@openwop/openwop-conformance 1.18.1 → 1.20.0

package/dist/lib/profiles.js

@@ -0,0 +1,461 @@
+/**
+ * Compatibility-profile derivation for openwop v1.x.
+ *
+ * Profiles are a named set of capability requirements. A host's profile
+ * set is derived from the `/.well-known/openwop` discovery payload — never
+ * declared as a separate wire field. See `spec/v1/profiles.md` for the
+ * normative predicate definitions.
+ *
+ * This module is the single canonical implementation of profile membership.
+ * Conformance scenarios use it to gate profile-specific assertions; SDKs
+ * MAY re-export the derivation helper to give clients a way to ask
+ * "does this host satisfy `openwop-secrets`?" without re-implementing the
+ * predicates.
+ *
+ * **Derivation is deterministic and pure.** Same payload, same profile
+ * set. No time-of-day, host-specific state, or hidden inputs.
+ */
+/**
+ * Closed v1.x catalog. Adding a profile requires an RFC per
+ * `RFCS/0001-rfc-process.md`.
+ */
+export const PROFILE_NAMES = [
+    'openwop-core',
+    'openwop-interrupts',
+    'openwop-stream-sse',
+    'openwop-stream-poll',
+    'openwop-secrets',
+    'openwop-provider-policy',
+    'openwop-node-packs',
+    'openwop-replay-fork',
+    'openwop-fixtures',
+    'openwop-memory',
+    'openwop-trigger-bridge',
+];
+function isStringArray(value) {
+    return Array.isArray(value) && value.every((entry) => typeof entry === 'string');
+}
+function isNonNegativeInteger(value) {
+    return typeof value === 'number' && Number.isInteger(value) && value >= 0;
+}
+/**
+ * `openwop-core` predicate. Every other profile implies `openwop-core`. A host
+ * that fails this predicate is not openwop-compatible.
+ *
+ * @see spec/v1/profiles.md §`openwop-core`
+ */
+export function isCore(c) {
+    if (typeof c.protocolVersion !== 'string')
+        return false;
+    if (!c.protocolVersion.startsWith('1.'))
+        return false;
+    if (!Array.isArray(c.supportedEnvelopes))
+        return false;
+    if (!c.supportedEnvelopes.every((entry) => typeof entry === 'string'))
+        return false;
+    if (typeof c.schemaVersions !== 'object' || c.schemaVersions === null)
+        return false;
+    if (typeof c.limits !== 'object' || c.limits === null)
+        return false;
+    if (!isNonNegativeInteger(c.limits.clarificationRounds))
+        return false;
+    if (!isNonNegativeInteger(c.limits.schemaRounds))
+        return false;
+    if (!isNonNegativeInteger(c.limits.envelopesPerTurn))
+        return false;
+    return true;
+}
+/**
+ * `openwop-interrupts` predicate.
+ *
+ * @see spec/v1/profiles.md §`openwop-interrupts`
+ */
+export function isInterrupts(c) {
+    if (!isCore(c))
+        return false;
+    if (!isStringArray(c.supportedEnvelopes))
+        return false;
+    return c.supportedEnvelopes.includes('clarification.request');
+}
+/**
+ * `openwop-stream-sse` predicate (discovery-payload only — runtime SSE
+ * behavior is verified by `stream-modes*.test.ts`).
+ *
+ * @see spec/v1/profiles.md §`openwop-stream-sse`
+ */
+export function isStreamSse(c) {
+    if (!isCore(c))
+        return false;
+    if (c.supportedTransports == null)
+        return true;
+    if (!isStringArray(c.supportedTransports))
+        return false;
+    return c.supportedTransports.includes('rest');
+}
+/**
+ * `openwop-stream-poll` predicate (discovery-payload only — runtime polling
+ * behavior is verified by `stream-modes.test.ts`).
+ *
+ * @see spec/v1/profiles.md §`openwop-stream-poll`
+ */
+export function isStreamPoll(c) {
+    if (!isCore(c))
+        return false;
+    if (c.supportedTransports == null)
+        return true;
+    if (!isStringArray(c.supportedTransports))
+        return false;
+    return c.supportedTransports.includes('rest');
+}
+/**
+ * `openwop-secrets` predicate.
+ *
+ * @see spec/v1/profiles.md §`openwop-secrets`
+ */
+export function isSecrets(c) {
+    if (!isCore(c))
+        return false;
+    if (c.secrets == null || typeof c.secrets !== 'object')
+        return false;
+    if (c.secrets.supported !== true)
+        return false;
+    if (!isStringArray(c.secrets.scopes))
+        return false;
+    return c.secrets.scopes.includes('user');
+}
+/**
+ * `openwop-provider-policy` predicate.
+ *
+ * @see spec/v1/profiles.md §`openwop-provider-policy`
+ */
+export function isProviderPolicy(c) {
+    if (!isCore(c))
+        return false;
+    if (c.aiProviders == null || typeof c.aiProviders !== 'object')
+        return false;
+    const policies = c.aiProviders.policies;
+    if (policies == null || typeof policies !== 'object')
