@openwop/openwop-conformance 1.11.0 → 1.13.0

package/src/lib/agentOrgChart.ts

@@ -0,0 +1,82 @@
+/**
+ * Shared helpers for the RFC 0087 `agents.orgChart` conformance scenarios.
+ * Lives in lib/ (not a `*.test.ts`) so scenarios import it via
+ * `../lib/agentOrgChart.js`.
+ *
+ * The org-chart is structure + a read (like the RFC 0072 inventory), not an
+ * event surface — so these helpers wrap the two NORMATIVE reads
+ * (`GET /v1/agents/org-chart` + `GET /v1/agents/org-chart/{departmentId}`),
+ * exercised black-box against any conformant host. Tenant scoping (RFC 0074)
+ * is probed with the `OPENWOP_CROSS_TENANT_ORG_CHART_DEPARTMENT_ID` env var (a
+ * department id outside the caller's owner triple), the org-chart analog of the
+ * roster scenario's `OPENWOP_CROSS_TENANT_ROSTER_ID`.
+ *
+ * @see RFCS/0087-agent-org-chart.md
+ * @see spec/v1/agent-org-chart.md
+ */
+import { driver } from './driver.js';
+import { readCapabilityFamily } from './discovery-capabilities.js';
+
+/** Reads `agents.orgChart` from discovery (root-first per RFC 0073); null when
+ *  unadvertised. */
+export async function readOrgChartCap(): Promise<Record<string, unknown> | null> {
+  const agents = await readCapabilityFamily<{ orgChart?: unknown }>('agents');
+  const oc = agents?.orgChart;
+  return oc && typeof oc === 'object' ? (oc as Record<string, unknown>) : null;
+}
+
+export interface OrgDepartment {
+  departmentId?: string;
+  parentDepartmentId?: string | null;
+  [k: string]: unknown;
+}
+
+export interface OrgMember {
+  rosterId?: string;
+  departmentId?: string;
+  roleId?: string;
+  reportsTo?: string | null;
+  [k: string]: unknown;
+}
+
+export interface OrgChart {
+  owner?: { tenantId?: string; workspaceId?: string };
+  departments?: OrgDepartment[];
+  members?: OrgMember[];
+}
+
+export interface ResponsibilityView {
+  department?: { departmentId?: string; [k: string]: unknown };
+  members?: OrgMember[];
+  responsibilities?: string[];
+}
+
+/** GET the NORMATIVE org-chart (RFC 0087 §A `GET /v1/agents/org-chart`);
+ *  null when the host doesn't serve it (404/405/501). */
+export async function getOrgChart(): Promise<OrgChart | null> {
+  const res = await driver.get('/v1/agents/org-chart');
+  if (res.status === 404 || res.status === 405 || res.status === 501) return null;
+  return (res.json as OrgChart | undefined) ?? {};
+}
+
+/** GET a department's §D responsibility roll-up. `recursive` defaults to the
+ *  host default (true) when undefined. Returns `{ status, view }` so a caller
+ *  can distinguish a cross-tenant 404 from a served view. */
+export async function getDepartmentView(
+  departmentId: string,
+  recursive?: boolean,
+): Promise<{ status: number; view: ResponsibilityView | undefined }> {
+  const qs = recursive === undefined ? '' : `?recursive=${recursive ? 'true' : 'false'}`;
+  const res = await driver.get(`/v1/agents/org-chart/${encodeURIComponent(departmentId)}${qs}`);
+  return { status: res.status, view: res.json as ResponsibilityView | undefined };
+}
+
+/** The descriptive key set a member object is allowed to carry on the wire
+ *  (RFC 0087 §A). Anything outside this — in particular an authority-bearing
+ *  field — is a §B `org-position-no-authority-escalation` violation. */
+export const MEMBER_DESCRIPTIVE_KEYS = new Set(['rosterId', 'departmentId', 'roleId', 'reportsTo']);
+
+/** Authority-bearing field names that MUST NEVER appear on an org-chart wire
+ *  object (member / department / responsibility view) — position confers no
+ *  authority (RFC 0087 §B). */
+export const AUTHORITY_FIELDS = ['scopes', 'canDispatch', 'permissions', 'authority', 'roleGrants', 'capabilities'];

package/src/lib/triggerBridge.ts

@@ -0,0 +1,74 @@
+/**
+ * Shared helpers for the RFC 0083 `triggerBridge` conformance scenario.
