@openwop/openwop-conformance 1.6.0 → 1.10.0

package/schemas/node-pack-manifest.schema.json

@@ -56,7 +56,22 @@
     "peerDependencies": {
       "type": "object",
       "additionalProperties": { "type": "string" },
-      "description": "Engine-supplied capabilities the pack consumes (e.g., a particular AI provider extension). Resolved against `Capabilities` at register time."
+      "description": "Engine-supplied capabilities the pack consumes (e.g., a particular AI provider extension). Resolved against `Capabilities` at register time. Each entry is REQUIRED by default — an unmet entry fails install with `pack_peer_dependency_missing` — unless marked optional in `peerDependenciesMeta` (RFC 0072 §C)."
+    },
+    "peerDependenciesMeta": {
+      "type": "object",
+      "description": "Per-peer-dependency metadata (RFC 0072 §C). Keys mirror `peerDependencies` keys. Marking an entry `optional: true` makes it degrade-if-unmet instead of refuse-if-unmet: a host that does not satisfy it MUST install the pack with that capability inert AND surface it in the affected agents' inventory `degraded[]` (RFC 0072 §A); it MUST NOT silently ignore the declared dependency. Default (absent entry) is required. Packs published before RFC 0072 validate unchanged.",
+      "additionalProperties": {
+        "type": "object",
+        "additionalProperties": false,
+        "properties": {
+          "optional": {
+            "type": "boolean",
+            "default": false,
+            "description": "When true, an unmet peer dependency degrades (inert + surfaced in `degraded[]`) rather than failing install."
+          }
+        }
+      }
     },
     "nodes": {
       "type": "array",

package/schemas/run-event-payloads.schema.json

@@ -2,7 +2,7 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$id": "https://openwop.dev/spec/v1/run-event-payloads.schema.json",
   "title": "RunEventPayloads",
-  "description": "Per-RunEventType payload schemas. The base RunEventDoc shape (run-event.schema.json) leaves `payload` permissive for forward-compat. This schema defines the canonical payload contract for each known RunEventType. Consumers MAY pin strict payload validation via `$defs.<typeId>` and `ajv.validate(schema.$defs[event.type], event.payload)`. Unknown event types MUST be tolerated (no $defs match → fold best-effort).\n\n71 variants from `run-event.schema.json#$defs.RunEventType` are covered, grouped into ~20 shape families with shared $defs. Naming convention: camelCase keys mirror dotted RunEventType names (e.g., `run.started` → `runStarted`).",
+  "description": "Per-RunEventType payload schemas. The base RunEventDoc shape (run-event.schema.json) leaves `payload` permissive for forward-compat. This schema defines the canonical payload contract for each known RunEventType. Consumers MAY pin strict payload validation via `$defs.<typeId>` and `ajv.validate(schema.$defs[event.type], event.payload)`. Unknown event types MUST be tolerated (no $defs match → fold best-effort).\n\n75 variants from `run-event.schema.json#$defs.RunEventType` are covered, grouped into ~20 shape families with shared $defs. Naming convention: camelCase keys mirror dotted RunEventType names (e.g., `run.started` → `runStarted`).",
   "type": "object",
   "$defs": {
     "_typeIndex": {
@@ -76,6 +76,10 @@
         "conversation.exchanged":    { "$ref": "#/$defs/conversationExchanged" },
         "conversation.closed":       { "$ref": "#/$defs/conversationClosed" },
         "memory.compacted":          { "$ref": "#/$defs/memoryCompacted" },
+        "memory.written":            { "$ref": "#/$defs/memoryWritten" },
+        "agent.memory.consolidated": { "$ref": "#/$defs/agentMemoryConsolidated" },
+        "commitment.fired":          { "$ref": "#/$defs/commitmentFired" },
+        "workspace.updated":         { "$ref": "#/$defs/workspaceUpdated" },
         "core.workflowChain.event":  { "$ref": "#/$defs/coreWorkflowChainEvent" },
         "core.workflowChain.confidence-escalated": { "$ref": "#/$defs/coreWorkflowChainConfidenceEscalated" },
         "connector.authorized":      { "$ref": "#/$defs/connectorAuthorized" },
@@ -161,6 +165,24 @@
           "items": { "type": "string" },
           "description": "On phase `output.harvested`: which parent-variable keys were populated by the dispatch config's outputMapping per RFC 0022 §A. SHOULD be present; conformance asserts presence when outputMapping is non-empty."
         },
+        "attestation": {
+          "type": "object",
+          "description": "RFC 0063 (when `capabilities.agents.subRunAttestation: true` AND the `core.subWorkflow` node sets `outputAttestation.checksum: true`). A content checksum over the child's harvested output object, computed BEFORE `outputMapping` is applied so the parent (or a downstream node) can verify integrity — host-independent because the recipe is RFC 8785 JCS canonicalization + SHA-256 (the `replay.md` recipe, RFC 0041), enabling verification of a child that ran on a different host (RFC 0040). Advisory: the host does NOT itself reject on checksum mismatch; that is parent policy.",
+          "additionalProperties": false,
+          "required": ["checksum", "algorithm"],
+          "properties": {
+            "checksum": {
+              "type": "string",
+              "minLength": 1,
+              "description": "Lowercase hex digest of the canonicalized harvested-output object. Content-free: a hash, never the outputs themselves."
+            },
+            "algorithm": {
+              "type": "string",
+              "enum": ["sha256"],
+              "description": "Hash algorithm. `sha256` is the only v1 value; the enum reserves the axis for a future agility migration without a wire-shape break."
+            }
+          }
+        },
         "error": {
           "$ref": "#/$defs/_errorObject",
           "description": "On phases `dispatch.failed` / `child.failed` / `child.cancelled`: the canonical error envelope."
@@ -585,7 +607,9 @@
         "artifactType": { "type": "string", "minLength": 1 },
         "nodeId":       { "type": "string" },
         "version":      { "type": "string" },
-        "summary":      { "type": "string" }
+        "summary":      { "type": "string" },
+        "registered":   { "type": "boolean", "description": "RFC 0071. True when `artifactType` resolves to a registered artifact type (pack- or host-registered) and the payload was validated against its schema; false for unregistered/host-local types accepted without schema validation. Optional; absent ⇒ treat as true, preserving pre-RFC-0071 semantics. See artifact-type-packs.md §\"Binding the existing artifact surfaces\"." },
+        "registrationSource": { "type": "string", "enum": ["pack", "host"], "description": "RFC 0075. Provenance of a registered type: `pack` (matches an installed artifact-type pack) or `host` (a host-native type the host validates against a host-known schema, independent of any pack — e.g. an AI host's built-in artifact types). Optional; meaningful only when `registered: true`. Absent ⇒ unspecified provenance (existing semantics)." }
       },
       "additionalProperties": true
     },
@@ -717,10 +741,10 @@
 
