@openwop/openwop-conformance 1.1.1 → 1.3.0

package/src/scenarios/aiEnvelope.universalKinds.test.ts

@@ -0,0 +1,267 @@
+/**
+ * aiEnvelope.universalKinds — FINAL v1.1 advertisement-shape verification + behavioral placeholders.
+ *
+ * Status: DRAFT (advertisement-shape). `spec/v1/ai-envelope.md` landed
+ * 2026-05-17 as DRAFT v1.x. This scenario asserts the advertisement shape
+ * for hosts that opt into the new envelope-contracts surface
+ * (`capabilities.envelopeContracts.advertised: true`) and keeps the deeper
+ * behavioral assertions as `it.todo()` until a reference host wires the
+ * accept path.
+ *
+ * Summary: hosts MUST advertise the four universal kinds (`clarification.request`,
+ * `schema.request`, `schema.response`, `error`) in `capabilities.supportedEnvelopes`
+ * once they opt in. Universals are always-allowed; Envelope Contract gates MUST NOT
+ * refuse them.
+ *
+ * @see spec/v1/ai-envelope.md §"Universal kinds"
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+
+interface DiscoveryDoc {
+  capabilities?: Record<string, unknown>;
+  supportedEnvelopes?: string[];
+}
+
+const UNIVERSALS = ['clarification.request', 'schema.request', 'schema.response', 'error'] as const;
+
+async function readEnvelopeContracts(): Promise<{ advertised: boolean } | null> {
+  const res = await driver.get('/.well-known/openwop');
+  const body = res.json as DiscoveryDoc | undefined;
+  const top = body?.capabilities as Record<string, unknown> | undefined;
+  const block = top && typeof top === 'object' ? (top['envelopeContracts'] as Record<string, unknown> | undefined) : undefined;
+  if (!block || typeof block !== 'object') return null;
+  return { advertised: block['advertised'] === true };
+}
+
+async function readSupportedEnvelopes(): Promise<string[] | null> {
+  const res = await driver.get('/.well-known/openwop');
+  const body = res.json as DiscoveryDoc | undefined;
+  // `supportedEnvelopes` is required v1 at the top level of the discovery payload
+  // per capabilities.schema.json. Some hosts nest it under `capabilities`.
+  const top = body?.supportedEnvelopes ?? (body?.capabilities as { supportedEnvelopes?: string[] } | undefined)?.supportedEnvelopes;
+  return Array.isArray(top) ? top : null;
+}
+
+describe('aiEnvelope.universalKinds: advertisement shape (FINAL v1.1)', () => {
+  it('capabilities.envelopeContracts is either absent or a well-formed object', async () => {
+    const block = await readEnvelopeContracts();
+    if (block === null) return; // host doesn't opt in — skip
+    expect(
+      typeof block.advertised,
+      driver.describe(
+        'ai-envelope.md §"Capability handshake integration"',
+        'capabilities.envelopeContracts.advertised MUST be a boolean when present',
+      ),
+    ).toBe('boolean');
+  });
+
+  it('opted-in hosts advertise every universal kind in supportedEnvelopes', async () => {
+    const block = await readEnvelopeContracts();
+    if (block === null || !block.advertised) return; // not opted in — skip
+    const advertised = await readSupportedEnvelopes();
+    expect(
+      Array.isArray(advertised),
+      driver.describe(
+        'capabilities.schema.json §supportedEnvelopes',
+        'supportedEnvelopes MUST be present as an array on hosts that advertise envelopeContracts',
+      ),
+    ).toBe(true);
+    for (const kind of UNIVERSALS) {
+      expect(
+        advertised!.includes(kind),
+        driver.describe(
+          'ai-envelope.md §"Universal kinds"',
+          `supportedEnvelopes MUST include "${kind}" — universals are always-allowed`,
+        ),
+      ).toBe(true);
+    }
+  });
+});
+
+// Behavioral assertions through the workflow-engine sample's env-gated
+// `POST /v1/host/sample/envelope/accept` seam (the RFC 0021 §A
+// AIEnvelopeAcceptor reference implementation at
+// `apps/workflow-engine/backend/typescript/src/host/envelopeAcceptor.ts`).
+// Each test soft-skips on HTTP 404 (host doesn't expose the seam) so
+// non-sample hosts keep the advertisement-shape coverage above.
