@openwop/openwop-conformance 1.0.0

package/api/redocly.yaml

@@ -0,0 +1,8 @@
+extends:
+  - recommended
+
+rules:
+  # Discovery endpoints (`/.well-known/openwop`, `/v1/openapi.json`) are unauthenticated
+  # and take no input — they have no meaningful 4XX response surface. 5XX is the
+  # only honest failure mode and is documented inline.
+  operation-4xx-response: off

package/coverage.md

@@ -0,0 +1,80 @@
+# OpenWOP Conformance Coverage Map
+
+> **Status: Living document. Updated 2026-05-10.** This map connects the current scenario files to the protocol surfaces they protect and records the remaining gaps from the protocol deep dive. Scenario names are source-of-truth file names under `conformance/src/scenarios/`.
+
+---
+
+## Coverage by protocol surface
+
+| Surface | Scenario files | Current grade | Remaining gaps |
+|---|---|---|---|
+| Discovery and capability handshake | `discovery.test.ts`, `runtime-capabilities.test.ts`, `profileDerivation.test.ts`, `mcp-discoverability.test.ts` | A | `Capabilities-Etag` optional runtime shape is covered; scoped discovery and non-HTTP handoff remain host-advertised follow-ups. |
+| Auth and errors | `auth.test.ts`, `errors.test.ts`, `policies.test.ts`, `providerPolicyEnforcement.test.ts` | B | OAuth2, API-key rotation, mTLS, richer scope matrix. |
+| Run lifecycle | `runs-lifecycle.test.ts`, `failure-path.test.ts`, `cancellation.test.ts`, `eventOrdering.test.ts` | A- | Restart-during-run production scenario. |
+| Idempotency and retry | `idempotency.test.ts`, `idempotencyRetry.test.ts`, `highConcurrency.test.ts` | A- | Long retention proof beyond the fast CI window. |
+| Interrupts | `interrupt-approval.test.ts`, `interrupt-clarification.test.ts`, `approval-payload.test.ts`, `interruptRace.test.ts`, `interrupt-quorum-resolution.test.ts`, `interrupt-external-event-correlation.test.ts`, `interrupt-auth-required-resume.test.ts`, `interrupt-parent-child-cascade.test.ts` | A− | All four optional profile scenarios landed 2026-05-10. Remaining: positive end-to-end run against a host that advertises every profile. |
+| Streaming | `stream-modes.test.ts`, `stream-modes-buffer.test.ts`, `stream-modes-mixed.test.ts`, `streamReconnect.test.ts` | A | Browser/proxy timeout matrix and long-running stream soak. |
+| Replay and fork | `replay-fork.test.ts`, `replayDeterminism.test.ts`, `staleClaim.test.ts` | A- | Fork from arbitrary event types and retention-expiry behavior remain uncovered; retention/privacy/scoring semantics are now specified in `replay.md`. |
+| Capabilities and limits | `cap-breach.test.ts`, `dispatchLoop.test.ts` | B+ | Clarification/schema/envelope cap-breach fixtures beyond node-execution cap. |
+| State channels and reducers | `channel-ttl.test.ts` | B+ | Cross-adapter reducer consistency and conflict cases. |
+| Sub-workflows and dispatch | `subworkflow.test.ts`, `multi-node-ordering.test.ts` | B+ | Parallel fan-out floors by scale tier, parent/child cancellation. |
+| Node packs and registry | `pack-registry.test.ts`, `pack-registry-publish.test.ts`, `maliciousManifest.test.ts`, `wasm-pack-load.test.ts`, `wasm-pack-invoke-completed.test.ts`, `wasm-pack-invoke-suspended.test.ts`, `wasm-pack-replay-determinism.test.ts`, `wasm-pack-memory-cap.test.ts`, `wasm-pack-abi-version-rejection.test.ts` | A− | RFC 0008 WASM ABI scenarios landed 2026-05-10; gated on `capabilities.nodePackRuntimes.wasm.supported`. Remaining: hosted registry interoperability once `packs.openwop.dev` exists; deliberately-misbehaving pack for memory-cap + ABI-version-rejection positive paths. |
+| Secrets and redaction | `redaction.test.ts`, `redactionAdversarial.test.ts`, `byok-roundtrip.test.ts` | A- | Cross-provider BYOK matrix and debug-bundle redaction under high volume. |