     "capBreached": {
       "type": "object",
-      "description": "Emitted when a CapabilityLimit is exceeded. Protocol-level limits use the four engine kinds (clarificationRounds / schemaRounds / envelopesPerTurn / maxNodeExecutions). RFC 0008 §K WASM-runtime caps use the wasm-* kinds (memory ceiling, fuel exhaustion, execution-time wall-clock).",
+      "description": "Emitted when a CapabilityLimit is exceeded. Protocol-level limits use the engine kinds (clarificationRounds / schemaRounds / envelopesPerTurn / maxNodeExecutions). RFC 0008 §K WASM-runtime caps use the wasm-* kinds (memory ceiling, fuel exhaustion, execution-time wall-clock). RFC 0058 run-execution bounds use the run-scoped run-duration (wall-clock timeout; limit=resolvedMs, observed=elapsedMs) and loop-iterations (agent-loop ceiling; limit=resolvedMax, observed=iterationCount) kinds.",
       "required": ["kind", "limit", "observed"],
       "properties": {
-        "kind":     { "type": "string", "enum": ["clarification", "schema", "envelopes", "node-executions", "wasm-memory", "wasm-fuel", "wasm-execution-time"] },
+        "kind":     { "type": "string", "enum": ["clarification", "schema", "envelopes", "node-executions", "wasm-memory", "wasm-fuel", "wasm-execution-time", "run-duration", "loop-iterations"] },
         "limit":    { "type": "integer", "minimum": 0 },
         "observed": { "type": "integer", "minimum": 0 },
         "nodeId":   { "type": "string" }
@@ -1160,6 +1184,9 @@
         "toolName":  { "type": "string", "minLength": 1, "description": "Tool identifier (typically a node-pack typeId or function name)." },
         "callId":    { "type": "string", "minLength": 1, "description": "Unique correlation id linking this call to the subsequent `agent.toolReturned`. Hosts SHOULD use UUIDs or content-addressable hashes." },
         "inputs":    { "description": "Tool inputs. Shape is tool-specific; consumers MUST NOT assume an object." },
+        "argsHash":  { "type": "string", "description": "RFC 0064 (when `capabilities.toolHooks.prePostEvents`). SHA-256 over RFC 8785 JCS-canonicalized args with resolved secrets already redacted (SR-1) — the SIEM-safe, content-free alternative to `inputs`. Raw key material MUST NOT enter the hash input." },
+        "principal": { "type": "string", "description": "RFC 0064. RFC 0048 principal id the call is attributed to (`core.system` for non-agent host egress)." },
+        "transport": { "type": "string", "enum": ["mcp", "http", "native"], "description": "RFC 0064. How the tool was reached." },
         "causationHostId": { "type": "string", "minLength": 1, "description": "RFC 0040 §A — optional cross-host causation pointer. Present + non-empty when this event's `causationId` points at an event on a DIFFERENT host; absent when same-host. MUST equal the originating host's `crossHostCausation.hostId`." }
       },
       "additionalProperties": true
@@ -1175,6 +1202,8 @@
         "callId":    { "type": "string", "minLength": 1 },
         "outcome":   { "description": "Tool result. Discriminated by host on success vs error; payload shape is tool-specific." },
         "error":     { "$ref": "#/$defs/_errorObject", "description": "Set on tool-execution failure. Mutually exclusive with `outcome`." },
+        "status":     { "type": "string", "enum": ["ok", "error", "forbidden", "rate_limited"], "description": "RFC 0064 (when `capabilities.toolHooks.prePostEvents`). Tool-hooks outcome. `forbidden`/`rate_limited` mean the tool was never invoked (per-tool authz / rate-limit gate)." },
+        "durationMs": { "type": "integer", "minimum": 0, "description": "RFC 0064. Wall-clock tool duration; recorded in the event and re-emitted verbatim on replay/`:fork` (MUST NOT be recomputed from a clock, per `replay.md`). Absent when the call never started (`forbidden`/`rate_limited`)." },
         "causationHostId": { "type": "string", "minLength": 1, "description": "RFC 0040 §A — optional cross-host causation pointer. Present + non-empty when this event's `causationId` points at an event on a DIFFERENT host; absent when same-host. MUST equal the originating host's `crossHostCausation.hostId`." }
       },
       "additionalProperties": true
@@ -1213,6 +1242,7 @@
       "properties": {
         "agentId":  { "type": "string", "minLength": 3, "maxLength": 256, "description": "AgentRef.agentId of the orchestrator. MUST equal `RunSnapshot.runOrchestrator.agentId` for the run's lifetime — orchestrator identity is set at first decision and does not change." },
         "decision": { "$ref": "orchestrator-decision.schema.json" },