+        return false;
+    if (!isStringArray(policies.modes))
+        return false;
+    if (policies.modes.length === 0)
+        return false;
+    return policies.modes.includes('optional');
+}
+/**
+ * `openwop-node-packs` discovery-only predicate. Runtime registry behavior
+ * is verified by `pack-registry*.test.ts`. Discovery alone cannot tell
+ * whether GET /v1/packs returns a list-shaped body.
+ *
+ * @see spec/v1/profiles.md §`openwop-node-packs`
+ */
+export function isNodePacksDiscovery(c) {
+    return isCore(c);
+}
+/**
+ * `openwop-replay-fork` predicate. Host advertises `replay.supported: true`
+ * with at least one entry in `replay.modes`. Runtime determinism /
+ * branch behavior is verified by `replayDeterminism.test.ts` and
+ * `replay-fork.test.ts`.
+ *
+ * @see spec/v1/profiles.md §`openwop-replay-fork`
+ * @see spec/v1/replay.md
+ */
+export function isReplayFork(c) {
+    if (!isCore(c))
+        return false;
+    if (c.replay == null || typeof c.replay !== 'object')
+        return false;
+    if (c.replay.supported !== true)
+        return false;
+    if (!isStringArray(c.replay.modes))
+        return false;
+    return c.replay.modes.length > 0;
+}
+/**
+ * `openwop-fixtures` predicate (RFC 0003). Host advertises `fixtures` as a
+ * non-empty array of non-empty strings — fixture-workflow IDs the host
+ * has seeded. Per-fixture skip decisions are made by the suite via
+ * `lib/fixtures.ts`; the profile predicate is the all-up "any-advertised"
+ * check.
+ *
+ * @see spec/v1/profiles.md §`openwop-fixtures`
+ * @see spec/v1/capabilities.md §`fixtures`
+ * @see RFCS/0003-fixture-gating.md
+ */
+export function isFixtures(c) {
+    if (!isCore(c))
+        return false;
+    if (!Array.isArray(c.fixtures))
+        return false;
+    if (c.fixtures.length === 0)
+        return false;
+    return c.fixtures.every((id) => typeof id === 'string' && id.length > 0);
+}
+/**
+ * `openwop-memory` predicate (RFC 0080). Host implements the reconciled
+ * memory-capability model at the core tier: a read/write `MemoryAdapter`
+ * (`memory.supported: true` and `memory.writable !== false`) plus a cross-run
+ * durable store (`agents.memoryBackends` includes `'long-term'`). Capability
+ * families are document-root properties of the discovery payload (RFC 0073),
+ * so this reads `c.memory` / `c.agents`, matching `isReplayFork`.
+ *
+ * @see spec/v1/profiles.md §`openwop-memory`
+ * @see spec/v1/agent-memory.md §"Memory capability model"
+ */
+export function isMemory(c) {
+    if (!isCore(c))
+        return false;
+    const memory = c.memory;
+    if (memory == null || typeof memory !== 'object')
+        return false;
+    if (memory.supported !== true)
+        return false;
+    if (memory.writable === false)
+        return false;
+    const agents = c.agents;
+    if (agents == null || !isStringArray(agents.memoryBackends))
+        return false;
+    return agents.memoryBackends.includes('long-term');
+}
+/**
+ * `openwop-trigger-bridge` predicate (RFC 0083). Host composes the durable
+ * inbound-work contract: advertises the `triggerBridge`, has a `deadLetter`
+ * sink for exhausted deliveries, and has at least one durable inbound source
+ * (queue bus, durable webhooks, or scheduling). Capability families are
+ * document-root properties (RFC 0073), so this reads `c.triggerBridge` /
+ * `c.deadLetter` / `c.queueBus` / `c.webhooks` / `c.scheduling`.
+ *
+ * @see spec/v1/profiles.md §`openwop-trigger-bridge`
+ * @see spec/v1/trigger-bridge.md
+ */
+export function isTriggerBridge(c) {
+    if (!isCore(c))
+        return false;
+    const supported = (v) => v != null && typeof v === 'object' && v.supported === true;
+    if (!supported(c.triggerBridge))
+        return false;
+    if (!supported(c.deadLetter))
+        return false;
+    const webhooks = c.webhooks;
+    const durableSource = supported(c.queueBus) ||
+        supported(c.scheduling) ||
+        (webhooks != null && typeof webhooks === 'object' && webhooks.durable === true);
+    return durableSource;
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Operational annex: openwop-agent-platform (RFC 0085).
+//
+// NOT part of the closed `profiles.md` predicate catalog (PROFILE_NAMES /
+// deriveProfiles above) — it is an operational ANNEX (the production-profile.md /
+// auth-profiles.md pattern) combining a discovery predicate with required runtime
+// conformance evidence + documentation + a badge. These helpers compute only the
+// discovery-PREDICATE part; the live aggregate-evidence assertion (does every