+async function accept(envelope: unknown, opts: Record<string, unknown> = {}): Promise<{ status: number; body: { status?: string; reason?: string; details?: unknown[]; envelopeId?: string } }> {
+  const res = await driver.post('/v1/host/sample/envelope/accept', { envelope, ...opts });
+  return { status: res.status, body: res.json as { status?: string; reason?: string; details?: unknown[]; envelopeId?: string } };
+}
+
+const baseMeta = { source: 'ai-generation' as const, ts: '2026-05-18T10:00:00Z' };
+
+describe('aiEnvelope.universalKinds: behavioral accept via /v1/host/sample/envelope/accept (FINAL v1.1)', () => {
+  it('accept clarification.request with valid payload → status: accepted', async () => {
+    const r = await accept({
+      type: 'clarification.request',
+      schemaVersion: 1,
+      envelopeId: 'env-uk-clar',
+      correlationId: 'r:n:0:clar',
+      payload: { questions: [{ id: 'q1', question: 'Which provider?' }] },
+      meta: baseMeta,
+    });
+    if (r.status === 404) return;
+    expect(r.body.status, driver.describe('ai-envelope.md §"Universal kinds"', 'valid clarification.request MUST be accepted')).toBe('accepted');
+  });
+
+  it('accept schema.request → status: accepted', async () => {
+    const r = await accept({
+      type: 'schema.request',
+      schemaVersion: 1,
+      envelopeId: 'env-uk-sr',
+      correlationId: 'r:n:0:sr',
+      payload: { envelopeType: 'vendor.acme.prd.create' },
+      meta: baseMeta,
+    });
+    if (r.status === 404) return;
+    expect(r.body.status).toBe('accepted');
+  });
+
+  it('accept schema.response (ack:true) → status: accepted', async () => {
+    const r = await accept({
+      type: 'schema.response',
+      schemaVersion: 1,
+      envelopeId: 'env-uk-sresp',
+      correlationId: 'r:n:0:sresp',
+      payload: { envelopeType: 'vendor.acme.prd.create', ack: true },
+      meta: baseMeta,
+    });
+    if (r.status === 404) return;
+    expect(r.body.status).toBe('accepted');
+  });
+
+  it('accept error envelope (LLM-emitted) → status: accepted (distinct from host-level ErrorEnvelope)', async () => {
+    const r = await accept({
+      type: 'error',
+      schemaVersion: 1,
+      envelopeId: 'env-uk-err',
+      correlationId: 'r:n:0:err',
+      payload: { code: 'validation_failed', message: 'I cannot produce JSON matching that schema' },
+      meta: baseMeta,
+    });
+    if (r.status === 404) return;
+    expect(r.body.status, driver.describe('ai-envelope.md §error', 'LLM-emitted error envelope MUST be accepted (NOT the host HTTP ErrorEnvelope)')).toBe('accepted');
+  });
+
+  it('refuse invalid clarification.request (missing questions[]) → status: invalid', async () => {
+    const r = await accept({
+      type: 'clarification.request',
+      schemaVersion: 1,
+      envelopeId: 'env-uk-bad',
+      correlationId: 'r:n:0:bad',
+      payload: { contextType: 'form-field' }, // missing required `questions`
+      meta: baseMeta,
+    });
+    if (r.status === 404) return;
+    expect(
+      r.body.status,
+      driver.describe('ai-envelope.md §"Schema discipline"', 'malformed payload MUST be rejected with invalid'),
+    ).toBe('invalid');
+    expect(Array.isArray(r.body.details), 'invalid outcome MUST carry validation details').toBe(true);
+  });
+});
+
+// E.1 engine-projection via the test-only event-log seam.
+import { queryTestEvents, isEventLogSeamAvailable, resetTestSeam } from '../lib/event-log-query.js';
+
+describe('aiEnvelope.universalKinds: engine projection via event-log seam', () => {
+  it('clarification.request MUST be lifted to interrupt.requested { kind: "clarification" } per interrupt.md', async () => {
+    if (!(await isEventLogSeamAvailable())) return;
+    const runId = `r-uk-clar-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+    const r = await accept(
+      {
+        type: 'clarification.request',
+        schemaVersion: 1,
+        envelopeId: 'env-uk-proj-clar',
+        correlationId: `${runId}:n:0:uk-clar`,
+        payload: { questions: [{ id: 'q1', question: 'why?' }] },
