@openwop/openwop-conformance 1.37.0 → 1.43.0

package/schemas/README.md

@@ -32,6 +32,7 @@
 | `envelopes/media.audio.schema.json` | `ai-envelope.md` §"Media reference payloads" | RFC 0055 §C — optional `media.audio` payload; URL ref or inline base64 + optional `durationSeconds`. |
 | `envelopes/media.file.schema.json` | `ai-envelope.md` §"Media reference payloads" | RFC 0055 §C — optional `media.file` payload; downloadable asset by URL ref or inline base64 + optional `name`. |
 | `envelopes/ui.a2ui-surface.schema.json` | `ai-envelope.md` §"A2UI surfaces" | RFC 0102 — optional, advertised `ui.a2ui-surface` payload; closed A2UI component tree (`anyOf` + single-string-enum discriminator) + host-enumerated `catalogVersion`. Core `ui.*` content-primitive family beside `media.*`. |
+| `a2ui-surface-delta-frame.schema.json` | `ai-envelope.md` §"Delta transport" + `stream-modes.md` | RFC 0114 (`Active`) — host-side TRANSPORT frame (`{ surfaceRef, catalogVersion, patch[] }`) carrying an RFC 6902 (JSON-Patch) delta over a recorded `ui.a2ui-surface` envelope; stream-only (`?a2uiDelta=1`), NOT a recorded shape (the envelope stays full). Op enum excludes `test`. Consumer re-validates the post-patch surface against the closed catalog fail-closed. |
 | `annotation.schema.json` | `RFCS/0056` + `observability.md` | RFC 0056 (`Draft`) — a non-blocking human/agent quality signal (rating / correction / label / flag) attached to a run, event, or node. A side-resource (not a replayable run-event-log entry); response of `POST/GET /v1/runs/{runId}/annotations` + payload of the `run.annotated` SSE notification. |
 | `annotation-create.schema.json` | `RFCS/0056` | RFC 0056 (`Draft`) — request body for `POST /v1/runs/{runId}/annotations` (host assigns `annotationId`/`createdAt`/`actor`; binds `target.runId` to the path). |
 | `heartbeat-evaluated.schema.json` | `RFCS/0060` + `host-capabilities.md` | RFC 0060 (`Active`) — payload of the heartbeat-scoped `heartbeat.evaluated` AsyncAPI event (`{ heartbeatId, status, changed }`); emitted every tick by a host advertising `capabilities.heartbeat`. Not a run-event-log entry. |
@@ -39,6 +40,7 @@
 | `audit-verify-result.schema.json` | `auth-profiles.md` §`openwop-audit-log-integrity` | Response payload from `GET /v1/audit/verify` — chain-validity verdict + checkpoints + anomalies |
 | `capabilities.schema.json` | `capabilities.md` | `/.well-known/openwop` response — protocolVersion + supportedEnvelopes + schemaVersions + limits + optional v1 discovery surface |
 | `channel-written-payload.schema.json` | `channels-and-reducers.md` §Channel write event | Payload of the `channel.written` RunEvent — write input + reducer name |
+| `channel-presence-payload.schema.json` | RFC 0110 | Payload of the OPTIONAL `channel.presence` RunEvent — ephemeral channel presence (online + typing), membership-gated, non-persisted |
 | `chat-card-pack-manifest.schema.json` | `chat-card-packs.md` + RFC 0071 | DRAFT — manifest for `kind: "card"` registry packs (RFC 0071 Phase 2). Peer to the node/workflow-chain/prompt/artifact-type pack manifests; disjoint via the `kind` discriminator. Distributes AI chat cards: a prompt template + typed input subset bound to a typed `outputArtifactType`. |
 | `connection-pack-manifest.schema.json` | `connection-packs.md` + RFC 0095 | DRAFT — manifest for `kind: "connection"` registry packs (RFC 0095). Peer to the node/workflow-chain/prompt/artifact-type/chat-card pack manifests; disjoint via the `kind` discriminator. Distributes a portable provider definition — auth endpoints, read/write scope groups, exactly-one reach (`mcp`/`openapi`/`integration`) — that the RFC 0045/0047 `provider` string resolves against. Carries NO credential material (`connection-pack-no-credential-material`). |
 | `conformance-certification-bundle.schema.json` | `conformance-certification.md` + RFC 0089 | DRAFT — machine-readable attestation binding a host's claimed profiles to the reproducible run that substantiates them (suite version + per-scenario pass list + host identity/commit + captured discovery document). Out-of-band; a consumer re-derives each claim via the §B binding rule. |
@@ -74,6 +76,7 @@
 | `a2a-task-state.schema.json` | `a2a-integration.md` §"Async / durable Tasks" (RFC 0100) | The durable, persisted projection of an A2A `Task` an OpenWOP host keeps per backing run when `a2a.durableTasks: true` — `taskId == runId`, lowercase-hyphen `state`, `interruptKind`, optional SSRF-guarded `PushConfig`. Content-free of run inputs/outputs/artifacts (SR-1 / `a2a-push-egress-ssrf`). |
 | `budget-policy.schema.json` | `budget-policy.md` (RFC 0084) | The reserved `budget` run-options shape — `maxTokens`/`maxCostUsd`/`maxToolCalls`/`maxRetries`/`modelAllow[]`/`modelDeny[]`/`thresholdPercent`/`onExhaustion`. Enforceable per-run spend governance; wall-time/iterations delegated to RFC 0058 (`additionalProperties:false`). Content-free events; no pricing on the wire (`budget-no-pricing-leak`). |
 | `tool-descriptor.schema.json` | `tool-catalog.md` (RFC 0078) | Portable read-only description of one tool unifying the five tool surfaces (node-pack/workflow/mcp/connector/host-extension) — stable `toolId`, source, I/O schemas, auth/egress/approval requirements, replay policy, and `safetyTier` (`exec` ⇒ `host-extension`, RFC 0069). Returned by `GET /v1/tools`; secret-free (SR-1). |
+| `compact-tool-descriptor.schema.json` | `tool-catalog.md` §compact (RFC 0112) | Lossy model-facing projection of `ToolDescriptor` returned by `GET /v1/tools?view=compact` (`{ tools: [] }` envelope) when the host advertises `toolCatalog.compactView`. Keeps `toolId`/`source`/`safetyTier` (+ optional `title`/`description`/`inputSchema`), drops the heavy fields, and bounds any `inputSchema` to a self-contained structural subset (top-level object; no `$ref`/`oneOf`/`allOf`/`anyOf`/`not`/`patternProperties`/`dependentSchemas`). Secret-free (SR-1); `exec` ⇒ `host-extension`. |
 | `suspend-request.schema.json` | `interrupt.md` | `InterruptPayload` with 8 `kind` discriminators (approval, clarification, external-event, custom, conversation.start, conversation.exchange, conversation.close, low-confidence) |
 | `workflow-chain-pack-manifest.schema.json` | `workflow-chain-packs.md` + RFC 0013 | Manifest for workflow-chain packs (`kind: "workflow-chain"`) — pre-configured DAG fragments expanded inline at workflow-author time. Peer to `node-pack-manifest.schema.json`; disjoint via the `kind` discriminator. |
 | `workflow-definition.schema.json` | `channels-and-reducers.md` + `node-packs.md` | DAG of nodes + edges + triggers + variables + channels |