+| Observability and diagnostics | `cost-attribution.test.ts`, `debugBundle.test.ts`, `otel-emission.test.ts`, `otel-trace-propagation.test.ts` | B+ | OTLP/HTTP-JSON receiver harness now wired; opt-in via `OPENWOP_OTEL_COLLECTOR=true`. Remaining: real-OTLP-protobuf path, metric-emission scenario, debug-bundle truncation. |
+| Fixtures and corpus validity | `fixtures-valid.test.ts`, `fixtures-gating.test.ts`, `spec-corpus-validity.test.ts` | A | Keep fixture manifest synchronized as new optional profiles land. |
+| Run control — pause/resume | `pause-resume.test.ts` | B | Lifecycle + 409-on-non-paused covered; remaining: pause-during-suspend race, immediate-vs-drain-current-node policy assertion. |
+| Rate-limit envelope | `rate-limit-envelope.test.ts` | B− | Shape validation when 429 observed; remaining: deterministic 429-induction harness so the scenario reliably triggers under CI. |
+| Per-workflow `configurableSchema` | `configurable-schema.test.ts` | C+ | Negative validation covered; remaining: positive accepted-overlay scenario + `GET /v1/workflows/{id}` schema surface assertion. |
+| Append-reducer ordering | `append-ordering.test.ts` | B | Intra-engine sequence-order check; remaining: cross-engine ordering under a multi-engine fixture. |
+| Webhook signature algorithms | `webhook-sig-algorithm.test.ts` | C+ | Discovery shape covered; remaining: end-to-end signed delivery exercising `X-openwop-Signature-Algorithm: v1`. |
+| Audit-log integrity profile | `audit-log-integrity.test.ts` | C+ | Profile claim + `/v1/audit/verify` shape covered; remaining: tamper-detection scenario (requires admin access to host's audit store) + multi-checkpoint chain verification. |
+| Multi-region idempotency capability | `multi-region-idempotency.test.ts` | C | Discovery enum coverage; remaining: cross-region partition simulation (requires multi-region harness). |
+
+---
+
+## Endpoint Coverage Manifest
+
+Every OpenAPI operation should have:
+
+1. At least one positive scenario.
+2. At least one auth failure scenario where auth applies.
+3. At least one validation or conflict scenario where the operation accepts input.
+4. A cited spec section in each assertion message.
+
+| Operation ID | Positive coverage | Negative / auth / validation coverage | Gap |
+|---|---|---|---|
+| `getCapabilities` | `discovery.test.ts`, `runtime-capabilities.test.ts`, `profileDerivation.test.ts`, `mcp-discoverability.test.ts` | `discovery.test.ts` covers optional `Capabilities-Etag`; `spec-corpus-validity.test.ts` validates schema shape | Add scoped discovery scenario when a host advertises it. |
+| `getOpenApiSpec` | `discovery.test.ts` | `spec-corpus-validity.test.ts` validates OpenAPI refs | Add unavailable/transient error scenario only if host can simulate it. |
+| `getWorkflow` | `route-coverage.test.ts`; fixture-dependent lifecycle tests indirectly require seeded workflow IDs | `route-coverage.test.ts` covers unknown workflow `404`/`403` envelope | Good. |
+| `createRun` | `runs-lifecycle.test.ts`, `identity-passthrough.test.ts`, `failure-path.test.ts`, fixture scenarios | `auth.test.ts`, `errors.test.ts`, `idempotency.test.ts`, `idempotencyRetry.test.ts` | Strong baseline; add per-field validation matrix. |
+| `getRun` | Lifecycle, cancellation, interrupt, replay, and subworkflow tests poll snapshots | `failure-path.test.ts`, `errors.test.ts` | Add explicit unknown-run `404` scenario if not already covered through helper assertions. |
+| `streamRunEvents` | `stream-modes.test.ts`, `stream-modes-buffer.test.ts`, `stream-modes-mixed.test.ts`, `streamReconnect.test.ts` | Unsupported mode and invalid buffer assertions | Add long-running proxy timeout soak outside fast CI. |
+| `pollRunEvents` | `multi-node-ordering.test.ts`, `version-negotiation.test.ts`, redaction tests | Past-end and validation assertions | Good. Add malformed `lastSequence` if missing. |