+ * Lives in lib/ (not a `*.test.ts`) so scenarios import it via
+ * `../lib/triggerBridge.js`.
+ *
+ * Two surfaces:
+ *   - the NORMATIVE read (`GET /v1/trigger-subscriptions[/{subscriptionId}]`,
+ *     RFC 0083 §A), exercised black-box; and
+ *   - the host-sample delivery seam (`POST /v1/host/sample/trigger-bridge/deliver`),
+ *     used to drive the §C delivery model (dedup → retry → dead-letter →
+ *     causation) so the two `trigger.*` events can be asserted against the test
+ *     event-log seam. The seam is OPTIONAL — scenarios soft-skip on 404/405
+ *     (reference durable-delivery is deferred per RFC 0083 §Conformance).
+ *
+ * Gating uses the `openwop-trigger-bridge` PROFILE derived from the live
+ * discovery doc (the bridge + a dead-letter sink + a durable source, §D), not a
+ * bare capability flag.
+ *
+ * @see RFCS/0083-durable-trigger-and-channel-bridge-profile.md
+ * @see spec/v1/trigger-bridge.md
+ * @see spec/v1/profiles.md (§openwop-trigger-bridge)
+ */
+import { driver } from './driver.js';
+import { deriveProfiles, type DiscoveryPayload } from './profiles.js';
+
+/** True when the live host's discovery derives the `openwop-trigger-bridge`
+ *  profile (RFC 0083 §D predicate: bridge advertised + dead-letter sink + a
+ *  durable source). */
+export async function isTriggerBridgeProfileAdvertised(): Promise<boolean> {
+  const disco = await driver.get('/.well-known/openwop');
+  if (disco.status !== 200 || !disco.json) return false;
+  return deriveProfiles(disco.json as DiscoveryPayload).includes('openwop-trigger-bridge');
+}
+
+export interface TriggerSubscription {
+  subscriptionId?: string;
+  source?: string;
+  state?: string;
+  [k: string]: unknown;
+}
+
+/** GET the NORMATIVE subscription read surface (RFC 0083 §A
+ *  `GET /v1/trigger-subscriptions`); null when not served (404/405/501). */
+export async function listTriggerSubscriptions(): Promise<{ subscriptions?: TriggerSubscription[] } | null> {
+  const res = await driver.get('/v1/trigger-subscriptions');
+  if (res.status === 404 || res.status === 405 || res.status === 501) return null;
+  return (res.json as { subscriptions?: TriggerSubscription[] } | undefined) ?? {};
+}
+
+export interface DeliveryResult {
+  runId?: string;
+  subscriptionId?: string;
+  outcome?: string;
+  deliveredCount?: number;
+}
+
+/**
+ * Drive one delivery through the host-sample bridge seam. `scenario`:
+ *   - `dedup`     — deliver the same `dedupKey` twice; effectively-once (§C-1).
+ *   - `exhaust`   — exhaust the retry policy → `dead-lettered` (§C-2 + RFC 0053).
+ *   - `deliver`   — a single successful delivery whose run's `run.started`
+ *                   carries the delivery `causationId` (§C / RFC 0040).
+ * Returns null when the seam is unwired (404/405).
+ */
+export async function driveDelivery(
+  body: { scenario: 'dedup' | 'exhaust' | 'deliver'; dedupKey?: string; source?: string },
+): Promise<DeliveryResult | null> {
+  const res = await driver.post('/v1/host/sample/trigger-bridge/deliver', body);
+  if (res.status === 404 || res.status === 405) return null;
+  return (res.json as DeliveryResult | undefined) ?? {};
+}
+
+export const SUBSCRIPTION_STATES = ['active', 'paused', 'failed', 'dead-lettered'];
+export const DELIVERY_OUTCOMES = ['delivered', 'retrying', 'dead-lettered'];

package/src/scenarios/agent-deployment-lifecycle.test.ts

@@ -0,0 +1,147 @@
+/**
+ * Agent deployment lifecycle — the §E promotion contract + §B channel pin
+ * (RFC 0082) — behavioral.
+ *
+ * Capability-gated on `agents.deployment.supported` (root-first per RFC 0073).
