@openwop/openwop-conformance 1.3.0 → 1.4.0

package/src/scenarios/envelope-truncated.test.ts

@@ -0,0 +1,136 @@
+/**
+ * envelope-truncated — RFC 0032 §B.4 + RFC 0033 §B runtime behavior.
+ *
+ * Capability- + fixture-gated. Drives the conformance `mock` provider via
+ * `POST /v1/host/sample/test/mock-ai/program` with a program that returns
+ * `stopReason: 'max_tokens'` on attempt 1 then a valid envelope on attempt 2.
+ * The host's `dispatchStructured` retry loop MUST: (a) emit exactly one
+ * `envelope.truncated` event with `stopReason: 'max_tokens'`; (b) retry with
+ * a maxTokens value strictly greater than the original budget per RFC 0033
+ * §B `truncationBudgetMultiplier`; (c) NOT inject the corrective schema
+ * fragment on the truncation retry (truncation is an output-size problem,
+ * not a schema problem); (d) complete normally after attempt 2 succeeds.
+ *
+ * @see RFCS/0032-envelope-reliability-events.md §B.4
+ * @see RFCS/0033-envelope-completion-contract.md §B
+ * @see schemas/run-event-payloads.schema.json §envelopeTruncated
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { pollUntilTerminal } from '../lib/polling.js';
+import { isFixtureAdvertised } from '../lib/fixtures.js';
+
+const HTTP_SKIP = !process.env.OPENWOP_BASE_URL;
+const FIXTURE = 'conformance-envelope-truncated';
+const NODE_ID = 'structured-call';
+
+interface RunEvent {
+  type: string;
+  payload?: Record<string, unknown>;
+  nodeId?: string;
+  sequence: number;
+}
+
+async function programMock(program: Array<Record<string, unknown>>): Promise<{ status: number }> {
+  const res = await driver.post('/v1/host/sample/test/mock-ai/program', { nodeId: NODE_ID, program });
+  return { status: res.status };
+}
+
+async function startRunAndRead(): Promise<{ events: RunEvent[]; terminal: unknown } | null> {
+  const create = await driver.post('/v1/runs', { workflowId: FIXTURE });
+  if (create.status !== 201) return null;
+  const runId = (create.json as { runId: string }).runId;
+  const terminal = await pollUntilTerminal(runId, { timeoutMs: 10_000 });
+  const eventsRes = await driver.get(`/v1/runs/${encodeURIComponent(runId)}/events`);
+  if (eventsRes.status !== 200) return null;
+  const events = ((eventsRes.json as { events?: RunEvent[] } | undefined)?.events ?? []) as RunEvent[];
+  return { events, terminal };
+}
+
+async function lastBudget(): Promise<number | null> {
+  const res = await driver.get(`/v1/host/sample/test/mock-ai/last-dispatch-budget?nodeId=${encodeURIComponent(NODE_ID)}`);
+  if (res.status !== 200) return null;
+  return (res.json as { maxTokens?: number | null }).maxTokens ?? null;
+}
+
+describe.skipIf(HTTP_SKIP)('envelope-truncated: runtime behavior (RFC 0032 §B.4 + RFC 0033 §B)', () => {
+  it('when mock returns stopReason: max_tokens on attempt 1, exactly one envelope.truncated event fires with stopReason: max_tokens', async () => {
+    if (!isFixtureAdvertised(FIXTURE)) return;
+    const seed = await programMock([
+      { stopReason: 'max_tokens', content: '{"valid":' },
+      { stopReason: 'end_turn', content: '{"valid":true}' },
+    ]);
+    if (seed.status === 404) return;
+    expect(seed.status).toBe(200);
+
+    const result = await startRunAndRead();
+    if (result === null) return;
+    const truncated = result.events.filter((e) => e.type === 'envelope.truncated');
+    expect(
+      truncated.length,
+      driver.describe(
+        'RFCS/0032-envelope-reliability-events.md §B.4',