+| `cancelRun` | `cancellation.test.ts` | Unknown/terminal idempotency cases partial | Add explicit already-terminal cancel behavior. |
+| `pauseRun` | Lifecycle scenarios cover paused state via `runs-lifecycle.test.ts` (`run.paused` event projection) | None dedicated yet | Add explicit `pauseRun` route exerciser (running → paused, paused → resumed, error envelope on terminal target). |
+| `resumeRun` | Lifecycle scenarios cover resumed state via `runs-lifecycle.test.ts` (`run.resumed` event projection) | None dedicated yet | Add explicit `resumeRun` route exerciser (paused → running, error envelope on running / terminal target). |
+| `forkRun` | `replay-fork.test.ts`, `replayDeterminism.test.ts` | Negative `fromSeq`, past-end, unknown source, invalid overlay | Add arbitrary-event fork and retention-expired source. |
+| `resolveInterruptByRun` | `interrupt-approval.test.ts`, `interrupt-clarification.test.ts`, `approval-payload.test.ts`, `interruptRace.test.ts` | Invalid action, unknown node, race cases | Add auth-required and quorum profile scenarios. |
+| `inspectInterruptByToken` | Interrupt token coverage partial | Missing explicit token-inspect matrix | Add expired, malformed, and already-resolved token cases. |
+| `resolveInterruptByToken` | Interrupt token coverage partial | Missing explicit token-resolve matrix | Add expired, malformed, wrong-action, and replayed-token cases. |
+| `getArtifact` | Indirect through approval payload fixtures | `route-coverage.test.ts` covers unknown artifact `404`/`403` envelope | Add positive artifact read and explicit scope failure scenarios. |
+| `registerWebhook` | Webhook spec exists | `route-coverage.test.ts` covers invalid URL validation envelope | Add positive registration with a test receiver when harness support exists. |
+| `unregisterWebhook` | Webhook spec exists | `route-coverage.test.ts` covers unknown subscription behavior | Add full register-then-unregister roundtrip with a test receiver. |
+
+---
+
+## Gap closure plan
+
+| Priority | Work item | Target docs |
+|---|---|---|
+| P0 | Add production-profile scenarios for backpressure envelope, retry durability, stale-claim recovery, and debug-bundle truncation. | `production-profile.md`, `scale-profiles.md`, `storage-adapters.md`, `debug-bundle.md` |
+| P1 | Add auth-profile scenarios for API-key rotation and OAuth2 client-credentials where test issuer metadata is available. | `auth.md`, `auth-profiles.md` |
+| ✅ done | Interrupt-profile scenarios for quorum, external-event, auth-required, and parent/child cascade — landed 2026-05-10. | `interrupt.md`, `interrupt-profiles.md` |
+| P1 | Convert endpoint manifest into generated coverage evidence from `api/openapi.yaml` operation IDs. | `rest-endpoints.md` |
+| ✅ done | MCP and A2A synthetic-peer roundtrip scenarios landed 2026-05-10 (`mcp-tool-roundtrip.test.ts`, `a2a-task-roundtrip.test.ts`); opt-in via `OPENWOP_MCP_FAKE_SERVER=true` / `OPENWOP_A2A_FAKE_PEER=true`. | `mcp-integration.md`, `a2a-integration.md` |
+| P2 | Add replay retention and fork-from-arbitrary-event coverage. | `replay.md` |
+| P1 | Deterministic 429-induction harness so `rate-limit-envelope.test.ts` triggers reliably under CI (currently observational). | `rest-endpoints.md` |
+| P1 | Add tamper-detection scenario for `audit-log-integrity.test.ts` — requires admin write access to the host's audit store. | `auth-profiles.md` |
+| P2 | Cross-engine append-ordering scenario (multi-engine fixture). | `channels-and-reducers.md` |
+| P2 | End-to-end webhook signed-delivery test exercising `X-openwop-Signature-Algorithm: v1`. | `webhooks.md` |
+| P2 | Conformance scenarios that cite normative RFC docs (not just schemas) for the multi-agent surfaces. | RFCS/0002–0007 |