package/schemas/a2ui-surface-delta-frame.schema.json

@@ -0,0 +1,48 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/a2ui-surface-delta-frame.schema.json",
+  "title": "A2uiSurfaceDeltaFrame",
+  "description": "RFC 0114. A HOST-SIDE TRANSPORT frame carrying an RFC 6902 (JSON-Patch) delta over a recorded `ui.a2ui-surface` envelope (RFC 0102). Delivered ONLY over the run event stream (`GET /v1/runs/{runId}/events`) to a subscriber that negotiated `?a2uiDelta=1`; every other consumer (the event-log read, replay, `:fork`, any non-negotiating subscriber) receives the materialized FULL surface. This is NOT a recorded-envelope shape: the canonical `ui.a2ui-surface.schema.json` envelope is UNCHANGED and always full. The consumer applies the `patch` to the surface last delivered under `surfaceRef`, then re-validates the result against the closed `catalogVersion` catalog before render (the same fail-closed validation a full surface receives, RFC 0102 §1); on ANY apply/validation failure it falls back to store-without-render and the host re-materializes the full surface.",
+  "type": "object",
+  "required": ["surfaceRef", "catalogVersion", "patch"],
+  "additionalProperties": false,
+  "properties": {
+    "surfaceRef": {
+      "type": "string",
+      "description": "REQUIRED — the recorded `ui.a2ui-surface` envelope id this delta patches. The consumer applies `patch` to the surface last delivered under this ref.",
+      "minLength": 1
+    },
+    "catalogVersion": {
+      "type": "string",
+      "description": "REQUIRED — the A2UI catalog version. MUST equal the referenced full surface's `catalogVersion`; a catalog-version change MUST start from a fresh full surface, never a delta.",
+      "minLength": 1
+    },
+    "patch": {
+      "type": "array",
+      "minItems": 1,
+      "description": "REQUIRED — a non-empty RFC 6902 (JSON-Patch) document applied over the surface last delivered under `surfaceRef`. The `test` op is EXCLUDED (a fire-and-forget transport frame cannot act on a failed conditional); `move`/`copy` are permitted but OPTIONAL to support.",
+      "items": {
+        "type": "object",
+        "required": ["op", "path"],
+        "additionalProperties": false,
+        "properties": {
+          "op": {
+            "enum": ["add", "remove", "replace", "move", "copy"],
+            "description": "RFC 6902 operation. `test` is deliberately excluded."
+          },
+          "path": {
+            "type": "string",
+            "description": "RFC 6901 JSON-Pointer into the target surface."
+          },
+          "from": {
+            "type": "string",
+            "description": "RFC 6901 JSON-Pointer source for `move`/`copy`."
+          },
+          "value": {
+            "description": "The value for `add`/`replace`. Walked by the SR-1 redaction harness exactly like a full-surface value (RFC 0114)."
+          }
+        }
+      }
+    }
+  }
+}

