@openwop/openwop-conformance 1.5.0 → 1.6.1

package/schemas/capabilities.schema.json

@@ -370,10 +370,10 @@
           "type": "array",
           "items": {
             "type": "string",
-            "enum": ["tenant", "user", "run"]
+            "enum": ["tenant", "user", "run", "workspace"]
           },
           "uniqueItems": true,
-          "description": "Subset of scopes the host implements. Tenant-scoped secrets are workspace-shared; user-scoped are per-end-user; run-scoped are ephemeral per-run."
+          "description": "Subset of scopes the host implements. Tenant-scoped secrets are workspace-shared; user-scoped are per-end-user; run-scoped are ephemeral per-run; `workspace` (RFC 0046/0048) is the explicit sub-tenant scope. Appended `workspace` is additive — hosts that omit it are unaffected."
         },
         "resolution": {
           "type": "string",
@@ -383,6 +383,114 @@
       },
       "additionalProperties": false
     },
+    "credentials": {
+      "type": "object",
+      "description": "RFC 0046 (`Draft`). Portable credential resolution + lifecycle contract — sibling to `secrets`, first-class store-at-rest + workspace sharing + two-key-overlap rotation. A pack references a credential by `{ ref, scope }` (see `credential-reference.schema.json`); the host resolves it into the node sandbox ONLY — never into inputs, persisted variables, channels, any run.* event payload, the debug bundle, or replay state (SECURITY invariant `credential-payload-redaction`). Supersedes the informal BYOK annex; the `secrets` advertisement stays valid.",
+      "required": ["supported"],
+      "properties": {
+        "supported": {
+          "type": "boolean",
+          "description": "Host implements the host.credentials resolution + lifecycle contract."
+        },
+        "scopes": {
+          "type": "array",
+          "items": { "type": "string", "enum": ["user", "workspace", "tenant"] },
+          "uniqueItems": true,
+          "description": "Subset of resolution scopes the host implements. `workspace` is the RFC 0048 sub-tenant; `tenant` and `user` align with the `secrets.scopes` vocabulary."
+        },
+        "encryptionAtRest": {
+          "type": "boolean",
+          "description": "Host encrypts stored credential material at rest."
+        },
+        "rotation": {
+          "type": "string",
+          "enum": ["none", "two-key-overlap"],
+          "description": "`two-key-overlap`: old + new credential both resolve as valid during a grace window, then the old fails with `credential_not_found` (mirrors `openwop-auth-api-key-rotation`). `none`: no rotation surface."
+        },
+        "sharing": {
+          "type": "boolean",
+          "description": "A single stored credential can be referenced by many workflows within a scope (e.g. a workspace-shared key) without copying material between references."
+        }
+      },
+      "additionalProperties": false
+    },
+    "feedback": {
+      "type": "object",
+      "description": "RFC 0056 (`Draft`). Non-blocking human/agent quality signals (rating / correction / label / flag) attached to a run, event, or node. Annotations are a per-run side-resource recorded via `POST /v1/runs/{runId}/annotations`, listed via `GET`, and surfaced live via the `run.annotated` SSE notification — they are NOT entries in the replayable run event log (see RFC 0056 §B/§D). Hosts that do not advertise `supported: true` return `501 capability_not_provided` on the annotation endpoints.",
+      "required": ["supported"],
+      "properties": {
+        "supported": {
+          "type": "boolean",
+          "description": "Host implements the RFC 0056 annotation side-store + endpoints + `run.annotated` notification."
+        },
+        "targets": {
+          "type": "array",
+          "items": { "type": "string", "enum": ["run", "event", "node"] },
+          "uniqueItems": true,
+          "description": "Which annotation-target granularities the host accepts. Absent = `run` only."
+        },
+        "signals": {
+          "type": "array",
+          "items": { "type": "string", "enum": ["rating", "correction", "label", "flag"] },
+          "uniqueItems": true,
+          "description": "Which signal kinds the host accepts. Absent = all four."
+        }
+      },
+      "additionalProperties": false
+    },
+    "oauth": {
+      "type": "object",
+      "description": "RFC 0047 (`Draft`). Host performs OAuth 2.0 grants (authorization-code + refresh) on a user's behalf for connector nodes, stores the acquired token as a `host.credentials` (RFC 0046) entry, refreshes it transparently, and resolves it into the node sandbox as a bearer token. Token material NEVER crosses the wire (SECURITY invariant `credential-payload-redaction`). Distinct from `auth` host-authentication profiles (RFC 0010 = who is the caller; this = what third-party token a node holds).",
+      "required": ["supported"],
+      "properties": {
+        "supported": { "type": "boolean", "description": "Host implements the host.oauth third-party token acquisition + refresh contract." },
+        "grants": {
+          "type": "array",
+          "items": { "type": "string", "enum": ["authorization_code", "client_credentials", "refresh_token"] },
+          "uniqueItems": true,
+          "description": "OAuth 2.0 grant types the host performs on a node's behalf."