+        'exactly one envelope.truncated event MUST fire when the provider returns finishReason corresponding to truncation',
+      ),
+    ).toBe(1);
+    expect(truncated[0]!.payload?.stopReason).toBe('max_tokens');
+  });
+
+  it('payload includes nodeId + provider + model + partialPayloadAvailable boolean', async () => {
+    if (!isFixtureAdvertised(FIXTURE)) return;
+    const seed = await programMock([
+      { stopReason: 'max_tokens', content: '{"partial' },
+      { stopReason: 'end_turn', content: '{"valid":true}' },
+    ]);
+    if (seed.status === 404) return;
+
+    const result = await startRunAndRead();
+    if (result === null) return;
+    const truncated = result.events.find((e) => e.type === 'envelope.truncated');
+    expect(truncated).toBeDefined();
+    const payload = truncated!.payload ?? {};
+    expect(payload.nodeId).toBe(NODE_ID);
+    expect(payload.provider).toBe('mock');
+    expect(typeof payload.model).toBe('string');
+    expect(typeof payload.partialPayloadAvailable).toBe('boolean');
+  });
+
+  it('retry attempt receives a maxTokens value strictly greater than the previous attempt (RFC 0033 §B truncationBudgetMultiplier)', async () => {
+    if (!isFixtureAdvertised(FIXTURE)) return;
+    const seed = await programMock([
+      { stopReason: 'max_tokens', content: '{"partial' },
+      { stopReason: 'end_turn', content: '{"valid":true}' },
+    ]);
+    if (seed.status === 404) return;
+
+    const result = await startRunAndRead();
+    if (result === null) return;
+    // After the run, the mock's most-recent budget is the SECOND (retry)
+    // attempt's maxTokens. Per RFC 0033 §B, this MUST exceed the fixture's
+    // initial maxTokens (50). The host's default multiplier is 2 — so the
+    // retry should see 100.
+    const budget = await lastBudget();
+    if (budget === null) return; // host doesn't expose the seam
+    expect(
+      budget,
+      driver.describe(
+        'RFCS/0033-envelope-completion-contract.md §B',
+        'truncation retry MUST issue with a strictly-increased maxTokens budget (host multiplies by capabilities.envelopes.reliability.completion.truncationBudgetMultiplier)',
+      ),
+    ).toBeGreaterThan(50);
+  });
+
+  it('run terminates `completed` after the second attempt succeeds', async () => {
+    if (!isFixtureAdvertised(FIXTURE)) return;
+    const seed = await programMock([
+      { stopReason: 'max_tokens', content: '{"partial' },
+      { stopReason: 'end_turn', content: '{"valid":true}' },
+    ]);
+    if (seed.status === 404) return;
+
+    const result = await startRunAndRead();
+    if (result === null) return;
+    expect((result.terminal as { status?: string }).status).toBe('completed');
+  });
+});

package/src/scenarios/envelope-truncation-cap-exhaustion.test.ts

@@ -0,0 +1,144 @@
+/**
+ * envelope-truncation-cap-exhaustion — RFC 0033 §B DoS-bound assertion.
+ *
+ * Capability- + fixture-gated. Drives the conformance `mock` provider via
+ * `POST /v1/host/sample/test/mock-ai/program` with a program that returns
+ * `stopReason: 'max_tokens'` on EVERY attempt. The host's `dispatchStructured`
+ * retry loop MUST: (a) emit `envelope.truncated` per attempt (or at least the
+ * first); (b) double the budget each retry per RFC 0033 §B; (c) exhaust
+ * retries after `maxRetryAttempts`; (d) emit exactly one
+ * `envelope.retry.exhausted` with `finalReason: 'truncation'`; (e) fail the
+ * node with `error.code: 'envelope_truncation_unrecoverable'` per RFC 0033 §F;
+ * (f) NOT exceed `maxRetryAttempts` total LLM calls — DoS-bound assertion.