package/dist/cli.js

@@ -0,0 +1,161 @@
+#!/usr/bin/env node
+/**
+ * `openwop-conformance` — operator-facing CLI for running the openwop
+ * conformance suite against a deployed server.
+ *
+ * Wraps `vitest` with friendlier args + structured exit codes so it
+ * works as the `npm test` entry for downstream packages.
+ *
+ * Usage:
+ *   openwop-conformance --base-url https://api.example.com --api-key hk_test_123
+ *   openwop-conformance --offline                       # server-free subset only
+ *   openwop-conformance --filter discovery               # category filter
+ *   openwop-conformance --base-url ... --api-key ... --filter "interrupt|cancellation"
+ *
+ * Environment variables override flags (per the conformance harness's
+ * existing convention):
+ *   OPENWOP_BASE_URL, OPENWOP_API_KEY, OPENWOP_IMPLEMENTATION_NAME,
+ *   OPENWOP_IMPLEMENTATION_VERSION, OPENWOP_LIFECYCLE_TIMEOUT_MS
+ *
+ * Exit codes:
+ *   0   all scenarios pass
+ *   1   one or more scenarios failed
+ *   2   suite couldn't start (missing required args, etc)
+ */
+import { spawnSync } from 'node:child_process';
+import { fileURLToPath } from 'node:url';
+import { dirname, resolve as resolvePath } from 'node:path';
+function parseArgs(argv) {
+    let baseUrl;
+    let apiKey;
+    let offline = false;
+    let filter;
+    let help = false;
+    let impl;
+    let implVersion;
+    for (let i = 0; i < argv.length; i++) {
+        const arg = argv[i] ?? '';
+        if (arg === '-h' || arg === '--help') {
+            help = true;
+            continue;
+        }
+        if (arg === '--offline') {
+            offline = true;
+            continue;
+        }
+        const eq = arg.indexOf('=');
+        const flag = eq === -1 ? arg : arg.slice(0, eq);
+        const inlineValue = eq === -1 ? undefined : arg.slice(eq + 1);
+        const nextValue = () => {
+            if (inlineValue !== undefined)
+                return inlineValue;
+            const next = argv[i + 1];
+            if (next !== undefined && !next.startsWith('-')) {
+                i++;
+                return next;
+            }
+            return undefined;
+        };
+        switch (flag) {
+            case '--base-url':
+                baseUrl = nextValue();
+                break;
+            case '--api-key':
+                apiKey = nextValue();
+                break;
+            case '--filter':
+                filter = nextValue();
+                break;
+            case '--impl':
+            case '--implementation-name':
+                impl = nextValue();
+                break;
+            case '--impl-version':
+            case '--implementation-version':
+                implVersion = nextValue();
+                break;
+            default:
+                if (arg.startsWith('-')) {
+                    // Unknown flag — pass through to vitest by ignoring here.
+                }
+        }
+    }
+    return { baseUrl, apiKey, offline, filter, help, impl, implVersion };
+}
+const HELP_TEXT = `openwop-conformance — run the openwop conformance suite against a server
+
+Usage:
+  openwop-conformance [options]
+
+Required (unless --offline):
+  --base-url <url>      openwop server base URL (or set OPENWOP_BASE_URL env var)
+  --api-key <key>       Bearer-style API key (or set OPENWOP_API_KEY env var)
+
+Filtering:
+  --offline             Run only the server-free subset (fixtures + spec corpus)
+  --filter <pattern>    Pass through to vitest --testNamePattern
+
+Implementation labels (cosmetic — surface in failure messages):
+  --impl <name>             Implementation name        (env: OPENWOP_IMPLEMENTATION_NAME)
+  --impl-version <version>  Implementation version     (env: OPENWOP_IMPLEMENTATION_VERSION)
+
+Other:
+  --help, -h            Show this message
+
+Examples:
+  openwop-conformance --offline
+  openwop-conformance --base-url https://api.example.com --api-key hk_test_abc
+  openwop-conformance --filter "discovery|errors"
+`;
+function main() {
+    const args = parseArgs(process.argv.slice(2));
+    if (args.help) {
+        process.stdout.write(HELP_TEXT);
+        process.exit(0);
+    }
+    // Env vars OVERRIDE flags only when the flag was unset (consistent
+    // with the rest of the harness — env wins on the absence of CLI input).
+    const env = { ...process.env };
+    if (args.baseUrl)
+        env.OPENWOP_BASE_URL = args.baseUrl;
+    if (args.apiKey)
+        env.OPENWOP_API_KEY = args.apiKey;
+    if (args.impl)
+        env.OPENWOP_IMPLEMENTATION_NAME = args.impl;
+    if (args.implVersion)
+        env.OPENWOP_IMPLEMENTATION_VERSION = args.implVersion;
+    if (!args.offline && (!env.OPENWOP_BASE_URL || !env.OPENWOP_API_KEY)) {
+        process.stderr.write('openwop-conformance: --base-url and --api-key are required (or use --offline).\n' +
+            'Run `openwop-conformance --help` for usage.\n');
+        process.exit(2);
+    }
+    // Resolve the conformance directory relative to this script's location
+    // so the CLI works regardless of the caller's cwd. Both the source
+    // path (`src/cli.ts`) and the compiled path (`dist/cli.js`) live ONE
+    // directory below the package root, so the same `..` works either way.
+    const here = dirname(fileURLToPath(import.meta.url));
+    const conformanceRoot = resolvePath(here, '..');
+    // Build vitest argv. server-free subset is `fixtures-valid` +
+    // `spec-corpus-validity`; the offline flag scopes the run to those.
+    // Pass --config explicitly so vitest doesn't auto-discover an
+    // ancestor config (e.g., a parent monorepo's vite.config.ts) when
+    // the conformance package is used as a workspace member.
+    const vitestArgs = ['run', '--config', resolvePath(conformanceRoot, 'vitest.config.ts')];
+    if (args.offline) {
+        vitestArgs.push('src/scenarios/fixtures-valid.test.ts', 'src/scenarios/spec-corpus-validity.test.ts');
+    }
+    if (args.filter) {
+        vitestArgs.push('--testNamePattern', args.filter);
+    }
+    const result = spawnSync('npx', ['vitest', ...vitestArgs], {
+        cwd: conformanceRoot,
+        env,
+        stdio: 'inherit',
+    });
+    if (result.error) {
+        process.stderr.write(`openwop-conformance: failed to spawn vitest: ${String(result.error)}\n`);
+        process.exit(2);
+    }
+    process.exit(result.status ?? 1);
+}
+main();

