@openwop/openwop-conformance 1.0.0 → 1.1.0

package/CHANGELOG.md

@@ -0,0 +1,17 @@
+# `@openwop/openwop-conformance` Changelog
+
+## [1.0.0] — 2026-05-10
+
+Reset to the OpenWOP v1.0 production-release baseline.
+
+### What's covered
+
+- Server-free spec-corpus validation across JSON Schemas, OpenAPI, AsyncAPI, REST endpoint docs, fixture docs, SDK helper surfaces, and TypeScript publish artifacts.
+- Black-box scenarios for discovery, workflow listing, run lifecycle, events, interrupts, cancellation, replay/fork behavior, idempotency, concurrency, malicious manifests, and route coverage.
+- Packaged API contracts (`api/`, `schemas/`, fixtures, and coverage docs) so installed conformance runs do not depend on a repository checkout.
+- Production metadata gates for package names, licenses, repository URLs, stale import paths, and v1.0 release posture.
+
+### v1.x additions
+
+- Reference deployment compatibility matrix automation.
+- Optional server-required scenario bundles for deployment-specific auth and credential profile checks.

package/README.md

@@ -56,17 +56,43 @@ npm install
 export OPENWOP_BASE_URL="https://api.example.com"
 export OPENWOP_API_KEY="hk_test_..."
 
-npx vitest run                                 # full suite
+npx vitest run                                 # full suite (parallel files, ~95s)
 npx vitest run src/scenarios/discovery.test.ts # single file
+npm run test:strict                            # full suite, no-file-parallelism
 ```
 
+**`test:strict` vs `test`.** The default `test` script runs files in parallel (vitest default, ~3-5× faster). Most scenarios are isolation-safe at that level. Two exceptions document `--no-file-parallelism` as their canonical execution mode:
+
+- **`production-backpressure.test.ts`** — saturates the host's `inflightCap`; under parallel execution, neighbor tests posting `/v1/runs` during the saturation window see a 503 from the cap (cap-collateral). The scenario soft-skips its envelope assertions when this happens (logs a warning); `test:strict` exercises the full envelope contract.
+- **OTel scenarios** (`otel-emission.test.ts`, `otel-trace-propagation.test.ts`, `metric-emission.test.ts`) — each vitest worker spawns its own collector and only one can bind the configured OTLP port; concurrent file execution causes ephemeral-port fallbacks that don't receive the host's traffic.
+
+Run `npm run test` for normal CI cadence; `npm run test:strict` when claiming full envelope coverage for production-profile + OTel claims.
+
+
+### Optional environment flags
+
+| Variable | Effect |
+|---|---|
+| `OPENWOP_REQUIRE_BEHAVIOR=true` | Capability-gated scenarios (audit-log integrity, rate-limit envelope, multi-region idempotency, `configurableSchema`, webhook sig versioning, etc.) FAIL instead of skipping when the host doesn't advertise the profile. Lets a host claim "full coverage" mechanically. See [`coverage.md`](./coverage.md) §"Capability-gated scenarios". |
+| `OPENWOP_TEST_PUBLIC_REGISTRY=true` | Runs `registry-public.test.ts` against the hosted registry at `packs.openwop.dev`. Skipped by default so the suite doesn't depend on outbound connectivity. |
+| `OPENWOP_OTEL_COLLECTOR=true` | Boots the in-suite OTLP collector for `otel-emission.test.ts`, `otel-trace-propagation.test.ts`, `metric-emission.test.ts`, and `otel-emission-grpc.test.ts`. The collector accepts OTLP/HTTP-JSON (`application/json`), OTLP/HTTP-protobuf (`application/x-protobuf` — hand-rolled decoder at `src/lib/otlp-protobuf.ts`), and OTLP/gRPC (when `OPENWOP_OTEL_COLLECTOR_GRPC=true` — h2c HTTP/2 + hand-rolled framing at `src/lib/grpc-framing.ts`). Zero new npm deps. Hosts may emit via `OTEL_EXPORTER_OTLP_PROTOCOL=http/json`, `http/protobuf`, or `grpc`. Skipped by default. **Run OTel scenarios with `--no-file-parallelism`** — each vitest worker spawns its own collector and only one can bind the same port, so concurrent file execution causes ephemeral-port fallbacks that don't receive the host's OTLP traffic. |
+| `OPENWOP_OTEL_COLLECTOR_GRPC=true` | Boots the parallel OTLP/gRPC collector alongside the HTTP one (h2c HTTP/2 on a separate port). Shares the same `spans()` + `metrics()` store; spans captured over either transport surface in `getCollector().spans()`. Requires `OPENWOP_OTEL_COLLECTOR=true`. Same `--no-file-parallelism` requirement applies. |
+| `OPENWOP_OTEL_COLLECTOR_GRPC_PORT=4317` | Bind the OTLP/gRPC collector on a specific port (default `4317`, OTLP/gRPC convention). The host MUST be configured with `OTEL_EXPORTER_OTLP_ENDPOINT=http://127.0.0.1:<port>` AND `OTEL_EXPORTER_OTLP_PROTOCOL=grpc`. |
+| `OPENWOP_OTEL_COLLECTOR_PORT=14318` | Bind the OTel collector on a specific port (default `4318`). The host MUST be configured with `OTEL_EXPORTER_OTLP_ENDPOINT=http://127.0.0.1:<port>`. |
+| `OPENWOP_WEBHOOK_ALLOW_PRIVATE=true` | Hosts implementing the webhook SSRF guard (rejecting loopback / RFC1918 / link-local destinations) MUST advertise this flag for the loopback test receiver in `webhook-signed-delivery.test.ts` to be accepted. The SQLite reference host honors this env var; the scenario soft-skips when the host rejects the URL. |
+| `OPENWOP_MCP_FAKE_SERVER=true` | Boots the synthetic MCP peer for `mcp-tool-roundtrip.test.ts`. |
+| `OPENWOP_MCP_REAL_SERVER_URL=<base-url>` | Points the MCP wire-shape probe at a real MCP server. The probe POSTs JSON-RPC and reads a single-JSON response — matches MCP's `streamable-http` transport in single-response mode. **Does NOT support** stdio transport (which is what most `modelcontextprotocol/servers` references default to) or SSE-streamed responses; an operator collecting interop evidence today runs a custom `StreamableHTTPServerTransport`-style server that returns a single JSON body per request. Adding SSE-frame parsing is tracked in `docs/PROTOCOL-GAP-CLOSURE-PLAN.md` Track 6. Assertions relax to shape-only. When both this and `OPENWOP_MCP_FAKE_SERVER` are set, the real URL wins. Phase 3 T3.4 interop-evidence path. |
+| `OPENWOP_A2A_FAKE_PEER=true` | Boots the synthetic A2A peer for `a2a-task-roundtrip.test.ts`. |
+| `OPENWOP_A2A_REAL_PEER_URL=<base-url>` | Points the A2A AgentCard + task-lifecycle probe at a real reference A2A peer. Drift-point subtests (AUTH_REQUIRED / REJECTED) stay fake-peer-only — real peers don't expose a state-forcing API. Phase 3 T3.4 interop-evidence path. |
+| `OPENWOP_FORCE_RATE_LIMIT=true` | Signals the host (test-only key) to fabricate a 429 so `rate-limit-envelope.test.ts` can exercise envelope shape deterministically. |
+
 Exit code is non-zero on any failed assertion.