+ *
+ * @see RFCS/0033-envelope-completion-contract.md §B + §F
+ * @see spec/v1/rest-endpoints.md §"Common error codes" — envelope_truncation_unrecoverable
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { pollUntilTerminal } from '../lib/polling.js';
+import { isFixtureAdvertised } from '../lib/fixtures.js';
+
+const HTTP_SKIP = !process.env.OPENWOP_BASE_URL;
+const FIXTURE = 'conformance-envelope-truncation-cap-exhaustion';
+const NODE_ID = 'structured-call';
+
+interface RunEvent {
+  type: string;
+  payload?: Record<string, unknown>;
+  nodeId?: string;
+  sequence: number;
+}
+
+async function programMock(program: Array<Record<string, unknown>>): Promise<{ status: number }> {
+  const res = await driver.post('/v1/host/sample/test/mock-ai/program', { nodeId: NODE_ID, program });
+  return { status: res.status };
+}
+
+async function startRunAndRead(): Promise<{ events: RunEvent[]; terminal: unknown } | null> {
+  const create = await driver.post('/v1/runs', { workflowId: FIXTURE });
+  if (create.status !== 201) return null;
+  const runId = (create.json as { runId: string }).runId;
+  const terminal = await pollUntilTerminal(runId, { timeoutMs: 10_000 });
+  const eventsRes = await driver.get(`/v1/runs/${encodeURIComponent(runId)}/events`);
+  if (eventsRes.status !== 200) return null;
+  const events = ((eventsRes.json as { events?: RunEvent[] } | undefined)?.events ?? []) as RunEvent[];
+  return { events, terminal };
+}
+
+// Seeded program: 16 truncation entries. The retry loop will only consume
+// up to maxRetryAttempts; any unused entries are wasted — bound is
+// confirmed by the events[] count, not by program exhaustion behavior.
+const PERPETUAL_TRUNCATION = Array.from({ length: 16 }, () => ({
+  stopReason: 'max_tokens' as const,
+  content: '{"partial',
+}));
+
+describe.skipIf(HTTP_SKIP)('envelope-truncation-cap-exhaustion: DoS-bound retry budget (RFC 0033 §B + §F)', () => {
+  it('perpetual truncation → emits exactly one envelope.retry.exhausted with finalReason: "truncation"', async () => {
+    if (!isFixtureAdvertised(FIXTURE)) return;
+    const seed = await programMock(PERPETUAL_TRUNCATION);
+    if (seed.status === 404) return;
+    expect(seed.status).toBe(200);
+
+    const result = await startRunAndRead();
+    if (result === null) return;
+    const exhausted = result.events.filter((e) => e.type === 'envelope.retry.exhausted');
+    expect(
+      exhausted.length,
+      driver.describe(
+        'RFCS/0032-envelope-reliability-events.md §B.2',
+        'exactly one envelope.retry.exhausted event MUST fire when the truncation-retry budget is exhausted',
+      ),
+    ).toBe(1);
+    expect(
+      exhausted[0]!.payload?.finalReason,
+      driver.describe(
+        'RFCS/0033-envelope-completion-contract.md §B',
+        'finalReason MUST be "truncation" when the host exhausts truncation retries (distinguished from schema-violation per RFC 0033 §A)',
+      ),
+    ).toBe('truncation');
+  });
+
+  it('node fails with RunSnapshot.error.code: "envelope_truncation_unrecoverable" per RFC 0033 §F', async () => {
+    if (!isFixtureAdvertised(FIXTURE)) return;
+    const seed = await programMock(PERPETUAL_TRUNCATION);
+    if (seed.status === 404) return;
+
+    const result = await startRunAndRead();
+    if (result === null) return;
+    const code = (result.terminal as { error?: { code?: string } }).error?.code;
+    expect(
+      code,
+      driver.describe(
+        'RFCS/0033-envelope-completion-contract.md §F',
+        'truncation-retry-exhaustion MUST surface as RunSnapshot.error.code = envelope_truncation_unrecoverable (distinct from envelope_invalid which surfaces schema-violation-exhaustion)',
+      ),
+    ).toBe('envelope_truncation_unrecoverable');
+  });
+
+  it('total LLM calls bounded by maxRetryAttempts (DoS-bound — no infinite loop)', async () => {
+    if (!isFixtureAdvertised(FIXTURE)) return;
+    const seed = await programMock(PERPETUAL_TRUNCATION);
+    if (seed.status === 404) return;
+
+    const result = await startRunAndRead();
+    if (result === null) return;
+    // Count envelope.truncated events as a proxy for LLM-call count
+    // (each truncated attempt emits one).
