@openwop/openwop-conformance 1.1.1 → 1.3.0

package/schemas/pack-lockfile.schema.json

@@ -25,6 +25,22 @@
       "type": "array",
       "description": "Resolved pack records, one per pack referenced (transitively) by the workspace's workflow definitions. Order is informational only; resolvers MUST NOT rely on order. Empty arrays are allowed (a workspace with no packs).",
       "items": { "$ref": "#/$defs/ResolvedPack" }
+    },
+    "overrides": {
+      "type": "object",
+      "description": "Optional override map per `node-packs.md` §\"Transitive dependency resolution\" §\"Override pinning\". Keys are pack names; values are exact pinned versions that resolvers MUST honor ahead of normal range resolution. The override version MUST still satisfy at least one parent's declared range — silently breaking the contract fails with `pack_dependency_conflict`. Use sparingly: security patches, conflict resolution, supply-chain pinning.",
+      "additionalProperties": {
+        "type": "string",
+        "minLength": 1,
+        "maxLength": 64,
+        "description": "Exact pinned version that overrides this pack's normal range resolution."
+      }
+    },
+    "fallbackRegistries": {
+      "type": "array",
+      "items": { "type": "string", "format": "uri" },
+      "uniqueItems": true,
+      "description": "Optional ordered list of fallback registry base URLs per `registry-operations.md` §\"Registry mirror + federation\". When a pack is not found in the primary `registry`, resolvers MUST consult each fallback in order. The first registry returning a 200 for the version manifest wins. Trust roots are per-registry — a fallback being listed here does NOT imply trust transitivity. Each pack's signature is verified against the issuing registry's `signingKeys[]` allow-list."
     }
   },
   "additionalProperties": false,

package/schemas/run-event-payloads.schema.json

@@ -2,7 +2,7 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$id": "https://openwop.dev/spec/v1/run-event-payloads.schema.json",
   "title": "RunEventPayloads",
-  "description": "Per-RunEventType payload schemas. The base RunEventDoc shape (run-event.schema.json) leaves `payload` permissive for forward-compat. This schema defines the canonical payload contract for each known RunEventType. Consumers MAY pin strict payload validation via `$defs.<typeId>` and `ajv.validate(schema.$defs[event.type], event.payload)`. Unknown event types MUST be tolerated (no $defs match → fold best-effort).\n\n48 variants from `run-event.schema.json#$defs.RunEventType` are covered, grouped into ~20 shape families with shared $defs. Naming convention: camelCase keys mirror dotted RunEventType names (e.g., `run.started` → `runStarted`).",
+  "description": "Per-RunEventType payload schemas. The base RunEventDoc shape (run-event.schema.json) leaves `payload` permissive for forward-compat. This schema defines the canonical payload contract for each known RunEventType. Consumers MAY pin strict payload validation via `$defs.<typeId>` and `ajv.validate(schema.$defs[event.type], event.payload)`. Unknown event types MUST be tolerated (no $defs match → fold best-effort).\n\n50 variants from `run-event.schema.json#$defs.RunEventType` are covered, grouped into ~20 shape families with shared $defs. Naming convention: camelCase keys mirror dotted RunEventType names (e.g., `run.started` → `runStarted`).",
   "type": "object",
   "$defs": {
     "_typeIndex": {
@@ -49,6 +49,8 @@
         "lease.handed-off":          { "$ref": "#/$defs/leaseHandedOff" },
         "replay.diverged":           { "$ref": "#/$defs/replayDiverged" },
         "agent.reasoned":            { "$ref": "#/$defs/agentReasoned" },
+        "agent.reasoning.delta":     { "$ref": "#/$defs/agentReasoningDelta" },
+        "provider.usage":            { "$ref": "#/$defs/providerUsage" },
         "agent.toolCalled":          { "$ref": "#/$defs/agentToolCalled" },
         "agent.toolReturned":        { "$ref": "#/$defs/agentToolReturned" },
         "agent.handoff":             { "$ref": "#/$defs/agentHandoff" },
@@ -564,6 +566,38 @@
       "additionalProperties": true
     },
 