 
 ---
 
 ## What's Covered
 
-The current suite has 85 scenario files under `src/scenarios/`. This includes 18 Multi-Agent Shift scenarios (Phases 1-5) added 2026-05-10. The maintained scenario-to-spec map lives in [`coverage.md`](./coverage.md); this README keeps the operator quickstart and the historical scenario notes below.
+The current suite has 103 scenario files under `src/scenarios/`. This includes 18 Multi-Agent Shift scenarios (Phases 1-5) added 2026-05-10, the `registry-public.test.ts` public-registry healthcheck added 2026-05-11 (opt-in via `OPENWOP_TEST_PUBLIC_REGISTRY=true`), the `replay-llm-cache-key.test.ts` placeholder added 2026-05-11 (three `it.todo()` cases for the cross-host LLM cache-key recipe per `replay.md` §"LLM cache-key recipe"), the two `production-*.test.ts` scenarios added 2026-05-11 for the `openwop-production` profile per RFC 0009 (`production-backpressure.test.ts`, `production-retention-expiry.test.ts`), the four `auth-*.test.ts` scenarios added 2026-05-11/12 for the production-auth profiles per RFC 0010 (`auth-api-key-rotation.test.ts`, `auth-oauth2-client-credentials.test.ts`, `auth-oidc-user-bearer.test.ts`, `auth-mtls.test.ts` (opt-in via `OPENWOP_TEST_MTLS=1`)), `replay-retention-expiry.test.ts` added 2026-05-12 (capability shape + 410/422 envelope per `replay.md` §"Retention and garbage collection"), `bulk-cancel.test.ts` added 2026-05-12 (Phase B close-out of R1 — `POST /v1/runs:bulk-cancel`), the two Phase H launch-blocker advertisement-contract scenarios added 2026-05-12 (`mcp-toolcall-redaction.test.ts` for the MCP-1 invariant per `host-capabilities.md §host.mcp` + `threat-model-prompt-injection.md §UNTRUSTED`, and `http-client-ssrf.test.ts` for the SSRF + body-size cap advertisement contract on `capabilities.httpClient`), and the `wasm-pack-abi-version-rejection.test.ts` Track 7 scenario added 2026-05-12 for the ABI-mismatch positive path via the `vendor.openwop.misbehaving-abi` pack per RFC 0008 §H. The maintained scenario-to-spec map lives in [`coverage.md`](./coverage.md); this README keeps the operator quickstart and the historical scenario notes below.
 
 High-level coverage includes:
 
@@ -145,7 +171,7 @@ Server-required (added in 1.7.0):
 |---|---|---|
 | **Redaction** | [`capabilities.md`](../spec/v1/capabilities.md) §"Secrets" + NFR-7 + §"aiProviders" | Vendor-neutral assertions that the server doesn't leak secret material. Three scenario groups: (a) discovery shape contract — `secrets` + `aiProviders` advertisements are well-formed regardless of `secrets.supported`; when `supported === true`, scopes MUST be non-empty + `resolution === 'host-managed'`; `byok ⊆ supported`. (b) bearer-token redaction — invalid Bearer canary in `Authorization` header is not echoed in the 401 response body. (c) credentialRef echo control — gated on `secrets.supported === true`; canary planted in `configurable.ai.credentialRef` MUST NOT appear in any RunEvent payload (poll-based capture; transport-agnostic). Uses runtime-built canary fixtures (`lib/canaries.ts`) that defeat static secret scanners. 6 scenarios. |
 
-Current source tree: 85 scenario files. Use [`coverage.md`](./coverage.md) for current grade/gap tracking.
+Current source tree: 103 scenario files. Use [`coverage.md`](./coverage.md) for current grade/gap tracking.
 
 ## Remaining Gaps
 
@@ -155,9 +181,8 @@ Current source tree: 85 scenario files. Use [`coverage.md`](./coverage.md) for c
 | `messages` mode AI chunks | Needs server-side AI provider mock (fixture spec gap F1 in `fixtures.md`). |
 | Cross-version compat | Needs server-controllable `engineVersion` cycle to test forward-fold-best-effort. |
 | Capability-limit fixtures | Needs fixtures that deliberately exceed `clarificationRounds` / `schemaRounds` / `envelopesPerTurn` to assert `cap.breached` shape beyond the shipped node-execution cap case. |
-| Auth profiles | Needs API-key rotation, OAuth2 client-credentials, and mTLS scenarios for hosts that claim those profiles. |
-| Interrupt profiles | Needs quorum approval, auth-required resume, external-event correlation, and parent/child cancel cascade scenarios. |
-| Production profile | Needs backpressure envelope, restart durability, retention, and debug-bundle truncation scenarios. |
+| Auth profiles | Capability-shape scenarios for `openwop-auth-api-key-rotation`, `openwop-auth-oauth2-client-credentials`, `openwop-auth-oidc-user-bearer`, and `openwop-auth-mtls` (opt-in) shipped 2026-05-11/12 under RFC 0010, with a synthetic OIDC issuer harness at `conformance/src/lib/oidc-issuer.ts`. Remaining: live-IdP positive-path validation against at least one reference host. |
+| Production profile | Capability-shape scenarios shipped 2026-05-11 (`production-backpressure.test.ts`, `production-retention-expiry.test.ts`) under RFC 0009; durability + debug-bundle truncation predicates covered by re-labeled `restart-during-run.test.ts`, `staleClaim.test.ts`, `debug-bundle-truncation.test.ts`. Remaining: end-to-end behavior validation against a host advertising `capabilities.production.supported: true` under `OPENWOP_REQUIRE_BEHAVIOR=true`. |
 
 ---
 

package/api/grpc/openwop.proto

@@ -0,0 +1,251 @@
+// openwop v1 — gRPC service definition (optional alternative to REST + SSE).
