77 lines
4.0 KiB
Markdown
77 lines
4.0 KiB
Markdown
---
|
|
title: CTO Case Spark Endpoint Config PRD
|
|
status: draft
|
|
lifecycle_classification: sot
|
|
owner: jp
|
|
created: 2026-06-01
|
|
last_reviewed: 2026-06-01
|
|
core_promotion_status: not-promoted
|
|
route: cto
|
|
---
|
|
|
|
# CTO Case Spark Endpoint Config PRD
|
|
|
|
Local planning SOT only. Not a Core Protocol. Not active Core authority.
|
|
|
|
## Problem Statement
|
|
|
|
`qwen-local` / `qwen3.6-35b-a3b` is now the selected primary Case provider policy, but real Case Stage 2 cannot start until the Hermes CTO harness receives explicit Spark OpenAI-compatible endpoint config.
|
|
|
|
Current non-secret readiness check showed `CTO_HARNESS_CASE_LOCAL_BASE_URL` is missing. The harness correctly blocks before `case_process_started` instead of falling back to ambient Pi config or an external model.
|
|
|
|
## Solution
|
|
|
|
Create a narrow child-local endpoint config route for Spark local provider readiness. The route records exactly what must be supplied and proven before a real Qwen Case Stage 2 retry can count.
|
|
|
|
## Scope
|
|
|
|
- Require explicit `CTO_HARNESS_CASE_LOCAL_BASE_URL` for `qwen-local`.
|
|
- Treat the endpoint value as runtime config, not SOT content.
|
|
- Do not store endpoint secrets or credential values in SOT, argv, task file, backend logs, report, trace, generated config, or commit.
|
|
- Require the Hermes CTO harness to keep blocking before `case_process_started` when the local endpoint config is missing.
|
|
- Require missing endpoint config to write `backend/provider-local-config-unavailable.txt`.
|
|
- Require future proof through the Harness Evidence Interface.
|
|
- Keep copied artificial fixture scope only.
|
|
- Require no Target Repository path to be inspected or copied.
|
|
- Keep same-run fake baseline comparison required.
|
|
- Keep `CTO-WORK-020`, `CTO-WORK-016`, `CTO-WORK-022`, and Stage 2 blocked until real pass evidence exists.
|
|
|
|
## Non-Goals
|
|
|
|
- Do not discover or print credentials.
|
|
- Do not read secret-bearing Hermes config.
|
|
- Do not mutate Case source, Cortex Core, vendor source, external developer repositories, or Target Repositories.
|
|
- Do not approve a new provider/model.
|
|
- Do not treat endpoint presence as Stage 2 pass evidence.
|
|
- Do not promote Case to copied repo, sandbox repo, owned repo, or default candidate.
|
|
|
|
## Acceptance Criteria
|
|
|
|
- The route names `CTO_HARNESS_CASE_LOCAL_BASE_URL` as the required local endpoint config.
|
|
- The route states missing endpoint config blocks before `case_process_started`.
|
|
- The route states missing endpoint config writes `backend/provider-local-config-unavailable.txt`.
|
|
- The route states endpoint values must not be written to SOT or commits.
|
|
- The route states endpoint presence is not Stage 2 pass evidence.
|
|
- The route states a configured endpoint alone does not validate `CTO-WORK-016`, `CTO-WORK-020`, `CTO-WORK-022`, or `CTO-WORK-028`.
|
|
- The route states no Target Repository path may be inspected or copied.
|
|
- The route requires real Case Stage 2 proof through the Harness Evidence Interface before unblocking `CTO-WORK-016`.
|
|
- The route keeps `CTO-WORK-022` blocked until explicit endpoint config and real Stage 2 pass evidence exist.
|
|
- The route keeps fake as the default validation lane.
|
|
|
|
## Validation
|
|
|
|
- `python3 tools/validate_cto_child.py` validates this child-local route.
|
|
- Future Hermes focused validation remains `python3 harness/runner/validate-case-provider-adapter.py --harness-root harness --json`.
|
|
- Future real Qwen validation must run copied artificial fixture Stage 2 with `CTO_HARNESS_CASE_LOCAL_BASE_URL` present and no endpoint value written to SOT.
|
|
|
|
## Risks And Dependencies
|
|
|
|
- Spark may be unavailable or not serving an OpenAI-compatible endpoint.
|
|
- The endpoint may require credentials or network state outside this workspace.
|
|
- Local model quality may still fail the `AGENT_RESULT` protocol or code-change task after endpoint config is supplied.
|
|
- A supplied endpoint does not remove the need for admitted provider/model proof.
|
|
|
|
## Success Definition
|
|
|
|
The Spark endpoint requirement is explicit, secret-safe, and governed. A future operator can supply `CTO_HARNESS_CASE_LOCAL_BASE_URL` and run one real Case Stage 2 proof without guessing which config is missing or allowing fallback behavior.
|