+        meta: baseMeta,
+      },
+      { projectTo: { runId, nodeId: 'n' } },
+    );
+    if (r.status === 404) return;
+    expect(r.body.status).toBe('accepted');
+    const events = await queryTestEvents(runId, { type: 'interrupt.requested' });
+    if (!events.ok) return;
+    expect(
+      events.events.length,
+      driver.describe('ai-envelope.md §"Universal kinds"', 'accepted clarification.request MUST project to interrupt.requested per interrupt.md'),
+    ).toBe(1);
+    expect((events.events[0]!.payload as { kind?: string }).kind).toBe('clarification');
+    await resetTestSeam();
+  });
+
+  it('error envelope MUST project to log.appended { level: "error" } — NOT node.failed', async () => {
+    if (!(await isEventLogSeamAvailable())) return;
+    const runId = `r-uk-err-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+    await accept(
+      {
+        type: 'error',
+        schemaVersion: 1,
+        envelopeId: 'env-uk-proj-err',
+        correlationId: `${runId}:n:0:uk-err`,
+        payload: { code: 'validation_failed', message: 'cannot produce JSON' },
+        meta: baseMeta,
+      },
+      { projectTo: { runId, nodeId: 'n' } },
+    );
+    const logs = await queryTestEvents(runId, { type: 'log.appended' });
+    const fails = await queryTestEvents(runId, { type: 'node.failed' });
+    if (!logs.ok || !fails.ok) return;
+    expect(
+      logs.events.some((e) => (e.payload as { level?: string }).level === 'error'),
+      driver.describe('ai-envelope.md §"Universal kinds"', 'LLM-emitted error envelope MUST project to log.appended at error level'),
+    ).toBe(true);
+    expect(
+      fails.events.length,
+      driver.describe('ai-envelope.md §"Universal kinds"', 'LLM-emitted error envelope MUST NOT project to node.failed (distinct from terminal node failure)'),
+    ).toBe(0);
+    await resetTestSeam();
+  });
+
+  it('schema.request projects to log.appended (host implements next-turn injection out-of-band)', async () => {
+    if (!(await isEventLogSeamAvailable())) return;
+    const runId = `r-uk-sr-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+    await accept(
+      {
+        type: 'schema.request',
+        schemaVersion: 1,
+        envelopeId: 'env-uk-proj-sr',
+        correlationId: `${runId}:n:0:uk-sr`,
+        payload: { envelopeType: 'vendor.acme.foo' },
+        meta: baseMeta,
+      },
+      { projectTo: { runId, nodeId: 'n' } },
+    );
+    const events = await queryTestEvents(runId, { type: 'log.appended' });
+    if (!events.ok) return;
+    expect(
+      events.events.length,
+      driver.describe('ai-envelope.md §"Universal kinds"', 'schema.request MUST project to log.appended (the schema delivery itself happens out-of-band via the host\'s next-turn system prompt)'),
+    ).toBeGreaterThan(0);
+    await resetTestSeam();
+  });
+});
+
+describe('aiEnvelope.universalKinds: schema.response counter-policy advertisement (ai-envelope.md §"Universal kinds")', () => {
+  it('host MAY count or exempt schema.response against envelopesPerTurn; when advertised, the policy field MUST be a documented enum value', async () => {
+    // Per ai-envelope.md §"Universal kinds": "Engines MAY count this against
+    // Capabilities.limits.envelopesPerTurn or exempt it; conformance does
+    // not lock this choice." The conformance test only verifies that hosts
+    // advertising a policy field use a documented value.
+    const res = await driver.get('/.well-known/openwop');
+    const body = res.json as { capabilities?: { aiEnvelope?: { schemaResponseCounterPolicy?: string } } } | undefined;
+    const policy = body?.capabilities?.aiEnvelope?.schemaResponseCounterPolicy;
+    if (policy === undefined) return; // no policy advertised — host MAY omit
+    expect(
+      ['counted', 'exempt'].includes(policy),
+      driver.describe(
+        'ai-envelope.md §"Universal kinds"',
+        'when advertised, schemaResponseCounterPolicy MUST be either "counted" or "exempt"',
+      ),
+    ).toBe(true);
+  });
+});