+//
+// Status: FINAL v1 (2026-05-12). Closes R3 in rest-endpoints.md
+// §"Open spec gaps". Hosts that advertise `capabilities.grpc.supported:
+// true` expose this service in addition to (NOT instead of) the
+// REST + SSE surface. Per-method semantics are normatively defined by
+// the corresponding REST operation in `api/openapi.yaml`; this file
+// supplies the wire-shape only.
+//
+// Service-name canonical: openwop.v1.Engine (one service per major).
+// Method names: PascalCase form of `api/openapi.yaml` operationIds.
+// Error mapping: see `spec/v1/grpc-transport.md` §"Error mapping".
+//
+// Message shapes mirror the JSON Schemas — full shape definitions are
+// abridged here for readability; reference impls SHOULD `import` each
+// JSON Schema's corresponding `.proto` snippet from a paired
+// `schemas/grpc/<name>.proto` once those land (deferred to v1.x). For
+// the v1 reference, hosts MAY hand-roll the messages from the JSON
+// Schema definitions; the wire surface is byte-equivalent across both
+// projections.
+
+syntax = "proto3";
+
+package openwop.v1;
+
+import "google/protobuf/empty.proto";
+import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/openwop/openwop/api/grpc/openwopv1";
+option java_package = "dev.openwop.api.v1";
+option csharp_namespace = "Openwop.V1";
+
+// ─────────────────────────────────────────────────────────────────────
+// Service — one per protocol major version.
+// ─────────────────────────────────────────────────────────────────────
+service Engine {
+  // Discovery — 1:1 with REST `GET /.well-known/openwop`.
+  // Unauthenticated.
+  rpc GetCapabilities(GetCapabilitiesRequest) returns (GetCapabilitiesResponse);
+
+  // Workflow + Run lifecycle.
+  rpc GetWorkflow(GetWorkflowRequest) returns (GetWorkflowResponse);
+  rpc CreateRun(CreateRunRequest) returns (CreateRunResponse);
+  rpc GetRun(GetRunRequest) returns (GetRunResponse);
+  rpc CancelRun(CancelRunRequest) returns (CancelRunResponse);
+  rpc BulkCancelRuns(BulkCancelRunsRequest) returns (BulkCancelRunsResponse);
+  rpc ForkRun(ForkRunRequest) returns (ForkRunResponse);
+  rpc PauseRun(PauseRunRequest) returns (PauseRunResponse);
+  rpc ResumeRun(ResumeRunRequest) returns (ResumeRunResponse);
+
+  // Events — server-streaming replaces SSE.
+  rpc StreamRunEvents(StreamRunEventsRequest) returns (stream RunEventEnvelope);
+
+  // HITL — interrupt resolution.
+  rpc ResolveInterruptByRun(ResolveInterruptByRunRequest) returns (ResolveInterruptResponse);
+  rpc ResolveInterruptByToken(ResolveInterruptByTokenRequest) returns (ResolveInterruptResponse);
+  rpc InspectInterruptByToken(InspectInterruptByTokenRequest) returns (InspectInterruptResponse);
+
+  // Artifacts + Webhooks + Audit verify.
+  rpc GetArtifact(GetArtifactRequest) returns (GetArtifactResponse);
+  rpc RegisterWebhook(RegisterWebhookRequest) returns (RegisterWebhookResponse);
+  rpc UnregisterWebhook(UnregisterWebhookRequest) returns (google.protobuf.Empty);
+  rpc VerifyAuditLog(VerifyAuditLogRequest) returns (VerifyAuditLogResponse);
+}
+
+// ─────────────────────────────────────────────────────────────────────
+// Messages — abridged. Each message mirrors the corresponding REST
+// request/response body; field shapes use Struct for sub-trees that
+// don't yet have hand-rolled Protobuf representations. A future v1.x
+// minor expands every Struct into its typed Protobuf message.
+// ─────────────────────────────────────────────────────────────────────
+
+message GetCapabilitiesRequest {}
+
+message GetCapabilitiesResponse {
+  // Body matches schemas/capabilities.schema.json.
+  google.protobuf.Struct capabilities = 1;
+}
+
+message GetWorkflowRequest {
+  string workflow_id = 1;
+}
+
+message GetWorkflowResponse {
+  // Body matches schemas/workflow-definition.schema.json.
+  google.protobuf.Struct workflow = 1;
+}
+
+message CreateRunRequest {
+  string workflow_id = 1;
+  google.protobuf.Struct inputs = 2;       // schemas/run-options.schema.json §inputs
+  google.protobuf.Struct configurable = 3; // schemas/run-options.schema.json §configurable
+  repeated string tags = 4;
+  google.protobuf.Struct metadata = 5;
+  string idempotency_key = 6;              // Idempotency-Key, optional
+}
+
+message CreateRunResponse {
+  string run_id = 1;
+  string status = 2;
+}
+
+message GetRunRequest {
+  string run_id = 1;
+}
+
+message GetRunResponse {
+  // Body matches schemas/run-snapshot.schema.json.
