Add Case provider decision packet

2026-05-31 20:09:09 -04:00 · 2026-05-31 20:09:09 -04:00 · 38f8ce2628
commit 38f8ce2628
parent 6af4199ebc
5 changed files with 296 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -49,7 +49,9 @@ This workspace is registered as a child-local planning workspace. Registration d
 |       |-- CTO-CASE-MODEL-PROVIDER-ADMISSION-PRD.md
 |       |-- CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md
 |       |-- CTO-CASE-LOCAL-PROVIDER-ROUTE-PRD.md
-|       `-- CTO-CASE-LOCAL-PROVIDER-ROUTE-ISSUES.md
+|       |-- CTO-CASE-LOCAL-PROVIDER-ROUTE-ISSUES.md
+|       |-- CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md
+|       `-- CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md
 `-- tools/
    `-- validate_cto_child.py
 ```
--- a/WORKBOARD.yaml
+++ b/WORKBOARD.yaml
@ -110,3 +110,13 @@ items:
    status: blocked
    source: sot/03-PROTOCOLS/CTO-CASE-LOCAL-PROVIDER-ROUTE-ISSUES.md
    owner: jp
+  - id: CTO-WORK-023
+    title: Case Provider Decision Packet PRD
+    status: validated
+    source: sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md
+    owner: jp
+  - id: CTO-WORK-024
+    title: Resolve Case Provider Decision
+    status: blocked
+    source: sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md
+    owner: jp
--- a/sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md
+++ b/sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md
@ -0,0 +1,60 @@
+---
+title: CTO Case Provider Decision Packet Issues
+status: draft
+lifecycle_classification: sot
+owner: jp
+created: 2026-05-31
+last_reviewed: 2026-05-31
+core_promotion_status: not-promoted
+route: cto
+---
+
+# CTO Case Provider Decision Packet Issues
+
+Local planning SOT only. Not a Core Protocol. Not active Core authority.
+
+## CTO-WORK-023 - Case Provider Decision Packet PRD
+
+Status: validated.
+
+Register the compact decision packet for resolving the `CTO-WORK-020` provider policy blocker without approving a provider/model.
+
+Acceptance:
+
+- States `not_decided` is current safe state.
+- Lists only `external_provider_approved` and `local_provider_required` as active branches.
+- Says it does not approve or admit any provider/model.
+- Says it is not Stage 2 pass evidence.
+- Requires a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`.
+- References existing evidence paths and commits instead of copying runtime evidence.
+- Keeps `CTO-WORK-020` as provider/model admission authority.
+- Keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as execution admission gate.
+- Requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission.
+- Requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits.
+- States `CTO-WORK-022` stays blocked unless `decision_status=local_provider_required`.
+- States real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist.
+- States no Target Repository path may be inspected or copied.
+
+## CTO-WORK-024 - Resolve Case Provider Decision
+
+Status: blocked.
+
+JP or a governed Core route chooses one `CTO-WORK-020` decision branch and records the required non-secret fields.
+
+Acceptance:
+
+- Decision record selects exactly one branch: `external_provider_approved` or `local_provider_required`.
+- `not_decided` remains the safe default until a decision is recorded.
+- Decision record is structured and uses only `not_decided`, `external_provider_approved`, or `local_provider_required`.
+- Decision record references existing evidence paths and commits instead of copying runtime evidence.
+- If `external_provider_approved`, the record names exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations.
+- If `local_provider_required`, the record sets provider class `local_case_compatible` and keeps exact provider/model empty until a local provider/model is supplied and admitted.
+- No secret value is written to SOT, task file, argv, report, trace, backend logs, generated config, or commit.
+- `CTO-WORK-020` remains blocked until admitted provider/model and real Stage 2 pass report exist.
+- `CTO-WORK-022` remains blocked unless `decision_status=local_provider_required`.
+- Real Case Stage 2 remains blocked unless `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.
+
+Blocked by:
+
+- JP choosing external provider approval or local provider requirement.
+- Governed Core route if the decision must be promoted before provider use.
--- a/sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md
+++ b/sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md
@ -0,0 +1,130 @@
+---
+title: CTO Case Provider Decision Packet PRD
+status: draft
+lifecycle_classification: sot
+owner: jp
+created: 2026-05-31
+last_reviewed: 2026-05-31
+core_promotion_status: not-promoted
+route: cto
+---
+
+# CTO Case Provider Decision Packet PRD
+
+Local planning SOT only. Not a Core Protocol. Not active Core authority.