+    const truncatedCount = result.events.filter((e) => e.type === 'envelope.truncated').length;
+    expect(
+      truncatedCount,
+      driver.describe(
+        'RFCS/0033-envelope-completion-contract.md §B',
+        'truncation-retry count MUST be bounded — host cannot loop indefinitely doubling budget; expected upper-bound matches advertised maxRetryAttempts',
+      ),
+    ).toBeLessThanOrEqual(16);
+    // The host advertises maxRetryAttempts (default 3) — at most 3 LLM calls
+    // = 3 envelope.truncated events. Allow a generous upper bound here to
+    // accommodate hosts with larger configured retry budgets, but assert
+    // strictly that it's finite.
+    expect(truncatedCount).toBeGreaterThan(0);
+  });
+
+  it('envelope.retry.exhausted is emitted BEFORE node.failed (cause precedes effect)', async () => {
+    if (!isFixtureAdvertised(FIXTURE)) return;
+    const seed = await programMock(PERPETUAL_TRUNCATION);
+    if (seed.status === 404) return;
+
+    const result = await startRunAndRead();
+    if (result === null) return;
+    const exhaustedIdx = result.events.findIndex((e) => e.type === 'envelope.retry.exhausted');
+    const failedIdx = result.events.findIndex((e) => e.type === 'node.failed');
+    expect(exhaustedIdx).toBeGreaterThanOrEqual(0);
+    expect(failedIdx).toBeGreaterThanOrEqual(0);
+    expect(
+      exhaustedIdx < failedIdx,
+      driver.describe(
+        'RFCS/0032-envelope-reliability-events.md §B.2',
+        'envelope.retry.exhausted MUST be emitted BEFORE node.failed',
+      ),
+    ).toBe(true);
+  });
+});

package/src/scenarios/envelope-variant-discriminator-static.test.ts

@@ -0,0 +1,152 @@
+/**
+ * envelope-variant-discriminator-static — RFC 0031 §A static schema-walker.
+ *
+ * Asserts (always-on):
+ *   1. For every envelope payload schema in `schemas/envelopes/*.schema.json`,
+ *      `oneOf` MUST NOT appear at any nesting depth (Gemini silently drops
+ *      `oneOf`, producing a looser-than-declared schema — silent correctness bug).
+ *   2. Where `anyOf` is present in a payload schema, every branch MUST declare
+ *      a single-string-`enum` discriminator property in `required` per RFC 0031 §A.
+ *
+ * Capability-gated extension (when `OPENWOP_BASE_URL` is set AND
+ * `capabilities.supportedEnvelopes` is non-empty): same checks applied
+ * to the host's full envelope catalog where schemas can be resolved locally.
+ *
+ * @see RFCS/0031-envelope-variants-and-model-capabilities.md §A
+ * @see spec/v1/ai-envelope.md §"Variant payload discrimination (normative)"
+ * @see spec/v1/structured-output-subset.md (Tier-1 portability rationale)
+ */
+
+import { describe, it, expect } from 'vitest';
+import { readFileSync, existsSync, readdirSync } from 'node:fs';
+import { join } from 'node:path';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+
+interface DiscriminatorViolation {
+  path: string;
+  rule: string;
+  detail?: string;
+}
+
+function loadSchema(p: string): Record<string, unknown> {
+  return JSON.parse(readFileSync(p, 'utf8')) as Record<string, unknown>;
+}
+
+function walkForOneOf(schema: unknown, path: string, out: DiscriminatorViolation[]): void {
+  if (!schema || typeof schema !== 'object') return;
+  if (Array.isArray(schema)) {
+    schema.forEach((item, i) => walkForOneOf(item, `${path}/${i}`, out));
+    return;
+  }
+  const obj = schema as Record<string, unknown>;
+  if ('oneOf' in obj) {
+    out.push({
+      path,
+      rule: 'oneOf-forbidden',
+      detail: 'use `anyOf` with single-string-enum discriminator per RFC 0031 §A',
+    });
+  }
+  for (const key of Object.keys(obj)) {
+    walkForOneOf(obj[key], `${path}/${key}`, out);
+  }
+}
+
+interface AnyOfBranchValidation {
+  ok: boolean;
+  rule?: string;
+  detail?: string;
+}
+
+function validateAnyOfBranch(branch: Record<string, unknown>): AnyOfBranchValidation {
+  // A branch passes the discriminator rule if at least one of its `required` properties
+  // declares `type: string` + `enum` containing exactly one value.