+ * Soft-skips when unadvertised (default) / hard-fails under
+ * `OPENWOP_REQUIRE_BEHAVIOR=true`. The always-on wire-shape coverage lives in
+ * `agent-deployment-shape.test.ts`; this asserts host BEHAVIOR via the
+ * `POST /v1/host/sample/agents/deployment-transition` seam + the test event-log
+ * seam + the NORMATIVE `GET /v1/agents/{agentId}/deployments` read:
+ *
+ *   1. PROMOTE (§E) — authorize → approvalGate → eval-verify → a content-free
+ *      `deployment.promoted` with `toState` in the seven-state vocabulary; the
+ *      returned record validates against `agent-deployment.schema.json`.
+ *   2. FAIL-CLOSED (§E-1, `deployment-promotion-fail-closed`) — a principal
+ *      lacking `deploy:promote` is denied (`allowed !== true`) and emits NO
+ *      `deployment.promoted`.
+ *   3. EVAL-GATE-UNMET (§E-3) — a promote whose `evalRunId` has `passed:false`
+ *      is denied with `eval_gate_unmet` and emits NO `deployment.promoted`.
+ *   4. CHANNEL PIN (§B) — a `@channel`-bound run records the resolved version as
+ *      `resolvedAgentVersion` on `agent.invocation.started` (the recorded fact a
+ *      replay re-reads rather than re-resolving).
+ *
+ * Each leg soft-skips independently (seam absent / event-log seam absent).
+ *
+ * Spec references:
+ *   - https://github.com/openwop/openwop/blob/main/spec/v1/agent-deployment.md (§B/§E)
+ *   - https://github.com/openwop/openwop/blob/main/RFCS/0082-agent-deployment-lifecycle.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+import { driver } from '../lib/driver.js';
+import { behaviorGate } from '../lib/behavior-gate.js';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+import {
+  readDeploymentCap,
+  driveDeploymentTransition,
+  DEPLOYMENT_STATES,
+  DEPLOYMENT_CONTENT_FORBIDDEN,
+} from '../lib/agentDeployment.js';
+import { queryTestEvents, isEventLogSeamAvailable, resetTestSeam } from '../lib/event-log-query.js';
+
+function loadSchema(name: string): Record<string, unknown> {
+  return JSON.parse(readFileSync(join(SCHEMAS_DIR, name), 'utf8')) as Record<string, unknown>;
+}
+
+function expectContentFree(payload: Record<string, unknown>, where: string): void {
+  for (const f of DEPLOYMENT_CONTENT_FORBIDDEN) {
+    expect(
+      !(f in payload),
+      driver.describe('RFC 0082 §D (deployment-event-no-content-leak)', `${where} MUST be content-free (no ${f})`),
+    ).toBe(true);
+  }
+}
+
+describe('agent-deployment-lifecycle (RFC 0082 §B/§E)', () => {
+  it('promotes via the eval+RBAC+approval gate, fails closed without scope/eval, and pins the channel version', async () => {
+    const cap = await readDeploymentCap();
+    if (!behaviorGate('openwop-deployment-lifecycle', cap?.supported === true)) return;
+    if (!(await isEventLogSeamAvailable())) return; // event-log seam absent — soft-skip
+
+    const ajv = new Ajv2020({ strict: false, allErrors: true });
+    addFormats(ajv);
+    const validateRecord = ajv.compile(loadSchema('agent-deployment.schema.json'));
+
+    // ---- Leg 1: eval+RBAC+approval-gated promotion (§E) ------------------
+    const promote = await driveDeploymentTransition({ scenario: 'promote' });
+    if (promote === null) return; // deployment seam unwired — soft-skip the whole behavioral suite
+
+    if (promote.record) {
+      expect(
+        validateRecord(promote.record),
+        driver.describe(
+          'agent-deployment.schema.json',
+          `a promoted deployment record MUST validate (${ajv.errorsText(validateRecord.errors)})`,
+        ),
+      ).toBe(true);
+    }
+    if (promote.runId) {
+      const pq = await queryTestEvents(promote.runId, { type: 'deployment.promoted' });
+      if (pq.ok) {
+        for (const e of pq.events) {
+          expectContentFree(e.payload, 'deployment.promoted');
+          expect(
+            typeof e.payload.toState === 'string' && DEPLOYMENT_STATES.includes(e.payload.toState as string),
