From 03c87d437b1b9ce10d67a2a7c399d517d58d4f51 Mon Sep 17 00:00:00 2001 From: Svrnty Date: Sun, 31 May 2026 21:34:00 -0400 Subject: [PATCH] Approve OpenAI Codex provider decision --- ...TO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md | 2 +- .../CTO-CASE-MODEL-PROVIDER-ADMISSION-PRD.md | 2 +- ...TO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md | 35 ++++++++-- .../CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md | 5 +- .../CTO-CASE-PROVIDER-DECISION-RECORD.md | 45 +++++++------ WORKBOARD.yaml | 11 +++- tools/validate_cto_child.py | 65 +++++++++++++------ 7 files changed, 114 insertions(+), 51 deletions(-) diff --git a/.sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md b/.sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md index af26826..9dea913 100644 --- a/.sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md +++ b/.sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md @@ -78,7 +78,7 @@ This template belongs to `CTO-WORK-020`; it is not a new provider approval. Required fields: - `decision_status`: `not_decided`, `external_provider_approved`, or `local_provider_required`. -- `provider_class`: `external_anthropic` or `local_case_compatible`. +- `provider_class`: `external_anthropic`, `external_openai_codex`, or `local_case_compatible`. - `provider`: exact provider string, or empty while blocked. - `model`: exact model string, or empty while blocked. - `approval_source`: JP approval reference or governed Core route reference. diff --git a/.sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-PRD.md b/.sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-PRD.md index a362c80..fe4a7c4 100644 --- a/.sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-PRD.md +++ b/.sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-PRD.md @@ -111,7 +111,7 @@ Real Case Stage 2 remains blocked until a named provider/model is admitted, then This template clarifies the decision required by `CTO-WORK-020`; it does not approve a provider. - `decision_status`: `not_decided`, `external_provider_approved`, or `local_provider_required`. -- `provider_class`: `external_anthropic` or `local_case_compatible`. +- `provider_class`: `external_anthropic`, `external_openai_codex`, or `local_case_compatible`. - `provider`: exact provider string, or empty while blocked. - `model`: exact model string, or empty while blocked. - `approval_source`: JP approval reference or governed Core route reference. diff --git a/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md b/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md index bea133b..1797a41 100644 --- a/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md +++ b/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md @@ -37,7 +37,7 @@ Acceptance: ## CTO-WORK-024 - Resolve Case Provider Decision -Status: blocked. +Status: validated. JP or a governed Core route chooses one `CTO-WORK-020` decision branch and records the required non-secret fields. @@ -54,16 +54,16 @@ Acceptance: - `CTO-WORK-022` remains blocked unless `decision_status=local_provider_required`. - Real Case Stage 2 remains blocked unless `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`. -Blocked by: +Resolved by: -- JP choosing external provider approval or local provider requirement. -- Governed Core route if the decision must be promoted before provider use. +- `CTO-CASE-PROVIDER-DECISION-RECORD.md` selecting `external_provider_approved`. +- Real Case Stage 2 remains blocked by `CTO-WORK-020` admission JSON and Harness Evidence Interface proof. -## CTO-WORK-025 - Current Case Provider Decision Record +## CTO-WORK-025 - Initial Not-Decided Provider Decision Record Status: validated. -Record the current fail-closed `CTO-WORK-020` decision state as `not_decided`. +Record the initial fail-closed `CTO-WORK-020` decision state as `not_decided`. Acceptance: @@ -82,3 +82,26 @@ Acceptance: - Record keeps `CTO-WORK-024` blocked while `decision_status=not_decided`. - Record keeps `CTO-WORK-022` blocked unless `decision_status=local_provider_required`. - Record keeps real Case Stage 2 blocked until admitted provider/model and Harness Evidence Interface pass report exist. + +## CTO-WORK-026 - OpenAI Codex Primary Provider Decision + +Status: validated. + +Record JP approval of the external provider decision branch for the current Hermes model stack. + +Acceptance: + +- Decision record has `decision_status`: `external_provider_approved`. +- Decision record has `provider_class`: `external_openai_codex`. +- Decision record has `provider`: `openai-codex`. +- Decision record has `model`: `gpt-5.5`. +- Decision record has `fallback_provider`: `vllm`. +- Decision record has `fallback_model`: `qwen3.6-35b-a3b`. +- Decision record has `credential_source_class`: `hermes-openai-codex-oauth-and-local-vllm-config`; no secret value. +- Decision record has `allowed_network_class`: `codex-oauth-hosted-model-plus-local-vllm-fallback`. +- Decision record references Hermes model policy and local Hermes config as evidence sources without copying secrets. +- Record says it is not provider/model admission and is not Stage 2 pass evidence. +- Record says `CTO-WORK-024` is resolved by selecting `external_provider_approved`. +- Record keeps `CTO-WORK-020` blocked until admission JSON and real Stage 2 pass evidence exist. +- Record keeps `CTO-WORK-022` blocked because `decision_status=external_provider_approved`, not `local_provider_required`. +- Record requires fallback to `vllm` with `qwen3.6-35b-a3b` to be explicit in admission evidence before it may count as a Case provider/model path. diff --git a/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md b/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md index 839da63..c495f5a 100644 --- a/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md +++ b/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md @@ -56,7 +56,7 @@ Use only if JP or a governed Core route approves an external provider path. Required decision fields: - `decision_status`: `external_provider_approved`. -- `provider_class`: `external_anthropic`. +- `provider_class`: `external_anthropic` or `external_openai_codex`. - `provider`: exact provider string. - `model`: exact model string. - `approval_source`: JP approval reference or governed Core route reference. @@ -70,6 +70,8 @@ Consequences: - `CTO-WORK-022` stays blocked. - Hermes may attempt real Case Stage 2 only after admission JSON exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`. +- `openai-codex` with model `gpt-5.5` may be recorded as the primary approved external provider only when the approval source, credential source class, allowed network class, review trigger, and admission JSON are recorded. +- `vllm` with model `qwen3.6-35b-a3b` may be recorded as an explicit fallback only when fallback use is represented in admission evidence and does not hide provider/model switching. - Any fallback to `anthropic` or `claude-sonnet-4-6` without matching admission blocks before `case_process_started`. ### Branch B - Local Provider Required @@ -107,6 +109,7 @@ Consequences: - Packet keeps `CTO-WORK-020` as the provider/model admission authority. - Packet keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as the execution admission gate. - Packet requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission. +- Packet permits provider class `external_openai_codex` only as a decision branch, not as admission or Stage 2 proof. - Packet requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits. - Packet states `CTO-WORK-022` stays blocked unless `decision_status=local_provider_required`. - Packet states real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist. diff --git a/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-RECORD.md b/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-RECORD.md index 9e703f1..42a44dd 100644 --- a/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-RECORD.md +++ b/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-RECORD.md @@ -15,33 +15,40 @@ Local planning SOT only. Not a Core Protocol. Not active Core authority. ## Current Decision State -- `decision_status`: `not_decided`. -- `provider_class`: empty while blocked. -- `provider`: empty while blocked. -- `model`: empty while blocked. -- `approval_source`: empty while blocked. -- `credential_source_class`: empty while blocked; no secret value. -- `allowed_network_class`: empty while blocked. -- `review_trigger`: empty while blocked. -- `evidence_sources`: `CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md`, `CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md`, `CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md`. +- `decision_status`: `external_provider_approved`. +- `provider_class`: `external_openai_codex`. +- `provider`: `openai-codex`. +- `model`: `gpt-5.5`. +- `fallback_provider`: `vllm`. +- `fallback_model`: `qwen3.6-35b-a3b`. +- `approval_source`: JP chat approval on 2026-05-31. +- `credential_source_class`: `hermes-openai-codex-oauth-and-local-vllm-config`; no secret value. +- `allowed_network_class`: `codex-oauth-hosted-model-plus-local-vllm-fallback`. +- `review_trigger`: before real Case Stage 2 admission JSON is written, before any credential source change, and before any default/fallback model change. +- `evidence_sources`: `CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md`, `CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md`, `CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md`, `/home/svrnty/workspaces/hermes/scripts/apply-hermes-model-policy.py`, `/home/svrnty/.hermes/config.yaml`. - `effect`: `CTO-WORK-020 remains blocked until admitted provider/model and real Stage 2 pass report exist`. ## Meaning -`not_decided` means no provider/model may run. This record is not provider/model admission, not Stage 2 pass evidence, and not approval for external or local provider use. +`external_provider_approved` means JP approved the provider decision branch for the existing Hermes model stack: `openai-codex` with model `gpt-5.5` as primary, and `vllm` with model `qwen3.6-35b-a3b` as fallback. -`CTO-WORK-024` remains blocked because this record does not select `external_provider_approved` or `local_provider_required`. +This record is not provider/model admission and is not Stage 2 pass evidence. It does not authorize Case to run until the `CTO-WORK-020` admission JSON exists and the Harness Evidence Interface proves real Stage 2. -## Required Change To Leave Not Decided +`CTO-WORK-024` is resolved by this record selecting `external_provider_approved`. -Only JP or a governed Core route may change this record away from `not_decided`. +## Decision History -Allowed future values: +Previous state: -- `external_provider_approved`. -- `local_provider_required`. +- `decision_status`: `not_decided`. +- `not_decided` means no provider/model may run. -Any future non-`not_decided` state must include exact non-secret fields required by `CTO-WORK-020`: provider/model when applicable, approval source, credential source class, allowed network class, review trigger, and evidence expectations. +Future changes: + +- Only JP or a governed Core route may change this record away from `external_provider_approved`. +- Allowed future values remain `external_provider_approved` or `local_provider_required`. + +Any future state must include exact non-secret fields required by `CTO-WORK-020`: provider/model when applicable, approval source, credential source class, allowed network class, review trigger, and evidence expectations. ## Safety Constraints @@ -49,7 +56,7 @@ Any future non-`not_decided` state must include exact non-secret fields required - No Target Repository path may be inspected or copied. - `CTO-WORK-020` remains provider/model admission authority. - `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` remains execution admission gate. -- `CTO-WORK-024` remains blocked while `decision_status=not_decided`. -- `CTO-WORK-022` remains blocked unless `decision_status=local_provider_required`. +- `CTO-WORK-022` remains blocked because `decision_status=external_provider_approved`, not `local_provider_required`. - Real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist. +- Fallback to `vllm` with `qwen3.6-35b-a3b` must be explicit in admission evidence before it may count as a Case provider/model path. - Existing evidence paths and commits are referenced only; runtime evidence is not copied into this record. diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml index 15b5456..63e24d7 100644 --- a/WORKBOARD.yaml +++ b/WORKBOARD.yaml @@ -117,11 +117,16 @@ items: owner: "" - id: CTO-WORK-024 title: Resolve Case Provider Decision - status: blocked + status: validated source: .sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md - owner: jp + owner: "" - id: CTO-WORK-025 - title: Current Case Provider Decision Record + title: Initial Not-Decided Provider Decision Record + status: validated + source: .sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-RECORD.md + owner: "" + - id: CTO-WORK-026 + title: OpenAI Codex Primary Provider Decision status: validated