@openwop/openwop-conformance 1.0.0 → 1.1.1

package/schemas/pack-lockfile.schema.json

@@ -0,0 +1,92 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/pack-lockfile.schema.json",
+  "title": "PackLockfile",
+  "description": "Reproducible-build lockfile pinning resolved versions of every pack a workspace depends on. Per spec/v1/node-packs.md §\"Dependency resolution + lockfile\". A workspace records its lockfile alongside its workflow definitions; on subsequent installs the registry resolver MUST honor the lockfile's exact versions rather than re-running semver resolution. This guarantees that a workflow that ran against `vendor.openwop.rust-hello@1.0.0` will still run against `1.0.0` even after `1.0.1` is published.",
+  "type": "object",
+  "required": ["lockfileVersion", "generatedAt", "packs"],
+  "properties": {
+    "lockfileVersion": {
+      "type": "integer",
+      "minimum": 1,
+      "description": "Lockfile schema version. Bumped when the lockfile structure changes incompatibly. v1.0 ships at lockfileVersion 1."
+    },
+    "generatedAt": {
+      "type": "string",
+      "format": "date-time",
+      "description": "ISO 8601 timestamp the lockfile was written. Used for audit + cache-bust diagnostics; resolvers MUST NOT use this for resolution decisions."
+    },
+    "registry": {
+      "type": "string",
+      "format": "uri",
+      "description": "Optional source-of-truth registry URL the resolved versions were fetched from (e.g., `https://packs.openwop.dev`). Multi-registry workspaces include this for audit. Single-registry workspaces MAY omit."
+    },
+    "packs": {
+      "type": "array",
+      "description": "Resolved pack records, one per pack referenced (transitively) by the workspace's workflow definitions. Order is informational only; resolvers MUST NOT rely on order. Empty arrays are allowed (a workspace with no packs).",
+      "items": { "$ref": "#/$defs/ResolvedPack" }
+    }
+  },
+  "additionalProperties": false,
+  "$defs": {
+    "ResolvedPack": {
+      "type": "object",
+      "required": ["name", "version", "integrity"],
+      "properties": {
+        "name": {
+          "type": "string",
+          "minLength": 3,
+          "maxLength": 256,
+          "pattern": "^(core|vendor|community|private|local)\\.[a-z0-9][a-z0-9.-]*$",
+          "description": "Pack name per node-packs.md §\"Manifest format\" `name`. Reverse-DNS-style; namespace prefix is one of the canonical tiers."
+        },
+        "version": {
+          "type": "string",
+          "minLength": 1,
+          "maxLength": 64,
+          "description": "Resolved exact version (no ranges). Semver MAJOR.MINOR.PATCH[-PRERELEASE][+BUILD]. The resolver MUST pin to this exact version on subsequent installs."
+        },
+        "resolved": {
+          "type": "string",
+          "format": "uri",
+          "description": "Optional canonical URL the tarball was fetched from. Audit aid; resolvers MUST verify the `integrity` field even if this URL is present."
+        },
+        "integrity": {
+          "type": "string",
+          "pattern": "^sha256-[A-Za-z0-9+/]{43}=$",
+          "description": "Subresource-integrity-style hash of the tarball: literal `sha256-` followed by 43-char base64-encoded SHA-256 digest with trailing `=` padding. Resolvers MUST verify the downloaded tarball's SHA-256 matches before extraction. Hash mismatch MUST fail the install with `pack_integrity_mismatch`."
+        },
+        "signature": {
+          "type": "object",
+          "description": "Optional pack signature material (Ed25519 per node-packs.md §Signing). When present, resolvers MUST verify the signature against the publisher's advertised public key.",
+          "required": ["algorithm", "publicKey", "value"],
+          "properties": {
+            "algorithm": { "type": "string", "enum": ["ed25519"] },
+            "publicKey": { "type": "string", "minLength": 1, "description": "Base64-encoded Ed25519 public key bytes." },
+            "value": { "type": "string", "minLength": 1, "description": "Base64-encoded Ed25519 signature over the tarball." }
+          },
+          "additionalProperties": false
+        },
+        "dependencies": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string",
+            "minLength": 1,
+            "maxLength": 64
+          },
+          "description": "Pinned versions for this pack's `dependencies` (per its manifest). Each key is a pack name; each value is the resolved exact version. Pinned recursively — a transitively-installed pack appears once in the top-level `packs[]` array AND as a value in each parent's `dependencies` map."
+        },
+        "peerDependencies": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string",
+            "minLength": 1,
+            "maxLength": 64
+          },
+          "description": "Echo of this pack's manifest `peerDependencies` for audit. Resolvers MUST verify that the host's `/.well-known/openwop` advertises every key listed here (per host-capabilities.md §\"Capability negotiation\"). Lockfile records the host-capability values the workspace committed to at lockfile-write time; mismatches at install time MAY warn (host advertises richer set) but MUST fail if a peer-dep is missing."
+        }
+      },
+      "additionalProperties": false
+    }
+  }
+}