package/src/scenarios/append-ordering.test.ts

@@ -26,11 +26,21 @@ const SKIP = !FIXTURE;
 interface ChannelWrittenPayload {
   channel?: string;
   value?: unknown;
+  /**
+   * Per `channel-written-payload.schema.json` — present on inbound
+   * cross-engine writes per `channels-and-reducers.md §"Across
+   * engines"`. When ANY event in the run carries this field, the
+   * cross-engine assertions (CF-8) MUST hold in addition to the
+   * intra-engine ordering rule.
+   */
+  sourceEngineId?: string;
+  sourceRunId?: string;
 }
 
 interface RunEvent {
   type: string;
   sequence: number;
+  eventId?: string;
   payload?: ChannelWrittenPayload;
 }
 
@@ -74,6 +84,40 @@ describe.skipIf(SKIP)('append-ordering: folded channel reflects event sequence',
       }
     }
 
+    // CF-8: cross-engine ordering rule. When ANY channel.written
+    // event carries `sourceEngineId`, the owner-engine MUST have
+    // assigned the recorded `sequence` at append time and the event
+    // log MUST remain strictly monotonic regardless of source. The
+    // intra-engine check above already verifies monotonicity per
+    // channel; here we additionally verify (1) at least one cross-
+    // engine and one own-engine write coexist correctly, and (2) any
+    // tie in the secondary `(sequence, eventId)` order is broken
+    // deterministically (no two events share both fields).
+    const allWrites = Array.from(byChannel.values()).flat();
+    const crossEngineWrites = allWrites.filter(
+      (e) => typeof e.payload?.sourceEngineId === 'string',
+    );
+    if (crossEngineWrites.length > 0) {
+      // Property: every cross-engine event carries BOTH sourceEngineId
+      // AND sourceRunId (per channel-written-payload.schema.json).
+      for (const e of crossEngineWrites) {
+        expect(typeof e.payload?.sourceRunId, driver.describe(
+          'channel-written-payload.schema.json',
+          'cross-engine writes MUST carry sourceRunId alongside sourceEngineId',
+        )).toBe('string');
+      }
+      // Property: (sequence, eventId) is a total order — no duplicates.
+      const seen = new Set<string>();
+      for (const e of allWrites) {
+        const key = `${e.sequence}::${e.eventId ?? ''}`;
+        expect(seen.has(key), driver.describe(
+          'channels-and-reducers.md §"Tie-breaking when sequences collide"',
+          `(sequence, eventId) MUST be unique across the run — duplicate found: ${key}`,
+        )).toBe(false);
+        seen.add(key);
+      }
+    }
+
     // Cross-check against the projected channel state on the run snapshot
     // (when surfaced) — projected array length MUST equal the number of writes.
     const snapshot = await driver.get(`/v1/runs/${encodeURIComponent(runId)}`);

