cto/sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md

---
title: CTO Case Provider Decision Packet Issues
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---

# CTO Case Provider Decision Packet Issues

Local planning SOT only. Not a Core Protocol. Not active Core authority.

## CTO-WORK-023 - Case Provider Decision Packet PRD

Status: validated.

Register the compact decision packet for resolving the `CTO-WORK-020` provider policy blocker without approving a provider/model.

Acceptance:

- States `not_decided` is current safe state.
- Lists only `external_provider_approved` and `local_provider_required` as active branches.
- Says it does not approve or admit any provider/model.
- Says it is not Stage 2 pass evidence.
- Requires a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`.
- References existing evidence paths and commits instead of copying runtime evidence.
- Keeps `CTO-WORK-020` as provider/model admission authority.
- Keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as execution admission gate.
- Requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission.
- Requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits.
- States `CTO-WORK-022` stays blocked unless `decision_status=local_provider_required`.
- States real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist.
- States no Target Repository path may be inspected or copied.

## CTO-WORK-024 - Resolve Case Provider Decision

Status: blocked.

JP or a governed Core route chooses one `CTO-WORK-020` decision branch and records the required non-secret fields.

Acceptance:

- Decision record selects exactly one branch: `external_provider_approved` or `local_provider_required`.
- `not_decided` remains the safe default until a decision is recorded.
- Decision record is structured and uses only `not_decided`, `external_provider_approved`, or `local_provider_required`.
- Decision record references existing evidence paths and commits instead of copying runtime evidence.
- If `external_provider_approved`, the record names exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations.
- If `local_provider_required`, the record sets provider class `local_case_compatible` and keeps exact provider/model empty until a local provider/model is supplied and admitted.
- No secret value is written to SOT, task file, argv, report, trace, backend logs, generated config, or commit.
- `CTO-WORK-020` remains blocked until admitted provider/model and real Stage 2 pass report exist.
- `CTO-WORK-022` remains blocked unless `decision_status=local_provider_required`.
- Real Case Stage 2 remains blocked unless `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.

Blocked by:

- JP choosing external provider approval or local provider requirement.
- Governed Core route if the decision must be promoted before provider use.