package/fixtures/conformance-a2a-task-roundtrip.json

@@ -0,0 +1,27 @@
+{
+  "id": "conformance-a2a-task-roundtrip",
+  "name": "Conformance: A2A Task Roundtrip",
+  "version": "1.0",
+  "description": "Track 6 fixture for `a2a-task-roundtrip.test.ts`. Workflow invokes a single A2A peer task; the conformance suite stands up a synthetic A2A peer at startup (`OPENWOP_A2A_FAKE_PEER=true`) and operators configure the host to consume the printed AgentCard URL. The fixture covers drift points #3 (`AUTH_REQUIRED` → `waiting-input`) and #4 (`REJECTED` → `failed`) per `a2a-integration.md` §State projection. The `driftScenario` input lets the test toggle which projection to exercise; hosts that don't implement A2A consumption can stub this fixture as `core.noop` and the host-mediated subtest skips when no task POST reaches the synthetic peer.",
+  "nodes": [
+    {
+      "id": "a2a-invoke",
+      "typeId": "core.a2a.invoke",
+      "name": "Invoke A2A peer",
+      "position": { "x": 0, "y": 0 },
+      "config": {
+        "skill": "echo"
+      },
+      "inputs": {}
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [
+    { "name": "driftScenario", "type": "string", "defaultValue": "happy-path" }
+  ],
+  "metadata": { "tags": ["conformance", "a2a", "roundtrip", "state-projection"] },
+  "settings": { "timeout": 0 }
+}