package/schemas/capabilities.schema.json

@@ -583,6 +583,30 @@
         }
       }
     },
+    "conversationTurnModelProvenance": {
+      "type": "object",
+      "description": "RFC 0109 — Conversation-turn model provenance. When advertised with `supported: true`, the host stamps the OPTIONAL `agent.model` object (`{ provider, model }`) on `role: 'agent'` conversation turns (`conversation-turn.schema.json`), recording which model produced the turn. The stamp is NON-SECRET + NON-PII (`additionalProperties: false` on `agent.model` forbids any credential/endpoint/prompt — the SR-1 guard) and is read VERBATIM on `:fork` (never re-resolved, so a forked transcript preserves the original provenance). Absent block ⇒ no advertisement: the host omits `agent.model` and treats it as an opaque, unenforced field. Advertising `supported: true` without stamping is a dishonest wire claim (`OPENWOP_REQUIRE_BEHAVIOR=true` fails the gated scenario). Additive over RFC 0005 — extends the conversation primitive, does not replace it.",
+      "required": ["supported"],
+      "additionalProperties": false,
+      "properties": {
+        "supported": {
+          "type": "boolean",
+          "description": "RFC 0109. Host stamps `agent.model` ({ provider, model }) on `role: 'agent'` conversation turns. When `false` or absent, the RFC 0109 conformance scenario soft-skips and the host emits no model provenance."
+        }
+      }
+    },
+    "channelPresence": {
+      "type": "object",
+      "description": "RFC 0110 — Channel presence (online + typing). When advertised with `supported: true`, the host emits the OPTIONAL `channel.presence` RunEvent (`channel-presence-payload.schema.json`) for a `type:'channel'` conversation, carrying the currently-present member subject refs + optional per-member typing. Presence is EPHEMERAL live state: the host MUST NOT persist it to the replayable event log / transcript and it MUST NOT affect replay or `:fork` (the load-bearing distinction from the persisted `conversation.exchanged` turn). Membership-gated: every ref MUST be a current participant and the event MUST NOT be delivered to a non-member (DEFAULT-DENY, CTI-1). NON-PII (opaque RFC 0041 subject refs only). Absent block ⇒ no advertisement: the host emits no presence. Advertising `supported: true` without emitting is a dishonest wire claim (`OPENWOP_REQUIRE_BEHAVIOR=true` fails the gated scenario). Additive over RFC 0005.",
+      "required": ["supported"],
+      "additionalProperties": false,
+      "properties": {
+        "supported": {
+          "type": "boolean",
+          "description": "RFC 0110. Host emits the ephemeral `channel.presence` RunEvent for channel conversations. When `false` or absent, the RFC 0110 conformance scenario soft-skips and the host emits no presence."
+        }
+      }
+    },
     "multiAgent": {
       "type": "object",
       "description": "RFC 0037 — Multi-agent execution model + handoff state machine. Hosts that advertise implement the supervisor→dispatch→harvest loop + the 4-state handoff state machine + the `core.workflowChain.event` emission contract per spec/v1/multi-agent-execution.md. Absent block = host implements RFCs 0006/0007/0022 individually with implementation flexibility on integration semantics; conformance scenarios gating on this flag soft-skip on absence.",
@@ -705,6 +729,47 @@
               "type": "integer",
               "minimum": 1,
               "description": "RFC 0061 (`version >= 5`). Host-advertised count of recent event-log entries the host feeds each orchestrator turn as the iteration's transcript input (§C input 3). Advertise-and-honor; not a fixed wire constant. Absent ⇒ the host does not bound the transcript window on the wire."
+            },
+            "contextBudget": {
+              "type": "object",
+              "description": "RFC 0111 (`Active`, `version >= 5`). Opt-in, token-denominated bound on the orchestrator transcript the host feeds each iteration, plus a declared summarization contract for turns evicted beyond that budget. SCOPE: governs the RFC 0061 per-iteration ORCHESTRATOR-LOOP transcript (`multi-agent-execution.md` §\"Per-iteration state inputs\" input 3 — the same transcript `transcriptWindow` bounds), NOT a general chat-conversation history. A host whose orchestrator loop does not run real model turns (e.g. a mock supervisor) MUST NOT advertise this block, exactly as it MUST NOT dishonestly advertise `transcriptWindow`. Budget-only advertisement (`transcriptTokenBudget` + `tokenCounter` WITHOUT `summarization.supported`) is valid for a host that HAS a real orchestrator loop but does not summarize. Purely additive: a host that omits this block behaves exactly as today, including `transcriptWindow`'s `absent ⇒ unbounded` default (NOT flipped by this RFC). Complements (does not replace) the event-count `transcriptWindow`; when both bound a turn the host MUST honor whichever is tighter. Summarization here is a NONDETERMINISTIC host output governed exactly like an RFC 0041 envelope: each substitution MUST be recorded as a `context.summarized` event whose `summaryRef` artifact replay reuses (never re-summarizes) per `multi-agent-execution.md` §\"Context economy (RFC 0111)\".",
+              "additionalProperties": false,
+              "properties": {
+                "transcriptTokenBudget": {
+                  "type": "integer",
+                  "minimum": 1,
+                  "description": "RFC 0111. Max tokens of transcript the host feeds any single orchestrator turn, measured in the unit named by `tokenCounter`. Advertise-and-honor; complements (does not replace) `transcriptWindow`. When both are present the host MUST honor whichever bound is tighter for a given turn. Absent ⇒ no token bound on the transcript (only the event-count `transcriptWindow`, if any, applies)."
+                },
+                "tokenCounter": {
+                  "type": "string",
+                  "enum": ["o200k_base", "cl100k_base", "chars", "host-defined"],
+                  "description": "RFC 0111. The unit `transcriptTokenBudget` is denominated in, so the bound is interpretable across hosts. REQUIRED when `transcriptTokenBudget` is present (enforced via the `if/then` clause). `o200k_base`/`cl100k_base` are tokenizer encodings; `chars` counts UTF-8/Unicode characters (a tokenizer-free unit a client can reason about directly); `host-defined` is an opaque host unit. Same enum as RFC 0113 `memory.injectionBudget.tokenCounter` — transcript (0111) and memory (0113) budgets denominate in one consistent vocabulary; no shared `$ref` (decoupled)."
+                },
+                "summarization": {
+                  "type": "object",
+                  "additionalProperties": false,
+                  "required": ["supported"],
+                  "description": "RFC 0111. Declared contract for turns evicted beyond `transcriptTokenBudget`. When `supported: true`, the host MAY replace older in-window turns with a host-produced summary; it MUST keep the most recent `keepLastTurns` turns verbatim and MUST NOT summarize the active (most recent) turn. Each substitution MUST be recorded as a `context.summarized` event and is replay-governed under RFC 0041 (replay reuses the recorded `summaryRef`, never re-summarizes).",
+                  "properties": {
+                    "supported": {
+                      "type": "boolean",
+                      "description": "REQUIRED when the sub-block is present. When `true`, the host implements the RFC 0111 declared-summarization contract; conformance scenario `context-summarization-replay` gates on this flag and soft-skips when absent/false."
+                    },
+                    "strategy": {
+                      "type": "string",
+                      "enum": ["sliding-window", "recursive", "map-reduce"],
+                      "description": "RFC 0111. Informational descriptor of the host's summarization strategy. `sliding-window` keeps a recent verbatim tail and summarizes the prefix; `recursive` folds prior summaries into new ones; `map-reduce` summarizes chunks then combines. Does not change the replay-determinism contract — all strategies record `context.summarized` and reuse `summaryRef` on replay."
+                    },
+                    "keepLastTurns": {
+                      "type": "integer",
+                      "minimum": 0,
+                      "description": "RFC 0111. Number of most-recent turns kept verbatim at the head of the window; older in-window turns MAY be replaced by a summary. The active (most recent) turn MUST NOT be summarized regardless of this value. Absent ⇒ host-defined verbatim floor."
