hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46b7296cb2
cto/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-BUILD-PRD.md
Svrnty 19e7766c1a Migrate CTO SOT route to dotpath
2026-05-31 20:34:10 -04:00

94 lines
5.6 KiB
Markdown
Raw Blame History

---
title: CTO Case Provider Build PRD
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Provider Build PRD
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## Problem Statement
Stage 2 now has a validated Case task adapter, but it still cannot complete with real WorkOS Case because no durable admitted `ca` executable exists. Discovery found Node `v20.19.5`, no local `bun` executable, no `dist/ca`, no PATH `ca`, and a pinned WorkOS Case source checkout at commit `7959ac917cdeb0983b4aaa20bb9f42021747fed8` under `/tmp`, which is discovery evidence only.
## Solution
Create a governed provider build and admission route that can produce or accept a durable WorkOS Case `ca` executable, record its source pin and SHA-256 digest, and then allow the Hermes CTO harness to run Stage 2 with `CTO_HARNESS_CASE_BIN` only after identity and command-shape checks pass.
## Scope
- Build or admit WorkOS Case from `https://github.com/workos/case.git` at pinned commit `7959ac917cdeb0983b4aaa20bb9f42021747fed8` or a later recorded pin.
- Require Bun before `bun install` or `bun run build:binary` can run.
- Record the resulting `dist/ca` path and SHA-256 digest.
- Prove the executable is WorkOS Case, not the unrelated npm `case` package.
- Run Stage 2 through the existing Hermes CTO Harness Evidence Interface.
- Preserve `ca run --task <task-file> --mode unattended` as the only Stage 2 command shape.
- Require the task file to expose only copied artificial fixture inputs, allowed paths, forbidden actions, verification command, and evidence expectations.
## Non-Goals
- Do not vendor Case source into Cortex OS Core.
- Do not install or use the unrelated public npm `case` package.
- Do not mutate vendor source.
- Do not skip Stage 2.
- Do not authorize copied repo, sandbox repo, owned repo, default backend, WebUI product, or Core promotion behavior.
- Do not treat Case as CTO authority.
## Acceptance Criteria
- Provider build report records source URL, pinned commit, build command, `dist/ca` path, binary digest, Node version, Bun version, and build timestamp.
- Missing Bun blocks before build; it does not degrade to warning.
- Missing `dist/ca`, wrong source commit, wrong provider identity, non-executable binary, missing credentials, wrong command shape, or wrong task contract blocks.
- Current Hermes source admission status remains `not_admitted` until the provider build report is recorded.
- Stage 2 with `CTO_HARNESS_CASE_BIN=<admitted-ca>` produces a pass report only through real Case execution.
- Stage 2 without provider continues to fail closed as `provider unavailable`.
- Fake remains the default validation lane.
- Same-run fake baseline comparison remains required.
- Stage 2 records `report.json`, `report.md`, `events.normalized.jsonl`, `trace.jsonl`, `patch.diff`, `test.log`, backend raw logs, artifact digests, and freshness proof.
- Stage 2 records `source_admission_status`, `case_process_started`, `backend_exit_code`, `allowed_writes_passed`, `changed_files`, and `blockers`.
- No Cortex Core, Case source, vendor source, or Target Repository file is mutated by admission.
## Validation
- `python3 tools/validate_cto_child.py` validates this child-local route.
- Hermes provider validation must include `python3 harness/runner/validate-case-provider-adapter.py --harness-root harness --json`.
- Real provider validation must include `CTO_HARNESS_ALLOW_CASE=1 CTO_HARNESS_CASE_STAGE=2 CTO_HARNESS_CASE_BIN=<admitted-ca> harness/evals/run-case.sh r1-string-slugify --engine case --json`.
- Aggregate validation remains `harness/evals/health.sh --json` after focused gates pass.
## Risks And Dependencies
- Bun is not currently available on this host; provider build is blocked until Bun is installed or an admitted `dist/ca` is supplied.
- WorkOS Case is `private: true`; public npm `case` is unrelated.
- License status remains unresolved for broader execution modes.
- Case may need model credentials for real execution; no secrets may be placed in docs, argv, logs, or task files.
## Success Definition
Stage 2 moves from provider-unavailable blocked status to a real Case pass report while preserving the same harness evidence shape, allowed-write control, artifact digests, no-target-inspection proof, and fail-closed behavior.
## Current Provider Evidence Addendum - 2026-05-31
- Built binary digest observed: `9811f870af2f85616e359d42ba70566c9af08ca20d8660456929a56ec761513f`.
- Hung real-provider artifact directory: `20260531T233721Z-r1-string-slugify-1814067`.
- `CTO-WORK-016` remains blocked because no real Case Stage 2 pass report exists.
- `CTO-WORK-017 - Case Provider Timeout Fail-Closed Route` records the harness hardening response.
- Timeout control: `CTO_HARNESS_CASE_TIMEOUT_SECONDS`.
- Timeout marker: `backend/provider-timeout.txt`.
- Timeout validator check: `provider_timeout_fail_closed`.
- Hermes evidence commit: `d23c492 Fail closed on Case provider timeout`.
## Current Model Admission Evidence Addendum - 2026-05-31
- Real Case defaulted to provider `anthropic` and model `claude-sonnet-4-6` when no model registry was written.
- Runtime report path: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T234205Z-r1-string-slugify-1834617/report.json`.
- Required model admission variables: `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.
- Model gate marker: `backend/provider-model-not-admitted.txt`.
- Model gate validator check: `model_provider_gate_blocks`.
- Hermes evidence commit: `4500082 Gate Case execution on admitted model`.
Reference in New Issue View Git Blame Copy Permalink