+  google.protobuf.Struct snapshot = 1;
+}
+
+message CancelRunRequest {
+  string run_id = 1;
+  string reason = 2;
+}
+
+message CancelRunResponse {
+  string run_id = 1;
+  string status = 2;
+}
+
+message BulkCancelRunsRequest {
+  repeated string run_ids = 1;
+  string reason = 2;
+}
+
+message BulkCancelRunResult {
+  string run_id = 1;
+  bool ok = 2;
+  string status = 3;                       // "cancelled" / "cancelling" when ok=true
+  google.protobuf.Struct error = 4;        // error-envelope.schema.json when ok=false
+}
+
+message BulkCancelRunsResponse {
+  repeated BulkCancelRunResult results = 1;
+}
+
+message ForkRunRequest {
+  string run_id = 1;
+  int64 from_seq = 2;
+  string mode = 3;                         // "replay" | "branch"
+  google.protobuf.Struct overlay = 4;      // optional run-options overlay
+}
+
+message ForkRunResponse {
+  string forked_run_id = 1;
+  string status = 2;
+}
+
+message PauseRunRequest {
+  string run_id = 1;
+  string reason = 2;
+  string drain_policy = 3;                 // "immediate" | "drain-current-node"
+}
+
+message PauseRunResponse {
+  string run_id = 1;
+  string status = 2;
+  google.protobuf.Timestamp paused_at = 3;
+}
+
+message ResumeRunRequest {
+  string run_id = 1;
+  string reason = 2;
+}
+
+message ResumeRunResponse {
+  string run_id = 1;
+  string status = 2;
+  google.protobuf.Timestamp resumed_at = 3;
+}
+
+message StreamRunEventsRequest {
+  string run_id = 1;
+  int64 last_sequence = 2;                 // -1 = from start
+  repeated string stream_modes = 3;        // subset of stream-modes.md
+  int32 buffer_ms = 4;
+}
+
+message RunEventEnvelope {
+  string event_id = 1;
+  int64 seq = 2;
+  string run_id = 3;
+  string type = 4;
+  string node_id = 5;
+  google.protobuf.Struct payload = 6;      // run-event-payloads.schema.json §<type>
+  google.protobuf.Timestamp timestamp = 7;
+  string causation_id = 8;                 // optional, run-event.schema.json §causationId
+}
+
+message ResolveInterruptByRunRequest {
+  string run_id = 1;
+  string node_id = 2;
+  google.protobuf.Struct resume_value = 3; // shape per InterruptPayload.resumeSchema
+}
+
+message ResolveInterruptByTokenRequest {
+  string token = 1;
+  google.protobuf.Struct resume_value = 2;
+}
+
+message InspectInterruptByTokenRequest {
+  string token = 1;
+}
+
+message ResolveInterruptResponse {
+  string run_id = 1;
+  string node_id = 2;
+  string status = 3;
+}
+
+message InspectInterruptResponse {
+  // Body matches schemas/suspend-request.schema.json.
+  google.protobuf.Struct interrupt = 1;
+}
+
+message GetArtifactRequest {
+  string run_id = 1;
+  string artifact_id = 2;
+}
+
+message GetArtifactResponse {
+  string artifact_id = 1;
+  string content_type = 2;
+  bytes content = 3;
+}
+
+message RegisterWebhookRequest {
+  string url = 1;
+  repeated string event_types = 2;
+  string secret = 3;                       // operator-supplied HMAC secret
+}
+
+message RegisterWebhookResponse {
+  string webhook_id = 1;
+}
+
+message UnregisterWebhookRequest {
+  string webhook_id = 1;
+}
+
+message VerifyAuditLogRequest {
+  int64 from_seq = 1;
+  int64 to_seq = 2;
+}
+
+message VerifyAuditLogResponse {
+  // Body matches schemas/audit-verify-result.schema.json.
+  google.protobuf.Struct result = 1;
+}

package/api/openapi.yaml

@@ -57,6 +57,8 @@ tags:
     description: Run-produced artifacts.
   - name: webhooks
     description: Subscribe to run events via outbound HTTP.
+  - name: audit
+    description: Audit-log integrity verification (gated on the `openwop-audit-log-integrity` profile).
 
 # ─────────────────────────────────────────────────────────────────────────────
 # PATHS
@@ -350,6 +352,62 @@ paths:
         '403': { $ref: '#/components/responses/Forbidden' }
         '404': { $ref: '#/components/responses/NotFound' }
 
+  /v1/runs:bulk-cancel:
+    post:
+      tags: [runs]
+      summary: Cancel a set of in-flight runs in a single request.
+      description: |
+        Per `spec/v1/rest-endpoints.md` §"POST /v1/runs:bulk-cancel". Accepts
+        a non-empty array of runIds and processes each cancellation
+        independently. Returns `200` with a per-id results array even when
+        some individual cancellations fail; the top-level operation succeeds
+        when the request reached the host, regardless of per-id outcomes.
+        Hosts enforce a host-defined cap on the array length (RECOMMENDED
+        100); over-cap requests return `400 validation_error`.
+      operationId: bulkCancelRuns
+      parameters:
+        - $ref: '#/components/parameters/IdempotencyKey'
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              required: [runIds]
+              properties:
+                runIds:
+                  type: array
+                  minItems: 1
+                  maxItems: 100
+                  items: { type: string, minLength: 1, maxLength: 128 }
+                reason: { type: string, maxLength: 512 }
+              additionalProperties: false
+      responses:
+        '200':
+          description: Per-id cancel results.
+          content:
+            application/json:
+              schema:
+                type: object
+                required: [results]
+                properties:
+                  results:
+                    type: array
+                    items:
+                      type: object
+                      required: [runId, ok]
+                      properties:
+                        runId: { type: string, minLength: 1 }
+                        ok: { type: boolean }
+                        status: { type: string, enum: [cancelled, cancelling] }
+                        error:
+                          $ref: '../schemas/error-envelope.schema.json'
+                      additionalProperties: false
+                additionalProperties: false
+        '400': { $ref: '#/components/responses/ValidationError' }
+        '401': { $ref: '#/components/responses/Unauthenticated' }
+        '403': { $ref: '#/components/responses/Forbidden' }
+
   /v1/runs/{runId}:fork:
     post:
       tags: [runs]
@@ -364,12 +422,16 @@ paths:
           application/json:
             schema:
               type: object
-              required: [fromSeq, mode]
+              required: [mode]
               properties:
                 fromSeq:
                   type: integer
                   minimum: 0
-                  description: Inclusive — events `< fromSeq` are fixed history; `>= fromSeq` are re-executed.
+                  description: |
+                    Inclusive — events `< fromSeq` are fixed history; `>= fromSeq` are re-executed.
+                    Required for `branch` (the branch point). Optional for `replay`; when omitted,
+                    defaults to `0` (full re-execution from source-run start) per `replay.md`
+                    §"Replay-mode defaults".
                 mode:
                   type: string
                   enum: [replay, branch]
@@ -684,6 +746,50 @@ paths:
         '403': { $ref: '#/components/responses/Forbidden' }
         '404': { $ref: '#/components/responses/NotFound' }
 
+  # ── Audit-log integrity verification (gated on profile) ────────────────
+  /v1/audit/verify:
+    get:
+      tags: [audit]
+      summary: Verify the audit-log hash chain over [fromSeq, toSeq].
