From 38f8ce2628afbf37c28f3211866aa0a1dbbfd08d Mon Sep 17 00:00:00 2001 From: Svrnty Date: Sun, 31 May 2026 20:09:09 -0400 Subject: [PATCH] Add Case provider decision packet --- README.md | 4 +- WORKBOARD.yaml | 10 ++ ...TO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md | 60 ++++++++ .../CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md | 130 ++++++++++++++++++ tools/validate_cto_child.py | 93 +++++++++++++ 5 files changed, 296 insertions(+), 1 deletion(-) create mode 100644 sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md create mode 100644 sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md diff --git a/README.md b/README.md index 0818c41..b5a854d 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,9 @@ This workspace is registered as a child-local planning workspace. Registration d | |-- CTO-CASE-MODEL-PROVIDER-ADMISSION-PRD.md | |-- CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md | |-- CTO-CASE-LOCAL-PROVIDER-ROUTE-PRD.md -| `-- CTO-CASE-LOCAL-PROVIDER-ROUTE-ISSUES.md +| |-- CTO-CASE-LOCAL-PROVIDER-ROUTE-ISSUES.md +| |-- CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md +| `-- CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md `-- tools/ `-- validate_cto_child.py ``` diff --git a/WORKBOARD.yaml b/WORKBOARD.yaml index bceb368..8948165 100644 --- a/WORKBOARD.yaml +++ b/WORKBOARD.yaml @@ -110,3 +110,13 @@ items: status: blocked source: sot/03-PROTOCOLS/CTO-CASE-LOCAL-PROVIDER-ROUTE-ISSUES.md owner: jp + - id: CTO-WORK-023 + title: Case Provider Decision Packet PRD + status: validated + source: sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md + owner: jp + - id: CTO-WORK-024 + title: Resolve Case Provider Decision + status: blocked + source: sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md + owner: jp diff --git a/sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md b/sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md new file mode 100644 index 0000000..250fc4c --- /dev/null +++ b/sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md @@ -0,0 +1,60 @@ +--- +title: CTO Case Provider Decision Packet Issues +status: draft +lifecycle_classification: sot +owner: jp +created: 2026-05-31 +last_reviewed: 2026-05-31 +core_promotion_status: not-promoted +route: cto +--- + +# CTO Case Provider Decision Packet Issues + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## CTO-WORK-023 - Case Provider Decision Packet PRD + +Status: validated. + +Register the compact decision packet for resolving the `CTO-WORK-020` provider policy blocker without approving a provider/model. + +Acceptance: + +- States `not_decided` is current safe state. +- Lists only `external_provider_approved` and `local_provider_required` as active branches. +- Says it does not approve or admit any provider/model. +- Says it is not Stage 2 pass evidence. +- Requires a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`. +- References existing evidence paths and commits instead of copying runtime evidence. +- Keeps `CTO-WORK-020` as provider/model admission authority. +- Keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as execution admission gate. +- Requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission. +- Requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits. +- States `CTO-WORK-022` stays blocked unless `decision_status=local_provider_required`. +- States real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist. +- States no Target Repository path may be inspected or copied. + +## CTO-WORK-024 - Resolve Case Provider Decision + +Status: blocked. + +JP or a governed Core route chooses one `CTO-WORK-020` decision branch and records the required non-secret fields. + +Acceptance: + +- Decision record selects exactly one branch: `external_provider_approved` or `local_provider_required`. +- `not_decided` remains the safe default until a decision is recorded. +- Decision record is structured and uses only `not_decided`, `external_provider_approved`, or `local_provider_required`. +- Decision record references existing evidence paths and commits instead of copying runtime evidence. +- If `external_provider_approved`, the record names exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations. +- If `local_provider_required`, the record sets provider class `local_case_compatible` and keeps exact provider/model empty until a local provider/model is supplied and admitted. +- No secret value is written to SOT, task file, argv, report, trace, backend logs, generated config, or commit. +- `CTO-WORK-020` remains blocked until admitted provider/model and real Stage 2 pass report exist. +- `CTO-WORK-022` remains blocked unless `decision_status=local_provider_required`. +- Real Case Stage 2 remains blocked unless `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`. + +Blocked