+        "iteration": { "type": "integer", "minimum": 1, "description": "RFC 0061 (`multiAgent.executionModel.version >= 5`). 1-based, monotonic count of orchestrator turns in this run — the observable loop-iteration counter that `maxLoopIterations` (RFC 0058) bounds; a breach emits `cap.breached { kind: 'loop-iterations', observed: <this+1> }`. A `version >= 5` host MUST set it on every `runOrchestrator.decided`, incrementing by exactly 1 per turn and surviving a stateful HITL resume unchanged. Recorded in the event and re-emitted verbatim on replay/`:fork`, never recomputed (`replay.md`). Omitted by hosts on `version < 5`." },
         "causationHostId": { "type": "string", "minLength": 1, "description": "RFC 0040 §A — optional cross-host causation pointer. Present + non-empty when this event's `causationId` points at an event on a DIFFERENT host; absent when same-host. MUST equal the originating host's `crossHostCausation.hostId`." }
       },
       "additionalProperties": false
@@ -1275,9 +1305,70 @@
         "sourceIds":   { "type": "array", "items": { "type": "string", "minLength": 1 }, "description": "Ids of entries collapsed into outputId. Hosts MAY omit when sourceCount > 100; the `compacted-from:<runId>` tag convention (RFC 0012 §C) becomes the authoritative provenance signal. When present, MUST be exhaustive within the array (no 'and N more' semantics)." },
         "sourceCount": { "type": "integer", "minimum": 1, "description": "Total source entries collapsed, including any not enumerated in `sourceIds`." },
         "trigger":     { "type": "string", "enum": ["host-managed", "client-requested", "both"], "description": "Matches `capabilities.memory.compaction.trigger`; indicates which trigger path drove this run. v1.x normates only `host-managed`." },
-        "byteSize":    { "type": "integer", "minimum": 0, "description": "Byte size of the resulting MemoryEntry.content." }
+        "byteSize":    { "type": "integer", "minimum": 0, "description": "Byte size of the resulting MemoryEntry.content." },
+        "distillation": {
+          "type": "object",
+          "description": "RFC 0062 (when `capabilities.memory.distillation.supported: true`). Present when this compaction is part of a budgeted distillation run (a scheduled or on-demand 'dream'). Absent for a plain RFC 0012 compaction. Carries the token-budget accounting + whether the memory index was refreshed — not a parallel `memory.distilled` event.",
+          "additionalProperties": false,
+          "required": ["tokenBudget", "tokensUsed"],
+          "properties": {
+            "tokenBudget":  { "type": "integer", "minimum": 1, "description": "Effective per-run budget honored (≤ advertised `maxTokenBudget`), counted against the advertised `tokenizerName`." },
+            "tokensUsed":   { "type": "integer", "minimum": 0, "description": "Total input+output tokens the distillation consumed, best-effort-honest per the advertised tokenizer (±10% tolerance). MUST be ≤ `tokenBudget` on a successful run." },
+            "indexUpdated": { "type": "boolean", "description": "Whether this run refreshed the memory-index workspace file (`MEMORY-INDEX.json`, RFC 0059). When `true`, a `workspace.updated` event was also emitted for that path." }
+          }
+        }
+      },
+      "additionalProperties": true
+    },
+    "memoryWritten": {
+      "type": "object",
+      "description": "RFC 0057. Emitted by a host advertising `capabilities.memory.attribution.emitsWriteEvents: true` for each memory write a run makes, attributing it to the node (and agent, when known) that caused it. Content-free: identifiers + non-secret tags only — the entry content is served by the read-side (`MemoryAdapter.get`), already SR-1-redacted. On replay the event is re-read from the log, never regenerated (the host MUST NOT mint a new `memoryId` or timestamp at replay time). SECURITY invariants `memory-attribution-no-content` + `memory-attribution-tenant-scoped` apply.",
+      "required": ["memoryRef", "memoryId"],
+      "properties": {
+        "memoryRef": { "type": "string", "minLength": 1, "description": "Opaque MemoryAdapter handle (RFC 0004 §C) the entry was written under; resolvable via the read-side." },
+        "memoryId":  { "type": "string", "minLength": 1, "description": "Host-issued, stable entry id; correlates to `MemoryAdapter.get(memoryRef, memoryId)`." },
+        "nodeId":    { "type": "string", "minLength": 1, "description": "SHOULD — the node whose execution caused the write. Omitted only for writes with no node attribution (e.g. host session-end auto-memory)." },
+        "agentId":   { "type": "string", "minLength": 1, "description": "MAY — the agent identity (AgentRef per RFC 0002) behind the write, when known." },
+        "tags":      { "type": "array", "items": { "type": "string" }, "description": "MAY — the entry's non-secret labels. MUST NOT carry secret material (the no-content invariant covers payload bodies)." }
       },
       "additionalProperties": true
+    },
+    "agentMemoryConsolidated": {
