hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46b7296cb2
cto/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-ADMISSION-PRD.md
Svrnty 19e7766c1a Migrate CTO SOT route to dotpath
2026-05-31 20:34:10 -04:00

68 lines
3.0 KiB
Markdown
Raw Blame History

---
title: CTO Case Provider Admission PRD
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Provider Admission PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Purpose
Unblock Stage 2 by admitting a real WorkOS Case executable through a governed provider route, without treating Case as Cortex authority and without mutating any target repository.
## Current Evidence
- Source repo: `https://github.com/workos/case.git`.
- Pinned source commit: `7959ac917cdeb0983b4aaa20bb9f42021747fed8`.
- Package name: `case`.
- Package status: `private: true`.
- Public npm package `case` is not WorkOS Case.
- Case CLI binary name is `ca`, because `case` is a shell reserved word.
- Case setup requires Bun.
- Case standalone executable is produced by `bun run build:binary` as `dist/ca`.
- Case task execution uses `ca run --task <task-file>` or `ca session <repo-path> --task <task-file>`.
## Problem
The Hermes CTO harness has a provider-unavailable failure path, but it does not yet have an admitted durable Case provider. `CTO_HARNESS_CASE_BIN` alone is insufficient if the adapter passes a raw prompt as argv. WorkOS Case expects a task file and a Case command shape, not an arbitrary prompt string.
## Product Requirement
Create a provider admission route that proves the exact executable, command contract, and task contract before Stage 2 can pass.
## Required Contract
- The provider path must be explicit and durable; `/tmp` clones are discovery evidence only.
- The provider must be pinned to `7959ac917cdeb0983b4aaa20bb9f42021747fed8` or a later recorded pin.
- The provider must identify itself as WorkOS Case, not the unrelated npm package.
- The adapter must call `ca run --task <task-file>` for Stage 2 artificial fixture work.
- The adapter must not pass the task brief as a raw positional prompt.
- The task file must contain no Target Repository path for Stage 2.
- The run must preserve `Stage 2 allowed mutation scope is copied artificial case only`.
- Missing Bun, missing `dist/ca`, wrong commit, wrong command shape, or wrong task file means blocked.
- Case may execute only inside the Harness Evidence Interface.
- Case may recommend. Case must not approve itself.
## Acceptance Evidence
- Provider admission report records executable path, source URL, pinned commit, build command, binary digest, and command shape.
- Stage 2 pass report exists only after a real `ca run --task <task-file>` execution.
- Provider-unavailable report remains available and fail-closed.
- Fake remains the default validation lane.
- No Cortex Core, Case source, vendor source, or Target Repository file is mutated.
## Explicit Non-Goals
- Do not vendor Case source into Cortex OS Core.
- Do not install or use the unrelated npm `case` package.
- Do not skip Stage 2.
- Do not authorize copied repo, sandbox repo, owned repo, default backend, WebUI product, or Core promotion behavior.
- Do not treat Case as CTO authority.
Reference in New Issue View Git Blame Copy Permalink