+      description: |
+        Per `spec/v1/auth-profiles.md` §`openwop-audit-log-integrity` §4. The
+        verifier re-walks audit-log entries in the requested range,
+        re-computes each entry's `prevHash` from the canonical RFC 8785 JCS
+        serialization of the prior entry, verifies signed checkpoints
+        against the host's advertised `auditLogIntegrity.checkpointPublicKey`,
+        and returns `chainValid` + an enumeration of any anomalies.
+        Hosts MUST require the `audit:read` scope. Hosts that do NOT
+        advertise the `openwop-audit-log-integrity` profile MAY omit this
+        endpoint entirely (clients SHOULD pre-flight via `/.well-known/openwop`).
+      operationId: verifyAuditLog
+      parameters:
+        - in: query
+          name: fromSeq
+          required: true
+          schema: { type: integer, minimum: 0 }
+          description: First audit-log sequence to include (inclusive).
+        - in: query
+          name: toSeq
+          required: true
+          schema: { type: integer, minimum: 0 }
+          description: Last audit-log sequence to include (inclusive). MUST be >= fromSeq.
+      responses:
+        '200':
+          description: Verification result.
+          content:
+            application/json:
+              schema:
+                $ref: '../schemas/audit-verify-result.schema.json'
+        '400': { $ref: '#/components/responses/ValidationError' }
+        '401': { $ref: '#/components/responses/Unauthenticated' }
+        '403': { $ref: '#/components/responses/Forbidden' }
+        '404':
+          description: Host does not advertise the audit-log-integrity profile.
+          content:
+            application/json:
+              schema:
+                $ref: '../schemas/error-envelope.schema.json'
+
 # ─────────────────────────────────────────────────────────────────────────────
 # COMPONENTS
 # ─────────────────────────────────────────────────────────────────────────────
@@ -698,7 +804,7 @@ components:
         openwop API key. Format implementation-defined; reference impl uses `hk_`/`hk_test_` prefixes.
         Each key carries one or more scopes from the canonical vocabulary
         (`manifest:read`, `runs:create`, `runs:read`, `runs:cancel`,
-        `artifacts:read`, `webhooks:manage`, `approvals:respond`).
+        `artifacts:read`, `webhooks:manage`, `approvals:respond`, `audit:read`).
         See `auth.md`.
 
   parameters:

package/coverage.md

@@ -1,6 +1,8 @@
 # OpenWOP Conformance Coverage Map
 
-> **Status: Living document. Updated 2026-05-10.** This map connects the current scenario files to the protocol surfaces they protect and records the remaining gaps from the protocol deep dive. Scenario names are source-of-truth file names under `conformance/src/scenarios/`.
+> **Status: Living document. Updated 2026-05-11.** This map connects the current scenario files to the protocol surfaces they protect and records the remaining gaps from the protocol deep dive. Scenario names are source-of-truth file names under `conformance/src/scenarios/`.
+
+> **Shape grade vs behavior grade.** Some optional-profile scenarios validate **capability shape** (the host's discovery advertisement is well-formed) without yet exercising **behavior** (the host actually implements the profile end-to-end). The "Current grade" column reflects shape; see §"Capability-gated scenarios: shape vs behavior" below for the dual-grade view and the `OPENWOP_REQUIRE_BEHAVIOR=true` strict-mode runner flag.
 
 ---
 
@@ -8,27 +10,62 @@
 
 | Surface | Scenario files | Current grade | Remaining gaps |
 |---|---|---|---|
-| Discovery and capability handshake | `discovery.test.ts`, `runtime-capabilities.test.ts`, `profileDerivation.test.ts`, `mcp-discoverability.test.ts` | A | `Capabilities-Etag` optional runtime shape is covered; scoped discovery and non-HTTP handoff remain host-advertised follow-ups. |
-| Auth and errors | `auth.test.ts`, `errors.test.ts`, `policies.test.ts`, `providerPolicyEnforcement.test.ts` | B | OAuth2, API-key rotation, mTLS, richer scope matrix. |
-| Run lifecycle | `runs-lifecycle.test.ts`, `failure-path.test.ts`, `cancellation.test.ts`, `eventOrdering.test.ts` | A- | Restart-during-run production scenario. |
+| Discovery and capability handshake | `discovery.test.ts` (incl. RFC 0011 auth-scoped subtests), `runtime-capabilities.test.ts`, `profileDerivation.test.ts`, `mcp-discoverability.test.ts` | A | `Capabilities-Etag` optional runtime shape covered; auth-scoped discovery covered under `openwop-discovery-auth-scoped` (RFC 0011); non-HTTP handoff remains host-advertised follow-up. |
+| Auth and errors | `auth.test.ts`, `errors.test.ts`, `policies.test.ts`, `providerPolicyEnforcement.test.ts`, `auth-api-key-rotation.test.ts`, `auth-oauth2-client-credentials.test.ts`, `auth-oidc-user-bearer.test.ts` | A− | Three auth-profile capability-shape + negative-case scenarios shipped under RFC 0010 (capability-gated). Remaining: live-IdP positive-path validation + opt-in mTLS scenario + richer scope matrix. |
+| Run lifecycle | `runs-lifecycle.test.ts`, `failure-path.test.ts`, `cancellation.test.ts`, `eventOrdering.test.ts`, `restart-during-run.test.ts` | A | Restart-during-run scenario shipped; gated under `openwop-production` profile (RFC 0009). |
 | Idempotency and retry | `idempotency.test.ts`, `idempotencyRetry.test.ts`, `highConcurrency.test.ts` | A- | Long retention proof beyond the fast CI window. |
 | Interrupts | `interrupt-approval.test.ts`, `interrupt-clarification.test.ts`, `approval-payload.test.ts`, `interruptRace.test.ts`, `interrupt-quorum-resolution.test.ts`, `interrupt-external-event-correlation.test.ts`, `interrupt-auth-required-resume.test.ts`, `interrupt-parent-child-cascade.test.ts` | A− | All four optional profile scenarios landed 2026-05-10. Remaining: positive end-to-end run against a host that advertises every profile. |
 | Streaming | `stream-modes.test.ts`, `stream-modes-buffer.test.ts`, `stream-modes-mixed.test.ts`, `streamReconnect.test.ts` | A | Browser/proxy timeout matrix and long-running stream soak. |
-| Replay and fork | `replay-fork.test.ts`, `replayDeterminism.test.ts`, `staleClaim.test.ts` | A- | Fork from arbitrary event types and retention-expiry behavior remain uncovered; retention/privacy/scoring semantics are now specified in `replay.md`. |
+| Replay and fork | `replay-fork.test.ts`, `replay-fork-arbitrary.test.ts`, `replay-retention-expiry.test.ts`, `replayDeterminism.test.ts`, `staleClaim.test.ts` | A | Arbitrary-event fork shipped (`replay-fork-arbitrary.test.ts`). Retention-expiry envelope shipped (`replay-retention-expiry.test.ts`) — gated on `OPENWOP_TEST_EXPIRED_REPLAY_RUN_ID` because hosts don't standardize a force-expire endpoint. Retention/privacy/scoring semantics specified in `replay.md`. |