+      "type": "object",
+      "description": "RFC 0068 (`Draft`). Emitted by a host advertising `capabilities.agents.memoryConsolidation.supported: true` after a background consolidation pass over LONG-TERM memory (merge/dedup/supersede/strengthen). Content-free: identifiers + counts only — entry content is served by the SR-1-redacted read-side (`MemoryAdapter.get`). On replay the event is re-read from the log, never regenerated. Distinct from RFC 0062 `memory.compacted` (token-budgeted distillation of transactional memory). SR-1 carry-forward (RFC 0004) + CTI-1 apply to the consolidated entries.",
+      "required": ["memoryRef", "inputCount", "outputCount"],
+      "properties": {
+        "memoryRef":   { "type": "string", "minLength": 1, "description": "Opaque MemoryAdapter handle (RFC 0004 §C) the consolidation pass operated over. Bounds the pass to a single memory scope (CTI-1)." },
+        "inputCount":  { "type": "integer", "minimum": 0, "description": "Long-term entries considered by the pass." },
+        "outputCount": { "type": "integer", "minimum": 0, "description": "Long-term entries remaining after the pass. MUST be <= inputCount for a pass that only merges/dedups; a strengthen-only pass MAY leave outputCount == inputCount." },
+        "mergedIds":   { "type": "array", "items": { "type": "string", "minLength": 1 }, "description": "MAY — ids of entries collapsed/superseded by the pass. Hosts MAY omit when inputCount is large; consumers MUST tolerate absence." },
+        "trigger":     { "type": "string", "enum": ["host-managed", "scheduled", "on-demand"], "description": "MAY — which initiation path drove this pass (mirrors `agents.memoryConsolidation.schedule`)." }
+      },
+      "additionalProperties": true
+    },
+    "commitmentFired": {
+      "type": "object",
+      "description": "RFC 0068 (`Draft`). Emitted by a host advertising `capabilities.agents.commitments.supported: true` when an inferred standing commitment fires. Content-free: identifiers + condition kind only — the intention text lives in SR-1-redacted memory (`MemoryAdapter.get(memoryRef, memoryId)`). The fired arm composes RFC 0052 (time) or RFC 0060 (predicate). On replay the event is re-read from the log, never regenerated (the host MUST NOT re-infer or re-fire a commitment at replay time). CTI-1: the commitment, its memory provenance, and any run it enqueues MUST share the source memory's tenant.",
+      "required": ["commitmentId", "memoryRef", "condition"],
+      "properties": {
+        "commitmentId":  { "type": "string", "minLength": 1, "description": "Host-issued, stable id for the inferred commitment. Correlates repeated observability across re-evaluations of the same commitment." },
+        "memoryRef":     { "type": "string", "minLength": 1, "description": "Opaque MemoryAdapter handle of the memory scope the commitment was inferred from (provenance + CTI-1 tenant binding)." },
+        "memoryId":      { "type": "string", "minLength": 1, "description": "MAY — id of the source `MemoryEntry` the commitment was inferred from, when a single entry is attributable. Resolvable via `MemoryAdapter.get`; content is read SR-1-redacted from the read-side." },
+        "condition":     { "type": "string", "enum": ["time", "predicate"], "description": "Which fire-condition kind triggered. `time` composes RFC 0052; `predicate` composes RFC 0060." },
+        "enqueuedRunId": { "type": "string", "minLength": 1, "description": "MAY — id of the run the fired commitment enqueued, when the host initiates one. Absent when the commitment fires as a notification without a run." }
+      },
+      "additionalProperties": true
+    },
+
+    "workspaceUpdated": {
+      "description": "RFC 0059. Emitted by a host advertising `capabilities.workspace.supported: true` on each successful `PUT`/`DELETE` of a workspace file, attributing the change to the file `path` + resulting `version`. Content-free: carries the path + version only — the file body is served by the read-side (`GET /v1/host/workspace/files/{path}`), already SR-1-redacted (RFC 0059 §E WSR-1). On replay the event is re-read from the log, never regenerated. MUST NOT be emitted unless `capabilities.workspace.supported: true`. The proposed SECURITY invariant `workspace-cross-tenant-isolation` (WCT-1) applies to the read-side that resolves these paths.",
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["path", "version"],
+      "properties": {
+        "path":    { "type": "string", "minLength": 1, "description": "Workspace-relative path of the file that changed (matches `workspace-file.schema.json#path`)." },
+        "version": { "type": "integer", "minimum": 1, "description": "The file's resulting monotonic version after the write. On delete, the tombstone version when `versioned: true`." }
+      }
     }
   }
 }