+
+## Problem Statement
+
+`CTO-WORK-020` is blocked by a provider policy decision. The route has two valid branches: approve one exact external provider/model path, or require a Case-compatible local provider route. Without a compact decision packet, the next operator choice can become ambiguous and accidentally look like provider approval.
+
+## Solution
+
+Create a child-local decision packet that makes the `CTO-WORK-020` choice explicit, bounded, and auditable. The packet does not approve a provider/model and is not Stage 2 pass evidence. It only records the decision options, required evidence fields, consequences, and blocked next actions for JP or a governed Core route to resolve later.
+
+## Scope
+
+- Summarize the current `CTO-WORK-020` blocker.
+- Present only two active decision branches: `external_provider_approved` and `local_provider_required`.
+- Preserve `not_decided` as the current safe state.
+- Require a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`.
+- Require exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before any admission.
+- Reference existing evidence paths and commits; do not copy runtime evidence into the packet.
+- Require no secret value in SOT, task file, argv, report, trace, backend logs, generated config, or commit.
+- Keep `CTO-WORK-020` as the admission authority.
+- Keep the `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` admission JSON gate as execution authority.
+- Keep `CTO-WORK-022` blocked unless `decision_status=local_provider_required`.
+- Keep real Case Stage 2 blocked unless a provider/model is admitted and a pass report exists through the Harness Evidence Interface.
+- State that no Target Repository path may be inspected or copied.
+
+## Non-Goals
+
+- Do not approve Anthropic, Claude, local inference, or any other provider.
+- Do not admit a provider/model.
+- Do not implement a provider adapter.
+- Do not run real Case Stage 2.
+- Do not create a provider marketplace, registry, or scoring framework.
+- Do not change Hermes runtime behavior.
+- Do not mutate Cortex Core, Case source, vendor source, external developer repositories, or Target Repositories.
+- Do not treat Case, Hermes, Pi, Codex, or any backend as Cortex authority.
+
+## Decision Branches
+
+### Branch A - External Provider Approved
+
+Use only if JP or a governed Core route approves an external provider path.
+
+Required decision fields:
+
+- `decision_status`: `external_provider_approved`.
+- `provider_class`: `external_anthropic`.
+- `provider`: exact provider string.
+- `model`: exact model string.
+- `approval_source`: JP approval reference or governed Core route reference.
+- `credential_source_class`: credential class only; no secret value.
+- `allowed_network_class`: approved outbound network class.
+- `review_trigger`: expiry, date, or condition that forces review.
+- `evidence_sources`: existing admission/build evidence references.
+- `effect`: `CTO-WORK-020 remains blocked until admitted provider/model and real Stage 2 pass report exist`.
+
+Consequences:
+
+- `CTO-WORK-022` stays blocked.
+- Hermes may attempt real Case Stage 2 only after admission JSON exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.
+- Any fallback to `anthropic` or `claude-sonnet-4-6` without matching admission blocks before `case_process_started`.
+
+### Branch B - Local Provider Required
+
+Use only if external provider use is not approved.
+
+Required decision fields:
+
+- `decision_status`: `local_provider_required`.
+- `provider_class`: `local_case_compatible`.
+- `provider`: empty until a local provider is supplied and admitted.
+- `model`: empty until a local model is supplied and admitted.
+- `approval_source`: JP approval reference or governed Core route reference.
+- `credential_source_class`: local credential or no-secret class only.
+- `allowed_network_class`: local-only or explicitly bounded network class.
+- `review_trigger`: expiry, date, or condition that forces review.
+- `evidence_sources`: references to existing admission/local-provider-route evidence.
+- `effect`: `CTO-WORK-020 remains blocked until local provider/model admission and real Stage 2 pass report exist`.
+
+Consequences:
+
+- `CTO-WORK-022` becomes the next implementation candidate.
+- No external fallback to `anthropic` or `claude-sonnet-4-6` is allowed.
+- Missing local adapter config blocks before `case_process_started`.
+- Admission JSON mismatch blocks before `case_process_started`.
+
+## Acceptance Criteria
+
+- Packet states `not_decided` is current safe state.
+- Packet lists only `external_provider_approved` and `local_provider_required` as active branches.
+- Packet says it does not approve or admit any provider/model.