package/schemas/registry-version-manifest.schema.json

@@ -0,0 +1,145 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/registry-version-manifest.schema.json",
+  "title": "RegistryVersionManifest",
+  "description": "Registry-augmented version manifest served at `/v1/packs/{name}/-/{version}.json`. Extends the bare pack manifest (`node-pack-manifest.schema.json`) with registry-side metadata (integrity hash, publishedAt timestamp, signed-blob URLs, lifecycle flags). This is the shape clients receive when they GET a specific pack version; the bare manifest is what publishers commit inside the tarball.\n\n**Why two schemas?** The bare manifest is the authoring contract — what a vendor writes in their pack source tree. The registry-augmented version is the SERVING contract — what `packs.openwop.dev` produces after `build-index.mjs` computes integrity hashes + adds URL templates. Validating both surfaces independently catches drift between authored content and served metadata.",
+  "type": "object",
+  "required": ["name", "version", "engines", "runtime", "integrity"],
+  "anyOf": [
+    { "properties": { "nodes": { "type": "array", "minItems": 1 } }, "required": ["nodes"] },
+    { "properties": { "agents": { "type": "array", "minItems": 1 } }, "required": ["agents"] }
+  ],
+  "properties": {
+    "name": {
+      "type": "string",
+      "description": "Reverse-DNS pack name. Mirrors `node-pack-manifest.schema.json` §name.",
+      "pattern": "^(core|vendor|community|private)\\.[a-z][a-z0-9_-]*(\\.[a-z][a-zA-Z0-9_-]*)+$",
+      "minLength": 1,
+      "maxLength": 256
+    },
+    "version": {
+      "type": "string",
+      "description": "Pack version per SemVer 2.0.0. Must match the URL path the manifest is served at.",
+      "pattern": "^\\d+\\.\\d+\\.\\d+(?:-[0-9A-Za-z.-]+)?(?:\\+[0-9A-Za-z.-]+)?$"
+    },
+    "description": { "type": "string", "maxLength": 1024 },
+    "author": { "type": "string" },
+    "license": { "type": "string" },
+    "homepage": { "type": "string", "format": "uri" },
+    "repository": { "type": "string", "format": "uri" },
+    "keywords": {
+      "type": "array",
+      "items": { "type": "string", "maxLength": 64 },
+      "maxItems": 50
+    },
+    "engines": {
+      "type": "object",
+      "required": ["openwop"],
+      "properties": {
+        "openwop": { "type": "string", "minLength": 1 }
+      },
+      "additionalProperties": { "type": "string" }
+    },
+    "runtime": {
+      "type": "object",
+      "required": ["language"],
+      "properties": {
+        "language": {
+          "type": "string",
+          "enum": ["javascript", "typescript", "wasm", "remote"],
+          "description": "Pack runtime. `javascript`/`typescript` for in-process Node executors; `wasm` for sandboxed WASM (RFC 0008 ABI); `remote` for agent-only packs that dispatch via remote LLM providers + don't ship local executor bytecode."
+        },
+        "entry": { "type": "string" },
+        "abiVersion": { "type": "string" }
+      },
+      "additionalProperties": true
+    },
+    "peerDependencies": {
+      "type": "object",
+      "description": "Host capabilities the pack consumes. Each key is a host-capability identifier (e.g., `host.canvas`); each value declares the support level the pack expects.",
+      "additionalProperties": { "type": "string" }
+    },
+    "dependencies": {
+      "type": "object",
+      "description": "Pack dependencies (other packs). Wire-locked at install time per `pack-lockfile.schema.json`.",
+      "additionalProperties": { "type": "string" }
+    },
+    "signing": {
+      "type": "object",
+      "description": "Embedded signing metadata. The pack's signing key MUST be one of the keys registered in `.well-known/openwop-registry.json` `signingKeys[]` AND MUST be authorized for the pack's namespace via `permittedNamespaces`.\n\nTwo identifier forms in the wild:\n  - `keyId`: canonical (newer packs). Matches an entry in registry's `signingKeys[].keyId`.\n  - `publicKeyRef`: legacy alias of `keyId` (used by `build-pack-tarball.mjs --key-id <id>`). Equivalent semantics.\n\nAt least one of `keyId` / `publicKeyRef` MUST be present; if both, they MUST be equal. The schema's `oneOf` block enforces this.",
+      "required": ["method"],
+      "oneOf": [
+        { "required": ["keyId"] },
+        { "required": ["publicKeyRef"] }
+      ],
+      "properties": {
+        "method": {
+          "type": "string",
+          "enum": ["manual", "ed25519", "sigstore"],
+          "description": "Signing method. `manual` and `ed25519` both denote a detached Ed25519 signature over canonical-JSON pack.json (synonymous in practice; both forms appear in published packs). `sigstore` reserved for the SLSA-friendly OIDC path."
+        },
+        "keyId": { "type": "string", "minLength": 1 },
+        "publicKeyRef": { "type": "string", "minLength": 1 },
+        "publicKeyUrl": { "type": "string", "format": "uri-reference" },
+        "signatureRef": { "type": "string" }
+      },
+      "additionalProperties": true
+    },
+    "nodes": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["typeId", "version", "category", "role"],
+        "additionalProperties": true
+      }
+    },
+    "agents": {
+      "type": "array",
+      "items": { "type": "object", "additionalProperties": true }
+    },
+    "integrity": {
+      "type": "string",
+      "description": "SRI-style integrity hash of the SIGNED tarball (`sha256-<base64(sha256)>`). Computed by `registry/scripts/build-index.mjs` from the on-disk `.tgz`. Consumers MUST verify the fetched tarball's hash matches this field before unpacking.",
+      "pattern": "^sha256-[A-Za-z0-9+/=]+$"
+    },
+    "publishedAt": {
+      "type": "string",
+      "description": "ISO-8601 UTC timestamp of first publish. Immutable per spec — set at first publish, never re-issued on subsequent index rebuilds.",
+      "format": "date-time"
+    },
+    "tarballUrl": {
+      "type": "string",
+      "description": "Registry-relative URL for the signed tarball. Always `/v1/packs/{name}/-/{version}.tgz`.",
+      "pattern": "^/v1/packs/[^/]+/-/[^/]+\\.tgz$"
+    },
+    "signatureUrl": {
+      "type": "string",
+      "description": "Registry-relative URL for the detached Ed25519 signature. Always `/v1/packs/{name}/-/{version}.sig`.",
+      "pattern": "^/v1/packs/[^/]+/-/[^/]+\\.sig$"
+    },
+    "deprecated": {
+      "type": "boolean",
+      "description": "Advisory: this version is deprecated. Consumers MAY refuse to install but registry continues to serve."
+    },
+    "yanked": {
+      "type": "boolean",
+      "description": "Hard refusal: this version was published in error. Registry MUST refuse to serve the tarball; consumers MUST refuse to dispatch nodes from yanked versions."
+    },
+    "yankedReason": {
+      "type": "string",
+      "maxLength": 512,
+      "description": "Optional one-line rationale shown by clients when a yanked install is attempted. Conventionally references the advisory id (`OPENWOP-YYYY-NNNN`) when one was issued."
+    },
+    "deprecationReason": {
+      "type": "string",
+      "maxLength": 512,
+      "description": "Optional one-line rationale shown by clients when an install of a deprecated version is attempted. Typically names the replacement version + migration link."
+    },
+    "advisoryUrl": {
+      "type": "string",
+      "format": "uri",
+      "description": "Optional URL with deprecation / yank rationale + remediation."
+    }
+  },
+  "additionalProperties": false
+}