+                    }
+                  }
+                }
+              },
+              "if": { "required": ["transcriptTokenBudget"] },
+              "then": { "required": ["transcriptTokenBudget", "tokenCounter"] }
             }
           }
         }
@@ -856,6 +921,24 @@
             "turnDetection": ["transcription"],
             "bargeIn": ["transcription"]
           }
+        },
+        "promptPrefixCache": {
+          "type": "object",
+          "additionalProperties": false,
+          "description": "RFC 0116. Host honors the AI-envelope `generate` request's optional `cachePrefixId` as a provider-cache routing hint — tenant-namespaced (SECURITY invariant `prompt-prefix-cache-cross-tenant-isolation`), secret-free, and replay-invariant (a cache hit/miss MUST NOT change the recorded envelope or `provider.usage.inputTokens`/`outputTokens`). Absent ⇒ a host MUST ignore `cachePrefixId` (no error, no behavior change). PROVIDER-SCOPED: prefix caching is provider-specific (e.g. Anthropic ephemeral), so this is NOT a universal claim — see `providers`.",
+          "properties": {
+            "supported": {
+              "type": "boolean",
+              "description": "Whether the host honors `cachePrefixId` as a provider-cache routing hint."
+            },
+            "providers": {
+              "type": "array",
+              "items": { "type": "string", "minLength": 1 },
+              "uniqueItems": true,
+              "description": "RFC 0116. The subset of `aiProviders.supported[]` for which the host honors `cachePrefixId` (prefix caching is provider-specific). A request whose routed provider is NOT in this list MUST have `cachePrefixId` ignored. Absent ⇒ host-defined per-provider routing; NOT a universal claim across providers."
+            }
+          },
+          "required": ["supported"]
         }
       },
       "additionalProperties": false,
@@ -1341,6 +1424,22 @@
             "ttl": { "type": "boolean", "description": "When `true`, memory entries expire per `expiresAt` (the `ttlSupported` semantics surfaced as a named retention dimension)." },
             "forget": { "type": "boolean", "description": "When `true`, the host supports a tenant-scoped delete-by-subject forget operation (composes the CTI-1 cross-tenant invariant — a forget MUST NOT cross tenant boundaries)." }
           }
+        },
+        "injectionBudget": {
+          "type": "object",
+          "description": "RFC 0113 (`Active`). The host honors `MemoryListOptions.tokenBudget` — a token-denominated bound on a single injection read (the live read that feeds a turn), distinct from RFC 0062 distillation's background-compaction budget. Advertising it commits the host to return a token-bounded prefix of the ranked entry list (over-budget single entry omitted, never truncated mid-entry) over the SR-1-redacted, CTI-1-single-tenant result set. Relevance ranking is NOT advertised here — `rank:'relevance'` delegates to the existing `memory.search` semantic mode (RFC 0080), so there is exactly one relevance surface in the corpus. Hosts that omit this block do not honor `tokenBudget` (a supplied `tokenBudget` is ignored, today's `limit`/`tag` behavior).",
+          "additionalProperties": false,
+          "required": ["supported"],
+          "properties": {
+            "supported": { "type": "boolean", "description": "REQUIRED when the sub-block is present. When `true`, the host honors `MemoryListOptions.tokenBudget` per `agent-memory.md` §\"Injection budget\"." },
+            "tokenCounter": {
+              "type": "string",
+              "enum": ["o200k_base", "cl100k_base", "chars", "host-defined"],
+              "description": "The unit `tokenBudget` is denominated in. REQUIRED when `injectionBudget.supported` (enforced via the `if/then` clause). `o200k_base`/`cl100k_base` are tokenizer encodings; `chars` counts UTF-8/Unicode characters of the entry `content` (a tokenizer-free unit a client can reason about directly — preferred over opaque `host-defined`); `host-defined` is an opaque host unit. The over-budget-single-entry-omitted rule applies regardless of unit. RFC 0111 aligns to these same values when it lands (0113 lands first); no shared `$ref` (decoupled)."
+            }
+          },
+          "if": { "properties": { "supported": { "const": true } }, "required": ["supported"] },
+          "then": { "required": ["supported", "tokenCounter"] }
         }
       },
       "additionalProperties": true
@@ -1508,7 +1607,8 @@
           "items": { "type": "string", "enum": ["node-pack", "workflow", "mcp", "connector", "host-extension"] },
           "description": "Which tool sources the catalog projects. A host advertises only the sources it actually surfaces; a consumer MUST tolerate any subset. Absent ⇒ all sources the host implements."
         },
-        "sessionLifecycle": { "type": "boolean", "description": "`true` ⇒ the host emits the RFC 0078 §D tool-session lifecycle events (`tool.session.opened`/`tool.session.closed`, content-free) bracketing the existing RFC 0064 `agent.toolCalled`/`agent.toolReturned` call events for multi-step interactions. Absent ⇒ `false` (single-shot tool calls only)." }
+        "sessionLifecycle": { "type": "boolean", "description": "`true` ⇒ the host emits the RFC 0078 §D tool-session lifecycle events (`tool.session.opened`/`tool.session.closed`, content-free) bracketing the existing RFC 0064 `agent.toolCalled`/`agent.toolReturned` call events for multi-step interactions. Absent ⇒ `false` (single-shot tool calls only)." },
+        "compactView": { "type": "boolean", "description": "RFC 0112. `true` ⇒ the host honors `GET /v1/tools?view=compact` + `GET /v1/tools/{toolId}?view=compact`, returning the `{ tools: CompactToolDescriptor[] }` projection (`compact-tool-descriptor.schema.json`): the heavy descriptor fields (`outputSchema`/`auth`/`egress`/`approval`/`replayPolicy`/`costHint`/`latencyHint`) are dropped and any `inputSchema` is bounded to the compact structural subset. The compact `tools[]` carries the same `toolId` set as the standard view for the same principal. Absent ⇒ the host treats `view=compact` as an unknown query param (standard view)." }
       }
     },
     "httpClient": {
@@ -2197,6 +2297,33 @@
           }
         }
       }
+    },
+    "restTransport": {
+      "type": "object",
+      "additionalProperties": false,
+      "description": "RFC 0115 (`Active`). Conditional-GET + Content-Encoding negotiation on run reads (`GET /v1/runs/{runId}`). Optional. Distinct from the file-egress `fileHandling.transport` (ftp/sftp/ssh) sub-capability — this advertises HTTP-layer poll economy on the run-read REST surface.",
+      "properties": {
+        "conditionalRunGet": {
+          "type": "boolean",
+          "description": "RFC 0115. Host emits a strong, event-log-sequence-derived `ETag` on `GET /v1/runs/{runId}` and honors `If-None-Match` with a `304 Not Modified` (empty body) when the validator matches the current state version."
+        },
+        "contentEncodings": {
+          "type": "array",
+          "items": { "type": "string", "enum": ["gzip", "br", "zstd"] },
+          "description": "RFC 0115. Content-Encoding values the host will negotiate on run reads (advertisement of standard-HTTP behavior). `gzip` is the baseline; `br`/`zstd` are OPTIONAL — the host advertises only the subset it can actually serve. For each advertised value the decoded body MUST be byte-identical to the identity body."
+        }
+      }
+    },
+    "a2uiSurface": {
+      "type": "object",
+      "additionalProperties": false,
+      "description": "RFC 0114 (`Active`). Host-side TRANSPORT features over the recorded `ui.a2ui-surface` envelope (RFC 0102). A transport optimization, NOT an envelope-payload kind — the recorded envelope stays the full surface. Optional.",
+      "properties": {
+        "deltaTransport": {
+          "type": "boolean",
+          "description": "RFC 0114. Host delivers RFC 6902 (`a2ui-surface-delta-frame.schema.json`) delta frames over the run event stream to subscribers that negotiate `?a2uiDelta=1`; the full surface is materialized for everyone else, the event-log read, and replay. The recorded `ui.a2ui-surface` envelope stays full. The consumer re-validates the post-patch surface against the closed `catalogVersion` catalog before render and falls back fail-closed on any apply/validation failure (the host then re-materializes full)."
+        }
+      }
     }
   },
   "additionalProperties": true

