--- title: CTO Case Provider Decision Packet Issues status: draft lifecycle_classification: sot owner: jp created: 2026-05-31 last_reviewed: 2026-05-31 core_promotion_status: not-promoted route: cto --- # CTO Case Provider Decision Packet Issues Local planning SOT only. Not a Core Protocol. Not active Core authority. ## CTO-WORK-023 - Case Provider Decision Packet PRD Status: validated. Register the compact decision packet for resolving the `CTO-WORK-020` provider policy blocker without approving a provider/model. Acceptance: - States `not_decided` is current safe state. - Lists only `external_provider_approved` and `local_provider_required` as active branches. - Says it does not approve or admit any provider/model. - Says it is not Stage 2 pass evidence. - Requires a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`. - References existing evidence paths and commits instead of copying runtime evidence. - Keeps `CTO-WORK-020` as provider/model admission authority. - Keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as execution admission gate. - Requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission. - Requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits. - States `CTO-WORK-022` stays blocked unless `decision_status=local_provider_required`. - States real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist. - States no Target Repository path may be inspected or copied. ## CTO-WORK-024 - Resolve Case Provider Decision Status: validated. JP or a governed Core route chooses one `CTO-WORK-020` decision branch and records the required non-secret fields. Acceptance: - Decision record selects exactly one branch: `external_provider_approved` or `local_provider_required`. - `not_decided` remains the safe default until a decision is recorded. - Decision record is structured and uses only `not_decided`, `external_provider_approved`, or `local_provider_required`. - Decision record references existing evidence paths and commits instead of copying runtime evidence. - If `external_provider_approved`, the record names exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations. - If `local_provider_required`, the record sets provider class `local_case_compatible` and keeps exact provider/model empty until a local provider/model is supplied and admitted. - No secret value is written to SOT, task file, argv, report, trace, backend logs, generated config, or commit. - `CTO-WORK-020` remains blocked until admitted provider/model and real Stage 2 pass report exist. - `CTO-WORK-022` remains blocked unless `decision_status=local_provider_required`. - Real Case Stage 2 remains blocked unless `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`. Resolved by: - `CTO-CASE-PROVIDER-DECISION-RECORD.md` selecting `external_provider_approved`. - Real Case Stage 2 remains blocked by `CTO-WORK-020` admission JSON and Harness Evidence Interface proof. ## CTO-WORK-025 - Initial Not-Decided Provider Decision Record Status: validated. Record the initial fail-closed `CTO-WORK-020` decision state as `not_decided`. Acceptance: - Decision record has `decision_status`: `not_decided`. - Provider class, provider, model, approval source, credential source class, allowed network class, and review trigger remain empty while blocked. - Evidence sources reference existing admission and decision packet files only. - Record says `not_decided` means no provider/model may run. - Record says it is not provider/model admission, not Stage 2 pass evidence, and not approval for external or local provider use. - Record says `CTO-WORK-024` remains blocked because this record does not select `external_provider_approved` or `local_provider_required`. - Record says only JP or a governed Core route may change it away from `not_decided`. - Record allows only `external_provider_approved` or `local_provider_required` as future non-`not_decided` values. - Record requires no secret value in SOT, task file, argv, report, trace, backend logs, generated config, or commit. - Record says no Target Repository path may be inspected or copied. - Record keeps `CTO-WORK-020` as provider/model admission authority. - Record keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as execution admission gate. - Record keeps `CTO-WORK-024` blocked while `decision_status=not_decided`. - Record keeps `CTO-WORK-022` blocked unless `decision_status=local_provider_required`. - Record keeps real Case Stage 2 blocked until admitted provider/model and Harness Evidence Interface pass report exist. ## CTO-WORK-026 - OpenAI Codex Primary Provider Decision Status: validated. Record JP approval of the external provider decision branch for the current Hermes model stack. Acceptance: - Decision record has `decision_status`: `external_provider_approved`. - Decision record has `provider_class`: `external_openai_codex`. - Decision record has `provider`: `openai-codex`. - Decision record has `model`: `gpt-5.5`. - Decision record has `fallback_provider`: `vllm`. - Decision record has `fallback_model`: `qwen3.6-35b-a3b`. - Decision record has `credential_source_class`: `hermes-openai-codex-oauth-and-local-vllm-config`; no secret value. - Decision record has `allowed_network_class`: `codex-oauth-hosted-model-plus-local-vllm-fallback`. - Decision record references Hermes model policy and local Hermes config as evidence sources without copying secrets. - Record says it is not provider/model admission and is not Stage 2 pass evidence. - Record says `CTO-WORK-024` is resolved by selecting `external_provider_approved`. - Record keeps `CTO-WORK-020` blocked until admission JSON and real Stage 2 pass evidence exist. - Record keeps `CTO-WORK-022` blocked because `decision_status=external_provider_approved`, not `local_provider_required`. - Record requires fallback to `vllm` with `qwen3.6-35b-a3b` to be explicit in admission evidence before it may count as a Case provider/model path.