+    "agentReasoningDelta": {
+      "type": "object",
+      "description": "RFC 0024. Incremental reasoning chunk for live-streaming UX. Emitted while a reasoning block is still open, BEFORE the corresponding `agent.reasoned` finalization. Consumers concatenate `delta` strings in arrival order to reconstruct the in-progress trace; the closing `agent.reasoned` event carries the FULL authoritative `reasoning`. Gated on `capabilities.agents.reasoning.streaming: true`. NOTE: `additionalProperties: true` mirrors the Phase-1 multi-agent-shift carve-out applied to the sibling `agentReasoned` schema — a deliberate forward-compat exception per RFC 0024 §Compatibility, not a precedent generalizable to other event payloads.",
+      "required": ["agentId", "delta", "sequence"],
+      "properties": {
+        "agentId":   { "type": "string", "minLength": 3, "maxLength": 256, "description": "AgentRef.agentId of the reasoning agent. MUST match the eventual closing `agent.reasoned`." },
+        "delta":     { "type": "string", "description": "New reasoning content since the previous delta event in this block (or since block open, if `sequence` is 0)." },
+        "sequence":  { "type": "integer", "minimum": 0, "description": "Monotonically-increasing index within the current reasoning block. Starts at 0 for the first delta in a block; resets at each new block open. Consumers MAY use this to detect dropped events." },
+        "verbosity": { "type": "string", "enum": ["summary", "full", "off"], "description": "Verbosity mode the host resolved for this block. SHOULD match the verbosity reported on the closing `agent.reasoned`." }
+      },
+      "additionalProperties": true
+    },
+
+    "providerUsage": {
+      "type": "object",
+      "description": "RFC 0026. Per-call usage record emitted after every LLM provider invocation. Durably persisted in the run event log; consumed by replay, webhook subscribers, billing reconciliation. The OTel `openwop.cost.*` attribute group (per `observability.md §\"Cost attribution attributes\"`) is the observability sibling — this event type is the durable record. Replay determinism: `inputTokens` + `outputTokens` MUST replay identically; `costEstimateUsd` MAY be omitted on replay. The payload MUST NOT carry credentialRefs, hashed credential identifiers, or prompt/response substrings per `SECURITY/threat-model-secret-leakage.md §SR-1` (enforced by SECURITY invariant `provider-usage-no-credential-leak`).",
+      "required": ["provider", "model", "inputTokens", "outputTokens"],
+      "properties": {
+        "provider":        { "type": "string", "minLength": 1, "description": "Canonical provider id (lowercase ASCII, e.g. \"anthropic\", \"openai\", \"google\"). Same value as the `openwop.cost.provider` OTel attribute." },
+        "model":           { "type": "string", "minLength": 1, "description": "Provider-stamped model id as the model expects it. Same value used in the LLM cache-key recipe per `replay.md §A`." },
+        "inputTokens":     { "type": "integer", "minimum": 0, "description": "Input/prompt tokens billed for this call. Matches the provider response's input-token count verbatim." },
+        "outputTokens":    { "type": "integer", "minimum": 0, "description": "Output/completion tokens billed for this call. Matches the provider response's output-token count verbatim." },
+        "totalTokens":     { "type": "integer", "minimum": 0, "description": "Convenience sum (inputTokens + outputTokens). Consumers MAY compute themselves; emitters MAY include for readability." },
+        "costEstimateUsd": { "type": "number", "minimum": 0, "description": "ADVISORY estimate in USD computed by the host's static rate table. MUST NOT be used for billing — real billing is external. Hosts SHOULD omit when no rate is known rather than emit 0." },
+        "currency":        { "type": "string", "pattern": "^[A-Z]{3}$", "description": "ISO 4217 code when `costEstimateUsd` is non-USD; the field name stays `costEstimateUsd` for back-compat but `currency` overrides the implied denomination." },
+        "cacheHit":        { "type": "boolean", "description": "True iff this call was served from the LLM response cache per `replay.md §\"LLM cache-key recipe\"`. When true, inputTokens/outputTokens reflect the ORIGINAL call's billed values; the cached invocation incurred zero new provider cost." },
+        "nodeId":          { "type": "string", "description": "The node id that initiated the provider call. Required for per-node cost attribution dashboards." },
+        "traceId":         { "type": "string", "description": "OTel trace id linking this event to the matching `openwop.cost.*` span. Lets observability backends correlate event-log entries with traces." }
+      },
+      "additionalProperties": false
+    },
+
     "agentToolCalled": {
       "type": "object",
       "description": "Multi-Agent Shift Phase 1. Emitted when an agent invokes a tool. Pairs with `agent.toolReturned` via shared `callId`.",