by: + +- JP choosing external provider approval or local provider requirement. +- Governed Core route if the decision must be promoted before provider use. diff --git a/sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md b/sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md new file mode 100644 index 0000000..839da63 --- /dev/null +++ b/sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md @@ -0,0 +1,130 @@ +--- +title: CTO Case Provider Decision Packet PRD +status: draft +lifecycle_classification: sot +owner: jp +created: 2026-05-31 +last_reviewed: 2026-05-31 +core_promotion_status: not-promoted +route: cto +--- + +# CTO Case Provider Decision Packet PRD + +Local planning SOT only. Not a Core Protocol. Not active Core authority. + +## Problem Statement + +`CTO-WORK-020` is blocked by a provider policy decision. The route has two valid branches: approve one exact external provider/model path, or require a Case-compatible local provider route. Without a compact decision packet, the next operator choice can become ambiguous and accidentally look like provider approval. + +## Solution + +Create a child-local decision packet that makes the `CTO-WORK-020` choice explicit, bounded, and auditable. The packet does not approve a provider/model and is not Stage 2 pass evidence. It only records the decision options, required evidence fields, consequences, and blocked next actions for JP or a governed Core route to resolve later. + +## Scope + +- Summarize the current `CTO-WORK-020` blocker. +- Present only two active decision branches: `external_provider_approved` and `local_provider_required`. +- Preserve `not_decided` as the current safe state. +- Require a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`. +- Require exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before any admission. +- Reference existing evidence paths and commits; do not copy runtime evidence into the packet. +- Require no secret value in SOT, task file, argv, report, trace, backend logs, generated config, or commit. +- Keep `CTO-WORK-020` as the admission authority. +- Keep the `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` admission JSON gate as execution authority. +- Keep `CTO-WORK-022` blocked unless `decision_status=local_provider_required`. +- Keep real Case Stage 2 blocked unless a provider/model is admitted and a pass report exists through the Harness Evidence Interface. +- State that no Target Repository path may be inspected or copied. + +## Non-Goals + +- Do not approve Anthropic, Claude, local inference, or any other provider. +- Do not admit a provider/model. +- Do not implement a provider adapter. +- Do not run real Case Stage 2. +- Do not create a provider marketplace, registry, or scoring framework. +- Do not change Hermes runtime behavior. +- Do not mutate Cortex Core, Case source, vendor source, external developer repositories, or Target Repositories. +- Do not treat Case, Hermes, Pi, Codex, or any backend as Cortex authority. + +## Decision Branches + +### Branch A - External Provider Approved + +Use only if JP or a governed Core route approves an external provider path. + +Required decision fields: + +- `decision_status`: `external_provider_approved`. +- `provider_class`: `external_anthropic`. +- `provider`: exact provider string. +- `model`: exact model string. +- `approval_source`: JP approval reference or governed Core route reference. +- `credential_source_class`: credential class only; no secret value. +- `allowed_network_class`: approved outbound network class. +- `review_trigger`: expiry, date, or condition that forces review. +- `evidence_sources`: existing admission/build evidence references. +- `effect`: `CTO-WORK-020 remains blocked until admitted provider/model and real Stage 2 pass report exist`. + +Consequences: + +- `CTO-WORK-022` stays blocked. +- Hermes may attempt real Case Stage 2 only after admission JSON exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`. +- Any fallback to `anthropic` or `claude-sonnet-4-6` without matching admission blocks before `case_process_started`. + +### Branch B - Local Provider Required + +Use only if external provider use is not approved. + +Required decision fields: + +- `decision_status`: `local_provider_required`. +- `provider_class`: `local_case_compatible`. +- `provider`: empty until a local provider is supplied and admitted. +- `model`: empty until a local model is supplied and admitted. +- `approval_source`: JP approval reference or governed Core route reference. +- `credential_source_class`: local credential or no-secret class only. +- `allowed_network_class`: local-only or explicitly bounded network class. +- `review_trigger`: expiry, date, or condition that forces review. +- `evidence_sources`: references to existing admission/local-provider-route