+        },
+        "providers": {
+          "type": "array",
+          "description": "Provider catalog the host can acquire tokens for. A connector node's `auth.provider` MUST match an `id` here.",
+          "items": {
+            "type": "object",
+            "required": ["id"],
+            "properties": {
+              "id": { "type": "string", "minLength": 1, "description": "Stable provider id, e.g. `slack`, `google`." },
+              "authUrl": { "type": "string", "format": "uri", "description": "Authorization endpoint." },
+              "tokenUrl": { "type": "string", "format": "uri", "description": "Token endpoint." },
+              "scopesSupported": { "type": "array", "items": { "type": "string" }, "description": "Scopes this provider exposes." }
+            },
+            "additionalProperties": false
+          }
+        }
+      },
+      "additionalProperties": false
+    },
+    "authorization": {
+      "type": "object",
+      "description": "RFC 0049 (`Draft`). Maps an RFC 0048 principal's role to scopes (reusing the API-key scope grammar in `auth.md`) and surfaces authorization decisions as `authorization.decided` events. Fail-closed: an absent/unseeded role denies (SECURITY invariant `authorization-fail-closed`).",
+      "required": ["supported"],
+      "properties": {
+        "supported": { "type": "boolean", "description": "Host implements the role→scope authorization-decision contract." },
+        "failClosed": { "const": true, "description": "Absent/unseeded role denies; resolver errors deny. MUST be true when present — see SECURITY invariant `authorization-fail-closed`." },
+        "roles": {
+          "type": "array",
+          "description": "Role catalog. A principal's role resolves to this scope set; a request is authorized when any role-derived scope matches the required scope per the API-key scope-match semantics.",
+          "items": {
+            "type": "object",
+            "required": ["role", "scopes"],
+            "properties": {
+              "role": { "type": "string", "minLength": 1 },
+              "scopes": { "type": "array", "items": { "type": "string", "minLength": 1 }, "uniqueItems": true }
+            },
+            "additionalProperties": false
+          }
+        }
+      },
+      "additionalProperties": false
+    },
     "runtimeCapabilities": {
       "type": "array",
       "items": { "type": "string", "minLength": 1 },
@@ -398,11 +506,30 @@
           "type": "object",
           "additionalProperties": false,
           "required": ["supported", "version"],
+          "if": {
+            "properties": { "tier": { "const": "experimental" } },
+            "required": ["tier"]
+          },
+          "then": {
+            "required": ["experimentalUntil"]
+          },
           "properties": {
             "supported": {
               "type": "boolean",
               "description": "Host implements the execution loop + handoff state machine per spec/v1/multi-agent-execution.md §\"Execution loop\" + §\"Handoff state machine\". When true, the host MUST emit `core.workflowChain.event` records on every handoff transition per the §\"Transition events\" table."
             },
+            "tier": {
+              "type": "string",
+              "enum": ["stable", "experimental"],
+              "default": "stable",
+              "description": "RFC 0042 — stability claim for this capability advertisement. `stable` (the default when absent) means the host commits to the wire shape across v1.x minors. `experimental` means the host advertises the surface as a preview; the wire shape MAY shift compatibly without notice until the underlying RFC graduates to `Accepted` and the host re-advertises as `stable`. Hosts MUST omit the field for capabilities whose underlying RFC is already `Accepted`."
+            },
+            "experimentalUntil": {
+              "type": "string",
+              "format": "date",
+              "pattern": "^\\d{4}-\\d{2}-\\d{2}$",
+              "description": "RFC 0042 §B — required when `tier` is `experimental`. ISO-8601 `YYYY-MM-DD` no more than 12 months past the discovery response date. Reaching this date without graduating the underlying RFC to `Accepted` MUST result in the host either flipping tier to `stable` OR retracting the capability advertisement (or — with an open deprecation RFC — extending with a new `experimentalUntil` per §B sub-block 2)."