+  const required = (branch.required as string[] | undefined) ?? [];
+  const properties = (branch.properties as Record<string, Record<string, unknown>> | undefined) ?? {};
+  for (const propName of required) {
+    const prop = properties[propName];
+    if (!prop) continue;
+    if (prop.type === 'string' && Array.isArray(prop.enum) && prop.enum.length === 1) {
+      return { ok: true };
+    }
+  }
+  // The branch may also be a `$ref` to a defined shape; ref-resolution is
+  // out of scope for this static walker — flag with a note rather than a hard fail.
+  if ('$ref' in branch) {
+    return { ok: true, detail: 'branch is a $ref; discriminator presence assumed in referenced $def' };
+  }
+  return {
+    ok: false,
+    rule: 'anyOf-branch-missing-discriminator',
+    detail: 'branch MUST declare a single-string-enum discriminator property in `required` per RFC 0031 §A',
+  };
+}
+
+function walkForAnyOfDiscriminators(
+  schema: unknown,
+  path: string,
+  out: DiscriminatorViolation[],
+): void {
+  if (!schema || typeof schema !== 'object') return;
+  if (Array.isArray(schema)) {
+    schema.forEach((item, i) => walkForAnyOfDiscriminators(item, `${path}/${i}`, out));
+    return;
+  }
+  const obj = schema as Record<string, unknown>;
+  if (Array.isArray(obj.anyOf)) {
+    obj.anyOf.forEach((branch, i) => {
+      const result = validateAnyOfBranch(branch as Record<string, unknown>);
+      if (!result.ok) {
+        out.push({
+          path: `${path}/anyOf/${i}`,
+          rule: result.rule ?? 'unknown',
+          ...(result.detail !== undefined ? { detail: result.detail } : {}),
+        });
+      }
+    });
+  }
+  for (const key of Object.keys(obj)) {
+    if (key === 'anyOf') continue; // handled above
+    walkForAnyOfDiscriminators(obj[key], `${path}/${key}`, out);
+  }
+}
+
+function listLocalEnvelopeSchemas(): { kind: string; path: string }[] {
+  const dir = join(SCHEMAS_DIR, 'envelopes');
+  if (!existsSync(dir)) return [];
+  return readdirSync(dir)
+    .filter((f) => f.endsWith('.schema.json'))
+    .map((f) => ({ kind: f.replace(/\.schema\.json$/, ''), path: join(dir, f) }));
+}
+
+describe('envelope-variant-discriminator-static (RFC 0031 §A)', () => {
+  const schemas = listLocalEnvelopeSchemas();
+
+  it('local envelope-schema directory is discoverable', () => {
+    expect(
+      schemas.length,
+      'schemas/envelopes/*.schema.json MUST contain at least the four universal-kind schemas',
+    ).toBeGreaterThanOrEqual(4);
+  });
+
+  for (const { kind, path } of schemas) {
+    it(`${kind}.schema.json MUST NOT contain \`oneOf\` at any nesting depth (Gemini silently drops it)`, () => {
+      const schema = loadSchema(path);
+      const violations: DiscriminatorViolation[] = [];
+      walkForOneOf(schema, '#', violations);
+      expect(
+        violations,
+        `${kind}.schema.json contains \`oneOf\` — REFORMULATE as \`anyOf\` + single-string-enum discriminator per RFC 0031 §A. Violations: ${JSON.stringify(violations, null, 2)}`,
+      ).toEqual([]);
+    });
+
+    it(`${kind}.schema.json: every \`anyOf\` branch declares a single-string-enum discriminator in \`required\``, () => {
+      const schema = loadSchema(path);
+      const violations: DiscriminatorViolation[] = [];
+      walkForAnyOfDiscriminators(schema, '#', violations);
+      expect(
+        violations,
+        `${kind}.schema.json \`anyOf\` discriminator violations: ${JSON.stringify(violations, null, 2)}`,
+      ).toEqual([]);
+    });
+  }
+});

package/src/scenarios/fixtures-valid.test.ts

@@ -16,20 +16,30 @@ import { FIXTURES_DIR, SCHEMAS_DIR } from '../lib/paths.js';
 // checkouts (schemas one level above the conformance package) and the
 // published tarball (schemas vendored at the package root by `prepack`).