+// constituent scenario actually pass?) lives in agent-platform-profile.test.ts.
+//
+// @see spec/v1/agent-platform-profile.md
+// ─────────────────────────────────────────────────────────────────────────────
+/** Narrow helper: a capability sub-block with `supported === true`. */
+function blockSupported(v) {
+    return v != null && typeof v === 'object' && v.supported === true;
+}
+/** The `openwop-agent-platform` FLOOR (`partial`) discovery predicate — RFC 0085 §B. */
+export function isAgentPlatformPartial(c) {
+    if (!isCore(c))
+        return false;
+    const agents = c.agents;
+    const httpClient = c.httpClient;
+    const replay = c.replay;
+    const nondet = c.nondeterminismPolicy;
+    return (blockSupported(agents?.manifestRuntime) &&
+        blockSupported(agents?.liveRuntime) &&
+        blockSupported(c.toolCatalog) &&
+        blockSupported(c.toolHooks) &&
+        blockSupported(httpClient?.safeFetch) &&
+        blockSupported(c.providerUsage) &&
+        blockSupported(c.prompts) &&
+        blockSupported(c.memory) &&
+        blockSupported(c.feedback) &&
+        (replay?.supported === true || nondet?.declared === true));
+}
+/** The `openwop-agent-platform` `full` discovery predicate (floor + governance tier) — RFC 0085 §B. */
+export function isAgentPlatformFull(c) {
+    if (!isAgentPlatformPartial(c))
+        return false;
+    const agents = c.agents;
+    const memory = c.memory;
+    // Debug bundle is advertised at `capabilities.debugBundle.supported` (debug-bundle.md /
+    // RFC 0009), NOT under `production.*` — the production block only adds stricter truncation MUSTs.
+    const httpClient = c.httpClient;
+    return (blockSupported(c.authorization) &&
+        agents?.manifestRuntime?.installScope === 'tenant' &&
+        blockSupported(memory?.attribution) &&
+        blockSupported(c.debugBundle) &&
+        blockSupported(c.triggerBridge) &&
+        blockSupported(httpClient?.egressPolicy));
+}
+/** The host-reported annex status: `full` ⊃ `partial` ⊃ `none` (discovery-predicate only). */
+export function agentPlatformStatus(c) {
+    if (isAgentPlatformFull(c))
+        return 'full';
+    if (isAgentPlatformPartial(c))
+        return 'partial';
+    return 'none';
+}
+/**
+ * The per-term satisfaction breakdown (RFC 0085 §D) — the richer interop signal
+ * alongside the flat `none`/`partial`/`full` ladder. Adoption is NON-CONTIGUOUS:
+ * a real host built feature-by-feature can satisfy `full`-tier terms (RBAC,
+ * memory-attribution, tenant-scoping) while still failing `floor` terms, so the
+ * flat status would understate it (reads identical to a do-nothing host). This
+ * returns exactly the term ids a host satisfies, so a `none` host honoring 6/16
+ * terms is distinguishable from one honoring 0/16.
+ */
+export function agentPlatformSatisfiedTerms(c) {
+    const agents = c.agents;
+    const httpClient = c.httpClient;
+    const memory = c.memory;
+    const replay = c.replay;
+    const nondet = c.nondeterminismPolicy;
+    const checks = [
+        // floor
+        ['floor:agents.manifestRuntime', blockSupported(agents?.manifestRuntime)],
+        ['floor:agents.liveRuntime', blockSupported(agents?.liveRuntime)],
+        ['floor:toolCatalog', blockSupported(c.toolCatalog)],
+        ['floor:toolHooks', blockSupported(c.toolHooks)],
+        ['floor:httpClient.safeFetch', blockSupported(httpClient?.safeFetch)],
+        ['floor:providerUsage', blockSupported(c.providerUsage)],
+        ['floor:prompts', blockSupported(c.prompts)],
+        ['floor:memory', blockSupported(c.memory)],
+        ['floor:feedback', blockSupported(c.feedback)],
+        ['floor:replay-or-nondeterminism', replay?.supported === true || nondet?.declared === true],
+        // full (governance)
+        ['full:authorization', blockSupported(c.authorization)],
+        ['full:tenant-installScope', agents?.manifestRuntime?.installScope === 'tenant'],
+        ['full:memory.attribution', blockSupported(memory?.attribution)],
+        ['full:debugBundle', blockSupported(c.debugBundle)],
+        ['full:triggerBridge', blockSupported(c.triggerBridge)],
+        ['full:egressPolicy', blockSupported(httpClient?.egressPolicy)],
+    ];
+    return checks.filter(([, ok]) => ok).map(([id]) => id);
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// `openwop-core-standard` operational-annex predicate (RFC 0088). Like the
+// agent-platform annex above, this is NOT a closed-catalog profile (so it is
+// absent from deriveProfiles) — it is an operational ANNEX whose claim is backed