source: .sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-RECORD.md owner: "" diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py index ce86e4d..f335b9c 100644 --- a/tools/validate_cto_child.py +++ b/tools/validate_cto_child.py @@ -403,7 +403,7 @@ REQUIRED_MODEL_PROVIDER_ADMISSION_PRD_PHRASES = [ "`CTO-WORK-020` remains blocked because no real provider/model has been approved and no real Case Stage 2 pass report exists.", "Decision Record Template For CTO-WORK-020", "`decision_status`: `not_decided`, `external_provider_approved`, or `local_provider_required`.", - "`provider_class`: `external_anthropic` or `local_case_compatible`.", + "`provider_class`: `external_anthropic`, `external_openai_codex`, or `local_case_compatible`.", "`provider`: exact provider string, or empty while blocked.", "`model`: exact model string, or empty while blocked.", "`approval_source`: JP approval reference or governed Core route reference.", @@ -445,7 +445,7 @@ REQUIRED_MODEL_PROVIDER_ADMISSION_ISSUE_PHRASES = [ "CTO-WORK-020 Decision Record Template", "This template belongs to `CTO-WORK-020`; it is not a new provider approval.", "`decision_status`: `not_decided`, `external_provider_approved`, or `local_provider_required`.", - "`provider_class`: `external_anthropic` or `local_case_compatible`.", + "`provider_class`: `external_anthropic`, `external_openai_codex`, or `local_case_compatible`.", "`provider`: exact provider string, or empty while blocked.", "`model`: exact model string, or empty while blocked.", "`approval_source`: JP approval reference or governed Core route reference.", @@ -491,7 +491,6 @@ REQUIRED_LOCAL_PROVIDER_ROUTE_ISSUE_IDS = [ REQUIRED_LOCAL_PROVIDER_ROUTE_ISSUE_PHRASES = [ "Status: validated.", - "Status: blocked.", "`decision_status=local_provider_required`", "local_case_compatible", "Uses `CTO-WORK-020` admission JSON gate as authority instead of redefining admission.", @@ -528,6 +527,10 @@ REQUIRED_PROVIDER_DECISION_PACKET_PRD_PHRASES = [ "real Case Stage 2 blocked unless a provider/model is admitted and a pass report exists through the Harness Evidence Interface", "no Target Repository path may be inspected or copied", "`provider_class`: `external_anthropic`", + "`provider_class`: `external_anthropic` or `external_openai_codex`.", + "`openai-codex` with model `gpt-5.5` may be recorded as the primary approved external provider only when the approval source, credential source class, allowed network class, review trigger, and admission JSON are recorded.", + "`vllm` with model `qwen3.6-35b-a3b` may be recorded as an explicit fallback only when fallback use is represented in admission evidence and does not hide provider/model switching.", + "Packet permits provider class `external_openai_codex` only as a decision branch, not as admission or Stage 2 proof.", "`provider_class`: `local_case_compatible`", "No external fallback to `anthropic` or `claude-sonnet-4-6` is allowed.", "Missing local adapter config blocks before `case_process_started`.", @@ -538,11 +541,11 @@ REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_IDS = [ "CTO-WORK-023", "CTO-WORK-024", "CTO-WORK-025", + "CTO-WORK-026", ] REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_PHRASES = [ "Status: validated.", - "Status: blocked.", "`not_decided` is current safe state", "`external_provider_approved`", "`local_provider_required`", @@ -575,32 +578,53 @@ REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_PHRASES = [ "Record keeps `CTO-WORK-024` blocked while `decision_status=not_decided`.", "Record keeps `CTO-WORK-022` blocked unless `decision_status=local_provider_required`.", "Record keeps real Case Stage 2 blocked until admitted provider/model and Harness Evidence Interface pass report exist.", + "Status: validated.", + "Record JP approval of the external provider decision branch for the current Hermes model stack.", + "Decision record has `decision_status`: `external_provider_approved`.", + "Decision record has `provider_class`: `external_openai_codex`.", + "Decision record has `provider`: `openai-codex`.", + "Decision record has `model`: `gpt-5.5`.", + "Decision record has `fallback_provider`: `vllm`.", + "Decision record has `fallback_model`: `qwen3.6-35b-a3b`.", + "Decision record has `credential_source_class`: `hermes-openai-codex-oauth-and-local-vllm-config`; no secret value.", + "Decision record has `allowed_network_class`: `codex-oauth-hosted-model-plus-local-vllm-fallback`.", + "Decision record references Hermes model policy and local Hermes config as evidence sources without copying secrets.", + "Record says `CTO-WORK-024` is resolved by selecting `external_provider_approved`.", + "Record keeps `CTO-WORK-020` blocked until admission JSON and real Stage 2 pass evidence exist.", + "Record keeps `CTO-WORK-022` blocked because `decision_status=external_provider_approved`, not `local_provider_required`.", + "Record requires fallback to `vllm` with `qwen3.6-35b-a3b` to be explicit in admission evidence before it may count as a Case provider/model path.", ] REQUIRED_PROVIDER_DECISION_RECORD_PHRASES = [ "Local planning SOT only. Not a Core Protocol. Not active Core authority.", - "`decision_status`: `not_decided`.", - "`provider_class`: empty while blocked.", - "`provider`: empty while blocked.", - "`model`: empty while blocked.", - "`approval_source`: empty while blocked.", - "`credential_source_class`: empty while blocked; no secret value.", - "`allowed_network_class`: empty while blocked.", - "`review_trigger`: empty while blocked.", + "`decision_status`: `external_provider_approved`.", + "`provider_class`: `external_openai_codex`.", + "`provider`: `openai-codex`.", + "`model`: `gpt-5.5`.", + "`fallback_provider`: `vllm`.", + "`fallback_model`: `qwen3.6-35b-a3b`.", + "`approval_source`: JP chat approval on 2026-05-31.", + "`credential_source_class`: `hermes-openai-codex-oauth-and-local-vllm-config`; no secret value.", + "`allowed_network_class`: `codex-oauth-hosted-model-plus-local-vllm-fallback`.", + "`review_trigger`: before real Case Stage 2 admission JSON is written, before any credential source change, and before any default/fallback model change.", + "/home/svrnty/workspaces/hermes/scripts/apply-hermes-model-policy.py", + "/home/svrnty/.hermes/config.yaml", "`effect`: `CTO-WORK-020 remains blocked until admitted provider/model and real Stage 2 pass report exist`.", + "`external_provider_approved` means JP approved the provider decision branch for the existing Hermes model stack: `openai-codex` with model `gpt-5.5` as primary, and `vllm` with model `qwen3.6-35b-a3b` as fallback.", + "This record is not provider/model admission and is not Stage 2 pass evidence.", + "`CTO-WORK-024` is resolved by this record selecting `external_provider_approved`.", + "Previous state:", + "`decision_status`: `not_decided`.", "`not_decided` means no provider/model may run.", - "not provider/model admission, not Stage 2 pass evidence, and not approval for external or local provider use", - "`CTO-WORK-024` remains blocked because this record does not select `external_provider_approved` or `local_provider_required`.", - "Only JP or a governed Core route may change this record away from `not_decided`.", - "`external_provider_approved`.", - "`local_provider_required`.", + "Only JP or a governed Core route may change this record away from `external_provider_approved`.", + "Allowed future values remain `external_provider_approved` or `local_provider_required`.", "No secret value may appear in SOT, task file, argv, report, trace, backend logs, generated config, or commit.", "No Target Repository path may be inspected or copied.", "`CTO-WORK-020` remains provider/model admission authority.", "`CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` remains execution admission gate.", - "`CTO-WORK-024` remains blocked while `decision_status=not_decided`.", - "`CTO-WORK-022` remains blocked unless `decision_status=local_provider_required`.", + "`CTO-WORK-022` remains blocked because `decision_status=external_provider_approved`, not `local_provider_required`.", "Real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist.", + "Fallback to `vllm` with `qwen3.6-35b-a3b` must be explicit in admission evidence before it may count as a Case provider/model path.", "Existing evidence paths and commits are referenced only; runtime evidence is not copied into this record.", ] @@ -941,8 +965,9 @@ def main() -> int: "CTO-WORK-021": "validated", "CTO-WORK-022": "blocked", "CTO-WORK-023": "validated", - "CTO-WORK-024": "blocked", + "CTO-WORK-024": "validated", "CTO-WORK-025": "validated", + "CTO-WORK-026": "validated", } for issue_id, expected in expected_statuses.items(): checked.append(f"workboard_status:{issue_id}:{expected}")