hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
19e7766c1a
cto/.sot/03-PROTOCOLS/CTO-CASE-LOCAL-PROVIDER-ROUTE-PRD.md
Svrnty 19e7766c1a Migrate CTO SOT route to dotpath
2026-05-31 20:34:10 -04:00

78 lines
4.1 KiB
Markdown
Raw Blame History

---
title: CTO Case Local Provider Route PRD
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Local Provider Route PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem Statement
`CTO-WORK-020` remains blocked until a provider policy decision exists. If the decision is `local_provider_required`, Cortex CTO needs a narrow route for a Case-compatible local model provider before real Case Stage 2 can run without external provider approval.
## Solution
Define a child-local Case-compatible local provider adapter route. This route does not select a provider, does not implement a provider, and does not admit a provider/model. It uses the existing `CTO-WORK-020` admission JSON gate as authority.
## Scope
- Apply only when `decision_status=local_provider_required`.
- Require provider class `local_case_compatible` only through the `CTO-WORK-020` decision record.
- Require compatibility with WorkOS Case model configuration through the existing `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` gate.
- Require the existing Hermes admitted-pair gate to remain the execution gate.
- Require the adapter path to prove no external provider fallback.
- Require missing local adapter config to block before `case_process_started`.
- Require admission JSON mismatch to block before `case_process_started`.
- Require `decision_status != local_provider_required` to block route execution.
- Require Stage 2 to keep copied artificial fixture scope only.
- Require no Target Repository path exposure.
- No Target Repository path exposure.
- Require no secrets in SOT, argv, task file, report, trace, backend logs, generated config, or commits.
## Non-Goals
- Do not approve a local provider.
- Do not implement a provider adapter.
- Do not admit a provider/model.
- Do not approve Anthropic or any external provider.
- Do not run real Case Stage 2.
- Do not create a provider marketplace or registry.
- Do not change Hermes runtime behavior from this route.
- Do not treat Case as CTO authority.
## Acceptance Criteria
- A local provider adapter route references the `CTO-WORK-020` decision record and admission JSON gate instead of redefining admission fields.
- Completion of this route does not admit a provider/model and does not change `CTO-WORK-020` status.
- The route states that `CTO-WORK-020` remains blocked until admitted provider/model and real Case Stage 2 pass evidence exist.
- The route requires proof that Case used the admitted local provider/model from `CTO-WORK-020` and did not fall back to `anthropic` or `claude-sonnet-4-6`.
- The route requires `case_model_provider`, `case_model`, and `case_model_admission_status` in report evidence.
- The route requires `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE`, `CTO_HARNESS_CASE_MODEL_PROVIDER`, and `CTO_HARNESS_CASE_MODEL`.
- The route requires negative gates for missing local adapter config, admission JSON mismatch, and `decision_status != local_provider_required`.
- The route keeps fake as the default validation lane.
- The route keeps same-run fake baseline comparison required.
## Validation
- `python3 tools/validate_cto_child.py` validates this child-local route.
- Future Hermes focused validation must include `python3 harness/runner/validate-case-provider-adapter.py --harness-root harness --json`.
- Future real local provider validation must use the Harness Evidence Interface and copied artificial fixture Stage 2 only.
## Risks And Dependencies
- WorkOS Case may not support the intended local provider without additional adapter work.
- Local inference may still require credentials, endpoint configuration, or model serving state.
- Local model quality may fail Stage 2 even when the provider route is valid.
- A local provider route does not remove the need for an admission JSON and real pass report.
## Success Definition
If JP chooses `local_provider_required`, the next implementation route is explicit: build or supply one Case-compatible local provider adapter path, then use `CTO-WORK-020` to admit the exact provider/model pair before any real Case Stage 2 retry.
Reference in New Issue View Git Blame Copy Permalink