+// by the §C floor scenarios passing black-box. This helper computes only the §B
+// discovery predicate (the floor of MUSTs with black-box production-path proof).
+//
+// @see spec/v1/core-standard-profile.md
+// ─────────────────────────────────────────────────────────────────────────────
+/** The `openwop-core-standard` floor discovery predicate — RFC 0088 §B. */
+export function isCoreStandard(c) {
+    return isCore(c) && isInterrupts(c) && (isStreamSse(c) || isStreamPoll(c));
+}
+/**
+ * Derive the full profile set from a discovery payload.
+ *
+ * Returns a set sorted by `PROFILE_NAMES` order so output is stable
+ * across calls and across implementations.
+ */
+export function deriveProfiles(c) {
+    const result = [];
+    if (isCore(c))
+        result.push('openwop-core');
+    if (isInterrupts(c))
+        result.push('openwop-interrupts');
+    if (isStreamSse(c))
+        result.push('openwop-stream-sse');
+    if (isStreamPoll(c))
+        result.push('openwop-stream-poll');
+    if (isSecrets(c))
+        result.push('openwop-secrets');
+    if (isProviderPolicy(c))
+        result.push('openwop-provider-policy');
+    if (isNodePacksDiscovery(c))
+        result.push('openwop-node-packs');
+    if (isReplayFork(c))
+        result.push('openwop-replay-fork');
+    if (isFixtures(c))
+        result.push('openwop-fixtures');
+    if (isMemory(c))
+        result.push('openwop-memory');
+    if (isTriggerBridge(c))
+        result.push('openwop-trigger-bridge');
+    return result;
+}
+/**
+ * One-shot membership check.
+ */
+export function hasProfile(c, profile) {
+    switch (profile) {
+        case 'openwop-core':
+            return isCore(c);
+        case 'openwop-interrupts':
+            return isInterrupts(c);
+        case 'openwop-stream-sse':
+            return isStreamSse(c);
+        case 'openwop-stream-poll':
+            return isStreamPoll(c);
+        case 'openwop-secrets':
+            return isSecrets(c);
+        case 'openwop-provider-policy':
+            return isProviderPolicy(c);
+        case 'openwop-node-packs':
+            return isNodePacksDiscovery(c);
+        case 'openwop-replay-fork':
+            return isReplayFork(c);
+        case 'openwop-fixtures':
+            return isFixtures(c);
+        case 'openwop-memory':
+            return isMemory(c);
+        case 'openwop-trigger-bridge':
+            return isTriggerBridge(c);
+    }
+}
+export const PROFILE_FLOOR_SCENARIOS = {
+    'openwop-core-standard': {
+        required: [
+            'runs-lifecycle.test.ts',
+            'discovery.test.ts',
+            'auth.test.ts',
+            'eventOrdering.test.ts',
+            'failure-path.test.ts',
+            'idempotency.test.ts',
+            'idempotency-key-determinism.test.ts',
+            'webhook-negative.test.ts',
+            'audit-log-verification.test.ts',
+        ],
+        requiredAnyPrefix: ['interrupt-'],
+    },
+};
+/** Is `profile` derivable from a discovery document? Maps a profile name to its predicate (RFC 0089 §B(1)). */
+export function profileDerivable(c, profile) {
+    if (profile === 'openwop-core-standard')
+        return isCoreStandard(c);
+    if (profile === 'openwop-agent-platform')
+        return agentPlatformStatus(c) !== 'none';
+    if (PROFILE_NAMES.includes(profile)) {
+        return deriveProfiles(c).includes(profile);
+    }
+    return false;
+}
+const scenarioBasename = (id) => id.split('/').pop() ?? id;
+/**
+ * Verify a bundle's claim for one profile per RFC 0089 §B. A consumer MUST
+ * re-derive (this function) rather than trust `claimedProfiles` verbatim.
+ */
+export function verifyBundleProfile(bundle, profile) {
+    const derivable = profileDerivable(bundle.discovery.document, profile);
+    const floor = PROFILE_FLOOR_SCENARIOS[profile];
+    const passed = new Set(bundle.results.passed.map(scenarioBasename));
+    const missingFloor = floor ? floor.required.filter((r) => !passed.has(scenarioBasename(r))) : [];
+    const prefixOk = (floor?.requiredAnyPrefix ?? []).every((p) => [...passed].some((s) => s.startsWith(p)));
+    const floorProven = missingFloor.length === 0 && prefixOk;
+    return { profile, derivable, floorProven, valid: derivable && floorProven, missingFloor };
+}
+/** Verify every profile in `bundle.claimedProfiles`; the bundle is valid iff all claims are valid. */
+export function verifyBundle(bundle) {
+    const verdicts = bundle.claimedProfiles.map((p) => verifyBundleProfile(bundle, p));
+    return { valid: verdicts.every((v) => v.valid), verdicts };
+}

