--- title: CTO Case Provider Decision Record status: draft lifecycle_classification: sot owner: jp created: 2026-05-31 last_reviewed: 2026-05-31 core_promotion_status: not-promoted route: cto --- # CTO Case Provider Decision Record Local planning SOT only. Not a Core Protocol. Not active Core authority. ## Current Decision State - `decision_status`: `local_provider_required`. - `provider_class`: `local_case_compatible`. - `provider`: `qwen-local`. - `model`: `qwen3.6-35b-a3b`. - `fallback_provider`: `openai-codex`. - `fallback_model`: `gpt-5.5`. - `approval_source`: JP chat approval on 2026-05-31. - `credential_source_class`: `pi-models-json-local-provider-no-secret-plus-codex-oauth-fallback`; no secret value. - `allowed_network_class`: `local-tailscale-vllm-spark1-plus-codex-oauth-fallback`. - `review_trigger`: before real Case Stage 2 admission JSON is written, before any credential source change, and before any default/fallback model change. - `evidence_sources`: `CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md`, `CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md`, `CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md`, `/home/svrnty/workspaces/hermes/scripts/apply-hermes-model-policy.py`, `/home/svrnty/.hermes/config.yaml`. - `effect`: `CTO-WORK-020 remains blocked until admitted provider/model and real Stage 2 pass report exist`. ## Meaning `local_provider_required` means JP approved the provider decision branch for the existing Hermes model stack: `qwen-local` with model `qwen3.6-35b-a3b` as primary, and `openai-codex` with model `gpt-5.5` as fallback. This record is not provider/model admission and is not Stage 2 pass evidence. It does not authorize Case to run until the `CTO-WORK-020` admission JSON exists and the Harness Evidence Interface proves real Stage 2. `CTO-WORK-024` is resolved by this record selecting `local_provider_required`. ## Decision History Previous state: - `decision_status`: `not_decided`. - `not_decided` means no provider/model may run. Future changes: - Only JP or a governed Core route may change this record away from `local_provider_required`. - Allowed future values remain `external_provider_approved` or `local_provider_required`. Any future state must include exact non-secret fields required by `CTO-WORK-020`: provider/model when applicable, approval source, credential source class, allowed network class, review trigger, and evidence expectations. ## Safety Constraints - No secret value may appear in SOT, task file, argv, report, trace, backend logs, generated config, or commit. - No Target Repository path may be inspected or copied. - `CTO-WORK-020` remains provider/model admission authority. - `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` remains execution admission gate. - `CTO-WORK-022` remains blocked until explicit local provider config is supplied and real Case Stage 2 pass evidence exists. - Real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist. - Fallback to `openai-codex` with `gpt-5.5` must be explicit in admission evidence before it may count as a Case provider/model path. - Existing evidence paths and commits are referenced only; runtime evidence is not copied into this record. ## Runtime Compatibility Finding - 2026-06-01 - Hermes commit `5db23c7 Fail closed on Case Codex auth gap` blocks the admitted `openai-codex` / `gpt-5.5` Case path before `case_process_started` unless a non-vendor auth bridge is proven. - The block exists because Case's pipeline SDK path constructs its Pi Agent runtime directly and does not pass Pi AuthStorage OAuth headers into `streamSimple`. - Pi env API-key lookup does not map `openai-codex` to an environment API key. - The Case-compatible local provider id for the current local Spark fallback path is `qwen-local`, model `qwen3.6-35b-a3b`. - The non-secret admission JSON for that local Case path is `.sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION.qwen-local-qwen3.6-35b-a3b.json`. - This finding does not change Hermes primary model policy. - This finding does not mark `CTO-WORK-020`, `CTO-WORK-016`, or Stage 2 as validated. ## Provider Policy Update - 2026-06-01 - JP selected `qwen-local` / `qwen3.6-35b-a3b` on Spark as the default Case provider path. - JP kept `openai-codex` / `gpt-5.5` as fallback only. - The fallback remains blocked by the known OpenAI Codex auth bridge gap unless a non-vendor bridge is proven. - The local Qwen path remains blocked before Case process start unless `CTO_HARNESS_CASE_LOCAL_BASE_URL` is explicitly supplied. - This update changes provider policy only. It does not mark real Case Stage 2 as passed. ## Spark Endpoint Config Reference - 2026-06-01 - `CTO-WORK-030` tracks the runtime Spark endpoint config required for the selected Qwen local path. - The required runtime variable is `CTO_HARNESS_CASE_LOCAL_BASE_URL`. - The endpoint value must not be copied into SOT, commits, task files, argv examples, backend logs, reports, or traces. - A configured endpoint alone does not validate `CTO-WORK-016`, `CTO-WORK-020`, `CTO-WORK-022`, or `CTO-WORK-028`.