package/schemas/run-event.schema.json

@@ -102,6 +102,8 @@
         "lease.handed-off",
         "replay.diverged",
         "agent.reasoned",
+        "agent.reasoning.delta",
+        "provider.usage",
         "agent.toolCalled",
         "agent.toolReturned",
         "agent.handoff",

package/schemas/workflow-chain-pack-manifest.schema.json

@@ -0,0 +1,226 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/workflow-chain-pack-manifest.schema.json",
+  "title": "WorkflowChainPackManifest",
+  "description": "Manifest for a published OpenWOP workflow-chain pack — `pack.json` at the pack root with `kind: \"workflow-chain\"`. Distinct from node-pack-manifest.schema.json. See workflow-chain-packs.md for the canonical contract and RFC 0013 for the rationale. Chain packs are workflow-edit-time abstractions: a host editor expands each declared chain inline into the parent workflow at author time, so the dispatching runtime sees only concrete `core.*` (or published-vendor) typeIds.",
+  "type": "object",
+  "required": ["name", "version", "kind", "engines", "chains"],
+  "properties": {
+    "name": {
+      "type": "string",
+      "description": "Reverse-DNS pack name per node-packs.md §Naming. Reserved scopes are identical (`core.*` / `vendor.<org>.*` / `community.<author>.*` / `private.<host>.*` / `local.*`).",
+      "pattern": "^(core|vendor|community|private)\\.[a-z][a-z0-9_-]*(\\.[a-z][a-zA-Z0-9_-]*)+$",
+      "minLength": 1,
+      "maxLength": 256
+    },
+    "version": {
+      "type": "string",
+      "description": "Pack-level version per Semantic Versioning 2.0.0.",
+      "pattern": "^\\d+\\.\\d+\\.\\d+(?:-[0-9A-Za-z.-]+)?(?:\\+[0-9A-Za-z.-]+)?$"
+    },
+    "kind": {
+      "type": "string",
+      "const": "workflow-chain",
+      "description": "Pack kind discriminator. MUST be the literal string `\"workflow-chain\"` for this schema. Manifests carrying `kind: \"node\"` (or omitting `kind`) validate against `node-pack-manifest.schema.json` instead."
+    },
+    "description": { "type": "string", "maxLength": 1024 },
+    "author": { "type": "string" },
+    "license": { "type": "string", "description": "SPDX license identifier (e.g., `Apache-2.0`)." },
+    "homepage": { "type": "string", "format": "uri" },
+    "repository": { "type": "string", "format": "uri" },
+    "keywords": {
+      "type": "array",
+      "items": { "type": "string", "maxLength": 64 },
+      "maxItems": 50
+    },
+    "engines": {
+      "type": "object",
+      "required": ["openwop"],
+      "properties": {
+        "openwop": {
+          "type": "string",
+          "description": "Semver range — which openwop protocol versions this pack works against."
+        }
+      },
+      "additionalProperties": true,
+      "$comment": "Open by design — packs MAY advertise extra engine constraints (`node`, `python`, etc.) that consumer hosts ignore but operator tooling consumes. Mirrors the shape used in node-pack-manifest.schema.json."
+    },
+    "dependencies": {
+      "type": "object",
+      "additionalProperties": { "type": "string" },
+      "description": "Other node packs whose typeIds this pack's chains reference. Map of pack name → semver range. The host editor uses this map at expansion time to verify referenced typeIds resolve."
+    },
+    "chains": {
+      "type": "array",
+      "minItems": 1,
+      "items": { "$ref": "#/$defs/WorkflowChain" },
+      "description": "Chains the pack contributes. Each MUST have a unique `chainId` within the pack."
+    },
+    "signing": { "$ref": "#/$defs/Signing" }
+  },
+  "additionalProperties": false,
+  "$defs": {
+    "WorkflowChain": {
+      "type": "object",
+      "required": ["chainId", "version", "label", "description", "parameters", "dag"],
+      "description": "A single workflow-chain entry — a pre-configured DAG fragment + parameter schema that the host editor expands inline at author time. See workflow-chain-packs.md §Chain entry shape.",
+      "properties": {
+        "chainId": {
+          "type": "string",
+          "description": "Canonical chain id — namespaced like a node typeId (reverse-DNS pattern). The pack's `name` prefix is recommended (e.g., pack `vendor.acme.editor-presets` exposing `vendor.acme.generatePRD`).",
+          "pattern": "^[a-z][a-zA-Z0-9._-]*$",
+          "minLength": 1,
+          "maxLength": 256
+        },
+        "version": {
+          "type": "string",
+          "description": "Per-chain semver. MAY differ from the pack's overall version so a single pack can ship multiple chains that evolve independently.",
+          "pattern": "^\\d+\\.\\d+\\.\\d+(?:-[0-9A-Za-z.-]+)?(?:\\+[0-9A-Za-z.-]+)?$"
+        },
+        "label": {
+          "type": "string",
+          "minLength": 1,
+          "description": "Human-readable display label for the host editor's drag-tile catalog."
+        },
+        "description": {
+          "type": "string",
+          "description": "One-paragraph description of what the chain produces. Surfaced in host editor tile hover-text."
+        },
+        "parameters": {
+          "type": "object",
+          "description": "JSON Schema 2020-12 fragment describing the parameter values the host editor MUST collect from the author at drop time. Authors-supplied values are validated against this schema before expansion proceeds; invalid input MUST be rejected with `chain_parameter_invalid`.",
+          "additionalProperties": true,
+          "$comment": "Open by design — this field IS a JSON Schema document, so it must accept any of the 30+ JSON Schema 2020-12 keywords (`type`, `properties`, `required`, `oneOf`, `allOf`, etc.). Strict closure would require importing the JSON Schema meta-schema."
+        },