package/schemas/run-event-payloads.schema.json

@@ -2,7 +2,7 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$id": "https://openwop.dev/spec/v1/run-event-payloads.schema.json",
   "title": "RunEventPayloads",
-  "description": "Per-RunEventType payload schemas. The base RunEventDoc shape (run-event.schema.json) leaves `payload` permissive for forward-compat. This schema defines the canonical payload contract for each known RunEventType. Consumers MAY pin strict payload validation via `$defs.<typeId>` and `ajv.validate(schema.$defs[event.type], event.payload)`. Unknown event types MUST be tolerated (no $defs match → fold best-effort).\n\n47 variants from `run-event.schema.json#$defs.RunEventType` are covered, grouped into ~20 shape families with shared $defs. Naming convention: camelCase keys mirror dotted RunEventType names (e.g., `run.started` → `runStarted`).",
+  "description": "Per-RunEventType payload schemas. The base RunEventDoc shape (run-event.schema.json) leaves `payload` permissive for forward-compat. This schema defines the canonical payload contract for each known RunEventType. Consumers MAY pin strict payload validation via `$defs.<typeId>` and `ajv.validate(schema.$defs[event.type], event.payload)`. Unknown event types MUST be tolerated (no $defs match → fold best-effort).\n\n48 variants from `run-event.schema.json#$defs.RunEventType` are covered, grouped into ~20 shape families with shared $defs. Naming convention: camelCase keys mirror dotted RunEventType names (e.g., `run.started` → `runStarted`).",
   "type": "object",
   "$defs": {
     "_typeIndex": {
@@ -56,7 +56,8 @@
         "runOrchestrator.decided":   { "$ref": "#/$defs/runOrchestratorDecided" },
         "conversation.opened":       { "$ref": "#/$defs/conversationOpened" },
         "conversation.exchanged":    { "$ref": "#/$defs/conversationExchanged" },
-        "conversation.closed":       { "$ref": "#/$defs/conversationClosed" }
+        "conversation.closed":       { "$ref": "#/$defs/conversationClosed" },
+        "memory.compacted":          { "$ref": "#/$defs/memoryCompacted" }
       }
     },
 