+            driver.describe('run-event-payloads.schema.json#/$defs/deploymentPromoted', 'toState MUST be in the seven-state vocabulary'),
+          ).toBe(true);
+          expect(
+            typeof e.payload.toVersion === 'string' && (e.payload.toVersion as string).length > 0,
+            driver.describe('agent-deployment.md §D', 'deployment.promoted MUST carry the promoted toVersion'),
+          ).toBe(true);
+        }
+      }
+    }
+
+    // ---- Leg 2: fail-closed authz (§E-1; deployment-promotion-fail-closed) -
+    const unauth = await driveDeploymentTransition({ scenario: 'unauthorized' });
+    if (unauth && unauth.runId) {
+      expect(
+        unauth.allowed !== true,
+        driver.describe('agent-deployment.md §E-1', 'a principal without deploy:promote MUST be denied (fail-closed)'),
+      ).toBe(true);
+      const uq = await queryTestEvents(unauth.runId, { type: 'deployment.promoted' });
+      if (uq.ok) {
+        expect(
+          uq.events.length === 0,
+          driver.describe('SECURITY invariant deployment-promotion-fail-closed', 'a denied transition MUST emit NO deployment.promoted'),
+        ).toBe(true);
+      }
+    }
+
+    // ---- Leg 3: eval-gate-unmet denial (§E-3) ----------------------------
+    const evalUnmet = await driveDeploymentTransition({ scenario: 'eval-gate-unmet' });
+    if (evalUnmet && evalUnmet.runId) {
+      expect(
+        evalUnmet.error === 'eval_gate_unmet' || evalUnmet.allowed !== true,
+        driver.describe('agent-deployment.md §E-3', 'a promote whose eval evidence has passed:false MUST be denied (eval_gate_unmet)'),
+      ).toBe(true);
+      const eq = await queryTestEvents(evalUnmet.runId, { type: 'deployment.promoted' });
+      if (eq.ok) {
+        expect(
+          eq.events.length === 0,
+          driver.describe('agent-deployment.md §E-3', 'an unmet eval gate MUST emit NO deployment.promoted'),
+        ).toBe(true);
+      }
+    }
+
+    // ---- Leg 4: channel-resolution pin (§B) ------------------------------
+    const pin = await driveDeploymentTransition({ scenario: 'channel-pin', channel: 'stable' });
+    if (pin && pin.runId) {
+      const iq = await queryTestEvents(pin.runId, { type: 'agent.invocation.started' });
+      if (iq.ok && iq.events.length > 0) {
+        const started = iq.events.sort((a, b) => a.sequence - b.sequence)[0]!;
+        expect(
+          typeof started.payload.resolvedAgentVersion === 'string' && (started.payload.resolvedAgentVersion as string).length > 0,
+          driver.describe('agent-deployment.md §B', 'a @channel-bound run MUST record resolvedAgentVersion on agent.invocation.started (the recorded fact a replay re-reads)'),
+        ).toBe(true);
+      }
+    }
+
+    await resetTestSeam();
+  });
+});

package/src/scenarios/agent-eval-run.test.ts

@@ -0,0 +1,145 @@
+/**
+ * Agent eval-run — the `mode:"eval"` projection (RFC 0081 §B/§C) — behavioral.
+ *
+ * Capability-gated on `agents.evalSuite.supported` (root-first per RFC 0073).
+ * Soft-skips when unadvertised (default) / hard-fails under
+ * `OPENWOP_REQUIRE_BEHAVIOR=true`. The always-on wire-shape coverage lives in
+ * `agent-eval-suite-shape.test.ts`; this asserts host BEHAVIOR via the
+ * `POST /v1/host/sample/agents/eval-run` seam + the test event-log seam + the
+ * NORMATIVE `GET /v1/runs/{runId}/eval-summary` read:
+ *
+ *   1. ORDERING (§C) — an eval run emits `eval.started` FIRST, one `eval.scored`
+ *      per task, then `eval.completed` once (count == eval.completed.taskCount).
+ *   2. CONTENT-FREE (SR-1 / `eval-summary-no-content-leak`) — every `eval.scored`
+ *      carries scores / ids / scalars ONLY (never task output / rubric / prose);
+ *      `score` ∈ 0..1; `passed` is a boolean.
+ *   3. NORMATIVE SUMMARY (§C) — `GET /v1/runs/{runId}/eval-summary` returns a
+ *      schema-valid `EvalSummary` whose `passedCount <= taskCount` and whose
+ *      task entries carry no output body.
+ *
+ * Each leg soft-skips independently (seam absent / event-log seam absent).