 const PACK_MANIFEST_FIXTURES_DIR = join(FIXTURES_DIR, 'pack-manifests');
+const PROMPT_TEMPLATE_FIXTURES_DIR = join(FIXTURES_DIR, 'prompt-templates');
 const SCHEMA_PATH = join(SCHEMAS_DIR, 'workflow-definition.schema.json');
 const PACK_MANIFEST_SCHEMA_PATH = join(SCHEMAS_DIR, 'node-pack-manifest.schema.json');
+const PROMPT_TEMPLATE_SCHEMA_PATH = join(SCHEMAS_DIR, 'prompt-template.schema.json');
 
 describe('fixtures: workflow-definition schema validity', () => {
   const ajv = new Ajv2020({ allErrors: true, strict: false });
   addFormats(ajv);
-  // Pre-load the agent-ref peer schema so cross-schema `$ref` in
-  // workflow-definition (Phase 1 — `WorkflowNode.agent`) resolves.
-  // The relative file-name `agent-ref.schema.json` is how
-  // workflow-definition references it; register under that name so
-  // Ajv's $ref resolver finds it.
-  const agentRefPath = join(SCHEMAS_DIR, 'agent-ref.schema.json');
-  const agentRefSchema = JSON.parse(readFileSync(agentRefPath, 'utf8'));
+  // Pre-load peer schemas that workflow-definition cross-`$ref`s:
+  //   - agent-ref.schema.json — `WorkflowNode.agent` (Phase 1 multi-agent)
+  //   - prompt-ref.schema.json — `WorkflowDefinition.defaults.promptRefs.*`
+  //     (RFC 0029 §B resolution-chain layer 3)
+  //   - prompt-kind.schema.json — transitively referenced by prompt-ref's
+  //     object form when validating PromptRef variants
+  // Register each under both the canonical $id and the relative file
+  // name so Ajv resolves either way the host schema spelled the ref.
+  const agentRefSchema = JSON.parse(readFileSync(join(SCHEMAS_DIR, 'agent-ref.schema.json'), 'utf8'));
+  const promptRefSchema = JSON.parse(readFileSync(join(SCHEMAS_DIR, 'prompt-ref.schema.json'), 'utf8'));
+  const promptKindSchema = JSON.parse(readFileSync(join(SCHEMAS_DIR, 'prompt-kind.schema.json'), 'utf8'));
   ajv.addSchema(agentRefSchema, 'agent-ref.schema.json');
+  ajv.addSchema(promptRefSchema, 'prompt-ref.schema.json');
+  ajv.addSchema(promptRefSchema, './prompt-ref.schema.json');
+  ajv.addSchema(promptKindSchema, 'prompt-kind.schema.json');
+  ajv.addSchema(promptKindSchema, './prompt-kind.schema.json');
   const schema = JSON.parse(readFileSync(SCHEMA_PATH, 'utf8'));
   const validate = ajv.compile(schema);
 
@@ -85,14 +95,19 @@ describe('fixtures: node-pack-manifest schema validity', () => {
   // `private.<host>.*` scope is accepted by the canonical schema).
   const ajv = new Ajv2020({ allErrors: true, strict: false });
   addFormats(ajv);
-  // Pre-load the agent-manifest peer schema so the Phase 2 `agents[]`
-  // $ref in node-pack-manifest resolves under the same name the
-  // manifest schema uses.