+            },
             "version": {
               "type": "integer",
               "minimum": 1,
@@ -836,6 +963,29 @@
       },
       "additionalProperties": false
     },
+    "scheduling": {
+      "type": "object",
+      "description": "RFC 0052 (`Draft`). Time-based run initiation behind the `schedule` trigger — gives the trigger a portable, durable, once-per-tick execution contract. Composes with `queueBus` (RFC 0017) where the host backs scheduling with a queue; orthogonal to the in-DAG `core.control.delay` primitive (which delays a node mid-run, not run initiation).",
+      "required": ["supported"],
+      "properties": {
+        "supported": { "type": "boolean" },
+        "cron": { "type": "boolean", "description": "Host honors cron-expression schedules." },
+        "delayed": { "type": "boolean", "description": "Host honors one-shot delayed execution." },
+        "calendar": { "type": "boolean", "description": "Host honors calendar-reference schedules." },
+        "maxFutureHorizon": { "type": "string", "description": "ISO-8601 duration (e.g. `P90D`); the farthest-future a run may be scheduled. Schedules beyond it MUST be rejected with `schedule_horizon_exceeded`." }
+      },
+      "additionalProperties": false
+    },
+    "deadLetter": {
+      "type": "object",
+      "description": "RFC 0053 (`Draft`). Run-level dead-letter sink for terminally-failed runs/nodes. On retry exhaustion (RFC 0009), the run is routed to a durable, inspectable sink and a `run.dead_lettered` event is emitted; dead-lettered runs remain fork-eligible (RFC 0011) for the retention window. Distinct from `queueBus.deadLetterSupported`, which dead-letters transport *messages*, not *runs*.",
+      "required": ["supported"],
+      "properties": {
+        "supported": { "type": "boolean" },
+        "retentionDays": { "type": "integer", "minimum": 1, "description": "Days a dead-lettered run is retained for inspection/fork before purge." }
+      },
+      "additionalProperties": false
+    },
     "sql": {
       "type": "object",
       "description": "RFC 0018 (`Active`). SQL database adapter with parametric-only enforcement. Hosts MUST reject non-parametric queries that inline user input (`sql-parametric-only` invariant — guards against SQL injection across every workflow).",
@@ -919,6 +1069,44 @@
       "required": ["supported"],
       "additionalProperties": false
     },
+    "packs": {
+      "type": "object",
+      "description": "RFC 0025 (`Active`). Pack-registry surface advertisement. The baseline `/v1/packs/*` read surface (per `spec/v1/node-packs.md` §\"Registry HTTP API\") is unconditional for hosts that ship a pack catalog and does NOT require a capability flag; this object carries optional sub-blocks (currently the test-mode mirror namespace). Hosts that don't expose any optional pack-registry sub-block MAY omit this block entirely.",
+      "properties": {
+        "testMode": {
+          "type": "object",
+          "description": "RFC 0025 §A. Optional `/v1/packs-test/*` mirror surface that exposes the production publish/get/delete/sig contract against an isolated catalog. Lets the conformance suite (`pack-registry-publish.test.ts`) exercise the documented 19-code publish error catalog without `packs:publish` scope on the real registry. Hosts that advertise `supported: true` MUST honor the §C isolation guarantees and MUST surface the same error envelopes and HTTP statuses as the production `/v1/packs/*` surface.",
+          "properties": {
+            "supported": {
+              "type": "boolean",
+              "description": "Host exposes `/v1/packs-test/*` per RFC 0025 §B. When `true`, the conformance suite drives publish-error-catalog assertions through the test namespace; when `false` or absent, the 26 scenarios in `pack-registry-publish.test.ts` soft-skip cleanly."
+            },
+            "isolated": {
+              "type": "boolean",
+              "description": "RFC 0025 §C point 1. MUST be `true` when `supported` is `true` — guarantees the test catalog is persisted distinctly from the production catalog and that a pack PUT'd via `/v1/packs-test/*` MUST NOT appear in `/v1/packs/*` listings."
+            },
+            "catalogResetEndpoint": {
+              "type": "string",
+              "description": "RFC 0025 §C point 4. Optional URL path (e.g. `/v1/packs-test/reset`) that clears the entire test catalog. When advertised, conformance-suite teardown SHOULD call it; the endpoint MUST be idempotent. Hosts MAY omit; in that case the suite leaves disposable timestamped pack names in place and relies on the next host restart to clear in-memory state.",
+              "pattern": "^/"
+            },
+            "scopes": {
+              "type": "array",
+              "items": {
+                "type": "string",
+                "enum": ["core", "vendor", "community", "private", "local"]
+              },
+              "uniqueItems": true,
+              "minItems": 1,
+              "description": "RFC 0025 §A. Which namespace scopes the test catalog accepts in pack names. Public test catalogs SHOULD refuse `private` and `local` (matching the production-registry rule for `packs.openwop.dev`); private dev catalogs MAY accept all five. When omitted, the test catalog defaults to the same scope set as the production namespace it mirrors."