+ *
+ * Spec references:
+ *   - https://github.com/openwop/openwop/blob/main/spec/v1/agent-evaluation.md (§B/§C)
+ *   - https://github.com/openwop/openwop/blob/main/RFCS/0081-agent-evaluation-and-scorecards.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+import { driver } from '../lib/driver.js';
+import { behaviorGate } from '../lib/behavior-gate.js';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+import {
+  readEvalSuiteCap,
+  driveEvalRun,
+  getEvalSummary,
+  EVAL_CONTENT_FORBIDDEN,
+} from '../lib/agentEval.js';
+import { queryTestEvents, isEventLogSeamAvailable, resetTestSeam } from '../lib/event-log-query.js';
+
+function loadSchema(name: string): Record<string, unknown> {
+  return JSON.parse(readFileSync(join(SCHEMAS_DIR, name), 'utf8')) as Record<string, unknown>;
+}
+
+function expectContentFree(payload: Record<string, unknown>, where: string): void {
+  for (const f of EVAL_CONTENT_FORBIDDEN) {
+    expect(
+      !(f in payload),
+      driver.describe('RFC 0081 §C (eval-summary-no-content-leak)', `${where} MUST be content-free (no ${f})`),
+    ).toBe(true);
+  }
+}
+
+describe('agent-eval-run (RFC 0081 §B/§C)', () => {
+  it('emits eval.started → per-task eval.scored → eval.completed and serves a content-free EvalSummary', async () => {
+    const cap = await readEvalSuiteCap();
+    if (!behaviorGate('openwop-eval-run', cap?.supported === true)) return;
+    if (!(await isEventLogSeamAvailable())) return; // event-log seam absent — soft-skip
+
+    const run = await driveEvalRun({ modes: ['golden'] });
+    if (run === null) return; // eval-run seam unwired — soft-skip the whole behavioral suite
+    if (!run.runId) return;
+
+    // ---- Legs 1+2: eval.* ordering + content-free (§C) -------------------
+    const startedQ = await queryTestEvents(run.runId, { type: 'eval.started' });
+    const scoredQ = await queryTestEvents(run.runId, { type: 'eval.scored' });
+    const completedQ = await queryTestEvents(run.runId, { type: 'eval.completed' });
+
+    if (startedQ.ok && scoredQ.ok && startedQ.events.length > 0) {
+      const started = startedQ.events.sort((a, b) => a.sequence - b.sequence)[0]!;
+
+      // eval.started precedes every eval.scored (§C ordering).
+      for (const s of scoredQ.events) {
+        expect(
+          started.sequence < s.sequence,
+          driver.describe('agent-evaluation.md §C', 'eval.started MUST precede every eval.scored'),
+        ).toBe(true);
+      }
+
+      if (completedQ.ok && completedQ.events.length > 0) {
+        const completed = completedQ.events.sort((a, b) => a.sequence - b.sequence)[completedQ.events.length - 1]!;
+        for (const s of scoredQ.events) {
+          expect(
+            s.sequence < completed.sequence,
+            driver.describe('agent-evaluation.md §C', 'every eval.scored MUST precede eval.completed'),
+          ).toBe(true);
+        }
+        // eval.scored is emitted once per task (count == eval.completed.taskCount).
+        if (typeof completed.payload.taskCount === 'number') {
+          expect(
+            scoredQ.events.length === completed.payload.taskCount,
+            driver.describe('agent-evaluation.md §C', 'one eval.scored per task (count == eval.completed.taskCount)'),
+          ).toBe(true);
+        }
+        expectContentFree(completed.payload, 'eval.completed');
+      }
+
+      // each eval.scored content-free + score ∈ 0..1, passed boolean.