package/fixtures/conformance-agent-identity.json

@@ -0,0 +1,27 @@
+{
+  "id": "conformance-agent-identity",
+  "name": "Conformance: Agent Identity",
+  "version": "1.0",
+  "description": "Phase 1. Single-node run with an `agent` pin on the node. Host MUST populate `RunSnapshot.agent` (or `runOrchestrator` for supervisor-bound fixtures) with an AgentRef-shaped value. See agentMetadata.test.ts.",
+  "nodes": [
+    {
+      "id": "echo",
+      "typeId": "core.identity",
+      "name": "Identity (agent-pinned)",
+      "position": { "x": 0, "y": 0 },
+      "config": {},
+      "inputs": {},
+      "agent": {
+        "agentId": "core.conformance.identity-agent",
+        "modelClass": "chat"
+      }
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [],
+  "metadata": { "tags": ["conformance", "multi-agent", "phase-1", "identity"] },
+  "settings": { "timeout": 10000 }
+}

package/fixtures/conformance-agent-low-confidence.json

@@ -0,0 +1,29 @@
+{
+  "id": "conformance-agent-low-confidence",
+  "name": "Conformance: Agent Low-Confidence Escalation",
+  "version": "1.0",
+  "description": "Phase 1 / CP-1 contract. Agent emits `agent.decided` with confidence below the default 0.7 escalation threshold (host mock confidence is 0.5). Host MUST suspend via `node.suspended { reason: 'low-confidence' }` and transition run to `'waiting-approval'`. See agentConfidenceEscalation.test.ts.",
+  "nodes": [
+    {
+      "id": "low-conf-decider",
+      "typeId": "core.identity",
+      "name": "Low-Confidence Decider",
+      "position": { "x": 0, "y": 0 },
+      "config": {
+        "mockConfidence": 0.5
+      },
+      "inputs": {},
+      "agent": {
+        "agentId": "core.conformance.low-conf-decider",
+        "modelClass": "reasoning"
+      }
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [],
+  "metadata": { "tags": ["conformance", "multi-agent", "phase-1", "low-confidence", "cp-1"] },
+  "settings": { "timeout": 15000 }
+}

package/fixtures/conformance-agent-memory-cross-tenant.json

@@ -0,0 +1,28 @@
+{
+  "id": "conformance-agent-memory-cross-tenant",
+  "name": "Conformance: Agent Memory Cross-Tenant Isolation (CTI-1)",
+  "version": "1.0",
+  "description": "Phase 3 / CTI-1. Issues a deliberately-cross-tenant memoryRef probe (a path referencing tenant B from a run owned by tenant A). Host MUST return [] / null — no leak. Probe result lands in `crossTenantProbe` variable. See agentMemoryCrossTenantIsolation.test.ts.",
+  "nodes": [
+    {
+      "id": "cross-tenant-probe",
+      "typeId": "core.identity",
+      "name": "Cross-Tenant Memory Probe",
+      "position": { "x": 0, "y": 0 },
+      "config": {
+        "memoryAction": "cross-tenant-probe",
+        "probeMemoryRef": "conformance/another-tenant/agent-memory"
+      },
+      "inputs": {}
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [
+    { "name": "crossTenantProbe", "type": "array" }
+  ],
+  "metadata": { "tags": ["conformance", "multi-agent", "phase-3", "memory", "cti-1", "security"] },
+  "settings": { "timeout": 10000 }
+}

package/fixtures/conformance-agent-memory-redaction.json

@@ -0,0 +1,32 @@
+{
+  "id": "conformance-agent-memory-redaction",
+  "name": "Conformance: Agent Memory Redaction (SR-1)",
+  "version": "1.0",
+  "description": "Phase 3 / SR-1. Resolves a BYOK test-mode secret, writes a memory entry containing the plaintext, reads it back. The read-side `memoryReadback.content` MUST contain [REDACTED:<secretId>] in place of the plaintext. See agentMemoryRedactionContract.test.ts.",
+  "nodes": [
+    {
+      "id": "memory-redaction-probe",
+      "typeId": "core.identity",
+      "name": "Memory Redaction Probe",
+      "position": { "x": 0, "y": 0 },
+      "config": {
+        "memoryAction": "redaction-probe",
+        "byokSecretId": "conformance-test-secret"
+      },
+      "inputs": {},
+      "agent": {
+        "agentId": "core.conformance.byok-agent",
+        "memoryRef": "conformance/agent-memory-redaction"
+      }
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [
+    { "name": "memoryReadback", "type": "object" }
+  ],
+  "metadata": { "tags": ["conformance", "multi-agent", "phase-3", "memory", "sr-1", "byok"] },
+  "settings": { "timeout": 15000 }
+}