package/schemas/run-event.schema.json

@@ -129,6 +129,10 @@
         "conversation.exchanged",
         "conversation.closed",
         "memory.compacted",
+        "memory.written",
+        "agent.memory.consolidated",
+        "commitment.fired",
+        "workspace.updated",
         "core.workflowChain.event",
         "core.workflowChain.confidence-escalated",
         "connector.authorized",

package/schemas/workflow-definition.schema.json

@@ -138,6 +138,11 @@
         },
         "credentialsRef": { "type": "string" },
         "settings": { "type": "object" },
+        "outputRole": {
+          "type": "string",
+          "enum": ["primary", "secondary"],
+          "description": "RFC 0065 — author hint that this terminal node's output is the workflow's primary deliverable (`primary`) or an auxiliary output (`secondary`). Advisory: hosts MUST execute the workflow identically regardless of value. Tooling MAY use the hint to pick which of N terminal nodes' outputs to surface as the run's canonical artifact. Unknown values + absent values fall back to default behavior (show all terminal outputs)."
+        },
         "disabled": { "type": "boolean", "default": false },
         "notes": { "type": "string" },
         "groupId": { "type": "string" },

package/schemas/workspace-file-create.schema.json

@@ -0,0 +1,20 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/workspace-file-create.schema.json",
+  "title": "WorkspaceFileCreate",
+  "description": "RFC 0059. Request body for `PUT /v1/host/workspace/files/{path}` (atomic create/replace). The `path` is taken from the URL and MUST NOT be supplied here; the host assigns `version`, `etag`, and `updatedAt`. The client supplies only `content` and an optional `contentType`. Optimistic concurrency is expressed via the `If-Match` request header (the file's current `etag`), NOT a body field — a stale `If-Match` returns `409 workspace_conflict`. A `content` exceeding `capabilities.workspace.maxFileBytes` returns `workspace_too_large`. The response is a full `workspace-file.schema.json`.",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["content"],
+  "properties": {
+    "content": {
+      "type": "string",
+      "description": "UTF-8 file body to persist. SR-1-redacted on write per RFC 0059 §E WSR-1."
+    },
+    "contentType": {
+      "type": "string",
+      "default": "text/markdown",
+      "description": "Advisory MIME type of `content`. Defaults to `text/markdown`."
+    }
+  }
+}

package/schemas/workspace-file.schema.json

@@ -0,0 +1,39 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/workspace-file.schema.json",
+  "title": "WorkspaceFile",
+  "description": "RFC 0059. A versioned, tenant·workspace-scoped ground-truth file in the `host.workspace` store. Returned by `GET /v1/host/workspace/files/{path}` and `PUT …/{path}`; the `list` endpoint returns the same shape minus `content` (metadata only). `path` is a flat namespace with `/`-in-names (NOT nested directories) — no `..`, no leading `/` (the pattern enforces this). Writes are atomic and optimistically concurrent via the `etag` token (`If-Match`). When `capabilities.workspace.versioned: true`, prior versions are retrievable via `?version=N`. Content is SR-1-redacted on write (RFC 0059 §E WSR-1) — never the BYOK plaintext.",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["path", "content", "version", "updatedAt"],
+  "properties": {
+    "path": {
+      "type": "string",
+      "pattern": "^[A-Za-z0-9][A-Za-z0-9._/-]{0,255}$",
+      "description": "Workspace-relative path. Flat namespace with `/`-in-names; MUST NOT contain `..` or a leading `/` (the pattern forbids both). Stable identity of the file within the `{tenant, workspace}` scope."
+    },
+    "content": {
+      "type": "string",
+      "description": "UTF-8 file body. SR-1-redacted on write per RFC 0059 §E WSR-1 — a value the run's BYOK vault resolved is persisted as `[REDACTED:<secretId>]`, never the plaintext."
+    },
+    "contentType": {
+      "type": "string",
+      "default": "text/markdown",
+      "description": "Advisory MIME type of `content`. Defaults to `text/markdown` (the ground-truth-file convention)."
+    },
+    "version": {
+      "type": "integer",
+      "minimum": 1,
+      "description": "Monotonic version. 1 on first create; each successful `PUT` bumps it by one. The latest version is always retrievable; historical versions are best-effort up to `capabilities.workspace.maxVersions`."
+    },
+    "etag": {
+      "type": "string",
+      "description": "Opaque version token for `If-Match` optimistic concurrency. A `PUT` carrying a stale `If-Match` MUST be refused with `409 workspace_conflict`."
+    },
+    "updatedAt": {
+      "type": "string",
+      "format": "date-time",
+      "description": "ISO 8601 timestamp of the write that produced this version."
+    }
+  }
+}