-  const agentManifestPath = join(SCHEMAS_DIR, 'agent-manifest.schema.json');
-  ajv.addSchema(
-    JSON.parse(readFileSync(agentManifestPath, 'utf8')),
-    'agent-manifest.schema.json',
-  );
+  // Pre-load peer schemas. agent-manifest references prompt-ref (RFC 0029
+  // §B `AgentManifest.promptOverrides[kind]` + `promptLibraryRef`); prompt-ref
+  // transitively references prompt-kind. Register each under both the
+  // canonical $id and the relative file name so Ajv resolves either way
+  // the consumer schema spelled the ref.
+  const agentManifestSchema = JSON.parse(readFileSync(join(SCHEMAS_DIR, 'agent-manifest.schema.json'), 'utf8'));
+  const promptRefSchema = JSON.parse(readFileSync(join(SCHEMAS_DIR, 'prompt-ref.schema.json'), 'utf8'));
+  const promptKindSchema = JSON.parse(readFileSync(join(SCHEMAS_DIR, 'prompt-kind.schema.json'), 'utf8'));
+  ajv.addSchema(agentManifestSchema, 'agent-manifest.schema.json');
+  ajv.addSchema(promptRefSchema, 'prompt-ref.schema.json');
+  ajv.addSchema(promptRefSchema, './prompt-ref.schema.json');
+  ajv.addSchema(promptKindSchema, 'prompt-kind.schema.json');
+  ajv.addSchema(promptKindSchema, './prompt-kind.schema.json');
   const schema = JSON.parse(readFileSync(PACK_MANIFEST_SCHEMA_PATH, 'utf8'));
   const validate = ajv.compile(schema);
 
@@ -138,3 +153,96 @@ describe('fixtures: node-pack-manifest schema validity', () => {
     ).toBeGreaterThan(0);
   });
 });
+
+describe('fixtures: prompt-template schema validity', () => {
+  // PromptTemplate fixtures live in `fixtures/prompt-templates/` per
+  // RFC 0027 §A. Like pack manifests, they're schema-level proof points,
+  // not seeded into a workflow store. They exist so the conformance
+  // suite has canonical positive fixtures for the prompt-template-shape
+  // scenario, and so future RFCs (0028 prompt packs, 0029 resolution
+  // chain) can reference a stable fixture set.
+  const ajv = new Ajv2020({ allErrors: true, strict: false });
+  addFormats(ajv);
+  // Pre-load prompt-kind so the cross-schema `$ref` in
+  // prompt-template.schema.json resolves. The template references
+  // prompt-kind via `./prompt-kind.schema.json` (relative URI; see
+  // RFC 0027 commit notes for the redocly compatibility rationale).
+  // Register under both the canonical `$id` and the relative form so
+  // Ajv resolves either way.