+        "dag": { "$ref": "#/$defs/WorkflowDefinitionFragment" },
+        "outputs": {
+          "type": "object",
+          "additionalProperties": { "$ref": "#/$defs/ChainOutput" },
+          "description": "Declared outputs the chain surfaces to the parent workflow. Keys are output names; values declare type + description."
+        },
+        "capabilities": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "enum": ["streamable", "cacheable", "side-effectful", "mcp-exportable"]
+          },
+          "uniqueItems": true,
+          "description": "Capability traits to propagate to every expanded node. Hosts MUST copy this array into each expanded `WorkflowNode.capabilities` so existing capability gates apply uniformly."
+        }
+      },
+      "additionalProperties": false
+    },
+    "ChainOutput": {
+      "type": "object",
+      "required": ["type", "description"],
+      "properties": {
+        "type": {
+          "type": "string",
+          "description": "JSON Schema type token (`string` / `number` / `boolean` / `object` / `array`)."
+        },
+        "description": {
+          "type": "string",
+          "description": "One-line description of the output's meaning."
+        }
+      },
+      "additionalProperties": false
+    },
+    "WorkflowDefinitionFragment": {
+      "type": "object",
+      "required": ["nodes"],
+      "description": "Subset of workflow-definition.schema.json. `id`/`name`/`version`/`triggers`/`settings`/`metadata` MUST be omitted (host generates per-expansion); `variables` is replaced by the chain's top-level `parameters`. See workflow-chain-packs.md §WorkflowDefinitionFragment.",
+      "properties": {
+        "nodes": {
+          "type": "array",
+          "minItems": 1,
+          "items": { "$ref": "#/$defs/FragmentNode" },
+          "description": "Nodes in the fragment. Every node's `typeId` MUST reference a published node-pack typeId or a reserved `core.*` typeId."
+        },
+        "edges": {
+          "type": "array",
+          "items": { "$ref": "#/$defs/FragmentEdge" },
+          "description": "Edges between fragment nodes. Required when `nodes.length > 1`."
+        }
+      },
+      "additionalProperties": false
+    },
+    "FragmentNode": {
+      "type": "object",
+      "description": "Mirror of `workflow-definition.schema.json#/$defs/WorkflowNode` with relaxed `required[]` (chain authors MAY omit `name`/`position`/`config`/`inputs` for trivial pass-through nodes). Maintenance note: when fields are added to `WorkflowNode` in `workflow-definition.schema.json`, mirror the addition here so chain packs can express the same shapes. Drift here means chain-pack authors can't use new node features.",
+      "required": ["id", "typeId"],
+      "properties": {
+        "id": {
+          "type": "string",
+          "minLength": 1,
+          "description": "Node id, unique within the fragment. Hosts MUST rewrite these to globally-unique ids at expansion time."
+        },
+        "typeId": {
+          "type": "string",
+          "pattern": "^[a-z][a-zA-Z0-9._-]*$",
+          "minLength": 1,
+          "maxLength": 256
+        },
+        "name": { "type": "string" },
+        "position": {
+          "type": "object",
+          "properties": {
+            "x": { "type": "number" },
+            "y": { "type": "number" }
+          },
+          "additionalProperties": false
+        },
+        "config": {
+          "type": "object",
+          "description": "Node config — host-validated against the referenced typeId's config schema. String fields MAY contain `{{params.<name>}}` placeholders that the host MUST substitute at expansion time.",
+          "additionalProperties": true,
+          "$comment": "Open by design — node config shapes are per-typeId and only known to the host at expansion time when the referenced typeId's config schema is resolved. Cross-typeId enforcement happens at the expansion step, not at manifest-validation time."
+        },
+        "inputs": {
+          "type": "object",
+          "description": "Per-port input wiring. String values MAY contain `{{params.<name>}}` placeholders.",
+          "additionalProperties": true,
+          "$comment": "Open by design — port shapes are per-typeId, same reasoning as `config` above."
+        }
+      },
+      "additionalProperties": false
+    },
+    "FragmentEdge": {
+      "type": "object",
+      "required": ["from", "to"],
+      "properties": {
+        "from": {
+          "type": "string",
+          "description": "Source node id (must reference a node in `nodes[]`). MAY use `nodeId.outputPort` syntax to bind a specific output port."
+        },
+        "to": {
+          "type": "string",
+          "description": "Target node id (must reference a node in `nodes[]`). MAY use `nodeId.inputPort` syntax."
+        },
+        "condition": {
+          "type": "string",
+          "description": "Optional edge condition expression — same shape as a top-level workflow edge's condition."
+        }
+      },
+      "additionalProperties": false
+    },
+    "Signing": {
+      "type": "object",
+      "description": "Optional signing metadata. Reuses node-packs.md §signing unchanged.",
+      "properties": {
+        "publicKeyRef": {
+          "type": "string",
+          "description": "Path inside the tarball to the Ed25519 public key (PEM-encoded)."
+        },
+        "signatureRef": {
+          "type": "string",
+          "description": "Path to the detached signature over `pack.json`."
+        },
+        "method": {
+          "type": "string",
+          "enum": ["manual", "sigstore"]
+        }
+      },
+      "additionalProperties": false
+    }
+  }
+}