package/schemas/channel-presence-payload.schema.json

@@ -0,0 +1,41 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/channel-presence-payload.schema.json",
+  "title": "ChannelPresencePayload",
+  "description": "Payload of the OPTIONAL `channel.presence` RunEvent (RFC 0110). EPHEMERAL live presence for a `type:'channel'` conversation — who is currently present + (optionally) who is typing. A host MUST NOT persist this event to the replayable event log / transcript, and it MUST NOT affect replay or `:fork` determinism (presence is live state, the load-bearing distinction from the persisted `conversation.exchanged` turn — see replay.md). Membership-gated: every ref MUST be a current channel participant and the event MUST NOT be delivered to a non-member (the same DEFAULT-DENY visibility as the channel's messages; cross-tenant delivery is forbidden, CTI-1). NON-PII: subject refs are the opaque RFC 0041 vocabulary only — no IP/location/device. A host MAY emit; if it advertises `channelPresence.supported` it MUST. Gated on `channelPresence.supported` (capabilities.schema.json). See RFC 0110.",
+  "type": "object",
+  "required": ["conversationId", "present"],
+  "additionalProperties": false,
+  "properties": {
+    "conversationId": {
+      "type": "string",
+      "description": "The `type:'channel'` conversation this presence is for.",
+      "minLength": 1,
+      "maxLength": 256
+    },
+    "present": {
+      "type": "array",
+      "description": "Subject refs (RFC 0041 vocabulary `user:<id>` / `agent:<id>` — opaque, non-PII) of members CURRENTLY present in the channel. MUST be a subset of the channel's current participants; a non-member MUST NOT appear.",
+      "items": { "type": "string", "minLength": 1, "maxLength": 256 }
+    },
+    "typing": {
+      "type": "array",
+      "description": "OPTIONAL subset of `present` that is currently typing. Boolean-by-presence: a ref appears iff that member is typing. No payload beyond the subject refs (no free text, no PII).",
+      "items": { "type": "string", "minLength": 1, "maxLength": 256 }
+    }
+  },
+  "examples": [
+    {
+      "$comment": "RFC 0110 POSITIVE — two members present in a channel, one typing.",
+      "conversationId": "chan-eng",
+      "present": ["user:alice", "agent:iris"],
+      "typing": ["user:alice"]
+    },
+    {
+      "$comment": "RFC 0110 POSITIVE — typing is OPTIONAL; a presence snapshot with no one typing.",
+      "conversationId": "chan-eng",
+      "present": ["user:alice"]
+    }
+  ],
+  "$comment": "RFC 0110 NEGATIVE (not validatable as an examples[] entry, which must be VALID): a payload carrying any field beyond conversationId/present/typing (e.g. `ip`, `location`) MUST FAIL validation via `additionalProperties: false` — the no-PII guard; see conformance/src/scenarios/channel-presence-shape.test.ts."
+}

package/schemas/compact-tool-descriptor.schema.json

@@ -0,0 +1,51 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/compact-tool-descriptor.schema.json",
+  "title": "CompactToolDescriptor",
+  "description": "RFC 0112. A lossy, model-facing projection of `ToolDescriptor` (tool-descriptor.schema.json) returned by `GET /v1/tools?view=compact` + `GET /v1/tools/{toolId}?view=compact` when the host advertises `capabilities.toolCatalog.compactView: true`. Heavy descriptive fields (`outputSchema`, `auth`, `egress`, `approval`, `replayPolicy`, `costHint`, `latencyHint`) are dropped, and any `inputSchema` is bounded to the self-contained compact structural subset (top-level `type: \"object\"` with `properties`; no `$ref`/`oneOf`/`allOf`/`anyOf`/`not`/`patternProperties`/`dependentSchemas`). The subset is the stable structural core of RFC 0030 Tier-1, cited as rationale but pinned HERE so conformance is machine-checkable and immune to that informative table's drift. Like the full descriptor, a CompactToolDescriptor never carries credential material (SR-1) and is not an invocation path.",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["toolId", "source", "safetyTier"],
+  "properties": {
+    "toolId": {
+      "type": "string",
+      "minLength": 1,
+      "description": "Unchanged from ToolDescriptor. Stable, host-unique tool identifier in the `<scope>:<tool-id>` form; MUST be stable across catalog reads for a given host version (tool-catalog.md §C MUST 3). The compact `tools[]` MUST carry the same `toolId` set as the standard view for the same principal (projection completeness)."
+    },
+    "source": {
+      "type": "string",
+      "enum": ["node-pack", "workflow", "mcp", "connector", "host-extension"],
+      "description": "Retained from ToolDescriptor so the `safetyTier: \"exec\" ⇒ source: \"host-extension\"` cross-field MUST (RFC 0069) stays expressible. Which surface backs the tool: `node-pack`/`workflow`/`mcp`/`connector`/`host-extension`."
+    },
+    "safetyTier": {
+      "type": "string",
+      "enum": ["pure", "read", "write", "exec"],
+      "description": "REQUIRED. The tool's DATA-EFFECT classification (`pure`/`read`/`write`/`exec`); per RFC 0069 an `exec` tool MUST be `source: \"host-extension\"`. Host-assigned, not derivable from a permission/approval/risk tier."
+    },
+    "title": { "type": "string", "description": "MAY — short human-readable label for a model-facing tool picker." },
+    "description": {
+      "type": "string",
+      "description": "MAY — one-line summary; the host SHOULD truncate to a model-facing summary in the compact view."
+    },
+    "inputSchema": {
+      "type": "object",
+      "description": "MAY — the tool's argument schema bounded to the compact structural subset (RFC 0112). When present it MUST have top-level `type: \"object\"` with an explicit `properties` map, and MUST NOT use `$ref`, `oneOf`, `allOf`, `anyOf`, `not`, `patternProperties`, or `dependentSchemas` AT ANY NESTING DEPTH (including inside nested property schemas). Absent ⇒ opaque/host-interpreted args. NOTE: the `propertyNames` clause below is a TOP-LEVEL structural floor only; the total any-depth constraint is enforced by the RFC 0112 conformance scenario (a schema-aware recursive walk), since pure JSON Schema cannot express it without recursion gymnastics.",
+      "required": ["type", "properties"],
+      "properties": {
+        "type": { "const": "object", "description": "Top-level MUST be `\"object\"`." },
+        "properties": { "type": "object", "description": "The argument property map (MUST be present)." }
+      },
+      "propertyNames": {
+        "$comment": "RFC 0112 compact structural subset (TOP-LEVEL FLOOR): forbid the heavy/non-portable keywords as top-level inputSchema keys. The total any-depth constraint is enforced by conformance.",
+        "not": { "enum": ["$ref", "oneOf", "allOf", "anyOf", "not", "patternProperties", "dependentSchemas"] }
+      }
+    }
+  },
+  "allOf": [
+    {
+      "$comment": "RFC 0069 / tool-catalog.md §C-1: an exec-tier tool MUST be host-extension-sourced (exec is never protocol-tier). Mirrors tool-descriptor.schema.json.",
+      "if": { "properties": { "safetyTier": { "const": "exec" } }, "required": ["safetyTier"] },
+      "then": { "properties": { "source": { "const": "host-extension" } }, "required": ["source"] }
+    }
+  ]
+}

