Add Local Model Door CLI surface

README.md

@@ -18,6 +18,7 @@ It should contain:
 - model-router client utilities;
 - guardrail/eval/evidence helpers;
 - agent sandbox/run helpers;
+- Local Model Door runtime detection and route planning helpers;
 - Agent Machine local mount and secure host-interface helpers;
 - Office Plane dry-run, guarded execution, inspection, and evidence helpers;
 - fingerprint and proof bundle tools;
@@ -60,6 +61,11 @@ sourceosctl [--version] <command> [<subcommand>] [options]
 | `sourceosctl fingerprint collect --dry-run` | Print environment fingerprint fields (dry-run only) |
 | `sourceosctl ai labs list` | List available AI labs (read-only) |
 | `sourceosctl agents sandbox plan --dry-run` | Print agent sandbox plan (dry-run only) |
+| `sourceosctl local-model doctor` | Inspect local model runtime and installed models without pulling weights or inference |
+| `sourceosctl local-model profiles` | List SourceOS Local Model Door profile refs |
+| `sourceosctl local-model plan --profile local-llama32-1b` | Render local model runtime plan without installing or running models |
+| `sourceosctl local-model route --task-class office-assist` | Render hash-only model route decision under local-first policy |
+| `sourceosctl local-model evidence inspect <path>` | Inspect local model route evidence JSON |
 | `sourceosctl agent-machine mounts plan` | Render Agent Machine local mount plan for dev/docs/downloads roots (dry-run) |
 | `sourceosctl agent-machine mounts init --dry-run` | Render mount initialization plan; no directories or mounts are created |
 | `sourceosctl agent-machine mounts init --execute --policy-ok` | Create only scoped local output/download directories and emit AgentMachineMountEvidence |
@@ -89,6 +95,10 @@ python3 bin/sourceosctl release inspect-archive fixtures/nlboot_release_valid
 python3 bin/sourceosctl fingerprint collect --dry-run
 python3 bin/sourceosctl ai labs list
 python3 bin/sourceosctl agents sandbox plan --dry-run
+python3 bin/sourceosctl local-model doctor
+python3 bin/sourceosctl local-model profiles
+python3 bin/sourceosctl local-model plan --profile local-llama32-1b
+python3 bin/sourceosctl local-model route --task-class office-assist --prompt "local prompt text is hashed only"
 python3 bin/sourceosctl agent-machine mounts plan
 python3 bin/sourceosctl agent-machine mounts init --dry-run
 python3 bin/sourceosctl agent-machine mounts init --execute --policy-ok --evidence-out ./mount-evidence.json
@@ -104,6 +114,24 @@ python3 bin/sourceosctl office convert ./example.docx --to pdf --dry-run
 python3 bin/sourceosctl office convert ./example.docx --to pdf --execute --policy-ok --evidence-out ./office-convert-evidence.json
 ```
 
+### Local Model Door defaults
+
+The Local Model Door aligns with:
+
+- `SourceOS-Linux/sourceos-model-carry` for local model profiles;
+- `SocioProphet/model-router` for routing;
+- `SocioProphet/model-governance-ledger` for personal tuning contracts;
+- `SociOS-Linux/socios` for opt-in personalization orchestration.
+
+Default profiles:
+
+| Profile key | Model | Role |
+| --- | --- | --- |
+| `local-llama32-1b` | `llama3.2:1b` | laptop-safe router, triage, summarization, rewrite, Office assist |
+| `local-llama32-3b` | `llama3.2:3b` | quality local fallback |
+
+The Local Model Door does **not** pull model weights, start Ollama, run inference, send prompts off-device, or authorize tool use. `local-model route --prompt ...` emits only a SHA-256 prompt hash.
+
 ### Agent Machine local mount defaults
 
 The first Agent Machine mount slice aligns with the SourceOS contracts in `SourceOS-Linux/sourceos-spec`:
@@ -178,13 +206,15 @@ M1 is repo maturity and install surface definition:
 - `SociOS-Linux/nlboot`: boot/recovery client and evidence records.
 - `SourceOS-Linux/sourceos-spec`: canonical SourceOS schemas and contracts.
 - `SourceOS-Linux/sourceos-boot`: SourceOS boot/recovery integration.
+- `SourceOS-Linux/sourceos-model-carry`: local model profiles and carry-layer service refs.
 - `SourceOS-Linux/agent-term`: terminal-native SourceOS operator ChatOps console.