package/src/scenarios/artifact-auth.test.ts

@@ -0,0 +1,58 @@
+/**
+ * CF-4 close-out (partial) — explicit scope-failure coverage on
+ * `GET /v1/runs/{runId}/artifacts/{artifactId}` per
+ * `plans/openwop-protocol-gap-closure-plan.md` Workstream 2.
+ *
+ * The existing `route-coverage.test.ts` covers 404 / 403 envelope
+ * shape on an unknown artifact. This scenario adds the 401 path —
+ * an unauthenticated request to the artifact endpoint MUST return
+ * 401 with the canonical `unauthenticated` envelope, NEVER 200 (no
+ * cross-tenant leak via missing-auth coercion) and NEVER a redirect.
+ *
+ * Positive-path coverage (reading an artifact a workflow actually
+ * produced) is host-pending — no reference host currently implements
+ * `getArtifact` end-to-end; the path lights up when the first host
+ * advertises an artifact-producing fixture.
+ *
+ * @see api/openapi.yaml §`getArtifact`
+ * @see spec/v1/rest-endpoints.md §"GET /v1/runs/{runId}/artifacts/{artifactId}"
+ */
+
+import { describe, it, expect } from 'vitest';
+
+import { driver } from '../lib/driver.js';
+import { loadEnv } from '../lib/env.js';
+
+describe('artifact-auth: unauthenticated artifact requests are rejected', () => {
+  it('GET /v1/runs/{runId}/artifacts/{artifactId} without Authorization returns 401', async () => {
+    const env = loadEnv();
+    // Use node:fetch directly with NO Authorization header — bypass the
+    // driver's auto-auth so we exercise the unauthenticated code path.
+    const res = await fetch(
+      `${env.baseUrl}/v1/runs/openwop-conformance-noauth-run/artifacts/openwop-conformance-noauth-artifact`,
+    );
+    expect(res.status, driver.describe(
+      'rest-endpoints.md GET /v1/runs/{runId}/artifacts/{artifactId}',
+      'artifact endpoint MUST reject unauthenticated requests with 401 (never 200, never redirect)',
+    )).toBe(401);
+    expect(res.status, 'redirect MUST NOT be used to handle missing auth on artifact endpoint').not.toBe(301);
+    expect(res.status, 'redirect MUST NOT be used to handle missing auth on artifact endpoint').not.toBe(302);
+    expect(res.status).not.toBe(200);
+
+    // Canonical error envelope: error: 'unauthenticated', message: string.
+    let body: { error?: string; message?: string };
+    try {
+      body = (await res.json()) as typeof body;
+    } catch {
+      // Some hosts return a bare 401 with no body — acceptable. Skip the
+      // envelope-shape assertion in that case.
+      return;
+    }
+    if (typeof body.error === 'string') {
+      expect(body.error, driver.describe(
+        'auth.md §"Error envelope"',
+        '401 envelope SHOULD carry `error: "unauthenticated"` for missing-auth on artifact endpoint',
+      )).toBe('unauthenticated');
+    }
+  });
+});

package/src/scenarios/blob-cross-tenant-isolation.test.ts

@@ -0,0 +1,66 @@
+/**
+ * blob-cross-tenant-isolation — RFC 0019 §B point 1.
+ *
+ * Status: ACTIVE (advertisement + behavioral). Asserts that blobs put
+ * under tenant A MUST NOT be retrievable under tenant B at the same key.
+ *
+ * @see RFCS/0019-host-blob-cache-capability.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+
+interface DiscoveryDoc {
+  capabilities?: Record<string, unknown>;
+}
+
+async function readCap(): Promise<Record<string, unknown> | null> {
+  const res = await driver.get('/.well-known/openwop');
+  const body = res.json as DiscoveryDoc | undefined;
+  const top = body?.capabilities as Record<string, unknown> | undefined;
+  const final = (top && typeof top === 'object') ? (top as Record<string, unknown>)["blobStorage"] : undefined;
+  return (final && typeof final === 'object' ? (final as Record<string, unknown>) : null);
+}
+
+async function call(tenantId: string, op: string, args: Record<string, unknown>) {
+  return driver.post('/v1/host/sample/test/surface', { tenantId, surface: 'blob', op, args });
+}
+
+describe('blob-cross-tenant-isolation: advertisement shape (RFC 0019)', () => {
+  it('capabilities.blobStorage is either absent or a well-formed object', async () => {
+    const cap = await readCap();
+    if (cap === null) return;
+    expect(
+      typeof cap.supported,
+      driver.describe(
+        'capabilities.schema.json §blobStorage',
+        'capabilities.blobStorage.supported MUST be a boolean when present',
+      ),
+    ).toBe('boolean');
+  });
+});
+
+describe('blob-cross-tenant-isolation: behavioral (RFC 0019 §B point 1)', () => {
+  it('put under tenant A → get under tenant B with same key returns found:false', async () => {
+    const cap = await readCap();
+    if (!cap || cap.supported !== true) return;
+    const key = `xtenant-blob-${Date.now()}-${Math.random().toString(36).slice(2, 6)}`;
+
+    const putRes = await call('tenant-a', 'put', {
+      bucket: 'default',
+      key,
+      contentBase64: Buffer.from('from-A').toString('base64'),
+      contentType: 'text/plain',
+    });
+    if (putRes.status === 404) return;
+    expect(putRes.status, 'put MUST succeed').toBe(200);
+
+    const getRes = await call('tenant-b', 'get', { bucket: 'default', key });
+    expect(getRes.status).toBe(200);
+    const body = getRes.json as { found?: boolean };
+    expect(
+      body.found,
+      driver.describe('RFC 0019 §B point 1', 'tenant B MUST NOT retrieve tenant A blob at same key'),
+    ).toBe(false);
+  });
+});