+      for (const s of scoredQ.events) {
+        expectContentFree(s.payload, 'eval.scored');
+        expect(
+          typeof s.payload.score === 'number' && (s.payload.score as number) >= 0 && (s.payload.score as number) <= 1,
+          driver.describe('run-event-payloads.schema.json#/$defs/evalScored', 'eval.scored.score MUST be in 0..1'),
+        ).toBe(true);
+        expect(
+          typeof s.payload.passed === 'boolean',
+          driver.describe('run-event-payloads.schema.json#/$defs/evalScored', 'eval.scored.passed MUST be a boolean'),
+        ).toBe(true);
+      }
+      expectContentFree(started.payload, 'eval.started');
+    }
+
+    // ---- Leg 3: NORMATIVE EvalSummary read (§C) --------------------------
+    const { status, summary } = await getEvalSummary(run.runId);
+    if (status === 200 && summary) {
+      const ajv = new Ajv2020({ strict: false, allErrors: true });
+      addFormats(ajv);
+      const validate = ajv.compile(loadSchema('eval-summary.schema.json'));
+      expect(
+        validate(summary),
+        driver.describe(
+          'eval-summary.schema.json',
+          `GET /v1/runs/{runId}/eval-summary MUST return a schema-valid EvalSummary (${ajv.errorsText(validate.errors)})`,
+        ),
+      ).toBe(true);
+
+      const tasks = (summary.tasks as Array<Record<string, unknown>> | undefined) ?? [];
+      const passedCount = summary.passedCount as number | undefined;
+      const taskCount = summary.taskCount as number | undefined;
+      if (typeof passedCount === 'number' && typeof taskCount === 'number') {
+        expect(
+          passedCount <= taskCount,
+          driver.describe('agent-evaluation.md §C', 'EvalSummary.passedCount MUST NOT exceed taskCount'),
+        ).toBe(true);
+      }
+      for (const t of tasks) {
+        expectContentFree(t, 'EvalSummary.tasks[]');
+      }
+    }
+
+    await resetTestSeam();
+  });
+});

package/src/scenarios/agent-org-chart-scoping.test.ts

@@ -0,0 +1,137 @@
+/**
+ * Agent org-chart — normative read, responsibility roll-up + tenant scoping
+ * (RFC 0087 §A/§C/§D) — behavioral.
+ *
+ * Gated on `capabilities.agents.orgChart.supported` (root-first per RFC 0073).
+ * Soft-skips when unadvertised (default) / hard-fails under
+ * `OPENWOP_REQUIRE_BEHAVIOR=true` via `behaviorGate`. The always-on wire-shape
+ * coverage lives in `agent-org-chart-shape.test.ts`; this asserts host
+ * BEHAVIOR against the live `/v1/agents/org-chart` surface:
+ *
+ *   1. NORMATIVE read — `GET /v1/agents/org-chart` returns the
+ *      `agent-org-chart.schema.json` shape `{ owner, departments, members }`;
+ *      departments form a tree (every `parentDepartmentId` resolves; no cycle);
+ *      members reference roster entries (`host:<id>` rosterId) and the
+ *      `reportsTo` graph is acyclic. Black-box on any org-chart host.
+ *   2. §D RESPONSIBILITY ROLL-UP — `GET /v1/agents/org-chart/{departmentId}`
+ *      returns `{ department, members, responsibilities }` where
+ *      `responsibilities` is a deduped `string[]` (the union of the subtree
+ *      members' RFC 0086 portfolios); `recursive=false` scopes to direct
+ *      members without changing the response shape.
+ *   3. TENANT SCOPING (§C / RFC 0074) — a `GET /v1/agents/org-chart/{id}` for a
+ *      department outside the caller's owner triple 404s (probed only when
+ *      `OPENWOP_CROSS_TENANT_ORG_CHART_DEPARTMENT_ID` is supplied; soft-skip
+ *      otherwise — the org-chart analog of the roster scoping env var).