package/schemas/conversation-turn.schema.json

@@ -58,6 +58,16 @@
         "memoryRef": {
           "type": "string",
           "description": "Opaque memory reference per RFC 0002 §A + RFC 0004 §A. Resolves to `MemoryEntry[]` via host `MemoryAdapter` for cross-run conversation continuity."
+        },
+        "model": {
+          "type": "object",
+          "description": "RFC 0109 — OPTIONAL provenance: which model produced this `role: 'agent'` turn. NON-SECRET, NON-PII: provider + model identifiers ONLY (`additionalProperties: false` forbids any credential/endpoint/prompt leaking in — the SR-1 secret-redaction guard). Stamped at emit; read VERBATIM on `:fork` (never re-resolved). A host that stamps it MUST advertise `conversationTurnModelProvenance.supported: true`. Absent ⇒ no advertisement; clients MUST tolerate its absence.",
+          "additionalProperties": false,
+          "required": ["provider", "model"],
+          "properties": {
+            "provider": { "type": "string", "minLength": 1, "maxLength": 128, "description": "Provider identifier (e.g. `anthropic`, `openai`, `google`). Non-secret." },
+            "model": { "type": "string", "minLength": 1, "maxLength": 256, "description": "Model identifier as the provider names it (e.g. `claude-opus-4-8`). Non-secret." }
+          }
         }
       },
       "additionalProperties": true

package/schemas/memory-list-options.schema.json

@@ -15,6 +15,22 @@
       "minLength": 1,
       "maxLength": 256,
       "description": "Filter to entries whose `tags` array contains this string (set-membership check). Hosts MAY support more advanced filtering as a host extension under a `vendor.<host>.*` field."
+    },
+    "tokenBudget": {
+      "type": "integer",
+      "minimum": 1,
+      "description": "RFC 0113. Max cumulative tokens across returned entries, denominated in the unit named by `capabilities.memory.injectionBudget.tokenCounter`. The adapter MUST return a prefix of the ranked entry list whose cumulative token count does not exceed this; a single entry exceeding the budget on its own MUST be omitted (not truncated mid-entry). MAY combine with `limit` — the adapter honors whichever yields fewer entries. Requires the host to advertise `memory.injectionBudget.supported`."
+    },
+    "rank": {
+      "type": "string",
+      "enum": ["recency", "relevance"],
+      "description": "RFC 0113. Selection order for the (optionally `tokenBudget`-bounded) read. `recency` (default when absent) orders most-recent-first — today's behavior. `relevance` DELEGATES to the existing `memory.search` semantic mode (RFC 0080): it requires `query` AND that the host advertise `capabilities.memory.search` with `semantic` mode, and is the budgeted projection OVER that existing search surface — NOT a new ranking capability. A host that does not advertise `memory.search` semantic mode MUST reject `rank:'relevance'` (or fall back to `'recency'` per its documented behavior)."
+    },
+    "query": {
+      "type": "string",
+      "minLength": 1,
+      "maxLength": 4096,
+      "description": "RFC 0113. Free-text relevance anchor (the `memory.search` semantic query) — REQUIRED when `rank:'relevance'`, ignored otherwise."
     }
   },
   "additionalProperties": false

package/schemas/run-event-payloads.schema.json

@@ -2,7 +2,7 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$id": "https://openwop.dev/spec/v1/run-event-payloads.schema.json",
   "title": "RunEventPayloads",
-  "description": "Per-RunEventType payload schemas. The base RunEventDoc shape (run-event.schema.json) leaves `payload` permissive for forward-compat. This schema defines the canonical payload contract for each known RunEventType. Consumers MAY pin strict payload validation via `$defs.<typeId>` and `ajv.validate(schema.$defs[event.type], event.payload)`. Unknown event types MUST be tolerated (no $defs match → fold best-effort).\n\n107 variants from `run-event.schema.json#$defs.RunEventType` are covered, grouped into ~20 shape families with shared $defs. Naming convention: camelCase keys mirror dotted RunEventType names (e.g., `run.started` → `runStarted`).",
+  "description": "Per-RunEventType payload schemas. The base RunEventDoc shape (run-event.schema.json) leaves `payload` permissive for forward-compat. This schema defines the canonical payload contract for each known RunEventType. Consumers MAY pin strict payload validation via `$defs.<typeId>` and `ajv.validate(schema.$defs[event.type], event.payload)`. Unknown event types MUST be tolerated (no $defs match → fold best-effort).\n\n109 variants from `run-event.schema.json#$defs.RunEventType` are covered, grouped into ~20 shape families with shared $defs. Naming convention: camelCase keys mirror dotted RunEventType names (e.g., `run.started` → `runStarted`).",
   "type": "object",
   "$defs": {
     "_typeIndex": {
@@ -38,6 +38,8 @@
         "interrupt.requested":       { "$ref": "#/$defs/interruptRequested" },
         "interrupt.resolved":        { "$ref": "#/$defs/interruptResolved" },
         "channel.written":           { "$ref": "#/$defs/channelWritten" },
+        "channel.presence":          { "$ref": "#/$defs/channelPresence" },
+        "context.summarized":        { "$ref": "#/$defs/contextSummarized" },
         "artifact.created":          { "$ref": "#/$defs/artifactCreated" },
         "output.chunk":              { "$ref": "#/$defs/outputChunk" },
         "variable.changed":          { "$ref": "#/$defs/variableChanged" },
@@ -781,6 +783,25 @@
       "$ref": "https://openwop.dev/spec/v1/channel-written-payload.schema.json"
     },
 
