hermes/cto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e2228a9742
cto/.sot/03-PROTOCOLS/CTO-CASE-PROVIDER-DECISION-RECORD.md
Svrnty 6762403d51 Track Spark endpoint config blocker
2026-05-31 22:17:47 -04:00

5.0 KiB
Raw Blame History

title status lifecycle_classification owner created last_reviewed core_promotion_status route
CTO Case Provider Decision Record draft sot jp 2026-05-31 2026-05-31 not-promoted cto

CTO Case Provider Decision Record

Local planning SOT only. Not a Core Protocol. Not active Core authority.

Current Decision State

  • decision_status: local_provider_required.
  • provider_class: local_case_compatible.
  • provider: qwen-local.
  • model: qwen3.6-35b-a3b.
  • fallback_provider: openai-codex.
  • fallback_model: gpt-5.5.
  • approval_source: JP chat approval on 2026-05-31.
  • credential_source_class: pi-models-json-local-provider-no-secret-plus-codex-oauth-fallback; no secret value.
  • allowed_network_class: local-tailscale-vllm-spark1-plus-codex-oauth-fallback.
  • review_trigger: before real Case Stage 2 admission JSON is written, before any credential source change, and before any default/fallback model change.
  • evidence_sources: CTO-CASE-MODEL-PROVIDER-ADMISSION-ISSUES.md, CTO-CASE-PROVIDER-DECISION-PACKET-PRD.md, CTO-CASE-PROVIDER-DECISION-PACKET-ISSUES.md, /home/svrnty/workspaces/hermes/scripts/apply-hermes-model-policy.py, /home/svrnty/.hermes/config.yaml.
  • effect: CTO-WORK-020 remains blocked until admitted provider/model and real Stage 2 pass report exist.

Meaning

local_provider_required means JP approved the provider decision branch for the existing Hermes model stack: qwen-local with model qwen3.6-35b-a3b as primary, and openai-codex with model gpt-5.5 as fallback.

This record is not provider/model admission and is not Stage 2 pass evidence. It does not authorize Case to run until the CTO-WORK-020 admission JSON exists and the Harness Evidence Interface proves real Stage 2.

CTO-WORK-024 is resolved by this record selecting local_provider_required.

Decision History

Previous state:

  • decision_status: not_decided.
  • not_decided means no provider/model may run.

Future changes:

  • Only JP or a governed Core route may change this record away from local_provider_required.
  • Allowed future values remain external_provider_approved or local_provider_required.

Any future state must include exact non-secret fields required by CTO-WORK-020: provider/model when applicable, approval source, credential source class, allowed network class, review trigger, and evidence expectations.

Safety Constraints

  • No secret value may appear in SOT, task file, argv, report, trace, backend logs, generated config, or commit.
  • No Target Repository path may be inspected or copied.
  • CTO-WORK-020 remains provider/model admission authority.
  • CTO_HARNESS_CASE_MODEL_ADMISSION_FILE remains execution admission gate.
  • CTO-WORK-022 remains blocked until explicit local provider config is supplied and real Case Stage 2 pass evidence exists.
  • Real Case Stage 2 remains blocked until admitted provider/model and Harness Evidence Interface pass report exist.
  • Fallback to openai-codex with gpt-5.5 must be explicit in admission evidence before it may count as a Case provider/model path.
  • Existing evidence paths and commits are referenced only; runtime evidence is not copied into this record.

Runtime Compatibility Finding - 2026-06-01

  • Hermes commit 5db23c7 Fail closed on Case Codex auth gap blocks the admitted openai-codex / gpt-5.5 Case path before case_process_started unless a non-vendor auth bridge is proven.
  • The block exists because Case's pipeline SDK path constructs its Pi Agent runtime directly and does not pass Pi AuthStorage OAuth headers into streamSimple.
  • Pi env API-key lookup does not map openai-codex to an environment API key.
  • The Case-compatible local provider id for the current local Spark fallback path is qwen-local, model qwen3.6-35b-a3b.
  • The non-secret admission JSON for that local Case path is .sot/03-PROTOCOLS/CTO-CASE-MODEL-PROVIDER-ADMISSION.qwen-local-qwen3.6-35b-a3b.json.
  • This finding does not change Hermes primary model policy.
  • This finding does not mark CTO-WORK-020, CTO-WORK-016, or Stage 2 as validated.

Provider Policy Update - 2026-06-01

  • JP selected qwen-local / qwen3.6-35b-a3b on Spark as the default Case provider path.
  • JP kept openai-codex / gpt-5.5 as fallback only.
  • The fallback remains blocked by the known OpenAI Codex auth bridge gap unless a non-vendor bridge is proven.
  • The local Qwen path remains blocked before Case process start unless CTO_HARNESS_CASE_LOCAL_BASE_URL is explicitly supplied.
  • This update changes provider policy only. It does not mark real Case Stage 2 as passed.

Spark Endpoint Config Reference - 2026-06-01

  • CTO-WORK-030 tracks the runtime Spark endpoint config required for the selected Qwen local path.
  • The required runtime variable is CTO_HARNESS_CASE_LOCAL_BASE_URL.
  • The endpoint value must not be copied into SOT, commits, task files, argv examples, backend logs, reports, or traces.
  • A configured endpoint alone does not validate CTO-WORK-016, CTO-WORK-020, CTO-WORK-022, or CTO-WORK-028.