package/src/lib/agentLoop.ts

@@ -0,0 +1,44 @@
+/**
+ * Shared helper for the RFC 0061 stateful agent-loop-lifecycle
+ * (`multiAgent.executionModel.version: 5`) conformance scenarios. Lives in lib/
+ * (not a *.test.ts) so scenarios import it via `../lib/agentLoop.js`.
+ */
+import { driver } from './driver.js';
+import { readCapabilityFamily } from './discovery-capabilities.js';
+
+/** Reads `multiAgent.executionModel` from discovery (root-first per RFC 0073);
+ *  null when the host advertises no execution model (treated as no support). */
+export async function readExecutionModelCap(): Promise<Record<string, unknown> | null> {
+  const ma = await readCapabilityFamily<{ executionModel?: unknown }>('multiAgent');
+  const em = ma?.executionModel;
+  return em && typeof em === 'object' ? (em as Record<string, unknown>) : null;
+}
+
+/** True when the host advertises `executionModel.version >= 5`. */
+export function isVersion5(em: Record<string, unknown> | null): boolean {
+  return typeof em?.version === 'number' && (em.version as number) >= 5;
+}
+
+/** True when the host advertises `workspace.supported: true` (root-first per RFC 0073). */
+export async function hasWorkspace(): Promise<boolean> {
+  const ws = await readCapabilityFamily<{ supported?: unknown }>('workspace');
+  return ws?.supported === true;
+}
+
+interface LoopResult {
+  decisions?: Array<{ iteration?: unknown }>;
+  workspaceVisible?: { atWriteTurn?: unknown; atNextTurn?: unknown };
+  resumedIteration?: unknown;
+}
+
+/** Drives one bounded stateful loop via the host-sample seam, or null
+ *  (soft-skip) when the host doesn't expose it. The seam is host-extension
+ *  surface specified in host-sample-test-seams.md §"Open seams":
+ *  `POST /v1/host/sample/agentloop/run` returns the ordered
+ *  `runOrchestrator.decided` payloads (each carrying `iteration`) the host
+ *  would emit, plus optional workspace-visibility + resume reports. */
+export async function invokeAgentLoop(body: Record<string, unknown>): Promise<LoopResult | null> {
+  const res = await driver.post('/v1/host/sample/agentloop/run', body);
+  if (res.status === 404 || res.status === 405) return null; // seam absent — soft-skip
+  return (res.json as LoopResult | undefined) ?? {};
+}

package/src/lib/agentRuntime.ts

@@ -0,0 +1,45 @@
+/**
+ * Shared helper for the RFC 0070 agents.manifestRuntime conformance scenario.
+ * Lives in lib/ (not a *.test.ts) so scenarios import it via `../lib/agentRuntime.js`.
+ */
+import { driver } from './driver.js';
+import { readCapabilityFamily } from './discovery-capabilities.js';
+
+/** Reads `agents.manifestRuntime` from discovery (root-first per RFC 0073);
+ *  null when unadvertised. */
+export async function readManifestRuntimeCap(): Promise<Record<string, unknown> | null> {
+  const agents = await readCapabilityFamily<{ manifestRuntime?: unknown }>('agents');
+  const mr = agents?.manifestRuntime;
+  return mr && typeof mr === 'object' ? (mr as Record<string, unknown>) : null;
+}
+
+interface AgentInventory {
+  agents?: Array<{ agentId?: string; [k: string]: unknown }>;
+  total?: number;
+}
+
+/** GET the NORMATIVE manifest-agent inventory (RFC 0072 §A `GET /v1/agents`);
+ *  null when the host doesn't advertise the capability (404/405/501). */
+export async function listManifestAgents(): Promise<AgentInventory | null> {
+  const res = await driver.get('/v1/agents');
+  if (res.status === 404 || res.status === 405 || res.status === 501) return null;
+  return (res.json as AgentInventory | undefined) ?? {};
+}
+
+export interface DispatchResult {
+  agentId?: string;
+  status?: string;
+  toolSurface?: string[];
+  confidence?: number;
+  threshold?: number;
+  events?: Array<{ type?: string; agentId?: string; decision?: string; [k: string]: unknown }>;
+  result?: unknown;
+  error?: { code?: string; message?: string };
+}
+
+/** Dispatch one manifest-agent turn via the host-sample seam; null when absent. */
+export async function dispatchAgent(agentId: string, body: Record<string, unknown>): Promise<DispatchResult | null> {
+  const res = await driver.post(`/v1/host/sample/agents/${encodeURIComponent(agentId)}/dispatch`, body);
+  if (res.status === 404 || res.status === 405) return null;
+  return (res.json as DispatchResult | undefined) ?? {};
+}