package/src/lib/driver.ts

@@ -78,6 +78,21 @@ class OpenWOPDriver {
     return this.request('POST', path, { ...init, body });
   }
 
+  /** PUT helper. The body is JSON-stringified by default; pass a string
+   *  Content-Type header for raw-body PUTs (e.g. tarball uploads).
+   *  Production hosts that accept tarball PUTs on /v1/packs/* expect
+   *  `Content-Type: application/octet-stream`; callers MUST set the
+   *  header explicitly when uploading non-JSON. */
+  put(path: string, body: unknown, init: OpenWOPRequestInit = {}): Promise<OpenWOPResponse> {
+    return this.request('PUT', path, { ...init, body });
+  }
+
+  /** DELETE alias for the canonical name. Keeps the call-site shorter
+   *  for scenarios that delete via `driver.del(...)`. */
+  del(path: string, init: OpenWOPRequestInit = {}): Promise<OpenWOPResponse> {
+    return this.request('DELETE', path, init);
+  }
+
   delete(path: string, init: OpenWOPRequestInit = {}): Promise<OpenWOPResponse> {
     return this.request('DELETE', path, init);
   }

package/src/lib/env.ts

@@ -25,6 +25,28 @@
  *     hosts go strict-mode green without falsifying capability claims.
  *     Example for SQLite:
  *       OPENWOP_OPTED_OUT_PROFILES=openwop-production,openwop-auth-mtls
+ *
+ *   OPENWOP_OPTED_OUT_FIXTURES — comma-separated fixture ids (or
+ *     trailing-`*` globs) the host operator has DELIBERATELY chosen
+ *     not to honor. Applied in `lib/fixtures.ts` by filtering matching
+ *     entries out of the cached advertised-fixture set, so any
+ *     scenario gated via `isFixtureAdvertised(...)` skips cleanly.
+ *     Use when a host auto-loads every `conformance-*.json` on disk
+ *     (so the fixture id IS in the discovery doc) but the host doesn't
+ *     implement the gated feature. Symmetric to `OPENWOP_OPTED_OUT_
+ *     PROFILES` for the fixture-id axis. Example for SQLite:
+ *       OPENWOP_OPTED_OUT_FIXTURES=conformance-dispatch-*,conformance-subworkflow-input-mapping*
+ *
+ *   OPENWOP_OPTED_OUT_SCENARIOS — comma-separated scenario ids that
+ *     individual tests consult to skip themselves where neither
+ *     profile-opt-out nor fixture-opt-out is fine-grained enough
+ *     (e.g., OTel trace-inheritance across `core.subWorkflow` —
+ *     `conformance-subworkflow-parent` is correctly advertised because
+ *     non-OTel subworkflow scenarios pass, but the host doesn't
+ *     propagate traceparent across the dispatch boundary). Use
+ *     `isScenarioOptedOut(scenarioId)` from `env.ts` in the test's
+ *     skip predicate. Reserved for cases where the suite-wide
+ *     skip mechanisms can't carry the granularity.
  */
 
 export interface ConformanceEnv {
@@ -84,3 +106,32 @@ export function loadEnv(): ConformanceEnv {
   };
   return cached;
 }
+
+/**
+ * Returns true when the operator has listed `scenarioId` in
+ * `OPENWOP_OPTED_OUT_SCENARIOS`. Use inside a test's `describe.skipIf`
+ * predicate when neither profile-opt-out nor fixture-opt-out is
+ * granular enough. Logs the skip reason via the caller — this helper
+ * is silent so callers can format their own message.
+ *
+ * Re-reads `process.env` on every call (single env access + split, no
+ * cache). Symmetric with `lib/fixtures.ts:loadOptedOutPredicate` which
+ * re-reads on every `setAdvertisedFixtures(...)` call — so unit tests