+            }
+          },
+          "required": ["supported"],
+          "additionalProperties": false
+        }
+      },
+      "additionalProperties": false
+    },
     "mcp": {
       "type": "object",
       "description": "RFC 0020 (`Active`). MCP (Model Context Protocol) composition surface. The client half is consumed implicitly via `host.mcp` host-surface; this block adds the optional server half — workflow exposed AS an MCP server with bidirectional sampling/elicitation bridges.",
@@ -1126,7 +1314,7 @@
           "type": "array",
           "items": { "type": "string", "minLength": 1 },
           "uniqueItems": true,
-          "description": "Auth profiles the host claims. Canonical ids: `openwop-audit-log-integrity` (auth-profiles.md §Audit-log integrity), `openwop-auth-api-key-rotation`, `openwop-auth-oauth2-client-credentials`, `openwop-auth-oidc-user-bearer`, `openwop-auth-mtls`. Clients SHOULD tolerate unknown profile ids."
+          "description": "Auth profiles the host claims. Canonical ids: `openwop-audit-log-integrity` (auth-profiles.md §Audit-log integrity), `openwop-auth-api-key-rotation`, `openwop-auth-oauth2-client-credentials`, `openwop-auth-oidc-user-bearer`, `openwop-auth-mtls`, `openwop-auth-saml` + `openwop-auth-scim` + `openwop-auth-ldap` (RFC 0050 enterprise identity). Clients SHOULD tolerate unknown profile ids."
         },
         "rotation": {
           "type": "object",

package/schemas/credential-reference.schema.json

@@ -0,0 +1,21 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/credential-reference.schema.json",
+  "title": "CredentialReference",
+  "description": "RFC 0046. An opaque, host-issued handle to a stored credential. This is the ONLY credential artifact permitted on the wire — it NEVER carries key material. The host's host.credentials resolver dereferences it into the node sandbox at execution time (SECURITY invariant `credential-payload-redaction`).",
+  "type": "object",
+  "required": ["ref"],
+  "properties": {
+    "ref": {
+      "type": "string",
+      "minLength": 1,
+      "description": "Opaque host-issued identifier, e.g. `cred_a3b9c2`. Hosts MUST NOT encode secret material in the ref."
+    },
+    "scope": {
+      "type": "string",
+      "enum": ["user", "workspace", "tenant"],
+      "description": "Resolution scope. MUST match a scope in `capabilities.credentials.scopes`. Absent ⇒ the host's default scope."
+    }
+  },
+  "additionalProperties": false
+}

package/schemas/node-pack-manifest.schema.json

@@ -69,7 +69,8 @@
       "description": "Optional agent manifests shipped alongside this pack. Each entry is an AgentManifest (see agent-manifest.schema.json + RFC 0003 §`agents[]` extension). Pure-agent packs MUST set `runtime.language: 'remote'` — agents are interpreted by the host, not bundled as executable artifacts. Mixed packs (nodes + agents) declare the runtime that loads the node implementations; agents remain host-interpreted."
     },
     "runtime": { "$ref": "#/$defs/Runtime" },
-    "signing": { "$ref": "#/$defs/Signing" }
+    "signing": { "$ref": "#/$defs/Signing" },
+    "connector": { "$ref": "#/$defs/Connector" }
   },
   "additionalProperties": false,
   "$defs": {
@@ -161,6 +162,15 @@
           "items": { "$ref": "#/$defs/SecretRequirement" },
           "description": "Secrets the node needs to execute. Resolved by the host's secret-resolution adapter at dispatch time. Hosts that don't advertise `Capabilities.secrets.supported` MUST refuse to dispatch a node with non-empty `requiresSecrets` and return `credential_unavailable`."
         },
+        "requiredCredentials": {
+          "type": "array",
+          "items": { "$ref": "#/$defs/CredentialRequirement" },
+          "description": "RFC 0046. Credentials the node needs, resolved by the host's `host.credentials` resolver at dispatch time (distinct from `requiresSecrets`, which targets the informal BYOK annex). Hosts that don't advertise `Capabilities.credentials.supported` MUST refuse to dispatch a node with non-empty `requiredCredentials` and return `credential_unavailable` (peerDependency `credentials: 'supported'`)."
+        },
+        "auth": {
+          "$ref": "#/$defs/NodeAuth",
+          "description": "RFC 0047. The node's third-party authentication need. The host acquires + refreshes the token via the `host.oauth` flow and resolves it into the node sandbox as a bearer token. Hosts that don't advertise `Capabilities.oauth.supported` (or lack the named provider/scope) MUST refuse to register the pack (`oauth_provider_unsupported` / `oauth_scope_unsupported`)."