 | Capabilities and limits | `cap-breach.test.ts`, `dispatchLoop.test.ts` | B+ | Clarification/schema/envelope cap-breach fixtures beyond node-execution cap. |
 | State channels and reducers | `channel-ttl.test.ts` | B+ | Cross-adapter reducer consistency and conflict cases. |
 | Sub-workflows and dispatch | `subworkflow.test.ts`, `multi-node-ordering.test.ts` | B+ | Parallel fan-out floors by scale tier, parent/child cancellation. |
-| Node packs and registry | `pack-registry.test.ts`, `pack-registry-publish.test.ts`, `maliciousManifest.test.ts`, `wasm-pack-load.test.ts`, `wasm-pack-invoke-completed.test.ts`, `wasm-pack-invoke-suspended.test.ts`, `wasm-pack-replay-determinism.test.ts`, `wasm-pack-memory-cap.test.ts`, `wasm-pack-abi-version-rejection.test.ts` | A− | RFC 0008 WASM ABI scenarios landed 2026-05-10; gated on `capabilities.nodePackRuntimes.wasm.supported`. Remaining: hosted registry interoperability once `packs.openwop.dev` exists; deliberately-misbehaving pack for memory-cap + ABI-version-rejection positive paths. |
+| Node packs and registry | `pack-registry.test.ts`, `pack-registry-publish.test.ts`, `maliciousManifest.test.ts`, `wasm-pack-load.test.ts`, `wasm-pack-invoke-completed.test.ts`, `wasm-pack-invoke-suspended.test.ts`, `wasm-pack-replay-determinism.test.ts`, `wasm-pack-memory-cap.test.ts`, `wasm-pack-abi-version-rejection.test.ts` | A | RFC 0008 WASM ABI scenarios landed 2026-05-10; gated on `capabilities.nodePackRuntimes.wasm.supported`. Memory-cap positive path closed 2026-05-12 via `examples/packs/rust-misbehaving-memory/` + in-memory loader's `memory.grow` probe + `capBreached.kind` schema extension. ABI-mismatch positive path closed 2026-05-12 via `examples/packs/rust-misbehaving-abi/` (declares ABI 999) + new `capabilities.nodePackRuntimes.wasm.loadedPacks[]` discovery field (rejected packs omitted). Remaining: hosted registry interoperability once `packs.openwop.dev` exists. |
 | Secrets and redaction | `redaction.test.ts`, `redactionAdversarial.test.ts`, `byok-roundtrip.test.ts` | A- | Cross-provider BYOK matrix and debug-bundle redaction under high volume. |
-| Observability and diagnostics | `cost-attribution.test.ts`, `debugBundle.test.ts`, `otel-emission.test.ts`, `otel-trace-propagation.test.ts` | B+ | OTLP/HTTP-JSON receiver harness now wired; opt-in via `OPENWOP_OTEL_COLLECTOR=true`. Remaining: real-OTLP-protobuf path, metric-emission scenario, debug-bundle truncation. |
+| Observability and diagnostics | `cost-attribution.test.ts`, `debugBundle.test.ts`, `otel-emission.test.ts`, `otel-trace-propagation.test.ts`, `metric-emission.test.ts`, `otel-emission-grpc.test.ts` | A | OTLP collector accepts all three OTLP transports: HTTP-JSON (2026-05-11), HTTP-protobuf (2026-05-12), gRPC over h2c HTTP/2 (2026-05-12 — hand-rolled framing at `conformance/src/lib/grpc-framing.ts`). Zero new npm deps for any of them. Opt-in via `OPENWOP_OTEL_COLLECTOR=true` (+ `OPENWOP_OTEL_COLLECTOR_GRPC=true` for the gRPC variant). Hosts advertise supported transports via `capabilities.observability.otel.exportProtocols ⊆ {http/json, http/protobuf, grpc}`; conformance scenario gates on the array. |
 | Fixtures and corpus validity | `fixtures-valid.test.ts`, `fixtures-gating.test.ts`, `spec-corpus-validity.test.ts` | A | Keep fixture manifest synchronized as new optional profiles land. |
 | Run control — pause/resume | `pause-resume.test.ts` | B | Lifecycle + 409-on-non-paused covered; remaining: pause-during-suspend race, immediate-vs-drain-current-node policy assertion. |
 | Rate-limit envelope | `rate-limit-envelope.test.ts` | B− | Shape validation when 429 observed; remaining: deterministic 429-induction harness so the scenario reliably triggers under CI. |
 | Per-workflow `configurableSchema` | `configurable-schema.test.ts` | C+ | Negative validation covered; remaining: positive accepted-overlay scenario + `GET /v1/workflows/{id}` schema surface assertion. |
 | Append-reducer ordering | `append-ordering.test.ts` | B | Intra-engine sequence-order check; remaining: cross-engine ordering under a multi-engine fixture. |
-| Webhook signature algorithms | `webhook-sig-algorithm.test.ts` | C+ | Discovery shape covered; remaining: end-to-end signed delivery exercising `X-openwop-Signature-Algorithm: v1`. |
-| Audit-log integrity profile | `audit-log-integrity.test.ts` | C+ | Profile claim + `/v1/audit/verify` shape covered; remaining: tamper-detection scenario (requires admin access to host's audit store) + multi-checkpoint chain verification. |
+| Webhook signature algorithms | `webhook-sig-algorithm.test.ts`, `webhook-signed-delivery.test.ts`, `webhook-negative.test.ts` | A− | Discovery shape covered; end-to-end signed delivery with HMAC verification (`webhook-signed-delivery`); negative paths: SSRF guard, validation, unknown-unregister (`webhook-negative`). Remaining: HMAC mismatch + replay-attack rejection on the receiver side (not host-testable from black-box). |
+| Audit-log integrity profile | `audit-log-integrity.test.ts` | A− | Profile claim + `/v1/audit/verify` shape + checkpoint-signature verification; chain re-walk with `chainValid` and `checkpointsValid` bits. Tamper detection covered host-internally at `examples/hosts/sqlite/test/audit-tamper.test.ts` (mutate-entry + forge-signature paths). Remaining: cross-host checkpoint export so an out-of-band verifier can re-anchor against the same chain. |
 | Multi-region idempotency capability | `multi-region-idempotency.test.ts` | C | Discovery enum coverage; remaining: cross-region partition simulation (requires multi-region harness). |
+| Public hosted registry (`packs.openwop.dev`) | `registry-public.test.ts` | A− | Discovery, index, and per-pack manifest assertions against the public registry. Opt-in via `OPENWOP_TEST_PUBLIC_REGISTRY=true` so default conformance runs don't depend on outbound `packs.openwop.dev` reachability. Remaining: tarball-fetch + signature-verify roundtrip. |
+
+---
+
+## Capability-gated scenarios: shape vs behavior
+
+Seventeen scenarios (or scenario groups) validate optional profiles where the host's discovery advertisement is well-formed (shape grade) but no reference host yet implements the profile end-to-end (behavior grade is `host-pending`). Default suite runs skip these with a warning; set `OPENWOP_REQUIRE_BEHAVIOR=true` to convert skips into hard failures.