+- Packet says it is not Stage 2 pass evidence.
+- Packet requires a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`.
+- Packet references existing evidence paths and commits instead of copying runtime evidence.
+- Packet keeps `CTO-WORK-020` as the provider/model admission authority.
+- Packet keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as the execution admission gate.
+- Packet requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission.
+- Packet requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits.
+- Packet states `CTO-WORK-022` stays blocked unless `decision_status=local_provider_required`.
+- Packet states real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist.
+- Packet states no Target Repository path may be inspected or copied.
+
+## Validation
+
+- `python3 tools/validate_cto_child.py` validates this child-local route.
+- Future branch execution must use existing Hermes focused validators for provider admission and local-provider adapter gates.
+- Future real Case validation must use the Harness Evidence Interface, same-run fake baseline comparison, and copied artificial fixture Stage 2 only.
+
+## Risks And Dependencies
+
+- JP approval or governed Core approval remains required for external provider use.
+- Local provider use may require a separate Case-compatible endpoint or adapter implementation.
+- A decision packet can reduce ambiguity but cannot supply credentials, provider availability, or model quality.
+- The WorkOS Case default provider behavior may change; actual run evidence remains authoritative.
+
+## Success Definition
+
+The `CTO-WORK-020` human-only blocker is represented as one precise decision packet: no provider/model is approved, no execution is authorized, and the next valid implementation path is unambiguous once JP chooses external provider approval or local provider requirement.
--- a/tools/validate_cto_child.py
+++ b/tools/validate_cto_child.py
@ -36,6 +36,8 @@ REQUIRED_FILES = [
    "sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md",
    "sot/03-PROTOCOLS/CTO-CASE-LOCAL-PROVIDER-ROUTE-PRD.md",
    "sot/03-PROTOCOLS/CTO-CASE-LOCAL-PROVIDER-ROUTE-ISSUES.md",
+    "sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md",
+    "sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md",
 ]

 REQUIRED_BRIEF_PHRASES = [
@ -506,6 +508,61 @@ REQUIRED_LOCAL_PROVIDER_ROUTE_ISSUE_PHRASES = [
    "Real Case Stage 2 produces a pass report only through the Harness Evidence Interface.",
 ]

+REQUIRED_PROVIDER_DECISION_PACKET_PRD_PHRASES = [
+    "Local planning SOT only. Not a Core Protocol. Not active Core authority.",
+    "`CTO-WORK-020` is blocked by a provider policy decision.",
+    "`external_provider_approved`",
+    "`local_provider_required`",
+    "`not_decided` as the current safe state",
+    "does not approve a provider/model",
+    "does not approve or admit any provider/model",
+    "is not Stage 2 pass evidence",
+    "structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`",
+    "Reference existing evidence paths and commits; do not copy runtime evidence into the packet.",
+    "Keep `CTO-WORK-020` as the admission authority.",
+    "CTO_HARNESS_CASE_MODEL_ADMISSION_FILE",
+    "exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations",
+    "no secret value in SOT, task file, argv, report, trace, backend logs, generated config, or commit",
+    "`CTO-WORK-022` blocked unless `decision_status=local_provider_required`",
+    "real Case Stage 2 blocked unless a provider/model is admitted and a pass report exists through the Harness Evidence Interface",
+    "no Target Repository path may be inspected or copied",
+    "`provider_class`: `external_anthropic`",
+    "`provider_class`: `local_case_compatible`",
+    "No external fallback to `anthropic` or `claude-sonnet-4-6` is allowed.",
+    "Missing local adapter config blocks before `case_process_started`.",
+    "Admission JSON mismatch blocks before `case_process_started`.",
+]
+
+REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_IDS = [
+    "CTO-WORK-023",
+    "CTO-WORK-024",
+]
+
+REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_PHRASES = [
+    "Status: validated.",
+    "Status: blocked.",
+    "`not_decided` is current safe state",
+    "`external_provider_approved`",
+    "`local_provider_required`",
+    "does not approve or admit any provider/model",
+    "Says it is not Stage 2 pass evidence.",
+    "Requires a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`.",
+    "References existing evidence paths and commits instead of copying runtime evidence.",
+    "Keeps `CTO-WORK-020` as provider/model admission authority.",
+    "Keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as execution admission gate.",