+        },
         "requiredModelCapabilities": {
           "type": "array",
           "items": {
@@ -219,6 +229,107 @@
       },
       "additionalProperties": false
     },
+    "CredentialRequirement": {
+      "type": "object",
+      "required": ["key"],
+      "description": "RFC 0046. A credential the node needs, resolved by the host's `host.credentials` resolver into the node sandbox at dispatch time. The node declares only the requirement; raw key material NEVER reaches the protocol surface (events, logs, traces, replay) per the `credential-payload-redaction` invariant.",
+      "properties": {
+        "key": {
+          "type": "string",
+          "minLength": 1,
+          "description": "Stable identifier the node executor uses to look up the resolved credential (e.g., `'slack-bot-token'`)."
+        },
+        "scope": {
+          "type": "string",
+          "enum": ["user", "workspace", "tenant"],
+          "description": "Resolution scope. MUST match a scope in `Capabilities.credentials.scopes`. Defaults to the host's default scope when omitted."
+        },
+        "displayName": {
+          "type": "string",
+          "description": "Optional human-readable label for credential-management UIs."
+        }
+      },
+      "additionalProperties": false
+    },
+    "NodeAuth": {
+      "type": "object",
+      "required": ["type", "provider"],
+      "description": "RFC 0047. A node's third-party authentication declaration. The node declares only which provider + scopes it needs; the host performs the OAuth dance and resolves the token in-sandbox. Raw token material NEVER reaches the protocol surface (`credential-payload-redaction` invariant).",
+      "properties": {
+        "type": {
+          "type": "string",
+          "enum": ["oauth2"],
+          "description": "Authentication mechanism. `oauth2` routes through the `host.oauth` flow."
+        },
+        "provider": {
+          "type": "string",
+          "minLength": 1,
+          "description": "Provider id; MUST match an advertised `capabilities.oauth.providers[].id` (e.g. `slack`, `google`)."
+        },
+        "scopes": {
+          "type": "array",
+          "items": { "type": "string" },
+          "description": "OAuth scopes the node requires; each MUST be in the provider's advertised `scopesSupported`."
+        }
+      },
+      "additionalProperties": false
+    },
+    "ConnectorAuth": {
+      "description": "RFC 0045. The auth declaration shared by a connector's actions. Either an RFC 0047 OAuth2 declaration or an RFC 0046 stored-credential reference.",
+      "oneOf": [
+        { "$ref": "#/$defs/NodeAuth" },
+        {
+          "type": "object",
+          "required": ["type", "key"],
+          "properties": {
+            "type": { "type": "string", "enum": ["credential"], "description": "Static stored-credential auth via the RFC 0046 host.credentials resolver." },
+            "key": { "type": "string", "minLength": 1, "description": "CredentialRequirement key the host resolves into the node sandbox." },
+            "scope": { "type": "string", "enum": ["user", "workspace", "tenant"], "description": "Resolution scope; MUST match a scope in `capabilities.credentials.scopes`." }
+          },
+          "additionalProperties": false
+        }
+      ]
+    },
+    "Connector": {
+      "type": "object",
+      "required": ["id", "displayName"],
+      "description": "RFC 0045. Declares this pack a named connector — a typed integration exposing actions (and reusing the existing trigger model). Optional; packs without it remain plain node packs. Actions are normal side-effectful nodes from this pack's `nodes[]` annotated with scheduler hints; the connector block adds metadata, not a new execution kind.",
+      "properties": {
+        "id": { "type": "string", "pattern": "^[a-z][a-z0-9.-]*$", "description": "Stable connector id, e.g. `salesforce`." },
+        "displayName": { "type": "string", "minLength": 1 },
+        "auth": { "$ref": "#/$defs/ConnectorAuth", "description": "RFC 0047/0046 auth declaration shared by the connector's actions." },
+        "actions": {
+          "type": "array",
+          "description": "Typed actions the connector exposes. Each `typeId` MUST resolve to a node typeId defined in this pack's `nodes[]` (validation error `connector_action_unresolved` otherwise).",
+          "items": {
+            "type": "object",
+            "required": ["typeId", "displayName"],
+            "properties": {
+              "typeId": { "type": "string", "minLength": 1, "description": "MUST match a `nodes[].typeId` in this manifest." },
+              "displayName": { "type": "string", "minLength": 1 },
+              "idempotent": { "type": "boolean", "description": "Action is safe to auto-retry without an idempotency key. Absent/false ⇒ the host MUST NOT auto-retry without one (composes with idempotency.md)." },
+              "rateLimit": {
+                "type": "object",
+                "properties": {
+                  "requests": { "type": "integer", "minimum": 1 },
+                  "perSeconds": { "type": "integer", "minimum": 1 }
+                },
+                "additionalProperties": false,
+                "description": "Advertised rate-limit hint the host scheduler SHOULD honor. Does not change the node's wire shape."