+
+| Scenario | Profile / capability | Shape grade | Behavior grade | Behavior-unlock dependency |
+|---|---|---|---|---|
+| `audit-log-integrity.test.ts` | `openwop-audit-log-integrity` (`auth-profiles.md`) | A− (discovery + verify endpoint shape) | `host-pending` | Track 1.1 — SQLite host implements hash-chain + signed checkpoints |
+| `rate-limit-envelope.test.ts` | normative `429` envelope (`rest-endpoints.md`) | B− (observational — checks shape when 429 fires) | `host-pending` | Deterministic 429-induction harness (e.g., `OPENWOP_FORCE_RATE_LIMIT=true` on a test-only key) |
+| `multi-region-idempotency.test.ts` | `capabilities.idempotency.crossRegion` (`idempotency.md`) | C (enum shape only) | `host-pending` | Multi-region host fixture; cross-region partition simulation |
+| `configurable-schema.test.ts` | per-workflow `configurableSchema` (`run-options.md`) | C+ (negative validation) | `host-pending` | Positive accepted-overlay scenario + `GET /v1/workflows/{id}` schema surface |
+| `webhook-sig-algorithm.test.ts` | `X-openwop-Signature-Algorithm: v1` (`webhooks.md`) | C+ (discovery shape) | `host-pending` | End-to-end signed delivery against a test receiver |
+| `pause-resume.test.ts` | `pauseRun` / `resumeRun` lifecycle (`rest-endpoints.md`) | B (lifecycle + 409-on-non-paused) | partial | Pause-during-suspend race; immediate-vs-drain policy assertion |
+| `append-ordering.test.ts` | `append` reducer ordering (`channels-and-reducers.md`) | B (intra-engine) | partial | Cross-engine multi-engine fixture |
+| `otel-emission.test.ts`, `otel-emission-grpc.test.ts` | `openwop.*` OTel spans (`observability.md`) | A (OTLP/HTTP-JSON + OTLP/HTTP-protobuf + OTLP/gRPC all accepted; collector content-type-routes JSON/protobuf and the gRPC HTTP/2 path frame-decodes via `grpc-framing.ts`) | full | Cross-host trace-context propagation across `core.subWorkflow` (filed under `otel-trace-propagation.test.ts` Remaining) |
+| `otel-trace-propagation.test.ts` | W3C trace-context propagation (`observability.md`) | B (trace continuity across `runs:fork` + interrupt resolve) | partial | Cross-host propagation across `core.subWorkflow` invocation |
+| `wasm-pack-*.test.ts` (six scenarios) | `capabilities.nodePackRuntimes.wasm` (`RFCS/0008`) | A (load + invoke + replay + memory-cap positive-path + ABI-mismatch positive-path) | full | Memory-cap positive path closed 2026-05-12 via misbehaving-memory pack + `memory.grow` probe in loader. ABI-mismatch positive path closed 2026-05-12 via misbehaving-abi pack + `loadedPacks[]` discovery field. |
+| `production-backpressure.test.ts`, `production-retention-expiry.test.ts`, `restart-during-run.test.ts`, `staleClaim.test.ts`, `debug-bundle-truncation.test.ts`, `idempotency.test.ts`, `idempotencyRetry.test.ts` (seven scenarios) | `openwop-production` (`production-profile.md`, RFC 0009) | A− (capability shape + 503 envelope under saturation + discovery-exemption; durable-restart + debug-bundle-truncation predicates exercised end-to-end; retention-expiry envelope soft-skipped pending RFC 0009 Q#1) | host-pass | Postgres reference host advertises `capabilities.production.supported: true` since 2026-05-11 and passes all 11 assertions across the 5 non-opt-in scenarios under `OPENWOP_REQUIRE_BEHAVIOR=true` with `--no-file-parallelism` (the backpressure scenario saturates the inflight cap; parallel file execution collides with `idempotencyRetry.test.ts`'s burst). RFC 0009 unresolved questions #1 (force-expire endpoint normation) + #3 (inflightCap vs probing) gate the path to A. |
+| `auth-api-key-rotation.test.ts` | `openwop-auth-api-key-rotation` (`auth-profiles.md`, RFC 0010) | B (capability shape + secondary-key overlap when env-supplied + canary-redaction) | `host-pending` | Reference host advertises the profile + supplies `OPENWOP_TEST_SECONDARY_API_KEY` for the overlap check. |
+| `auth-oauth2-client-credentials.test.ts` | `openwop-auth-oauth2-client-credentials` (`auth-profiles.md`, RFC 0010) | B (capability shape + malformed-JWT negative + harness-minted negatives gated on `OPENWOP_TEST_OAUTH_ISSUER_TRUSTED`) | `host-pending` | Reference host advertises the profile + trusts the conformance harness + (optional) supplies `OPENWOP_TEST_OAUTH_TOKEN` for positive-path. |
+| `auth-oidc-user-bearer.test.ts` | `openwop-auth-oidc-user-bearer` (`auth-profiles.md`, RFC 0010) | B (capability shape + six harness-driven validation cases gated on `OPENWOP_TEST_OIDC_ISSUER_URL`) | `host-pending` | Reference host advertises the profile + is pre-configured to trust `OPENWOP_TEST_OIDC_ISSUER_URL` as a trusted issuer. Synthetic OIDC issuer harness at `conformance/src/lib/oidc-issuer.ts` (RS256 + ES256 via node:crypto stdlib). |
+| `auth-mtls.test.ts` | `openwop-auth-mtls` (`auth-profiles.md`, RFC 0010) | B (capability shape always; opt-in behavior assertions via `OPENWOP_TEST_MTLS=1` + cert paths; uses node:https.request for client-cert handshake — no new npm deps) | `host-pending` | Reference host advertises the profile + listens on HTTPS with mTLS enforcement; operator supplies `OPENWOP_TEST_MTLS_CLIENT_{CERT,KEY}_PATH` and (optionally) `OPENWOP_TEST_MTLS_CA_PATH`. |
