hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46b7296cb2
cto/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md
Svrnty d9edf8a715 Select Qwen local as CTO provider policy
2026-05-31 22:13:52 -04:00

108 lines
6.2 KiB
Markdown
Raw Blame History

---
title: CTO Case Provider Decision Packet Issues
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---
# CTO Case Provider Decision Packet Issues
Local planning SOT only. Not a Core Protocol. Not active Core authority.
## CTO-WORK-023 - Case Provider Decision Packet PRD
Status: validated.
Register the compact decision packet for resolving the `CTO-WORK-020` provider policy blocker without approving a provider/model.
Acceptance:
- States `local_provider_required` is current selected state.
- Lists only `external_provider_approved` and `local_provider_required` as active branches.
- Says it does not approve or admit any provider/model.
- Says it is not Stage 2 pass evidence.
- Requires a structured decision record using only `not_decided`, `external_provider_approved`, or `local_provider_required`.
- References existing evidence paths and commits instead of copying runtime evidence.
- Keeps `CTO-WORK-020` as provider/model admission authority.
- Keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as execution admission gate.
- Requires exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations before admission.
- Requires no secrets in SOT, task file, argv, report, trace, backend logs, generated config, or commits.
- States `CTO-WORK-022` stays blocked until explicit local provider config and real Case Stage 2 pass evidence exist.
- States real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist.
- States no Target Repository path may be inspected or copied.
## CTO-WORK-024 - Resolve Case Provider Decision
Status: validated.
JP or a governed Core route chooses one `CTO-WORK-020` decision branch and records the required non-secret fields.
Acceptance:
- Decision record selects exactly one branch: `external_provider_approved` or `local_provider_required`.
- `not_decided` remains the safe default until a decision is recorded.
- Decision record is structured and uses only `not_decided`, `external_provider_approved`, or `local_provider_required`.
- Decision record references existing evidence paths and commits instead of copying runtime evidence.
- If `external_provider_approved`, the record names exact provider/model, approval source, credential source class, allowed network class, review trigger, and evidence expectations.
- If `local_provider_required`, the record sets provider class `local_case_compatible` and keeps exact provider/model empty until a local provider/model is supplied and admitted.
- No secret value is written to SOT, task file, argv, report, trace, backend logs, generated config, or commit.
- `CTO-WORK-020` remains blocked until admitted provider/model and real Stage 2 pass report exist.
- `CTO-WORK-022` remains blocked until explicit local provider config and real Case Stage 2 pass evidence exist.
- Real Case Stage 2 remains blocked unless `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` exists and matches `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL`.
Resolved by:
- `CTO-CASE-PROVIDER-DECISION-RECORD.md` selecting `local_provider_required`.
- Real Case Stage 2 remains blocked by `CTO-WORK-020` admission JSON and Harness Evidence Interface proof.
## CTO-WORK-025 - Initial Not-Decided Provider Decision Record
Status: validated.
Record the initial fail-closed `CTO-WORK-020` decision state as `not_decided`.
Acceptance:
- Decision record has `decision_status`: `not_decided`.
- Provider class, provider, model, approval source, credential source class, allowed network class, and review trigger remain empty while blocked.
- Evidence sources reference existing admission and decision packet files only.
- Record says `not_decided` means no provider/model may run.
- Record says it is not provider/model admission, not Stage 2 pass evidence, and not approval for external or local provider use.
- Record says `CTO-WORK-024` remains blocked because this record does not select `external_provider_approved` or `local_provider_required`.
- Record says only JP or a governed Core route may change it away from `not_decided`.
- Record allows only `external_provider_approved` or `local_provider_required` as future non-`not_decided` values.
- Record requires no secret value in SOT, task file, argv, report, trace, backend logs, generated config, or commit.
- Record says no Target Repository path may be inspected or copied.
- Record keeps `CTO-WORK-020` as provider/model admission authority.
- Record keeps `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE` as execution admission gate.
- Record keeps `CTO-WORK-024` blocked while `decision_status=not_decided`.
- Record keeps `CTO-WORK-022` blocked unless `decision_status=local_provider_required`.
- Record keeps real Case Stage 2 blocked until admitted provider/model and Harness Evidence Interface pass report exist.
## CTO-WORK-026 - Qwen Local Primary Provider Decision
Status: validated.
Record JP approval of the local Qwen primary provider decision branch for the current Hermes model stack.
Acceptance:
- Decision record has `decision_status`: `local_provider_required`.
- Decision record has `provider_class`: `local_case_compatible`.
- Decision record has `provider`: `qwen-local`.
- Decision record has `model`: `qwen3.6-35b-a3b`.
- Decision record has `fallback_provider`: `openai-codex`.
- Decision record has `fallback_model`: `gpt-5.5`.
- Decision record has `credential_source_class`: `pi-models-json-local-provider-no-secret-plus-codex-oauth-fallback`; no secret value.
- Decision record has `allowed_network_class`: `local-tailscale-vllm-spark1-plus-codex-oauth-fallback`.
- Decision record references Hermes model policy and local Hermes config as evidence sources without copying secrets.
- Record says it is not provider/model admission and is not Stage 2 pass evidence.
- Record says `CTO-WORK-024` is resolved by selecting `local_provider_required`.
- Record keeps `CTO-WORK-020` blocked until admission JSON and real Stage 2 pass evidence exist.
- Record keeps `CTO-WORK-022` blocked until explicit local provider config and real Case Stage 2 pass evidence exist.
- Record requires fallback to `openai-codex` with `gpt-5.5` to be explicit in admission evidence before it may count as a Case provider/model path.
Reference in New Issue View Git Blame Copy Permalink