+ * can mutate `process.env.OPENWOP_OPTED_OUT_SCENARIOS` between cases
+ * without having to invalidate a memoization.
+ */
+export function isScenarioOptedOut(scenarioId: string): boolean {
+  const raw = process.env.OPENWOP_OPTED_OUT_SCENARIOS?.trim() ?? '';
+  if (raw.length === 0) return false;
+  for (const entry of raw.split(',')) {
+    if (entry.trim() === scenarioId) return true;
+  }
+  return false;
+}
+
+/** Test-only: clear the `loadEnv()` memoization so subsequent calls
+ * re-read `process.env`. Required for any test that mutates the env
+ * vars consumed by `loadEnv()` mid-suite. */
+export function __resetEnvCacheForTests(): void {
+  cached = null;
+}

package/src/lib/event-log-query.ts

@@ -0,0 +1,62 @@
+/**
+ * Driver helpers for the test-only event-log query seam
+ * (`GET /v1/host/sample/test/runs/:runId/events`).
+ *
+ * Used by aiEnvelope engine-projection scenarios that verify the
+ * spec-prescribed events the host MUST emit on each envelope outcome
+ * (per RFC 0021 §A point 1-7 + interrupt.md + capabilities.md
+ * §"cap.breached"). All operations soft-skip on HTTP 404 — hosts
+ * without the seam keep the existing advertisement-shape coverage.
+ *
+ * Reset semantics: callers SHOULD `resetTestSeam()` in their test's
+ * `afterEach` (or scope each test to a unique runId) to keep state
+ * from leaking across scenarios.
+ */
+
+import { driver } from './driver.js';
+
+export interface TestEvent {
+  readonly eventId: string;
+  readonly runId: string;
+  readonly type: string;
+  readonly payload: Record<string, unknown>;
+  readonly timestamp: string;
+  readonly sequence: number;
+  readonly causationId?: string;
+  readonly nodeId?: string;
+  readonly contentTrust?: 'trusted' | 'untrusted';
+}
+
+export type QueryOutcome =
+  | { ok: true; events: TestEvent[] }
+  | { ok: false; reason: 'seam_unavailable' }
+  | { ok: false; reason: 'http_error'; status: number };
+
+/** Query the test-only event log for a run, with optional filters. */
+export async function queryTestEvents(
+  runId: string,
+  filter: { type?: string; correlationId?: string; causationId?: string; nodeId?: string } = {},
+): Promise<QueryOutcome> {
+  const qs = new URLSearchParams();
+  if (filter.type) qs.set('type', filter.type);
+  if (filter.correlationId) qs.set('correlationId', filter.correlationId);
+  if (filter.causationId) qs.set('causationId', filter.causationId);
+  if (filter.nodeId) qs.set('nodeId', filter.nodeId);
+  const url = `/v1/host/sample/test/runs/${encodeURIComponent(runId)}/events${qs.toString() ? '?' + qs.toString() : ''}`;
+  const res = await driver.get(url);
+  if (res.status === 404) return { ok: false, reason: 'seam_unavailable' };
+  if (res.status !== 200) return { ok: false, reason: 'http_error', status: res.status };
+  const body = res.json as { events?: TestEvent[] };
+  return { ok: true, events: body.events ?? [] };
+}
+
+/** Reset the test-only event log + capability overlay (suite teardown). */
+export async function resetTestSeam(): Promise<void> {
+  await driver.post('/v1/host/sample/test/reset', {});
+}
+
+/** Probe whether the seam is exposed. Use to soft-skip early. */
+export async function isEventLogSeamAvailable(): Promise<boolean> {
+  const res = await queryTestEvents('__probe__');
+  return res.ok;
+}