package/fixtures/conformance-agent-channel-dispatch.json

@@ -0,0 +1,27 @@
+{
+  "id": "conformance-agent-channel-dispatch",
+  "name": "Conformance: Agent Channel Dispatch",
+  "version": "1.0",
+  "description": "RFC 0082 §B. Single-node run whose `agent` binding pins a deployment CHANNEL (`channel: \"stable\"`) instead of an exact `version`. A host advertising `agents.deployment.supported:true` MUST resolve the channel to a concrete version at first resolution and record it as `resolvedChannel` + `resolvedAgentVersion` on `agent.invocation.started` (RFC 0077); a `:fork {mode:\"replay\"}` MUST re-read that recorded version and MUST NOT re-resolve a since-moved channel. Hosts that omit `agents.deployment` MUST reject this channel-bearing ref with `validation_error` (agent-ref.schema.json) and so cannot seed it. See agent-channel-dispatch.test.ts.",
+  "nodes": [
+    {
+      "id": "resolve",
+      "typeId": "core.identity",
+      "name": "Channel-bound agent dispatch",
+      "position": { "x": 0, "y": 0 },
+      "config": {},
+      "inputs": {},
+      "agent": {
+        "agentId": "core.conformance.channel-agent",
+        "channel": "stable"
+      }
+    }
+  ],
+  "edges": [],
+  "triggers": [
+    { "id": "manual", "type": "manual", "enabled": true }
+  ],
+  "variables": [],
+  "metadata": { "tags": ["conformance", "multi-agent", "deployment", "channel", "rfc-0082"] },
+  "settings": { "timeout": 10000 }
+}

package/fixtures.md

@@ -412,6 +412,21 @@ Hosts that don't ship a BYOK SecretResolver MAY return `404` / `422` on the star
 