package/fixtures/conformance-agent-memory-roundtrip.json

@@ -0,0 +1,32 @@
+{
+  "id": "conformance-agent-memory-roundtrip",
+  "name": "Conformance: Agent Memory Round-Trip",
+  "version": "1.0",
+  "description": "Phase 3. Host writes a memory entry via its host-internal trigger surface, then reads it back through MemoryAdapter.list(). The read-back result MUST conform to schemas/memory-entry.schema.json and land in workflow variable `memoryReadback`. See agentMemoryRoundTrip.test.ts.",
+  "nodes": [
+    {
+      "id": "memory-roundtrip",
+      "typeId": "core.identity",
+      "name": "Memory Round-Trip",
+      "position": { "x": 0, "y": 0 },
+      "config": {
+        "memoryAction": "write-then-read"
+      },
+      "inputs": {},
+      "agent": {
+        "agentId": "core.conformance.memory-agent",
+        "memoryRef": "conformance/agent-memory-roundtrip",
+        "modelClass": "chat"
+      }
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [
+    { "name": "memoryReadback", "type": "object" }
+  ],
+  "metadata": { "tags": ["conformance", "multi-agent", "phase-3", "memory"] },
+  "settings": { "timeout": 15000 }
+}

package/fixtures/conformance-agent-memory-ttl.json

@@ -0,0 +1,31 @@
+{
+  "id": "conformance-agent-memory-ttl",
+  "name": "Conformance: Agent Memory TTL Expiry",
+  "version": "1.0",
+  "description": "Phase 3. Writes two memory entries — one with `expiresAt` in the past, one in the future — then lists. The result MUST contain only the future-dated entry. List result lands in `memoryList` variable. See agentMemoryTtlExpiry.test.ts.",
+  "nodes": [
+    {
+      "id": "memory-ttl-probe",
+      "typeId": "core.identity",
+      "name": "Memory TTL Probe",
+      "position": { "x": 0, "y": 0 },
+      "config": {
+        "memoryAction": "ttl-probe"
+      },
+      "inputs": {},
+      "agent": {
+        "agentId": "core.conformance.ttl-agent",
+        "memoryRef": "conformance/agent-memory-ttl"
+      }
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [
+    { "name": "memoryList", "type": "array" }
+  ],
+  "metadata": { "tags": ["conformance", "multi-agent", "phase-3", "memory", "ttl"] },
+  "settings": { "timeout": 10000 }
+}

package/fixtures/conformance-agent-pack-export.json

@@ -0,0 +1,26 @@
+{
+  "id": "conformance-agent-pack-export",
+  "name": "Conformance: Agent Pack Export",
+  "version": "1.0",
+  "description": "Phase 2. No-op workflow; the actual assertion is at GET /v1/packs/export — host MUST project workspace agents to AgentManifest shape with required fields. See agentPackExport.test.ts.",
+  "nodes": [
+    {
+      "id": "noop",
+      "typeId": "core.identity",
+      "name": "Noop (pack-export fixture)",
+      "position": { "x": 0, "y": 0 },
+      "config": {},
+      "inputs": {}
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [],
+  "metadata": {
+    "tags": ["conformance", "multi-agent", "phase-2", "pack-export"],
+    "requiresWorkspaceAgent": "core.conformance.exportable-agent"
+  },
+  "settings": { "timeout": 5000 }
+}

package/fixtures/conformance-agent-pack-install.json

@@ -0,0 +1,26 @@
+{
+  "id": "conformance-agent-pack-install",
+  "name": "Conformance: Agent Pack Install",
+  "version": "1.0",
+  "description": "Phase 2. Installs a pack carrying `agents[]` entries; verifies the host's pack registry surfaces them as AgentManifest-shaped objects. Fixture is a no-op workflow; the actual install/list assertion happens at the registry surface (GET /v1/packs). See agentPackInstall.test.ts.",
+  "nodes": [
+    {
+      "id": "noop",
+      "typeId": "core.identity",
+      "name": "Noop (pack-install fixture)",
+      "position": { "x": 0, "y": 0 },
+      "config": {},
+      "inputs": {}
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [],
+  "metadata": {
+    "tags": ["conformance", "multi-agent", "phase-2", "pack-install"],
+    "requiresInstalledPack": "core.conformance.agent-pack"
+  },
+  "settings": { "timeout": 5000 }
+}