package/src/lib/fixtures.ts

@@ -26,6 +26,16 @@
  * This module is sync. The async fetch lives in `setup.ts` which calls
  * `setAdvertisedFixtures(...)` from a top-level `await`.
  *
+ * Honest opt-out (symmetric to `OPENWOP_OPTED_OUT_PROFILES`):
+ *   `OPENWOP_OPTED_OUT_FIXTURES` (CSV, supports trailing `*` glob)
+ *   subtracts matching fixture-ids from the cached set even when the
+ *   host advertises them. Operators use this when the host happens to
+ *   carry a fixture file (e.g., it auto-loads every `conformance-*.json`
+ *   on disk) but does NOT implement the underlying feature — so the
+ *   gated scenario should skip instead of running and failing. The
+ *   subtraction happens at cache-population time, so the predicate
+ *   remains a single sync set lookup at scenario-evaluation time.
+ *
  * @see spec/v1/capabilities.md §`fixtures`
  * @see spec/v1/profiles.md §`openwop-fixtures`
  * @see RFCS/0003-fixture-gating.md
@@ -35,19 +45,46 @@ import type { DiscoveryPayload } from './profiles.js';
 
 let _advertisedFixtures: ReadonlySet<string> | null = null;
 
+/**
+ * Parse `OPENWOP_OPTED_OUT_FIXTURES` into a match predicate. Each entry
+ * is either an exact id or a glob with a trailing `*`. Returns a
+ * function that answers "is this fixture-id opted out?" — empty / unset
+ * env reduces to "always false."
+ */
+function loadOptedOutPredicate(): (id: string) => boolean {
+  const raw = process.env.OPENWOP_OPTED_OUT_FIXTURES?.trim() ?? '';
+  if (raw.length === 0) return () => false;
+  const exact = new Set<string>();
+  const prefixes: string[] = [];
+  for (const entry of raw.split(',').map((s) => s.trim()).filter((s) => s.length > 0)) {
+    if (entry.endsWith('*')) {
+      prefixes.push(entry.slice(0, -1));
+    } else {
+      exact.add(entry);
+    }
+  }
+  return (id) => exact.has(id) || prefixes.some((p) => id.startsWith(p));
+}
+
 /**
  * Populate the cache from a discovery-doc payload. The function is
  * tolerant of malformed inputs — anything other than a string array
  * collapses to "no fixtures advertised" rather than throwing, so the
  * suite remains resilient against host bugs in the discovery surface.
+ *
+ * Applies `OPENWOP_OPTED_OUT_FIXTURES` at this step: opted-out ids are
+ * filtered out of the cache before storage so downstream lookups can
+ * stay a single sync set-membership test.
  */
 export function setAdvertisedFixtures(c: DiscoveryPayload | null | undefined): void {
   if (c == null || !Array.isArray(c.fixtures)) {
     _advertisedFixtures = new Set();
     return;
   }
+  const isOptedOut = loadOptedOutPredicate();
   const ids = c.fixtures.filter(
-    (entry): entry is string => typeof entry === 'string' && entry.length > 0,
+    (entry): entry is string =>
+      typeof entry === 'string' && entry.length > 0 && !isOptedOut(entry),
   );
   _advertisedFixtures = new Set(ids);
 }