evidence. +- `effect`: `CTO-WORK-020 remains blocked until local provider/model admission and real Stage 2 pass report exist`. + +Consequences: + +- `CTO-WORK-022` becomes the next implementation candidate. +- No external fallback to `anthropic` or `claude-sonnet-4-6` is allowed. +- Missing local adapter config blocks before `case_process_started`. +- Admission JSON mismatch blocks before `case_process_started`. + +## Acceptance Criteria + +- Packet states `not_decided` is current safe state. +- Packet lists only `external_provider_approved` and `local_provider_required` as active branches. +- Packet says it does not approve or admit any provider/model. +- Packet says it is not Stage 2 pass evidence. +- Packet requires a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`. +- Packet references existing evidence paths and commits instead of copying runtime evidence. +- Packet keeps `CTO-WORK-020` as the provider/model admission authority. +- Packet keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as the execution admission gate. +- Packet requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission. +- Packet requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits. +- Packet states `CTO-WORK-022` stays blocked unless `decision_status=local_provider_required`. +- Packet states real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist. +- Packet states no Target Repository path may be inspected or copied. + +## Validation + +- `python3 tools/validate_cto_child.py` validates this child-local route. +- Future branch execution must use existing Hermes focused validators for provider admission and local-provider adapter gates. +- Future real Case validation must use the Harness Evidence Interface, same-run fake baseline comparison, and copied artificial fixture Stage 2 only. + +## Risks And Dependencies + +- JP approval or governed Core approval remains required for external provider use. +- Local provider use may require a separate Case-compatible endpoint or adapter implementation. +- A decision packet can reduce ambiguity but cannot supply credentials, provider availability, or model quality. +- The WorkOS Case default provider behavior may change; actual run evidence remains authoritative. + +## Success Definition + +The `CTO-WORK-020` human-only blocker is represented as one precise decision packet: no provider/model is approved, no execution is authorized, and the next valid implementation path is unambiguous once JP chooses external provider approval or local provider requirement. diff --git a/tools/validate_cto_child.py b/tools/validate_cto_child.py index 1ad042a..bcd343f 100644 --- a/tools/validate_cto_child.py +++ b/tools/validate_cto_child.py @@ -36,6 +36,8 @@ REQUIRED_FILES = [ "sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md", "sot/03-PROTOCOLS/CTO-CASE-LOCAL-PROVIDER-ROUTE-PRD.md", "sot/03-PROTOCOLS/CTO-CASE-LOCAL-PROVIDER-ROUTE-ISSUES.md", + "sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md", + "sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md", ] REQUIRED_BRIEF_PHRASES = [ @@ -506,6 +508,61 @@ REQUIRED_LOCAL_PROVIDER_ROUTE_ISSUE_PHRASES = [ "Real Case Stage 2 produces a pass report only through the Harness Evidence Interface.", ] +REQUIRED_PROVIDER_DECISION_PACKET_PRD_PHRASES = [ + "Local planning SOT only. Not a Core Protocol. Not active Core authority.", + "`CTO-WORK-020` is blocked by a provider policy decision.", + "`external_provider_approved`", + "`local_provider_required`", + "`not_decided` as the current safe state", + "does not approve a provider/model", + "does not approve or admit any provider/model", + "is not Stage 2 pass evidence", + "structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`", + "Reference existing evidence paths and commits; do not copy runtime evidence into the packet.", + "Keep `CTO-WORK-020` as the admission authority.", + "CTO_HARNESS_CASE_MODEL_ADMISSION_FILE", + "exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations", + "no secret value in SOT, task file, argv, report, trace, backend logs, generated config, or commit", + "`CTO-WORK-022` blocked unless `decision_status=local_provider_required`", + "real Case Stage 2 blocked unless a provider/model is admitted and a pass report exists through the Harness Evidence Interface", + "no Target Repository path may be inspected or copied", + "`provider_class`: `external_anthropic`", + "`provider_class`: `local_case_compatible`", + "No external fallback to `anthropic` or `claude-sonnet-4-6` is allowed.", + "Missing local adapter config blocks before `case_process_started`.", + "Admission JSON mismatch blocks before `case_process_started`.", +] + +REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_IDS = [ + "CTO-WORK-023", + "CTO-WORK-024", +] + +REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_PHRASES = [ + "Status: validated.", + "Status: blocked.", + "`not_decided` is current safe state", + "`external_provider_approved`", + "`local_provider_required`", + "does not approve or admit any provider/model", + "Says it is not Stage 2 pass evidence.", + "Requires a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`.", + "References existing evidence paths and commits instead of copying runtime evidence.", + "Keeps `CTO-WORK-020` as provider/model admission authority.", + "Keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as execution admission gate.", + "Requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission.", + "Requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits.", + "States `CTO-WORK-022` stays blocked unless `decision_status=local_provider_required`.", + "States real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist.", + "States no Target Repository path may be inspected or copied.", + "Decision record selects exactly one branch: `external_provider_approved` or `local_provider_required`.", + "Decision record is structured and uses only `not_decided`, `external_provider_approved`, or `local_provider_required`.", + "Decision record references existing evidence paths and commits instead of copying runtime evidence.", + "`CTO-WORK-020` remains blocked until admitted provider/model and real Stage 2 pass report exist.", + "`CTO-WORK-022` remains blocked unless `decision_status=local_provider_required`.", + "Real Case Stage 2 remains blocked unless `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.", +] + def workboard_status(text: str, issue_id: str) -> str | None: pattern = rf"- id: {re.escape(issue_id)}\n(?: .+\n)*? status: ([^\n]+)" @@ -749,6 +806,32 @@ def main() -> int: if phrase not in text: errors.append(f"missing_local_provider_route_issue_phrase:{phrase}") + provider_decision_packet_prd = ROOT / "sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md" + if provider_decision_packet_prd.is_file(): + text = provider_decision_packet_prd.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("provider_decision_packet_prd_missing_not_promoted_frontmatter") + for phrase in REQUIRED_PROVIDER_DECISION_PACKET_PRD_PHRASES: + checked.append(f"provider_decision_packet_prd_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_provider_decision_packet_prd_phrase:{phrase}") + + provider_decision_packet_issues = ROOT / "sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md" + if provider_decision_packet_issues.is_file(): + text = provider_decision_packet_issues.read_text(encoding="utf-8") + if "core_promotion_status: not-promoted" not in text: + errors.append("provider_decision_packet_issues_missing_not_promoted_frontmatter") + if "Local planning SOT only. Not a Core Protocol. Not active Core authority." not in text: + errors.append("provider_decision_packet_issues_missing_local_planning_notice") + for issue_id in REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_IDS: + checked.append(f"provider_decision_packet_issue_id:{issue_id}") + if issue_id not in text: + errors.append(f"missing_provider_decision_packet_issue_id:{issue_id}") + for phrase in REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_PHRASES: + checked.append(f"provider_decision_packet_issue_phrase:{phrase}") + if phrase not in text: + errors.append(f"missing_provider_decision_packet_issue_phrase:{phrase}") + board = ROOT / "WORKBOARD.yaml" if board.is_file(): text = board.read_text(encoding="utf-8") @@ -780,6 +863,10 @@ def main() -> int: checked.append(f"workboard_id:{issue_id}") if issue_id not in text: errors.append(f"missing_workboard_id:{issue_id}") + for issue_id in REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_IDS: + checked.append(f"workboard_id:{issue_id}") + if issue_id not in text: + errors.append(f"missing_workboard_id:{issue_id}") expected_statuses = { "CTO-WORK-002": "validated", "CTO-WORK-003": "validated", @@ -802,6 +889,8 @@ def main() -> int: "CTO-WORK-020": "blocked", "CTO-WORK-021": "validated", "CTO-WORK-022": "blocked", + "CTO-WORK-023": "validated", + "CTO-WORK-024": "blocked", } for issue_id, expected in expected_statuses.items(): checked.append(f"workboard_status:{issue_id}:{expected}") @@ -844,6 +933,10 @@ def main() -> int: errors.append("workboard_missing_local_provider_route_prd_source") if "CTO-CASE-LOCAL-PROVIDER-ROUTE-ISSUES.md" not in text: errors.append("workboard_missing_local_provider_route_issues_source") + if "CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md" not in text: + errors.append("workboard_missing_provider_decision_packet_prd_source") + if "CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md" not in text: + errors.append("workboard_missing_provider_decision_packet_issues_source") payload = { "ok": not errors,