+              },
+              "paginated": { "type": "boolean", "description": "Action returns paginated results." }
+            },
+            "additionalProperties": false
+          }
+        },
+        "triggers": {
+          "type": "array",
+          "items": { "type": "string", "minLength": 1 },
+          "description": "typeIds of triggers (from the existing trigger model) this connector exposes. Each MUST resolve to a node/trigger typeId in this pack."
+        }
+      },
+      "additionalProperties": false
+    },
     "Runtime": {
       "type": "object",
       "required": ["language", "entry"],

package/schemas/run-diff-response.schema.json

@@ -0,0 +1,64 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/run-diff-response.schema.json",
+  "title": "RunDiffResponse",
+  "description": "RFC 0054 — deterministic, replay-aware structured diff of two runs' event sequences and terminal states, returned by GET /v1/runs/{runId}:diff?against={otherRunId}. The diff is a pure function of the two event logs (see spec/v1/replay.md determinism contract).",
+  "type": "object",
+  "required": ["a", "b", "eventDiffs", "stateDiff"],
+  "properties": {
+    "a": {
+      "type": "string",
+      "description": "The {runId} run (the path resource)."
+    },
+    "b": {
+      "type": "string",
+      "description": "The {against} run (the query parameter)."
+    },
+    "divergedAtSeq": {
+      "type": ["integer", "null"],
+      "minimum": 0,
+      "description": "Event sequence number at which the two logs first diverge; null if identical. Aligns with replay.diverged.divergencePoint in spec/v1/replay.md."
+    },
+    "eventDiffs": {
+      "type": "array",
+      "description": "Ordered per-sequence differences. Empty when the logs are identical.",
+      "items": {
+        "type": "object",
+        "required": ["seq", "op"],
+        "properties": {
+          "seq": {
+            "type": "integer",
+            "minimum": 0,
+            "description": "Event sequence number this diff entry applies to."
+          },
+          "op": {
+            "type": "string",
+            "enum": ["added", "removed", "changed"],
+            "description": "added = present in b only; removed = present in a only; changed = present in both at this seq but differ by canonical comparison."
+          },
+          "aEvent": {
+            "type": "object",
+            "additionalProperties": true,
+            "description": "The run-a event at this seq (omitted when op = added). Shape per run-event.schema.json."
+          },
+          "bEvent": {
+            "type": "object",
+            "additionalProperties": true,
+            "description": "The run-b event at this seq (omitted when op = removed). Shape per run-event.schema.json."
+          }
+        },
+        "additionalProperties": false
+      }
+    },
+    "stateDiff": {
+      "type": "object",
+      "additionalProperties": true,
+      "description": "Diff of terminal RunSnapshot states (status, variables, channels) — redaction-safe (never carries credential material)."
+    },
+    "truncated": {
+      "type": "boolean",
+      "description": "True if either run was in-flight and only a prefix was compared."