package/src/lib/host-toggle.ts

@@ -0,0 +1,54 @@
+/**
+ * Capability-toggle harness primitive — driver helper for the
+ * env-gated test-seam endpoint at
+ * `POST /v1/host/sample/test/capability-toggle`.
+ *
+ * Lets refusal-case scenarios (RFC 0022 §C HVMAP-1a-refusal,
+ * HVMAP-2-refusal, etc.) flip a capability flag off temporarily,
+ * exercise the host's refusal path, then restore the default.
+ *
+ * All operations soft-skip on HTTP 404 — hosts that don't expose the
+ * seam keep the existing advertisement-shape coverage intact.
+ *
+ * Reset semantics: callers MUST `resetHostCapabilities()` in their
+ * test's `afterEach` (or equivalent) to keep state from leaking
+ * across scenarios.
+ */
+
+import { driver } from './driver.js';
+
+export type ToggleOutcome =
+  | { ok: true; overlay: Record<string, boolean> }
+  | { ok: false; reason: 'seam_unavailable' }
+  | { ok: false; reason: 'http_error'; status: number };
+
+/** Set a capability flag's overlay value. `value: null` removes the
+ *  overlay entry (restoring the host's hard-coded default). */
+export async function setHostCapability(
+  name: string,
+  value: boolean | null,
+): Promise<ToggleOutcome> {
+  const res = await driver.post('/v1/host/sample/test/capability-toggle', { name, value });
+  if (res.status === 404) return { ok: false, reason: 'seam_unavailable' };
+  if (res.status !== 200) return { ok: false, reason: 'http_error', status: res.status };
+  const body = res.json as { overlay?: Record<string, boolean> };
+  return { ok: true, overlay: body.overlay ?? {} };
+}
+
+/** Clear ALL capability overlay entries on the host. */
+export async function resetHostCapabilities(): Promise<ToggleOutcome> {
+  const res = await driver.post('/v1/host/sample/test/capability-toggle', { reset: true });
+  if (res.status === 404) return { ok: false, reason: 'seam_unavailable' };
+  if (res.status !== 200) return { ok: false, reason: 'http_error', status: res.status };
+  const body = res.json as { overlay?: Record<string, boolean> };
+  return { ok: true, overlay: body.overlay ?? {} };
+}
+
+/** Probe whether the host exposes the capability-toggle seam at all.
+ *  Use this to soft-skip a scenario early when the host lacks the
+ *  toggle (the refusal contract is still spec-normative; the test just
+ *  can't drive it from outside). */
+export async function isToggleAvailable(): Promise<boolean> {
+  const probe = await setHostCapability('__probe__', null);
+  return probe.ok;
+}

package/src/lib/multi-agent-capabilities.ts

@@ -37,6 +37,9 @@ interface AgentCaps {
     | {
         verbosity: 'summary' | 'full' | 'off' | undefined;
         tokenLimit: number | undefined;
+        /** RFC 0024. When true, host may emit `agent.reasoning.delta`
+         *  events in addition to the closing `agent.reasoned`. */
+        streaming: boolean;
       }
     | undefined;
 }
@@ -84,6 +87,7 @@ export function setMultiAgentCapabilities(c: DiscoveryPayload | null | undefined
               typeof (reasoningRaw as Record<string, unknown>).tokenLimit === 'number'
                 ? ((reasoningRaw as Record<string, unknown>).tokenLimit as number)
                 : undefined,
+            streaming: asBoolean((reasoningRaw as Record<string, unknown>).streaming),
           }
         : undefined;
     _agentCaps = {
@@ -113,6 +117,12 @@ export function getReasoningVerbosity(): 'summary' | 'full' | 'off' | undefined
   return _agentCaps?.reasoning?.verbosity;
 }
 
+/** RFC 0024 — host emits incremental `agent.reasoning.delta` events
+ *  while a reasoning block is still open. */
+export function isReasoningStreamingSupported(): boolean {
+  return _agentCaps?.reasoning?.streaming === true;
+}
+
 /** Phase 2 — host supports the named modelClass. */
 export function hasModelClass(modelClass: string): boolean {
   return _agentCaps?.modelClasses.has(modelClass) === true;