+    "channelPresence": {
+      "$ref": "https://openwop.dev/spec/v1/channel-presence-payload.schema.json"
+    },
+
+    "contextSummarized": {
+      "type": "object",
+      "description": "RFC 0111. Emitted when the host replaces older in-window orchestrator transcript turns with a host-produced summary to honor `multiAgent.executionModel.contextBudget.transcriptTokenBudget`. CONTENT-FREE: the summary text is NEVER inlined — `summaryRef` is an artifactId resolved via `GET /v1/runs/{runId}/artifacts/{artifactId}`. The summary is a NONDETERMINISTIC host output governed like an RFC 0041 envelope: on `:fork mode:replay` the host MUST reuse this recorded `summaryRef` and MUST NOT re-summarize (see multi-agent-execution.md §\"Context economy (RFC 0111)\"). `replacedTurns` lists the event ids the summary stands in for, so a replay engine reconstructs the exact transcript.",
+      "required": ["iteration", "replacedTurns", "summaryRef", "tokenCounter", "tokensBefore", "tokensAfter"],
+      "properties": {
+        "iteration":     { "type": "integer", "minimum": 0, "description": "The orchestrator-loop iteration (the `runOrchestrator.decided.iteration` counter) whose transcript assembly triggered this summarization." },
+        "replacedTurns": { "type": "array", "items": { "type": "string", "minLength": 1 }, "description": "Event ids (run event-log entries) the summary stands in for. A replay engine reconstructs the exact model-facing transcript by substituting the `summaryRef` artifact for this contiguous range." },
+        "summaryRef":    { "type": "string", "minLength": 1, "description": "ArtifactId of the persisted summary (read via `GET /v1/runs/{runId}/artifacts/{artifactId}`). The summary text is NOT on the wire. MUST be persisted/readable as-of the iteration's event-log index; a host that cannot serve it at the requested `fromSeq` MUST refuse the fork (mirrors `replay_memory_snapshot_unavailable`)." },
+        "tokenCounter":  { "type": "string", "enum": ["o200k_base", "cl100k_base", "chars", "host-defined"], "description": "The unit `tokensBefore`/`tokensAfter` are denominated in. MUST equal the advertised `contextBudget.tokenCounter`." },
+        "tokensBefore":  { "type": "integer", "minimum": 0, "description": "Token count of the `replacedTurns` range before summarization, in `tokenCounter` units." },
+        "tokensAfter":   { "type": "integer", "minimum": 0, "description": "Token count of the summary that replaced the range, in `tokenCounter` units. Expected ≤ `tokensBefore`." }
+      },
+      "additionalProperties": false
+    },
+
     "artifactCreated": {
       "type": "object",
       "description": "Emitted when a node produces a typed artifact (PRD, theme, plan, etc.).",
@@ -1049,7 +1070,7 @@
 
     "providerUsage": {
       "type": "object",
-      "description": "RFC 0026. Per-call usage record emitted after every LLM provider invocation. Durably persisted in the run event log; consumed by replay, webhook subscribers, billing reconciliation. The OTel `openwop.cost.*` attribute group (per `observability.md §\"Cost attribution attributes\"`) is the observability sibling — this event type is the durable record. Replay determinism: `inputTokens` + `outputTokens` MUST replay identically; `costEstimateUsd` MAY be omitted on replay. The payload MUST NOT carry credentialRefs, hashed credential identifiers, or prompt/response substrings per `SECURITY/threat-model-secret-leakage.md §SR-1` (enforced by SECURITY invariant `provider-usage-no-credential-leak`).",
+      "description": "RFC 0026. Per-call usage record emitted after every LLM provider invocation. Durably persisted in the run event log; consumed by replay, webhook subscribers, billing reconciliation. The OTel `openwop.cost.*` attribute group (per `observability.md §\"Cost attribution attributes\"`) is the observability sibling — this event type is the durable record. Replay determinism: `inputTokens` + `outputTokens` MUST replay identically; `costEstimateUsd` MAY be omitted on replay, and so MAY the RFC 0116 cost-only `cacheReadTokens`/`cacheWriteTokens` (they are NOT replay-asserted — a prompt-prefix cache hit vs miss MUST NOT change `inputTokens`/`outputTokens` or the recorded envelope). The payload MUST NOT carry credentialRefs, hashed credential identifiers, or prompt/response substrings per `SECURITY/threat-model-secret-leakage.md §SR-1` (enforced by SECURITY invariant `provider-usage-no-credential-leak`).",
       "required": ["provider", "model", "inputTokens", "outputTokens"],
       "properties": {
         "provider":        { "type": "string", "minLength": 1, "description": "Canonical provider id (lowercase ASCII, e.g. \"anthropic\", \"openai\", \"google\"). Same value as the `openwop.cost.provider` OTel attribute." },
@@ -1060,6 +1081,8 @@
         "costEstimateUsd": { "type": "number", "minimum": 0, "description": "ADVISORY estimate in USD computed by the host's static rate table. MUST NOT be used for billing — real billing is external. Hosts SHOULD omit when no rate is known rather than emit 0." },
         "currency":        { "type": "string", "pattern": "^[A-Z]{3}$", "description": "ISO 4217 code when `costEstimateUsd` is non-USD; the field name stays `costEstimateUsd` for back-compat but `currency` overrides the implied denomination." },
         "cacheHit":        { "type": "boolean", "description": "True iff this call was served from the LLM response cache per `replay.md §\"LLM cache-key recipe\"`. When true, inputTokens/outputTokens reflect the ORIGINAL call's billed values; the cached invocation incurred zero new provider cost." },
+        "cacheReadTokens":  { "type": "integer", "minimum": 0, "description": "RFC 0116. Optional, cost-only. Provider-reported tokens served from the prompt-prefix context cache on this call — a cache HIT shows > 0. This is a cost hint, NOT a semantic input: it MAY be omitted on replay (NOT replay-asserted, like `costEstimateUsd`), and a hit-vs-miss difference MUST NOT change `inputTokens`/`outputTokens` or the recorded envelope (RFC 0116 replay-invariance MUST). MUST NOT carry prompt/response substrings per `SECURITY/threat-model-secret-leakage.md §SR-1`." },
+        "cacheWriteTokens": { "type": "integer", "minimum": 0, "description": "RFC 0116. Optional, cost-only. Provider-reported tokens written to the prompt-prefix context cache on this call (a cache PRIME). MAY be omitted on replay (NOT replay-asserted). MUST NOT change `inputTokens`/`outputTokens` or the recorded envelope, and MUST NOT carry prompt/response substrings (SR-1)." },
         "nodeId":          { "type": "string", "description": "The node id that initiated the provider call. Required for per-node cost attribution dashboards." },
         "traceId":         { "type": "string", "description": "OTel trace id linking this event to the matching `openwop.cost.*` span. Lets observability backends correlate event-log entries with traces." }
       },