package/src/lib/artifactTypes.ts

@@ -0,0 +1,96 @@
+/**
+ * Shared helpers for the RFC 0071 host.artifactTypes conformance scenarios.
+ * Lives in lib/ (not a *.test.ts) so scenarios import it via `../lib/artifactTypes.js`.
+ *
+ * The behavioral scenarios drive a documented host-extension seam — hosts
+ * wiring RFC 0071 Phase 1 (artifact-type packs) expose:
+ *
+ *   POST /v1/host/sample/artifacttypes/install
+ *     body: { manifest: <artifact-type-pack manifest>,
+ *             schemas: { "<artifactTypeId>": <JSON Schema> } }
+ *     → 2xx { installed: true, artifactTypeIds: string[] }
+ *
+ *   POST /v1/host/sample/artifacttypes/produce
+ *     body: { artifactTypeId: string, payload: unknown }
+ *     → 2xx {
+ *         artifactId: string,
+ *         registered: boolean,   // matched an installed artifact-type pack
+ *         validated: boolean,    // payload checked against the pack schema
+ *         stored: boolean,       // persisted (host.artifactTypes.store)
+ *         rendered: boolean,     // a renderer ran (host.artifactTypes.render)
+ *         runStatus: 'completed' | 'failed',
+ *         artifactCreated?: { registered?: boolean, artifactType?: string }  // the emitted event
+ *       }
+ *
+ * Either seam returning 404/405 means the host hasn't wired it → soft-skip.
+ */
+import { driver } from './driver.js';
+
+interface DiscoveryDoc {
+  capabilities?: Record<string, unknown>;
+  // host.* capabilities may also appear top-level per host-capabilities.md §"The contract pattern".
+  [k: string]: unknown;
+}
+
+/** Reads `host.artifactTypes` from discovery (capabilities block or top-level); null when unadvertised. */
+export async function readArtifactTypesCap(): Promise<Record<string, unknown> | null> {
+  const res = await driver.get('/.well-known/openwop');
+  const doc = res.json as DiscoveryDoc | undefined;
+  const fromCaps = doc?.capabilities && typeof doc.capabilities === 'object'
+    ? (doc.capabilities as Record<string, unknown>)['host.artifactTypes']
+    : undefined;
+  const cap = fromCaps ?? doc?.['host.artifactTypes'];
+  return cap && typeof cap === 'object' ? (cap as Record<string, unknown>) : null;
+}
+
+export function artifactTypesSupported(cap: Record<string, unknown> | null): boolean {
+  return cap?.['supported'] === true;
+}
+
+/** Installs an artifact-type pack via the host-sample seam, or null (soft-skip) when absent. */
+export async function installArtifactTypePack(
+  manifest: unknown,
+  schemas: Record<string, unknown>,
+): Promise<{ status: number; json: unknown } | null> {
+  const res = await driver.post('/v1/host/sample/artifacttypes/install', { manifest, schemas });
+  if (res.status === 404 || res.status === 405) return null;
+  return { status: res.status, json: res.json };
+}
+
+/** Produces an artifact of `artifactTypeId` via the host-sample seam, or null (soft-skip) when absent. */
+export async function produceArtifact(
+  artifactTypeId: string,
+  payload: unknown,
+): Promise<{ status: number; json: Record<string, unknown> } | null> {
+  const res = await driver.post('/v1/host/sample/artifacttypes/produce', { artifactTypeId, payload });
+  if (res.status === 404 || res.status === 405) return null;
+  return { status: res.status, json: (res.json ?? {}) as Record<string, unknown> };
+}
+
+/** A minimal valid artifact-type pack + schema pair the scenarios install. */
+export function sampleArtifactTypePack() {
+  const artifactTypeId = 'vendor.conformance.note';
+  const manifest = {
+    kind: 'artifact-type',
+    name: 'vendor.conformance.notes',
+    version: '1.0.0',
+    engines: { openwop: '>=1.1' },
+    artifactTypes: [
+      {
+        artifactTypeId,
+        schemaVersion: 1,
+        schemaRef: 'schemas/note.schema.json',
+        rendering: { display: 'markdown' },
+      },
+    ],
+  };
+  const schema = {
+    $schema: 'https://json-schema.org/draft/2020-12/schema',
+    $id: 'https://h.example/schemas/artifacts/vendor.conformance.note.schema.json',
+    type: 'object',
+    additionalProperties: false,
+    required: ['title', 'body'],
+    properties: { title: { type: 'string' }, body: { type: 'string' } },
+  };
+  return { artifactTypeId, manifest, schema };
+}

package/src/lib/cardPacks.ts

@@ -0,0 +1,52 @@
+/**
+ * Shared helpers for the RFC 0071 Phase 2 host.chat.cardPacks conformance scenarios.
+ * Lives in lib/ so scenarios import it via `../lib/cardPacks.js`.
+ *
+ * Hosts wiring chat card packs expose a documented host-extension seam:
+ *
+ *   POST /v1/host/sample/cardpacks/execute
+ *     body: { cardTypeId: string, inputs: Record<string, unknown> }
+ *     → 2xx {
+ *         artifactId?: string,
+ *         registered?: boolean,        // output validated against the linked outputArtifactType
+ *         validated?: boolean,
+ *         contentTrust?: 'trusted' | 'untrusted',   // the composed-envelope trust tag (R2)
+ *         runStatus?: 'completed' | 'failed',
+ *         artifactCreated?: { registered?: boolean, artifactType?: string }
+ *       }
+ *
+ * A 404/405 means the host hasn't wired the seam → soft-skip.
+ */
+import { driver } from './driver.js';
+
+interface DiscoveryDoc {
+  capabilities?: Record<string, unknown>;
+  [k: string]: unknown;
+}
+
+/** Reads `host.chat.cardPacks` (or the `host.chat` block's `cardPacks` facet) from discovery; null when unadvertised. */
+export async function readCardPacksCap(): Promise<Record<string, unknown> | null> {
+  const res = await driver.get('/.well-known/openwop');
+  const doc = res.json as DiscoveryDoc | undefined;
+  const caps = doc?.capabilities && typeof doc.capabilities === 'object' ? (doc.capabilities as Record<string, unknown>) : undefined;
+  // Accept either a discrete `host.chat.cardPacks` key or a `cardPacks` facet under `host.chat`.
+  const direct = caps?.['host.chat.cardPacks'] ?? doc?.['host.chat.cardPacks'];
+  if (direct && typeof direct === 'object') return direct as Record<string, unknown>;
+  const chat = caps?.['host.chat'] ?? doc?.['host.chat'];
+  const facet = chat && typeof chat === 'object' ? (chat as Record<string, unknown>)['cardPacks'] : undefined;
+  return facet && typeof facet === 'object' ? (facet as Record<string, unknown>) : null;
+}
+
+export function cardPacksSupported(cap: Record<string, unknown> | null): boolean {
+  return cap?.['supported'] === true;
+}
+
+/** Executes a registered card via the host-sample seam, or null (soft-skip) when absent. */
+export async function executeCard(
+  cardTypeId: string,
+  inputs: Record<string, unknown>,
+): Promise<{ status: number; json: Record<string, unknown> } | null> {
+  const res = await driver.post('/v1/host/sample/cardpacks/execute', { cardTypeId, inputs });
+  if (res.status === 404 || res.status === 405) return null;
+  return { status: res.status, json: (res.json ?? {}) as Record<string, unknown> };
+}