 ---
 
+## `conformance-agent-channel-dispatch` (RFC 0082 §B — production-path channel pin)
+
+> **Status: capability-gated (RFC 0082 `agents.deployment`).** Only a host advertising `agents.deployment.supported:true` can seed this fixture — a host that omits `agents.deployment` MUST reject the channel-bearing `agent` ref with `validation_error` (`agent-ref.schema.json`). Exercised by `src/scenarios/agent-channel-dispatch.test.ts`.
+
+- **Purpose**: prove the RFC 0082 §B channel resolve-and-pin contract from a real run graph (complementing `agent-deployment-lifecycle.test.ts` Leg 4, which uses the host-sample seam). A node binds a deployment CHANNEL (`agent.channel: "stable"`) instead of an exact `version`.
+- **Topology**: a single `core.identity` node whose `agent` binding is `{ "agentId": "core.conformance.channel-agent", "channel": "stable" }` (no `version`). The host MUST have an active deployment of `core.conformance.channel-agent` on the `stable` channel.
+- **Inputs**: none. Trigger `manual`.
+- **Conformance test driver**:
+  1. POST `/v1/runs` with `{workflowId: "conformance-agent-channel-dispatch"}`; poll until terminal.
+  2. **Assert** the first `agent.invocation.started` carries `resolvedChannel: "stable"` and a concrete non-empty `resolvedAgentVersion` (the recorded fact, RFC 0077).
+  3. **Replay** via `POST /v1/runs/{runId}:fork {mode:"replay"}`; **assert** the fork's `agent.invocation.started` re-reads the SAME `resolvedAgentVersion`.
+  4. **(Seam-guarded)** Move the `stable` channel via the deployment seam; **assert** a replay of the original run STILL carries the original pin — never re-resolving the moved channel.
+
+---
+
 ## NodeModule registration
 
 The fixtures reference these typeIds:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openwop/openwop-conformance",
-  "version": "1.18.1",
+  "version": "1.20.0",
   "description": "Production-ready black-box conformance suite for OpenWOP v1.0 compliant servers.",
   "repository": {
     "type": "git",

package/schemas/README.md

@@ -32,6 +32,7 @@
 | `capabilities.schema.json` | `capabilities.md` | `/.well-known/openwop` response — protocolVersion + supportedEnvelopes + schemaVersions + limits + optional v1 discovery surface |
 | `channel-written-payload.schema.json` | `channels-and-reducers.md` §Channel write event | Payload of the `channel.written` RunEvent — write input + reducer name |
 | `chat-card-pack-manifest.schema.json` | `chat-card-packs.md` + RFC 0071 | DRAFT — manifest for `kind: "card"` registry packs (RFC 0071 Phase 2). Peer to the node/workflow-chain/prompt/artifact-type pack manifests; disjoint via the `kind` discriminator. Distributes AI chat cards: a prompt template + typed input subset bound to a typed `outputArtifactType`. |
+| `conformance-certification-bundle.schema.json` | `conformance-certification.md` + RFC 0089 | DRAFT — machine-readable attestation binding a host's claimed profiles to the reproducible run that substantiates them (suite version + per-scenario pass list + host identity/commit + captured discovery document). Out-of-band; a consumer re-derives each claim via the §B binding rule. |
 | `conversation-event.schema.json` | `channels-and-reducers.md` + conversation RFC | Multi-turn conversation event shape for orchestrator-driven HITL flows |
 | `conversation-turn.schema.json` | `channels-and-reducers.md` + conversation RFC | Conversation turn shape for user/agent/system messages |
 | `core-conformance-mock-agent-config.schema.json` | `node-packs.md` + RFC 0023 | Config shape for the conformance-only `core.conformance.mock-agent` typeId — drives `agent.*` event emission on cue (`mockReasoning` / `mockToolCalls` / `mockHandoff` / `mockDecision` / `mockConfidence`). Hosts MUST refuse this typeId for production tenants unless `capabilities.conformance.mockAgent` is advertised. |