 - `SociOS-Linux/workstation-contracts`: workstation/CI conformance contracts and IPC receipts.
+- `SociOS-Linux/socios`: opt-in automation and personalization orchestration.
 - `SocioProphet/prophet-workspace`: workspace product semantics, Professional Workrooms, and OfficeArtifact contracts.
 - `SocioProphet/homebrew-prophet`: Homebrew install formulae.
 - `SocioProphet/model-router`: governed model/service routing.
 - `SocioProphet/guardrail-fabric`: guardrail policy client integration.
-- `SocioProphet/model-governance-ledger`: evidence and promotion records.
+- `SocioProphet/model-governance-ledger`: evidence, consent, evaluation, promotion, and personalization governance records.
 - `SocioProphet/agent-registry`: governed agent identity/tool-grant contracts.
 - `SocioProphet/agentplane`: governed execution, placement, run, replay, and evidence.
 

sourceosctl/cli.py

@@ -12,6 +12,7 @@
     fingerprint,
     ai,
     agents,
+    local_model,
     agent_machine,
     office,
 )
@@ -134,6 +135,84 @@ def build_parser() -> argparse.ArgumentParser:
     )
     agents_sandbox_plan_p.set_defaults(func=agents.sandbox_plan)
 
+    # --- local-model ---
+    local_model_p = sub.add_parser("local-model", help="Local Model Door helpers")
+    local_model_sub = local_model_p.add_subparsers(
+        dest="local_model_command", metavar="<subcommand>"
+    )
+    local_model_sub.required = True
+
+    local_model_doctor_p = local_model_sub.add_parser(
+        "doctor", help="Inspect local model runtime availability without pulling or inference"
+    )
+    local_model_doctor_p.set_defaults(func=local_model.doctor)
+
+    local_model_profiles_p = local_model_sub.add_parser(
+        "profiles", help="List built-in local model profile references"
+    )
+    local_model_profiles_p.set_defaults(func=local_model.profiles)
+
+    local_model_plan_p = local_model_sub.add_parser(
+        "plan", help="Render a local model runtime plan without pulling weights"
+    )
+    local_model_plan_p.add_argument(
+        "--profile",
+        default="local-llama32-1b",
+        choices=sorted(local_model.LOCAL_MODEL_PROFILES),
+        help="Local model profile key",
+    )
+    local_model_plan_p.set_defaults(func=local_model.plan)
+
+    local_model_route_p = local_model_sub.add_parser(
+        "route", help="Render a hash-only local model route decision"
+    )
+    local_model_route_p.add_argument(
+        "--task-class",
+        required=True,
+        choices=[
+            "router",
+            "triage",
+            "summarization",
+            "rewrite",
+            "office-assist",
+            "agent-machine-assist",
+            "offline-fallback",
+            "coding-assist",
+            "privacy-first-chat",
+            "complex-reasoning",
+        ],
+        help="Task class to route",
+    )
+    local_model_route_p.add_argument(
+        "--prompt",
+        default=None,
+        help="Optional prompt text; only a SHA-256 hash is emitted",
+    )
+    local_model_route_p.add_argument(
+        "--personalization-ref",
+        default=None,
+        help="Optional personal model/adaptation governance reference",
+    )
+    local_model_route_p.add_argument(
+        "--router-binding-ref",
+        default=local_model.DEFAULT_ROUTER_BINDING_REF,
+        help="Model-router binding reference",
+    )
+    local_model_route_p.set_defaults(func=local_model.route)
+
+    local_model_evidence_p = local_model_sub.add_parser(
+        "evidence", help="Local model evidence helpers"
+    )
+    local_model_evidence_sub = local_model_evidence_p.add_subparsers(
+        dest="local_model_evidence_command", metavar="<subcommand>"
+    )
+    local_model_evidence_sub.required = True
+    local_model_evidence_inspect_p = local_model_evidence_sub.add_parser(
+        "inspect", help="Inspect local model route evidence JSON"
+    )
+    local_model_evidence_inspect_p.add_argument("path", help="Path to local model evidence JSON")
+    local_model_evidence_inspect_p.set_defaults(func=local_model.evidence_inspect)
+
     # --- agent-machine ---
     agent_machine_p = sub.add_parser("agent-machine", help="Agent Machine helpers")
     agent_machine_sub = agent_machine_p.add_subparsers(