not authorize Case execution.
- This template does not authorize owned repository mutation.
- This template does not authorize default backend candidacy.
- This template does not authorize push, merge, deploy, close, PR open, issue close, or public publication.
Validator Expectation
The local CTO validator must require this template before Stage 5 execution planning can proceed. Hermes Stage 5 implementation must later validate a concrete admission record separately.