package/schemas/capabilities.schema.json

@@ -769,6 +769,11 @@
         "mockAgent": {
           "type": "boolean",
           "description": "RFC 0023 §B.2. When `true`, the host has registered the `core.conformance.mock-agent` typeId. The scenarios `agentReasoningEvents.test.ts` and `agentConfidenceEscalation.test.ts` rely on the typeId being reachable. Hosts that register the typeId only for workflow ids matching the conformance fixture prefix (`conformance-*`) and refuse it for other tenants MAY still advertise `true` — the advertisement says only that the typeId is reachable from the conformance suite, not that it is reachable from arbitrary workflows."
+        },
+        "certificationBundleUrl": {
+          "type": "string",
+          "format": "uri",
+          "description": "OPTIONAL (RFC 0089). URL of the host's most recent conformance certification bundle (`conformance-certification-bundle.schema.json`) — a machine-readable attestation binding this host's claimed profiles to the reproducible run that substantiates them. Omitting it is fully conformant; clients MUST tolerate its absence."
         }
       },
       "additionalProperties": false

package/schemas/conformance-certification-bundle.schema.json

@@ -0,0 +1,86 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/conformance-certification-bundle.schema.json",
+  "title": "OpenWOP Conformance Certification Bundle",
+  "description": "RFC 0089. A machine-readable attestation binding a host's claimed profiles to the reproducible run that substantiates them: suite version, per-scenario pass list, host identity + commit, and the captured discovery document. An out-of-band artifact emitted by the conformance harness (not a runtime wire message). A consumer MUST re-derive each claimed profile from the embedded `discovery.document` rather than trusting `claimedProfiles` verbatim (RFC 0089 §B).",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["bundleVersion", "generatedAt", "generator", "suite", "host", "discovery", "claimedProfiles", "results"],
+  "properties": {
+    "bundleVersion": {
+      "const": "1",
+      "description": "Certification-bundle format version. `1` for RFC 0089."
+    },
+    "generatedAt": {
+      "type": "string",
+      "format": "date-time",
+      "description": "RFC 3339 timestamp when the bundle was generated. Marks the bundle as a point-in-time attestation."
+    },
+    "generator": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["name", "version"],
+      "properties": {
+        "name": { "type": "string", "description": "Tool that produced the bundle, e.g. `@openwop/openwop-conformance --certify`." },
+        "version": { "type": "string" }
+      }
+    },
+    "suite": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["package", "version"],
+      "properties": {
+        "package": { "const": "@openwop/openwop-conformance" },
+        "version": { "type": "string", "description": "Exact conformance suite version the results were produced against." }
+      }
+    },
+    "host": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["name", "version"],
+      "properties": {
+        "name": { "type": "string" },
+        "version": { "type": "string" },
+        "vendor": { "type": "string" },
+        "commit": { "type": "string", "description": "VCS commit / build id of the host under test, when known. Self-reported; authoritative only for independent-verifier-generated bundles (RFC 0089 §Security)." }
+      }
+    },
+    "discovery": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["url", "sha256", "document"],
+      "properties": {
+        "url": { "type": "string", "format": "uri", "description": "The `/.well-known/openwop` URL fetched for this run." },
+        "sha256": { "type": "string", "pattern": "^[a-f0-9]{64}$", "description": "SHA-256 of the canonical-JSON serialization of `document`, so a verifier can confirm it matches a live fetch." },
+        "document": { "type": "object", "description": "The verbatim `/.well-known/openwop` discovery document captured for this run. Profile derivation re-runs against THIS document." }
+      }
+    },
+    "claimedProfiles": {
+      "type": "array",
+      "items": { "type": "string" },
+      "minItems": 0,
+      "description": "Profiles the host claims. A bundle MUST NOT list a profile its own `discovery.document` does not derive (RFC 0089 §B(1))."
+    },
+    "results": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["totals", "passed", "failed", "skipped"],
+      "properties": {
+        "totals": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["passed", "failed", "skipped", "total"],
+          "properties": {
+            "passed": { "type": "integer", "minimum": 0 },
+            "failed": { "type": "integer", "minimum": 0 },
+            "skipped": { "type": "integer", "minimum": 0 },
+            "total": { "type": "integer", "minimum": 0 }
+          }
+        },
+        "passed": { "type": "array", "items": { "type": "string" }, "description": "Stable scenario IDs that passed non-vacuously. The generator MUST NOT list a scenario here that did not run non-vacuously." },
+        "failed": { "type": "array", "items": { "type": "string" } },
+        "skipped": { "type": "array", "items": { "type": "string" } }
+      }
+    }
+  }
+}