hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cto/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-BUILD-PRD.md
Svrnty 19e7766c1a Migrate CTO SOT route to dotpath
2026-05-31 20:34:10 -04:00

5.6 KiB
Raw Permalink Blame History

title status lifecycle_classification owner created last_reviewed core_promotion_status route
CTO Case Provider Build PRD draft sot jp 2026-05-31 2026-05-31 not-promoted cto

CTO Case Provider Build PRD

Local planning SOT only. Not a Core Protocol. Not active Core authority.

Problem Statement

Stage 2 now has a validated Case task adapter, but it still cannot complete with real WorkOS Case because no durable admitted ca executable exists. Discovery found Node v20.19.5, no local bun executable, no dist/ca, no PATH ca, and a pinned WorkOS Case source checkout at commit 7959ac917cdeb0983b4aaa20bb9f42021747fed8 under /tmp, which is discovery evidence only.

Solution

Create a governed provider build and admission route that can produce or accept a durable WorkOS Case ca executable, record its source pin and SHA-256 digest, and then allow the Hermes CTO harness to run Stage 2 with CTO_HARNESS_CASE_BIN only after identity and command-shape checks pass.

Scope

  • Build or admit WorkOS Case from https://github.com/workos/case.git at pinned commit 7959ac917cdeb0983b4aaa20bb9f42021747fed8 or a later recorded pin.
  • Require Bun before bun install or bun run build:binary can run.
  • Record the resulting dist/ca path and SHA-256 digest.
  • Prove the executable is WorkOS Case, not the unrelated npm case package.
  • Run Stage 2 through the existing Hermes CTO Harness Evidence Interface.
  • Preserve ca run --task <task-file> --mode unattended as the only Stage 2 command shape.
  • Require the task file to expose only copied artificial fixture inputs, allowed paths, forbidden actions, verification command, and evidence expectations.

Non-Goals

  • Do not vendor Case source into Cortex OS Core.
  • Do not install or use the unrelated public npm case package.
  • Do not mutate vendor source.
  • Do not skip Stage 2.
  • Do not authorize copied repo, sandbox repo, owned repo, default backend, WebUI product, or Core promotion behavior.
  • Do not treat Case as CTO authority.

Acceptance Criteria

  • Provider build report records source URL, pinned commit, build command, dist/ca path, binary digest, Node version, Bun version, and build timestamp.
  • Missing Bun blocks before build; it does not degrade to warning.
  • Missing dist/ca, wrong source commit, wrong provider identity, non-executable binary, missing credentials, wrong command shape, or wrong task contract blocks.
  • Current Hermes source admission status remains not_admitted until the provider build report is recorded.
  • Stage 2 with CTO_HARNESS_CASE_BIN=<admitted-ca> produces a pass report only through real Case execution.
  • Stage 2 without provider continues to fail closed as provider unavailable.
  • Fake remains the default validation lane.
  • Same-run fake baseline comparison remains required.
  • Stage 2 records report.json, report.md, events.normalized.jsonl, trace.jsonl, patch.diff, test.log, backend raw logs, artifact digests, and freshness proof.
  • Stage 2 records source_admission_status, case_process_started, backend_exit_code, allowed_writes_passed, changed_files, and blockers.
  • No Cortex Core, Case source, vendor source, or Target Repository file is mutated by admission.

Validation

  • python3 tools/validate_cto_child.py validates this child-local route.
  • Hermes provider validation must include python3 harness/runner/validate-case-provider-adapter.py --harness-root harness --json.
  • Real provider validation must include CTO_HARNESS_ALLOW_CASE=1 CTO_HARNESS_CASE_STAGE=2 CTO_HARNESS_CASE_BIN=<admitted-ca> harness/evals/run-case.sh r1-string-slugify --engine case --json.
  • Aggregate validation remains harness/evals/health.sh --json after focused gates pass.

Risks And Dependencies

  • Bun is not currently available on this host; provider build is blocked until Bun is installed or an admitted dist/ca is supplied.
  • WorkOS Case is private: true; public npm case is unrelated.
  • License status remains unresolved for broader execution modes.
  • Case may need model credentials for real execution; no secrets may be placed in docs, argv, logs, or task files.

Success Definition

Stage 2 moves from provider-unavailable blocked status to a real Case pass report while preserving the same harness evidence shape, allowed-write control, artifact digests, no-target-inspection proof, and fail-closed behavior.

Current Provider Evidence Addendum - 2026-05-31

  • Built binary digest observed: 9811f870af2f85616e359d42ba70566c9af08ca20d8660456929a56ec761513f.
  • Hung real-provider artifact directory: 20260531T233721Z-r1-string-slugify-1814067.
  • CTO-WORK-016 remains blocked because no real Case Stage 2 pass report exists.
  • CTO-WORK-017 - Case Provider Timeout Fail-Closed Route records the harness hardening response.
  • Timeout control: CTO_HARNESS_CASE_TIMEOUT_SECONDS.
  • Timeout marker: backend/provider-timeout.txt.
  • Timeout validator check: provider_timeout_fail_closed.
  • Hermes evidence commit: d23c492 Fail closed on Case provider timeout.

Current Model Admission Evidence Addendum - 2026-05-31

  • Real Case defaulted to provider anthropic and model claude-sonnet-4-6 when no model registry was written.
  • Runtime report path: /home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T234205Z-r1-string-slugify-1834617/report.json.
  • Required model admission variables: CTO_HARNESS_CASE_MODEL_PROVIDER and CTO_HARNESS_CASE_MODEL.
  • Model gate marker: backend/provider-model-not-admitted.txt.
  • Model gate validator check: model_provider_gate_blocks.
  • Hermes evidence commit: 4500082 Gate Case execution on admitted model.