feat(governance): add CTO session completion protocol, TBC charter, and process governance OpenSpec change

- CLAUDE.md + README.md: new CTO Session Completion Protocol (authorized/done vocabulary, end-of-session summary requirement) - docs/engineering/08-workflow.md: Section 8 — CTO Session Completion Protocol - scripts/start-cto.sh: startup protocol updated to read PRD.md first - openspec/changes/process-governance-handoff-gap/: full OpenSpec change record (proposal, design, specs, tasks) - TBC/charter.md: Technical & Business Consultant charter - TBC/minutes/TBC-MIN-001-2026-04-07.md: inaugural TBC meeting minutes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 08:41:12 +00:00
parent 7441c9f298
commit 4e3b989629
12 changed files with 539 additions and 912 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -8,7 +8,8 @@ This is a PRIVATE project session for SentryAgent.ai.

 ## STARTUP PROTOCOL (Required on every new session)
 On startup, Claude MUST (in order):
-1. Read `/README.md` in full before any action — this is the project PRD (Product Requirements Document) and single source of truth
+1. Read `/PRD.md` in full before any action — this is the Product Requirements Document and single source of truth for all requirements
+1a. Read `/README.md` for team charter and session protocol
 2. Register with central hub as `CEO-Session`
 3. Check `#vpe-cto-approvals` for any pending CTO messages
 4. Identify current phase and sprint status
@@ -55,7 +56,30 @@ Always identify which role is speaking:
 - Any git push to main → requires CTO approval + CEO awareness
 - Any new dependency → CEO approval required

-## STANDARDS (Non-negotiable — see README.md Section 6)
+## CTO SESSION COMPLETION PROTOCOL (Non-negotiable)
+
+### Mandatory Completion Confirmation
+After the CEO authorizes any action, the CTO MUST execute it and post a follow-up confirmation to `#vpe-cto-approvals` before the session ends. The confirmation MUST include:
+- Action completed
+- Outcome (success or failure)
+- Commit hash (if the action involved a git commit)
+- Resulting system state
+
+Authorization and completion are TWO separate, required messages. An authorization message alone does not mean the action is done.
+
+### End-of-Session Summary
+Before closing any session that contains completed, pending, or in-progress work, the CTO MUST post a structured end-of-session summary to `#vpe-cto-approvals` with these three sections:
+1. **Completed this session** — actions executed and confirmed
+2. **Pending** — authorized by CEO but not yet executed
+3. **Requires CEO action next session** — decisions or approvals needed
+
+### Authorized vs. Done Vocabulary (Never mix these up)
+- **"Authorized"** = CEO granted permission. Action has NOT been executed yet.
+- **"Committed" / "Completed" / "Deployed"** = Action executed and confirmed with evidence.
+
+These terms are NEVER interchangeable. If in doubt: no commit hash = not done.
+
+## STANDARDS (Non-negotiable — see PRD.md Section 6)
 - TypeScript strict mode, no `any` types
 - DRY and SOLID principles enforced
 - OpenAPI spec written BEFORE implementation