package/src/lib/discovery-capabilities.ts

@@ -0,0 +1,50 @@
+/**
+ * Shared root-first reader for `/.well-known/openwop` capability families.
+ *
+ * Per `spec/v1/capabilities.md` §"Document-root layout" (RFC 0073), every
+ * capability family (`agents`, `secrets`, `aiProviders`, `auth`, `memory`,
+ * `multiAgent`, `authorization`, …) is a property of the discovery document
+ * ROOT — `capabilities.schema.json` defines no `capabilities` wrapper property.
+ * A top-level `capabilities` object is a deprecated legacy shape; the suite
+ * reads the root first and falls back to a `capabilities.*` wrapper only
+ * through the v1.x migration window. Standardizes the ad-hoc dual-read that
+ * already existed (e.g. `aiEnvelope.capBreached.test.ts`,
+ * `ai-envelope-shape.test.ts`) into one accessor so every helper reads the
+ * same way.
+ *
+ * @see spec/v1/capabilities.md §"Document-root layout"
+ * @see RFCS/0073-capability-document-root-layout.md
+ */
+import { driver } from './driver.js';
+
+/**
+ * Read one capability family from an already-fetched discovery doc: document
+ * root first, deprecated `capabilities.*` wrapper as a fallback. Returns
+ * `undefined` when the family is advertised in neither location.
+ */
+export function capabilityFamily<T = Record<string, unknown>>(
+  doc: unknown,
+  name: string,
+): T | undefined {
+  if (!doc || typeof doc !== 'object') return undefined;
+  const root = (doc as Record<string, unknown>)[name];
+  if (root !== undefined) return root as T;
+  const wrapper = (doc as { capabilities?: unknown }).capabilities;
+  if (wrapper && typeof wrapper === 'object') {
+    return (wrapper as Record<string, unknown>)[name] as T | undefined;
+  }
+  return undefined;
+}
+
+/**
+ * Fetch `/.well-known/openwop` and return one capability family (root-first,
+ * wrapper-fallback). `undefined` when the host returns non-200 or doesn't
+ * advertise the family.
+ */
+export async function readCapabilityFamily<T = Record<string, unknown>>(
+  name: string,
+): Promise<T | undefined> {
+  const res = await driver.get('/.well-known/openwop');
+  if (res.status !== 200) return undefined;
+  return capabilityFamily<T>(res.json, name);
+}

package/src/lib/distillation.ts

@@ -0,0 +1,38 @@
+/**
+ * Shared helper for the RFC 0062 scheduled-memory-distillation ("dreams")
+ * conformance scenarios. Lives in lib/ (not a *.test.ts) so scenarios import it
+ * via `../lib/distillation.js`.
+ */
+import { driver } from './driver.js';
+import { readCapabilityFamily } from './discovery-capabilities.js';
+
+/** Reads `memory.distillation` from discovery (root-first per RFC 0073); null
+ *  when the host advertises no distillation sub-block (treated as no support). */
+export async function readDistillationCap(): Promise<Record<string, unknown> | null> {
+  const memory = await readCapabilityFamily<{ distillation?: unknown }>('memory');
+  const d = memory?.distillation;
+  return d && typeof d === 'object' ? (d as Record<string, unknown>) : null;
+}
+
+interface DistillResult {
+  event?: { distillation?: { tokenBudget?: unknown; tokensUsed?: unknown; indexUpdated?: unknown } };
+  error?: unknown;
+  archiveChecksum?: unknown;
+  indexUpdated?: unknown;
+  indexFile?: unknown;
+}
+
+/** Drives one budgeted distillation run via the host-sample seam, or null
+ *  (soft-skip) when the host doesn't expose it. The seam is host-extension
+ *  surface specified in host-sample-test-seams.md §"Open seams":
+ *  `POST /v1/host/sample/memory/distill` returns the `memory.compacted` event
+ *  (with the additive RFC 0062 `distillation` sub-object) the host would emit,
+ *  plus the stable archive's checksum. Returns the raw status alongside the
+ *  body so scenarios can assert the `token_budget_exceeded` failure path. */
+export async function invokeDistill(
+  body: Record<string, unknown>,
+): Promise<{ status: number; body: DistillResult } | null> {
+  const res = await driver.post('/v1/host/sample/memory/distill', body);
+  if (res.status === 404 || res.status === 405) return null; // seam absent — soft-skip
+  return { status: res.status, body: (res.json as DistillResult | undefined) ?? {} };
+}