+| `replay-retention-expiry.test.ts` | `openwop-replay-fork` (`replay.md` §"Retention and garbage collection") | B (capability shape always; 410/422 envelope on expired-range fork gated on `OPENWOP_TEST_EXPIRED_REPLAY_RUN_ID`; details.{sourceRunId, fromSeq, retentionBoundary} soft-checks per spec SHOULD) | `host-pending` | Reference host advertises `replay.supported: true` + operator produces a known-expired run id (no standardized force-expire endpoint per RFC 0009 Q#1). |
+| `discovery.test.ts` — auth-scoped subtests (3 of them) | `openwop-discovery-auth-scoped` (`capabilities-change-detection.md` §"Scoped capability views", RFC 0011) | B (capability shape + mode/endpointPath typing always; required-field-preservation in authenticated view always; authorization-oracle probe gated on `OPENWOP_TEST_UNAUTHORIZED_API_KEY`) | `host-pending` | Reference host advertises `capabilities.discovery.authScoped.supported: true` + serves an authenticated capability view that satisfies the base schema + a tenant-scoped key pair for the oracle probe. |
+
+Strict-mode runner usage:
+
+```bash
+OPENWOP_REQUIRE_BEHAVIOR=true npx vitest run
+```
+
+The flag is read at scenario startup via `conformance/src/lib/env.ts` → `loadEnv().requireBehavior`. Scenarios use the `behaviorGate(profileName, advertised)` helper from `conformance/src/lib/behavior-gate.ts` so the strict-mode failure message cites the relevant spec section. `audit-log-integrity.test.ts` is the worked example as of 2026-05-11; the remaining nine scenarios will adopt the helper as their host-side profiles land (tracked in `docs/PROTOCOL-GAP-CLOSURE-PLAN.md` Phase-1 tracks T1.1 onward).
 
 ---
 
@@ -51,6 +88,8 @@ Every OpenAPI operation should have:
 | `streamRunEvents` | `stream-modes.test.ts`, `stream-modes-buffer.test.ts`, `stream-modes-mixed.test.ts`, `streamReconnect.test.ts` | Unsupported mode and invalid buffer assertions | Add long-running proxy timeout soak outside fast CI. |
 | `pollRunEvents` | `multi-node-ordering.test.ts`, `version-negotiation.test.ts`, redaction tests | Past-end and validation assertions | Good. Add malformed `lastSequence` if missing. |
 | `cancelRun` | `cancellation.test.ts` | Unknown/terminal idempotency cases partial | Add explicit already-terminal cancel behavior. |
+| `bulkCancelRuns` | `bulk-cancel.test.ts` (Phase B close-out) | `bulk-cancel.test.ts` covers per-id error envelopes (`not_found`, `forbidden`, `run_terminal`), oversized-array `400 validation_error`, and 100-id cap | Add multi-tenant scope-narrowing scenario when host advertises per-key scope. |
+| `verifyAuditLog` | `audit-log-integrity.test.ts` covers `/v1/audit/verify` shape end-to-end against the `openwop-audit-log-integrity` profile | `audit-log-integrity.test.ts` covers chain-valid + tamper detection (host-internal) | Add cross-host checkpoint export so an out-of-band verifier can re-anchor against the same chain. |
 | `pauseRun` | Lifecycle scenarios cover paused state via `runs-lifecycle.test.ts` (`run.paused` event projection) | None dedicated yet | Add explicit `pauseRun` route exerciser (running → paused, paused → resumed, error envelope on terminal target). |
 | `resumeRun` | Lifecycle scenarios cover resumed state via `runs-lifecycle.test.ts` (`run.resumed` event projection) | None dedicated yet | Add explicit `resumeRun` route exerciser (paused → running, error envelope on running / terminal target). |
 | `forkRun` | `replay-fork.test.ts`, `replayDeterminism.test.ts` | Negative `fromSeq`, past-end, unknown source, invalid overlay | Add arbitrary-event fork and retention-expired source. |

package/fixtures/conformance-configurable-schema.json

@@ -0,0 +1,39 @@
+{
+  "id": "conformance-configurable-schema",
+  "name": "Conformance: Per-workflow configurableSchema",
+  "version": "1.0",
+  "description": "Workflow that declares a `configurableSchema` constraining `RunOptions.configurable` (run-options.md §'Per-workflow configurableSchema'). The schema forbids unknown additional properties and requires `recursionLimit` to be a positive integer when present. Conformance scenario `configurable-schema.test.ts` verifies: (a) the manifest endpoint `GET /v1/workflows/{id}` surfaces the configurableSchema; (b) `POST /v1/runs` with a mismatched configurable returns `validation_error`. Body is a noop.",
+  "nodes": [
+    {
+      "id": "noop",
+      "typeId": "core.noop",
+      "name": "Noop",
+      "position": { "x": 0, "y": 0 },
+      "config": {},
+      "inputs": {}
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [],
+  "configurableSchema": {
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {
+      "recursionLimit": {
+        "type": "integer",
+        "minimum": 1,
+        "description": "Cap on per-run node executions; host enforces."
+      },
+      "tags": {
+        "type": "array",
+        "items": { "type": "string" }
+      }
+    }
+  },
+  "metadata": { "tags": ["conformance", "configurable-schema"] },
+  "settings": { "timeout": 10000 }
+}