+    }
+  },
+  "additionalProperties": false
+}

package/schemas/run-event-payloads.schema.json

@@ -2,7 +2,7 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$id": "https://openwop.dev/spec/v1/run-event-payloads.schema.json",
   "title": "RunEventPayloads",
-  "description": "Per-RunEventType payload schemas. The base RunEventDoc shape (run-event.schema.json) leaves `payload` permissive for forward-compat. This schema defines the canonical payload contract for each known RunEventType. Consumers MAY pin strict payload validation via `$defs.<typeId>` and `ajv.validate(schema.$defs[event.type], event.payload)`. Unknown event types MUST be tolerated (no $defs match → fold best-effort).\n\n64 variants from `run-event.schema.json#$defs.RunEventType` are covered, grouped into ~20 shape families with shared $defs. Naming convention: camelCase keys mirror dotted RunEventType names (e.g., `run.started` → `runStarted`).",
+  "description": "Per-RunEventType payload schemas. The base RunEventDoc shape (run-event.schema.json) leaves `payload` permissive for forward-compat. This schema defines the canonical payload contract for each known RunEventType. Consumers MAY pin strict payload validation via `$defs.<typeId>` and `ajv.validate(schema.$defs[event.type], event.payload)`. Unknown event types MUST be tolerated (no $defs match → fold best-effort).\n\n71 variants from `run-event.schema.json#$defs.RunEventType` are covered, grouped into ~20 shape families with shared $defs. Naming convention: camelCase keys mirror dotted RunEventType names (e.g., `run.started` → `runStarted`).",
   "type": "object",
   "$defs": {
     "_typeIndex": {
@@ -18,6 +18,7 @@
         "run.paused":                { "$ref": "#/$defs/runPaused" },
         "run.resumed":               { "$ref": "#/$defs/runResumed" },
         "run.restored-from-snapshot":{ "$ref": "#/$defs/runRestoredFromSnapshot" },
+        "run.dead_lettered":         { "$ref": "#/$defs/runDeadLettered" },
         "node.started":              { "$ref": "#/$defs/nodeStarted" },
         "node.completed":            { "$ref": "#/$defs/nodeCompleted" },
         "node.failed":               { "$ref": "#/$defs/nodeFailed" },
@@ -29,6 +30,9 @@
         "node.cancelled":            { "$ref": "#/$defs/nodeCancelled" },
         "approval.requested":        { "$ref": "#/$defs/approvalRequested" },
         "approval.received":         { "$ref": "#/$defs/approvalReceived" },
+        "approval.granted":          { "$ref": "#/$defs/approvalGranted" },
+        "approval.rejected":         { "$ref": "#/$defs/approvalRejected" },
+        "approval.overridden":       { "$ref": "#/$defs/approvalOverridden" },
         "clarification.requested":   { "$ref": "#/$defs/clarificationRequested" },
         "clarification.resolved":    { "$ref": "#/$defs/clarificationResolved" },
         "interrupt.requested":       { "$ref": "#/$defs/interruptRequested" },
@@ -73,7 +77,48 @@
         "conversation.closed":       { "$ref": "#/$defs/conversationClosed" },
         "memory.compacted":          { "$ref": "#/$defs/memoryCompacted" },
         "core.workflowChain.event":  { "$ref": "#/$defs/coreWorkflowChainEvent" },
-        "core.workflowChain.confidence-escalated": { "$ref": "#/$defs/coreWorkflowChainConfidenceEscalated" }
+        "core.workflowChain.confidence-escalated": { "$ref": "#/$defs/coreWorkflowChainConfidenceEscalated" },
+        "connector.authorized":      { "$ref": "#/$defs/connectorAuthorized" },
+        "connector.auth_expired":    { "$ref": "#/$defs/connectorAuthExpired" },
+        "authorization.decided":     { "$ref": "#/$defs/authorizationDecided" }
+      }
+    },
+
+    "authorizationDecided": {
+      "description": "RFC 0049 — emitted on a role-based authorization decision (allow or deny). Redaction-safe: `principal` is an opaque RFC 0048 id; `reason` carries no credential material. Every deny SHOULD be emitted and SHOULD feed the audit log (RFC 0009/0010). MUST NOT be emitted unless `capabilities.authorization.supported: true`.",
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["principal", "action", "resource", "allowed"],
+      "properties": {
+        "principal": { "type": "string", "minLength": 1, "description": "Opaque RFC 0048 principal id — never PII." },
+        "action": { "type": "string", "minLength": 1, "description": "The attempted action, e.g. `runs:cancel`." },
+        "resource": { "type": "string", "minLength": 1, "description": "The target, e.g. a runId or workflowId." },
+        "allowed": { "type": "boolean" },
+        "reason": { "type": "string", "description": "Human-readable, redaction-safe — no credential material." }
+      }
+    },
+
+    "connectorAuthorized": {
+      "description": "RFC 0047 — emitted when the host acquires (or re-authorizes) a third-party OAuth token on a user's behalf via the `host.oauth` flow. Redaction-safe: carries the credential REFERENCE (RFC 0046), never token material. MUST NOT be emitted unless `capabilities.oauth.supported: true`.",
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["provider", "credentialRef"],
+      "properties": {
+        "provider": { "type": "string", "minLength": 1, "description": "Provider id, matching an advertised `capabilities.oauth.providers[].id` (e.g. `slack`, `google`)." },
+        "credentialRef": { "type": "string", "minLength": 1, "description": "Opaque RFC 0046 credential reference where the acquired token is stored. NEVER the token itself." },