+ *
+ * Spec references:
+ *   - https://github.com/openwop/openwop/blob/main/spec/v1/agent-org-chart.md
+ *   - https://github.com/openwop/openwop/blob/main/RFCS/0087-agent-org-chart.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { behaviorGate } from '../lib/behavior-gate.js';
+import { readOrgChartCap, getOrgChart, getDepartmentView } from '../lib/agentOrgChart.js';
+
+const ROSTER_ID_RE = /^host:[a-z0-9][a-z0-9._-]*$/;
+
+describe('agent-org-chart-scoping (RFC 0087 §A/§C/§D)', () => {
+  it('serves the normative org-chart + responsibility roll-up, tree-shaped and tenant-scoped', async () => {
+    const cap = await readOrgChartCap();
+    if (!behaviorGate('openwop-org-chart-scoping', cap?.supported === true)) return;
+
+    const installScope = typeof cap?.installScope === 'string' ? cap.installScope : 'tenant';
+    expect(
+      installScope === 'host' || installScope === 'tenant',
+      driver.describe('RFC 0087 §E / RFC 0074', "agents.orgChart.installScope (when present) MUST be 'host' or 'tenant'"),
+    ).toBe(true);
+
+    // ---- Leg 1: normative read (black-box) -------------------------------
+    const chart = await getOrgChart();
+    if (chart === null) return; // advertised but read not served yet — soft-skip
+    const departments = chart.departments ?? [];
+    const members = chart.members ?? [];
+    expect(
+      Array.isArray(departments) && Array.isArray(members),
+      driver.describe('agent-org-chart.schema.json', 'GET /v1/agents/org-chart MUST return departments[] + members[]'),
+    ).toBe(true);
+
+    const deptIds = new Set(departments.map((d) => d.departmentId).filter((x): x is string => typeof x === 'string'));
+    for (const d of departments) {
+      const parent = d.parentDepartmentId;
+      if (parent !== undefined && parent !== null) {
+        expect(
+          deptIds.has(parent),
+          driver.describe('agent-org-chart.md §A', 'every parentDepartmentId MUST resolve to a department in the chart (a tree)'),
+        ).toBe(true);
+      }
+    }
+    // Department tree is acyclic (walk parents from each node, bound by node count).
+    for (const d of departments) {
+      const seen = new Set<string>();
+      let cur: string | null | undefined = d.departmentId;
+      let steps = 0;
+      while (typeof cur === 'string' && steps <= departments.length) {
+        if (seen.has(cur)) break;
+        seen.add(cur);
+        cur = departments.find((x) => x.departmentId === cur)?.parentDepartmentId ?? null;
+        steps++;
+      }
+      expect(
+        steps <= departments.length,
+        driver.describe('agent-org-chart.md §A', 'the department parent graph MUST be acyclic'),
+      ).toBe(true);
+    }
+    for (const m of members) {
+      expect(
+        typeof m.rosterId === 'string' && ROSTER_ID_RE.test(m.rosterId),
+        driver.describe('agent-org-chart.md §A', 'each member MUST reference a roster entry (host:<id> rosterId)'),
+      ).toBe(true);
+      if (typeof m.departmentId === 'string') {
+        expect(
+          deptIds.size === 0 || deptIds.has(m.departmentId),
+          driver.describe('agent-org-chart.md §A', "a member's departmentId MUST be a department in the chart"),
+        ).toBe(true);
+      }
+    }
+
+    // ---- Leg 2: §D responsibility roll-up --------------------------------
+    const probeDeptId = departments[0]?.departmentId;
+    if (typeof probeDeptId === 'string') {
+      const { status, view } = await getDepartmentView(probeDeptId);
+      if (status === 200 && view) {
+        expect(
+          Array.isArray(view.responsibilities),
+          driver.describe('agent-org-chart.md §D', 'the responsibility view MUST carry a responsibilities[] roll-up'),
+        ).toBe(true);
+        const r = view.responsibilities ?? [];
+        expect(
+          r.length === new Set(r).size,
+          driver.describe('agent-org-chart.md §D', 'responsibilities MUST be a deduped union (no duplicate workflow ids)'),
+        ).toBe(true);
+        expect(
+          r.every((w) => typeof w === 'string'),
+          driver.describe('org-chart-responsibility-view.schema.json', 'responsibilities[] entries MUST be workflow-id strings'),
+        ).toBe(true);
+        // recursive=false MUST keep the response shape (a subset roll-up).
+        const direct = await getDepartmentView(probeDeptId, false);
+        if (direct.status === 200 && direct.view) {
+          expect(
+            Array.isArray(direct.view.responsibilities),
+            driver.describe('agent-org-chart.md §D', 'recursive=false MUST return the same shape, scoped to direct members'),
+          ).toBe(true);
+        }
+      }
+    }
+
+    // ---- Leg 3: tenant scoping (RFC 0074) --------------------------------
+    const crossTenantDept = process.env.OPENWOP_CROSS_TENANT_ORG_CHART_DEPARTMENT_ID;
+    if (typeof crossTenantDept === 'string' && crossTenantDept.length > 0) {
+      const probe = await getDepartmentView(crossTenantDept);
+      expect(
+        probe.status === 404,
+        driver.describe('agent-org-chart.md §C / RFC 0074', 'GET /v1/agents/org-chart/{id} for a cross-tenant department MUST 404 (no cross-tenant disclosure)'),
+      ).toBe(true);
+    }
+  });
+});

package/src/scenarios/org-position-no-authority-escalation.test.ts

@@ -0,0 +1,78 @@
+/**
+ * Org position confers no authority — the §B invariant, behavioral leg
+ * (RFC 0087 §B) — the protocol-tier `org-position-no-authority-escalation`.