package/fixtures/conformance-agent-pack-provenance.json

@@ -0,0 +1,31 @@
+{
+  "id": "conformance-agent-pack-provenance",
+  "name": "Conformance: Agent Pack Provenance",
+  "version": "1.0",
+  "description": "Phase 2. Runs a node pinned to a pack-installed agent; verifies the runtime AgentRef carries `sourceManifestId` provenance back to the install source. See agentPackProvenance.test.ts.",
+  "nodes": [
+    {
+      "id": "pack-installed-node",
+      "typeId": "core.identity",
+      "name": "Pack-Installed Agent Node",
+      "position": { "x": 0, "y": 0 },
+      "config": {},
+      "inputs": {},
+      "agent": {
+        "agentId": "core.conformance.pack-installed-agent",
+        "sourceManifestId": "core.conformance.agent-pack.installed-agent",
+        "modelClass": "chat"
+      }
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [],
+  "metadata": {
+    "tags": ["conformance", "multi-agent", "phase-2", "provenance"],
+    "requiresInstalledPack": "core.conformance.agent-pack"
+  },
+  "settings": { "timeout": 10000 }
+}

package/fixtures/conformance-agent-reasoning.json

@@ -0,0 +1,29 @@
+{
+  "id": "conformance-agent-reasoning",
+  "name": "Conformance: Agent Reasoning Events",
+  "version": "1.0",
+  "description": "Phase 1. Drives an agent through a reasoning trace + tool call + handoff sequence. Host's mock provider emits agent.reasoned / agent.toolCalled / agent.toolReturned / agent.handoff / agent.decided events with conformant payloads. See agentReasoningEvents.test.ts.",
+  "nodes": [
+    {
+      "id": "reasoner",
+      "typeId": "core.identity",
+      "name": "Reasoning Agent",
+      "position": { "x": 0, "y": 0 },
+      "config": {
+        "emitReasoningTrace": true
+      },
+      "inputs": {},
+      "agent": {
+        "agentId": "core.conformance.reasoning-agent",
+        "modelClass": "reasoning"
+      }
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [],
+  "metadata": { "tags": ["conformance", "multi-agent", "phase-1", "reasoning"] },
+  "settings": { "timeout": 15000 }
+}

package/fixtures/conformance-approval.json

@@ -0,0 +1,27 @@
+{
+  "id": "conformance-approval",
+  "name": "Conformance: Approval",
+  "version": "1.0",
+  "description": "Suspends on an approval interrupt. Resume schema: {action: 'accept'|'reject'}. Verifies HITL primitive end-to-end.",
+  "nodes": [
+    {
+      "id": "gate",
+      "typeId": "core.approvalGate",
+      "name": "Approval Gate",
+      "position": { "x": 0, "y": 0 },
+      "config": {
+        "title": "Conformance approval",
+        "description": "Conformance suite — please accept to complete the run.",
+        "actions": ["accept", "reject"]
+      },
+      "inputs": {}
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [],
+  "metadata": { "tags": ["conformance", "hitl"] },
+  "settings": { "timeout": 0 }
+}

package/fixtures/conformance-cancellable.json

@@ -0,0 +1,33 @@
+{
+  "id": "conformance-cancellable",
+  "name": "Conformance: Cancellable",
+  "version": "1.0",
+  "description": "Long-running delay node. Conformance test starts a run, then issues :cancel; expects terminal `cancelled` within 5s.",
+  "nodes": [
+    {
+      "id": "wait",
+      "typeId": "core.delay",
+      "name": "Wait",
+      "position": { "x": 0, "y": 0 },
+      "config": {},
+      "inputs": {
+        "delayMs": { "type": "variable", "variableName": "delayMs" }
+      }
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [
+    {
+      "name": "delayMs",
+      "type": "number",
+      "description": "Sleep duration (1..60000 ms). Conformance test sets this long enough to issue cancel mid-flight.",
+      "required": true,
+      "defaultValue": 30000
+    }
+  ],
+  "metadata": { "tags": ["conformance"] },
+  "settings": { "timeout": 120000 }
+}