@@ -501,10 +502,10 @@
 
     "capBreached": {
       "type": "object",
-      "description": "Emitted when a CapabilityLimit is exceeded (clarificationRounds / schemaRounds / envelopesPerTurn / maxNodeExecutions).",
+      "description": "Emitted when a CapabilityLimit is exceeded. Protocol-level limits use the four engine kinds (clarificationRounds / schemaRounds / envelopesPerTurn / maxNodeExecutions). RFC 0008 §K WASM-runtime caps use the wasm-* kinds (memory ceiling, fuel exhaustion, execution-time wall-clock).",
       "required": ["kind", "limit", "observed"],
       "properties": {
-        "kind":     { "type": "string", "enum": ["clarification", "schema", "envelopes", "node-executions"] },
+        "kind":     { "type": "string", "enum": ["clarification", "schema", "envelopes", "node-executions", "wasm-memory", "wasm-fuel", "wasm-execution-time"] },
         "limit":    { "type": "integer", "minimum": 0 },
         "observed": { "type": "integer", "minimum": 0 },
         "nodeId":   { "type": "string" }
@@ -658,6 +659,21 @@
         "turnCount":      { "type": "integer", "minimum": 0, "description": "Total turns completed in this conversation (number of `conversation.exchanged` events emitted)." }
       },
       "additionalProperties": true
+    },
+
+    "memoryCompacted": {
+      "type": "object",
+      "description": "RFC 0012 (Memory Compaction Profile). Emitted by a host advertising `capabilities.memory.compaction.supported: true` each time a compaction run completes, regardless of trigger. `outputId` MUST be readable via `MemoryAdapter.get(memoryRef, outputId)` until normal TTL eviction. SR-1 carry-forward (RFC 0012 §D) applies: the host MUST route compacted entry content through the same BYOK redaction harness applied to a fresh `put`.",
+      "required": ["memoryRef", "outputId", "sourceCount", "trigger", "byteSize"],
+      "properties": {
+        "memoryRef":   { "type": "string", "minLength": 1, "description": "Opaque MemoryAdapter handle per RFC 0004 §C. Bounds compaction to a single memory scope." },
+        "outputId":    { "type": "string", "minLength": 1, "description": "Id of the new MemoryEntry created by compaction." },
+        "sourceIds":   { "type": "array", "items": { "type": "string", "minLength": 1 }, "description": "Ids of entries collapsed into outputId. Hosts MAY omit when sourceCount > 100; the `compacted-from:<runId>` tag convention (RFC 0012 §C) becomes the authoritative provenance signal. When present, MUST be exhaustive within the array (no 'and N more' semantics)." },
+        "sourceCount": { "type": "integer", "minimum": 1, "description": "Total source entries collapsed, including any not enumerated in `sourceIds`." },
+        "trigger":     { "type": "string", "enum": ["host-managed", "client-requested", "both"], "description": "Matches `capabilities.memory.compaction.trigger`; indicates which trigger path drove this run. v1.x normates only `host-managed`." },
+        "byteSize":    { "type": "integer", "minimum": 0, "description": "Byte size of the resulting MemoryEntry.content." }
+      },
+      "additionalProperties": true
     }
   }
 }

package/schemas/run-event.schema.json

@@ -109,7 +109,8 @@
         "runOrchestrator.decided",
         "conversation.opened",
         "conversation.exchanged",
-        "conversation.closed"
+        "conversation.closed",
+        "memory.compacted"
       ]
     }
   }