+ *
+ * The STRUCTURAL leg (the `agent-org-chart.schema.json` is `additionalProperties:
+ * false` and rejects an authority-bearing field on a member) is always-on /
+ * server-free in `agent-org-chart-shape.test.ts`. This scenario is the
+ * BEHAVIORAL leg, gated on `capabilities.agents.orgChart.supported`: it proves
+ * against the LIVE host that the org-chart projector strips position-as-authority
+ * — no member, department, or responsibility-view object served on the wire
+ * carries an authority-bearing field (`scopes` / `canDispatch` / `permissions` /
+ * `authority` / `roleGrants` / `capabilities`), at every install scope. An org
+ * edge is an *ownership + reporting* record, never an authority grant.
+ *
+ * Soft-skips when unadvertised (default) / hard-fails under
+ * `OPENWOP_REQUIRE_BEHAVIOR=true`.
+ *
+ * The deeper authority-invariance legs — a manager agent cannot dispatch a
+ * report's tools (RFC 0002 §A14), an RFC 0049 authorization decision is
+ * invariant to org position, an RFC 0051 approval gate is not satisfied by org
+ * seniority — require a non-normative host authorization-decide hook to force
+ * black-box; a conformant host need not expose one, so (mirroring the RFC 0070
+ * `agent-manifest-runtime` confidence-escalation note) they stay reference-impl
+ * tier and are NOT asserted here. The wire-projection proof below is the
+ * load-bearing, hook-free behavioral guarantee.
+ *
+ * Spec references:
+ *   - https://github.com/openwop/openwop/blob/main/spec/v1/agent-org-chart.md (§B)
+ *   - https://github.com/openwop/openwop/blob/main/RFCS/0087-agent-org-chart.md (§B)
+ *   - https://github.com/openwop/openwop/blob/main/SECURITY/invariants.yaml (org-position-no-authority-escalation)
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { behaviorGate } from '../lib/behavior-gate.js';
+import { readOrgChartCap, getOrgChart, getDepartmentView, AUTHORITY_FIELDS } from '../lib/agentOrgChart.js';
+
+/** Assert an org-chart wire object carries no authority-bearing field. */
+function expectNoAuthority(obj: Record<string, unknown> | undefined, where: string): void {
+  if (!obj || typeof obj !== 'object') return;
+  for (const f of AUTHORITY_FIELDS) {
+    expect(
+      !(f in obj),
+      driver.describe('RFC 0087 §B / org-position-no-authority-escalation', `${where} MUST NOT carry the authority field "${f}" — org position confers no authority`),
+    ).toBe(true);
+  }
+}
+
+describe('org-position-no-authority-escalation (RFC 0087 §B, behavioral)', () => {
+  it('the live org-chart wire carries no authority-bearing field on any member/department/view', async () => {
+    const cap = await readOrgChartCap();
+    if (!behaviorGate('openwop-org-position-no-authority', cap?.supported === true)) return;
+
+    const chart = await getOrgChart();
+    if (chart === null) return; // advertised but read not served yet — soft-skip
+
+    for (const m of chart.members ?? []) {
+      expectNoAuthority(m as Record<string, unknown>, 'an org-chart member');
+    }
+    for (const d of chart.departments ?? []) {
+      expectNoAuthority(d as Record<string, unknown>, 'an org-chart department');
+    }
+
+    // The §D responsibility roll-up is a portfolio union (workflow ids), never an
+    // authority grant — assert its members + the view object are authority-free too.
+    const probeDeptId = (chart.departments ?? [])[0]?.departmentId;
+    if (typeof probeDeptId === 'string') {
+      const { status, view } = await getDepartmentView(probeDeptId);
+      if (status === 200 && view) {
+        expectNoAuthority(view as unknown as Record<string, unknown>, 'the responsibility view');
+        expectNoAuthority(view.department as Record<string, unknown> | undefined, "the responsibility view's department");
+        for (const m of view.members ?? []) {
+          expectNoAuthority(m as Record<string, unknown>, 'a responsibility-view member');
+        }
+      }
+    }
+  });
+});