package/src/scenarios/blob-presign-expiry.test.ts

@@ -0,0 +1,99 @@
+/**
+ * blob-presign-expiry — RFC 0019 advertisement-shape verification + behavioral placeholders.
+ *
+ * Status: ACTIVE (advertisement-shape). RFC 0019 promoted to `Active`
+ * 2026-05-17. The matching `capabilities.blobStorage` block has landed in
+ * `schemas/capabilities.schema.json`. This scenario asserts the advertisement
+ * shape against any host that boots the conformance suite, and keeps the
+ * deeper behavioral assertions as `it.todo()` until a reference host wires
+ * a test seam.
+ *
+ * Summary: Presigned URLs MUST expire at the advertised TTL.
+ *
+ * @see RFCS/0019-*.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+
+interface DiscoveryDoc {
+  capabilities?: Record<string, unknown>;
+}
+
+async function readCap(): Promise<Record<string, unknown> | null> {
+  const res = await driver.get('/.well-known/openwop');
+  const body = res.json as DiscoveryDoc | undefined;
+  const top = body?.capabilities as Record<string, unknown> | undefined;
+  const final = (top && typeof top === 'object') ? (top as Record<string, unknown>)["blobStorage"] : undefined;
+  return (final && typeof final === 'object' ? (final as Record<string, unknown>) : null);
+}
+
+describe('blob-presign-expiry: advertisement shape (RFC 0019)', () => {
+  it('capabilities.blobStorage is either absent or a well-formed object', async () => {
+    const cap = await readCap();
+    if (cap === null) return; // host doesn't advertise — skip
+    expect(
+      typeof cap.supported,
+      driver.describe(
+        'capabilities.schema.json §blobStorage',
+        'capabilities.blobStorage.supported MUST be a boolean when present',
+      ),
+    ).toBe('boolean');
+  });
+
+  it('presignSupported is a boolean when set', async () => {
+    const cap = await readCap();
+    if (!cap || cap.supported !== true) return;
+    const subParts = ["presignSupported"];
+    let sub: unknown = cap;
+    for (const p of subParts) {
+      if (sub && typeof sub === 'object') sub = (sub as Record<string, unknown>)[p];
+      else { sub = undefined; break; }
+    }
+    if (sub === undefined) return; // optional sub-field
+    expect(
+      typeof sub,
+      driver.describe(
+        'RFC 0019 §A',
+        'blobStorage.presignSupported MUST be boolean when present',
+      ),
+    ).toBe('boolean');
+  });
+});
+
+async function call(op: string, args: Record<string, unknown>) {
+  return driver.post('/v1/host/sample/test/surface', { tenantId: 'tenant-a', surface: 'blob', op, args });
+}
+
+describe('blob-presign-expiry: behavioral (RFC 0019 §B point 1)', () => {
+  it('presigned URL MUST resolve to the blob inside its TTL window and return 403 after expiry', async () => {
+    const probe = await call('get', { key: '__probe__' });
+    if (probe.status === 404) return; // seam not exposed
+    const key = `pre-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+    const contentBase64 = Buffer.from('presigned-payload').toString('base64');
+    await call('put', { key, contentBase64, contentType: 'text/plain' });
+
+    // presign with TTL=2s
+    const presign = await call('presign', { key, expiresInSeconds: 2 });
+    expect(presign.status).toBe(200);
+    const body = presign.json as { url?: string; expiresAtMs?: number };
+    expect(typeof body.url, 'presign MUST return a URL').toBe('string');
+
+    // Fetch within the window — MUST return 200 + the bytes
+    const within = await driver.get(body.url!);
+    if (within.status === 404) return; // host doesn't expose the resolver route — soft-skip the expiry side too
+    expect(
+      within.status,
+      driver.describe('RFC 0019 §B point 1', 'presigned URL MUST resolve to 200 within its TTL window'),
+    ).toBe(200);
+
+    // Wait past expiry (TTL=2s + 1s buffer)
+    await new Promise((r) => setTimeout(r, 3000));
+
+    const after = await driver.get(body.url!);
+    expect(
+      after.status,
+      driver.describe('RFC 0019 §B point 1', 'presigned URL MUST return 403 after TTL expiry'),
+    ).toBe(403);
+  });
+});