package/schemas/security-advisory.schema.json

@@ -0,0 +1,109 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/security-advisory.schema.json",
+  "title": "SecurityAdvisory",
+  "description": "Registry-owned security advisory for a published OpenWOP pack version. Sourced from registry/security/advisories.json. Every entry MUST be reviewed + merged via maintainer PR; the CI check-advisories gate refuses to deploy if any active advisory targets a pack version that is not already yanked.",
+  "type": "object",
+  "required": ["id", "publishedAt", "severity", "summary", "affected"],
+  "properties": {
+    "id": {
+      "type": "string",
+      "description": "Stable advisory identifier. Format: `OPENWOP-YYYY-NNNN` (sequential, assigned by maintainers at PR merge time). MAY also include an aliased CVE ID via `cveIds[]`.",
+      "pattern": "^OPENWOP-[0-9]{4}-[0-9]{4}$"
+    },
+    "cveIds": {
+      "type": "array",
+      "description": "Aliased CVE identifiers if a CVE was reserved through Mitre or a CNA. Listed in cve.mitre.org format.",
+      "items": {
+        "type": "string",
+        "pattern": "^CVE-[0-9]{4}-[0-9]+$"
+      },
+      "uniqueItems": true
+    },
+    "publishedAt": {
+      "type": "string",
+      "format": "date",
+      "description": "Date the advisory was first published (ISO 8601 yyyy-mm-dd). Frozen at merge time; do not update on revision."
+    },
+    "updatedAt": {
+      "type": "string",
+      "format": "date",
+      "description": "Date of last advisory update. Bump when severity, affected, or fixedIn changes."
+    },
+    "severity": {
+      "type": "string",
+      "enum": ["critical", "high", "medium", "low"],
+      "description": "Severity per the rubric in docs/runbooks/INCIDENT-RESPONSE.md. critical=S0 (yank immediately), high=S1, medium=S2, low=S3."
+    },
+    "cvssV4Score": {
+      "type": "number",
+      "minimum": 0,
+      "maximum": 10,
+      "description": "Optional CVSS 4.0 base score. Informational; severity field is the authoritative classification."
+    },
+    "summary": {
+      "type": "string",
+      "description": "One-line human-readable summary of the vulnerability. Surfaces in tooling output.",
+      "minLength": 1,
+      "maxLength": 200
+    },
+    "details": {
+      "type": "string",
+      "description": "Long-form description: vulnerability mechanism, attack vector, impact, recommended consumer action. May reference external URLs via advisoryUrl."
+    },
+    "advisoryUrl": {
+      "type": "string",
+      "format": "uri",
+      "description": "External advisory link (e.g., GitHub Security Advisory, vendor security page, CVE detail page)."
+    },
+    "affected": {
+      "type": "array",
+      "description": "Pack versions impacted by this advisory. Each entry pins a pack name + a SemVer range. The check-advisories CI gate cross-references this list against every published version and fails if any non-yanked version matches.",
+      "minItems": 1,
+      "items": {
+        "type": "object",
+        "required": ["packName", "versions"],
+        "properties": {
+          "packName": {
+            "type": "string",
+            "description": "Pack name (e.g., `vendor.myndhyve.ai`). MUST exist under registry/v1/packs/.",
+            "pattern": "^[a-z][a-z0-9-]*(\\.[a-z][a-z0-9-]*)+$"
+          },
+          "versions": {
+            "type": "string",
+            "description": "SemVer range using node-semver syntax (`<1.0.0`, `>=1.0.0 <1.0.3`, `1.0.0 || 1.0.1`). Matched against published version numbers via the check-advisories gate."
+          },
+          "fixedIn": {
+            "type": "string",
+            "description": "Earliest version that contains the fix. Consumers MUST upgrade to >= this version. Absent if no fix is available yet (defense-only).",
+            "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+(-[a-zA-Z0-9.-]+)?(\\+[a-zA-Z0-9.-]+)?$"
+          },
+          "fixedInRef": {
+            "type": "string",
+            "description": "PR or commit reference where the fix landed (e.g., `openwop/openwop#42`). Helps consumers audit the patch."
+          }
+        },
+        "additionalProperties": false
+      }
+    },
+    "credits": {
+      "type": "array",
+      "description": "Acknowledged reporters or researchers.",
+      "items": {
+        "type": "object",
+        "required": ["name"],
+        "properties": {
+          "name": { "type": "string", "minLength": 1 },
+          "url": { "type": "string", "format": "uri" },
+          "role": {
+            "type": "string",
+            "enum": ["finder", "reporter", "analyst", "coordinator", "remediation-developer"],
+            "description": "Per CSAF role vocabulary. Defaults to `finder` when not specified."
+          }
+        },
+        "additionalProperties": false
+      }
+    }
+  },
+  "additionalProperties": false
+}