package/schemas/run-event.schema.json

@@ -100,6 +100,8 @@
         "interrupt.requested",
         "interrupt.resolved",
         "channel.written",
+        "channel.presence",
+        "context.summarized",
         "artifact.created",
         "output.chunk",
         "variable.changed",

package/src/lib/toolCatalog.ts

@@ -72,6 +72,95 @@ export async function driveToolSession(
   return (res.json as ToolSessionResult | undefined) ?? {};
 }
 
+/** A compact descriptor (RFC 0112) — the lossy `?view=compact` projection.
+ *  Closed field set: `toolId`/`source`/`safetyTier` (+ optional
+ *  `title`/`description`/`inputSchema`). The index signature lets a scenario
+ *  assert the heavy fields are ABSENT without a cast. */
+export interface CompactToolDescriptor {
+  toolId?: string;
+  source?: string;
+  safetyTier?: string;
+  title?: string;
+  description?: string;
+  inputSchema?: Record<string, unknown>;
+  [k: string]: unknown;
+}
+
+/** GET the compact tool catalog (RFC 0112 `GET /v1/tools?view=compact`).
+ *  Returns the `{ tools: CompactToolDescriptor[] }` envelope's `tools` array;
+ *  null when the host doesn't serve the read (404/405/501) or the body isn't
+ *  the expected envelope shape. */
+export async function listToolsCompact(): Promise<CompactToolDescriptor[] | null> {
+  const res = await driver.get('/v1/tools?view=compact');
+  if (res.status === 404 || res.status === 405 || res.status === 501) return null;
+  const body = res.json;
+  if (!body || typeof body !== 'object') return null;
+  const tools = (body as { tools?: unknown }).tools;
+  return Array.isArray(tools) ? (tools as CompactToolDescriptor[]) : null;
+}
+
+/** Heavy `ToolDescriptor` fields that a `CompactToolDescriptor` MUST drop
+ *  (RFC 0112). */
+export const COMPACT_DROPPED_FIELDS = [
+  'outputSchema',
+  'auth',
+  'egress',
+  'approval',
+  'replayPolicy',
+  'costHint',
+  'latencyHint',
+];
+
+/** JSON-Schema keywords a compact `inputSchema` MUST NOT use (RFC 0112 compact
+ *  structural subset). */
+export const COMPACT_INPUT_SCHEMA_BANNED = [
+  '$ref',
+  'oneOf',
+  'allOf',
+  'anyOf',
+  'not',
+  'patternProperties',
+  'dependentSchemas',
+];
+
+/** Schema-bearing keywords whose VALUES are subschemas the compact subset still
+ *  permits (object/array nesting). We recurse into these — but NOT into property
+ *  *names* — so a tool field literally named `oneOf` is not a false positive. */
+const COMPACT_SUBSCHEMA_KEYWORDS = ['items', 'additionalProperties', 'contains', 'propertyNames'];
+
+/** Recursively searches a compact `inputSchema` for any banned keyword in SCHEMA
+ *  position at ANY nesting depth (RFC 0112's structural subset is total, not just
+ *  top-level — a nested `oneOf`/`$ref` is exactly the verbosity the compact view
+ *  exists to drop). Schema-aware: it checks keywords in schema position and
+ *  recurses only into subschema-bearing positions (`properties` values, `items`,
+ *  `additionalProperties`, `prefixItems`, …), never treating a property NAME as a
+ *  keyword. Returns the first offending keyword, or null when clean. */
+export function findBannedInputSchemaKeyword(schema: unknown): string | null {
+  if (!schema || typeof schema !== 'object' || Array.isArray(schema)) return null;
+  const obj = schema as Record<string, unknown>;
+  for (const kw of COMPACT_INPUT_SCHEMA_BANNED) {
+    if (kw in obj) return kw;
+  }
+  const props = obj.properties;
+  if (props && typeof props === 'object' && !Array.isArray(props)) {
+    for (const sub of Object.values(props as Record<string, unknown>)) {
+      const hit = findBannedInputSchemaKeyword(sub);
+      if (hit) return hit;
+    }
+  }
+  for (const key of COMPACT_SUBSCHEMA_KEYWORDS) {
+    const hit = findBannedInputSchemaKeyword(obj[key]);
+    if (hit) return hit;
+  }
+  if (Array.isArray(obj.prefixItems)) {
+    for (const sub of obj.prefixItems) {
+      const hit = findBannedInputSchemaKeyword(sub);
+      if (hit) return hit;
+    }
+  }
+  return null;
+}
+
 /** The closed tool-source vocabulary (RFC 0078 §C). */
 export const TOOL_SOURCES = ['node-pack', 'workflow', 'mcp', 'connector', 'host-extension'];
 /** The closed safety-tier vocabulary (RFC 0078 §C). */