package/src/scenarios/cache-cross-tenant-isolation.test.ts

@@ -0,0 +1,61 @@
+/**
+ * cache-cross-tenant-isolation — RFC 0019 §B point 2.
+ *
+ * Status: ACTIVE (advertisement + behavioral). Asserts that cache entries
+ * put under tenant A MUST NOT hit on get under tenant B at the same key.
+ *
+ * @see RFCS/0019-host-blob-cache-capability.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+
+interface DiscoveryDoc {
+  capabilities?: Record<string, unknown>;
+}
+
+async function readCap(): Promise<Record<string, unknown> | null> {
+  const res = await driver.get('/.well-known/openwop');
+  const body = res.json as DiscoveryDoc | undefined;
+  const top = body?.capabilities as Record<string, unknown> | undefined;
+  const final = (top && typeof top === 'object') ? (top as Record<string, unknown>)["cache"] : undefined;
+  return (final && typeof final === 'object' ? (final as Record<string, unknown>) : null);
+}
+
+async function call(tenantId: string, op: string, args: Record<string, unknown>) {
+  return driver.post('/v1/host/sample/test/surface', { tenantId, surface: 'cache', op, args });
+}
+
+describe('cache-cross-tenant-isolation: advertisement shape (RFC 0019)', () => {
+  it('capabilities.cache is either absent or a well-formed object', async () => {
+    const cap = await readCap();
+    if (cap === null) return;
+    expect(
+      typeof cap.supported,
+      driver.describe(
+        'capabilities.schema.json §cache',
+        'capabilities.cache.supported MUST be a boolean when present',
+      ),
+    ).toBe('boolean');
+  });
+});
+
+describe('cache-cross-tenant-isolation: behavioral (RFC 0019 §B point 2)', () => {
+  it('put under tenant A → get under tenant B returns miss', async () => {
+    const cap = await readCap();
+    if (!cap || cap.supported !== true) return;
+    const key = `xtenant-cache-${Date.now()}-${Math.random().toString(36).slice(2, 6)}`;
+
+    const putRes = await call('tenant-a', 'put', { key, value: 'from-A', ttlSeconds: 60 });
+    if (putRes.status === 404) return;
+    expect(putRes.status, 'put MUST succeed').toBe(200);
+
+    const getRes = await call('tenant-b', 'get', { key });
+    expect(getRes.status).toBe(200);
+    const body = getRes.json as { hit?: boolean };
+    expect(
+      body.hit,
+      driver.describe('RFC 0019 §B point 2', 'tenant B MUST NOT hit tenant A cache entry at same key'),
+    ).toBe(false);
+  });
+});