+        "scopes": { "type": "array", "items": { "type": "string" }, "description": "Scopes granted for the acquired token." }
+      }
+    },
+
+    "connectorAuthExpired": {
+      "description": "RFC 0047 — emitted when a stored OAuth token's refresh fails terminally (revoked/expired refresh token). Redaction-safe: no token material. MUST NOT be emitted unless `capabilities.oauth.supported: true`.",
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["provider", "credentialRef"],
+      "properties": {
+        "provider": { "type": "string", "minLength": 1, "description": "Provider id, matching an advertised `capabilities.oauth.providers[].id`." },
+        "credentialRef": { "type": "string", "minLength": 1, "description": "Opaque RFC 0046 credential reference for the expired token." },
+        "reason": { "type": "string", "description": "Redaction-safe human-readable reason (e.g. `refresh_token_revoked`)." }
       }
     },
 
@@ -205,6 +250,17 @@
         "inputs":      { "$ref": "#/$defs/_inputsObject" },
         "transport":   { "type": "string", "enum": ["rest", "mcp", "a2a", "ui"] },
         "engineVersion":  { "type": "string" },
+        "owner": {
+          "type": "object",
+          "description": "RFC 0048. Redaction-safe echo of the run's owning identity triple (matches `RunSnapshot.owner`). Optional; single-tenant hosts omit it.",
+          "required": ["tenant"],
+          "properties": {
+            "tenant": { "type": "string", "minLength": 1 },
+            "workspace": { "type": "string", "minLength": 1 },
+            "principal": { "type": "string", "minLength": 1 }
+          },
+          "additionalProperties": false
+        },
         "tags":     { "type": "array", "items": { "type": "string" } },
         "metadata": { "type": "object" }
       },
@@ -272,6 +328,19 @@
       "additionalProperties": true
     },
 
+    "runDeadLettered": {
+      "description": "RFC 0053 — emitted when a run/node exhausts its retry policy (RFC 0009) and is routed to the durable dead-letter sink. The run remains fork-eligible (RFC 0011) for `capabilities.deadLetter.retentionDays`. Redaction-safe: `reason` carries no credential material. MUST NOT be emitted unless `capabilities.deadLetter.supported: true`.",
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["runId", "reason", "attempts"],
+      "properties": {
+        "runId": { "type": "string", "minLength": 1 },
+        "nodeId": { "type": "string", "description": "The node whose retry exhaustion dead-lettered the run; absent for run-level failures." },
+        "reason": { "type": "string", "minLength": 1, "description": "Redaction-safe terminal-failure reason." },
+        "attempts": { "type": "integer", "minimum": 1, "description": "Total attempts made before dead-lettering." }
+      }
+    },
+
     "nodeStarted": {
       "type": "object",
       "description": "Emitted when a node begins execution.",
@@ -419,6 +488,39 @@
       },
       "additionalProperties": true
     },
+    "approvalGranted": {
+      "description": "RFC 0051 — emitted when an authorized principal grants a `core.openwop.governance.approvalGate`. Redaction-safe: `principal` is an opaque RFC 0048 id. MUST NOT be emitted unless the gate node is registered (peerDependency `authorization: 'supported'`).",
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["gateId", "principal"],
+      "properties": {
+        "gateId": { "type": "string", "minLength": 1, "description": "Identifier of the approval gate node." },
+        "principal": { "type": "string", "minLength": 1, "description": "Opaque RFC 0048 principal id of the granting actor." },
+        "quorumProgress": { "type": "object", "additionalProperties": false, "properties": { "granted": { "type": "integer", "minimum": 0 }, "required": { "type": "integer", "minimum": 1 } }, "description": "When the gate requires a quorum: grants accumulated vs required." }
+      }
+    },
+    "approvalRejected": {
+      "description": "RFC 0051 — emitted when an authorized principal rejects an approval gate. The run loops back per the workflow edges (does not terminate by default). Redaction-safe.",
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["gateId", "principal"],
+      "properties": {
+        "gateId": { "type": "string", "minLength": 1 },
+        "principal": { "type": "string", "minLength": 1, "description": "Opaque RFC 0048 principal id of the rejecting actor." },
+        "reason": { "type": "string", "description": "Redaction-safe human-readable reason." }
+      }
+    },
+    "approvalOverridden": {
+      "description": "RFC 0051 — emitted when a role-gated `override` path bypasses the gate (e.g. owner force-publish). MUST feed the audit log (RFC 0009/0010). Redaction-safe.",
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["gateId", "principal", "reason"],
+      "properties": {
+        "gateId": { "type": "string", "minLength": 1 },
+        "principal": { "type": "string", "minLength": 1, "description": "Opaque RFC 0048 principal id of the overriding actor (MUST satisfy the override role)." },
+        "reason": { "type": "string", "minLength": 1, "description": "Required, redaction-safe rationale — the audit breadcrumb." }
+      }
+    },
     "clarificationRequested": {
       "type": "object",
       "description": "Legacy kind-specific event for HITL clarification requests.",