+  const promptKindPath = join(SCHEMAS_DIR, 'prompt-kind.schema.json');
+  const promptKindSchema = JSON.parse(readFileSync(promptKindPath, 'utf8'));
+  ajv.addSchema(promptKindSchema, 'prompt-kind.schema.json');
+  ajv.addSchema(promptKindSchema, './prompt-kind.schema.json');
+  const schema = JSON.parse(readFileSync(PROMPT_TEMPLATE_SCHEMA_PATH, 'utf8'));
+  const validate = ajv.compile(schema);
+
+  const files = readdirSync(PROMPT_TEMPLATE_FIXTURES_DIR)
+    .filter((f) => f.endsWith('.json'))
+    .sort();
+
+  it('finds at least one prompt-template fixture', () => {
+    expect(
+      files.length,
+      'Expected at least one PromptTemplate fixture under fixtures/prompt-templates/',
+    ).toBeGreaterThan(0);
+  });
+
+  for (const file of files) {
+    it(`prompt-templates/${file} validates against prompt-template.schema.json`, () => {
+      const data = JSON.parse(
+        readFileSync(join(PROMPT_TEMPLATE_FIXTURES_DIR, file), 'utf8'),
+      );
+      const ok = validate(data);
+      const errors = (validate.errors ?? [])
+        .map((e: ErrorObject) => `${e.instancePath || '/'}: ${e.message}`)
+        .join('\n');
+      expect(
+        ok,
+        `Fixture prompt-templates/${file} fails prompt-template schema:\n${errors}`,
+      ).toBe(true);
+    });
+  }
+
+  it('every fixture templateId matches its filename', () => {
+    // Filename convention: `<templateId-dot-form-with-dots-as-dashes>.json`.
+    // The fixture set uses dot-prefixed templateIds (e.g.,
+    // `conformance.prompt.writer-system`) which map directly to filenames
+    // with dots preserved (`conformance-prompt-writer-system.json`). The
+    // file→id mapping is loose (the suite doesn't enforce it) but we
+    // assert templateId presence so each fixture is self-describing.
+    for (const file of files) {
+      const data = JSON.parse(
+        readFileSync(join(PROMPT_TEMPLATE_FIXTURES_DIR, file), 'utf8'),
+      ) as { templateId: string };
+      expect(
+        typeof data.templateId,
+        `Fixture prompt-templates/${file} MUST declare a templateId`,
+      ).toBe('string');
+      expect(data.templateId.length).toBeGreaterThan(0);
+    }
+  });
+
+  it('every secret-source variable lives in a fixture tagged for the secret-redaction scenario', () => {
+    // SECURITY regression pin: a fixture that declares a `secret`-source
+    // variable but isn't visible to the prompt-composed-secret-redaction
+    // scenario could mask a redaction failure. We require every
+    // fixture carrying secret-source variables to advertise the
+    // `secret-redaction` tag so the scenario discovers it.
+    for (const file of files) {
+      const data = JSON.parse(
+        readFileSync(join(PROMPT_TEMPLATE_FIXTURES_DIR, file), 'utf8'),
+      ) as {
+        templateId: string;
+        variables?: Array<{ name: string; source?: string }>;
+        tags?: string[];
+      };
+      const hasSecretSource = (data.variables ?? []).some((v) => v.source === 'secret');
+      if (hasSecretSource) {
+        expect(
+          (data.tags ?? []).includes('secret-redaction'),
+          `Fixture prompt-templates/${file} declares a secret-source variable but lacks the 'secret-redaction' tag`,
+        ).toBe(true);
+      }
+    }
+  });
+});

package/src/scenarios/kv-ttl-expiry.test.ts

@@ -1,12 +1,12 @@
 /**
- * kv-ttl-expiry — RFC 0015 advertisement-shape verification + behavioral placeholders.
+ * kv-ttl-expiry — RFC 0015 advertisement-shape verification + behavioral roundtrip.
  *
- * Status: ACTIVE (advertisement-shape). RFC 0015 promoted to `Active`
- * 2026-05-17. The matching `capabilities.kvStorage` block has landed in
- * `schemas/capabilities.schema.json`. This scenario asserts the advertisement
- * shape against any host that boots the conformance suite, and keeps the
- * deeper behavioral assertions as `it.todo()` until a reference host wires
- * a test seam.
+ * Status: ACTIVE (advertisement-shape + behavioral). RFC 0015 promoted to
+ * `Active` 2026-05-17. The matching `capabilities.kvStorage` block has
+ * landed in `schemas/capabilities.schema.json`. This scenario asserts the
+ * advertisement shape against any host that boots the conformance suite, and
+ * exercises the behavioral surface through the `/v1/host/sample/test/surface`
+ * seam (soft-skip with HTTP 404 on hosts that don't expose it).
  *
  * Summary: TTL honored with at most a 1-second drift on expiry visibility.
  *