cto/sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md

---
title: CTO Case Model Provider Admission Issues
status: draft
lifecycle_classification: sot
owner: jp
created: 2026-05-31
last_reviewed: 2026-05-31
core_promotion_status: not-promoted
route: cto
---

# CTO Case Model Provider Admission Issues

Local planning SOT only. Not a Core Protocol. Not active Core authority.

## CTO-WORK-019 - Case Model Provider Admission PRD

Status: validated.

Extract the existing `CTO-WORK-018` harness gate into a first-class model provider admission route. This is the SOT route for deciding which provider/model pair may power real Case Stage 2.

Acceptance:

- Records observed fallback provider `anthropic`.
- Records observed fallback model `claude-sonnet-4-6`.
- Requires explicit admitted provider and exact model ID before real Case starts.
- Requires `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL` to match the admission record.
- Requires `backend/provider-model-not-admitted.txt` when admission is missing.
- Requires isolated `CASE_DATA_DIR/config.json` to contain admitted `models.default`.
- Requires negative gates for missing provider/model and unadmitted provider/model.
- Requires no secrets in task file, argv, report, trace, backend logs, SOT, or commits.
- Keeps Case as candidate execution backend, not CTO authority.

## CTO-WORK-020 - Admit Case Model Provider For Real Stage 2

Status: blocked.

Choose and admit the exact provider/model path for real Case Stage 2, then rerun Stage 2 through the Harness Evidence Interface.

Acceptance:

- Admission record names provider, exact model ID, credential source class, allowed network class, approval source, admission timestamp, review trigger, and evidence expectations.
- No provider/model is admitted by default.
- No secret is written to SOT, argv, task file, backend logs, report, trace, or commit.
- `CTO_HARNESS_CASE_MODEL_PROVIDER` and `CTO_HARNESS_CASE_MODEL` match the admission record.
- Missing or unadmitted provider/model blocks before `case_process_started`.
- Report records `case_model_provider`, `case_model`, and `case_model_admission_status`.
- Real Case Stage 2 produces a pass report only if the admitted provider/model was used.
- Same-run fake baseline comparison remains required.
- No Target Repository path is inspected or copied.

Blocked by:

- Human provider approval if an external provider such as Anthropic is selected.
- A Case-compatible local provider route if external providers are not approved.

## Hermes Implementation Evidence - 2026-05-31

- Hermes commit: `f39d8ab Require admitted Case model pair`.
- `f39d8ab` proves admission gating implementation only; it is not a real Case Stage 2 pass.
- The Hermes adapter now requires `CTO_HARNESS_CASE_MODEL_ADMISSION_FILE`.
- Env provider/model is only the requested pair; the admission JSON is the authority.
- Missing admission blocks before `case_process_started`.
- Mismatched admission blocks before `case_process_started`.
- Report evidence records `case_model_provider`, `case_model`, and `case_model_admission_status`.
- Status vocabulary includes `admitted`, `missing_admission`, `mismatch`, `invalid_admission`, and `not_admitted`.
- Secret scan covers `report.json`, `report.md`, `trace.jsonl`, backend logs, Case stdout/stderr, and generated Case config.
- Focused validator passed: `python3 harness/runner/validate-case-provider-adapter.py --harness-root harness --json`.
- Aggregate validator passed: `harness/evals/health.sh --json`.
- Focused validator artifact: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T235421Z-r1-string-slugify-1875638`.
- Aggregate validator artifact: `/home/svrnty/.hermes/profiles/cto-planb/harness-runs/20260531T235448Z-r1-string-slugify-1876884`.
- `CTO-WORK-020` remains blocked until a provider/model is explicitly approved and real Case Stage 2 produces a pass report.