+    "Requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission.",
+    "Requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits.",
+    "States `CTO-WORK-022` stays blocked unless `decision_status=local_provider_required`.",
+    "States real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist.",
+    "States no Target Repository path may be inspected or copied.",
+    "Decision record selects exactly one branch: `external_provider_approved` or `local_provider_required`.",
+    "Decision record is structured and uses only `not_decided`, `external_provider_approved`, or `local_provider_required`.",
+    "Decision record references existing evidence paths and commits instead of copying runtime evidence.",
+    "`CTO-WORK-020` remains blocked until admitted provider/model and real Stage 2 pass report exist.",
+    "`CTO-WORK-022` remains blocked unless `decision_status=local_provider_required`.",
+    "Real Case Stage 2 remains blocked unless `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.",
+]
+

 def workboard_status(text: str, issue_id: str) -> str | None:
    pattern = rf"- id: {re.escape(issue_id)}\n(?:    .+\n)*?    status: ([^\n]+)"
@ -749,6 +806,32 @@ def main() -> int:
            if phrase not in text:
                errors.append(f"missing_local_provider_route_issue_phrase:{phrase}")

+    provider_decision_packet_prd = ROOT / "sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md"
+    if provider_decision_packet_prd.is_file():
+        text = provider_decision_packet_prd.read_text(encoding="utf-8")
+        if "core_promotion_status: not-promoted" not in text:
+            errors.append("provider_decision_packet_prd_missing_not_promoted_frontmatter")
+        for phrase in REQUIRED_PROVIDER_DECISION_PACKET_PRD_PHRASES:
+            checked.append(f"provider_decision_packet_prd_phrase:{phrase}")
+            if phrase not in text:
+                errors.append(f"missing_provider_decision_packet_prd_phrase:{phrase}")
+
+    provider_decision_packet_issues = ROOT / "sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md"
+    if provider_decision_packet_issues.is_file():
+        text = provider_decision_packet_issues.read_text(encoding="utf-8")
+        if "core_promotion_status: not-promoted" not in text:
+            errors.append("provider_decision_packet_issues_missing_not_promoted_frontmatter")
+        if "Local planning SOT only. Not a Core Protocol. Not active Core authority." not in text:
+            errors.append("provider_decision_packet_issues_missing_local_planning_notice")
+        for issue_id in REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_IDS:
+            checked.append(f"provider_decision_packet_issue_id:{issue_id}")
+            if issue_id not in text:
+                errors.append(f"missing_provider_decision_packet_issue_id:{issue_id}")
+        for phrase in REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_PHRASES:
+            checked.append(f"provider_decision_packet_issue_phrase:{phrase}")
+            if phrase not in text:
+                errors.append(f"missing_provider_decision_packet_issue_phrase:{phrase}")
+
    board = ROOT / "WORKBOARD.yaml"
    if board.is_file():
        text = board.read_text(encoding="utf-8")
@ -780,6 +863,10 @@ def main() -> int:
            checked.append(f"workboard_id:{issue_id}")
            if issue_id not in text:
                errors.append(f"missing_workboard_id:{issue_id}")
+        for issue_id in REQUIRED_PROVIDER_DECISION_PACKET_ISSUE_IDS:
+            checked.append(f"workboard_id:{issue_id}")
+            if issue_id not in text:
+                errors.append(f"missing_workboard_id:{issue_id}")
        expected_statuses = {
            "CTO-WORK-002": "validated",
            "CTO-WORK-003": "validated",
@ -802,6 +889,8 @@ def main() -> int:
            "CTO-WORK-020": "blocked",
            "CTO-WORK-021": "validated",
            "CTO-WORK-022": "blocked",
+            "CTO-WORK-023": "validated",
+            "CTO-WORK-024": "blocked",
        }
        for issue_id, expected in expected_statuses.items():
            checked.append(f"workboard_status:{issue_id}:{expected}")
@ -844,6 +933,10 @@ def main() -> int:
            errors.append("workboard_missing_local_provider_route_prd_source")
        if "CTO-CASE-LOCAL-PROVIDER-ROUTE-ISSUES.md" not in text:
            errors.append("workboard_missing_local_provider_route_issues_source")
+        if "CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md" not in text:
+            errors.append("workboard_missing_provider_decision_packet_prd_source")
+        if "CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md" not in text:
+            errors.append("workboard_missing_provider_decision_packet_issues_source")

    payload = {
        "ok": not errors,