npm - @openwop/openwop-conformance - Versions diffs - 1.6.0 → 1.10.0 - Mend

@openwop/openwop-conformance 1.6.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/src/scenarios/artifact-schema-compile-bounded.test.ts ADDED Viewed

@@ -0,0 +1,126 @@
+/**
+ * Bounded artifact-schema compilation (RFC 0071, `Active`).
+ *
+ * Always-on, server-free assertion for the SECURITY invariant
+ * `artifact-schema-compile-bounded`. Artifact-type packs ship third-party
+ * JSON Schemas that the engine compiles (Ajv) at install + validation time;
+ * an unbounded compile is a denial-of-service vector (schema bombs:
+ * pathological `$ref` recursion, keyword-count explosion, oversized payloads,
+ * catastrophic-backtracking `pattern`s). This scenario asserts two things
+ * that must hold for every release regardless of which host runs it:
+ *
+ *   PART 1 — contract present. `artifact-type-packs.md` carries the normative
+ *   bounded-compilation MUST (serialized-size, `$ref`-depth, keyword-count
+ *   bounds + wall-clock timeout), and `host-capabilities.md` §host.artifactTypes
+ *   references it. Guards against the requirement being silently dropped.
+ *
+ *   PART 2 — defense is well-defined + implementable. A reference bounding
+ *   predicate built from representative finite limits rejects three schema
+ *   bombs and admits a benign artifact schema. The specific numeric limits are
+ *   host-configurable per the spec (advertised, not protocol-mandated); the
+ *   point is that *some* finite bound exists and catches the bombs while
+ *   passing legitimate schemas.
+ *
+ * The behavioral end-to-end form (a host rejects an over-bounds pack at
+ * registry `PUT` with `pack_validation_failed`) is capability-gated on
+ * `host.artifactTypes.supported` and is `host-pending` until a reference host
+ * lands; this server-free scenario is the always-on floor.
+ *
+ * @see spec/v1/artifact-type-packs.md §"Bounded schema compilation (normative)"
+ * @see SECURITY/threat-model-node-packs.md §"Distributed artifact schemas"
+ * @see RFCS/0071-artifact-type-and-chat-card-packs.md
+ */
+import { describe, it, expect } from 'vitest';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { V1_DIR } from '../lib/paths.js';
+const why = (specRef: string, requirement: string): string => `${specRef} — ${requirement}`;
+describe('artifact-schema-compile-bounded: contract present in the corpus (RFC 0071, server-free)', () => {
+  const artifactDoc = V1_DIR ? readFileSync(join(V1_DIR, 'artifact-type-packs.md'), 'utf8') : '';
+  const hostCaps = V1_DIR ? readFileSync(join(V1_DIR, 'host-capabilities.md'), 'utf8') : '';
+  it.skipIf(V1_DIR === null)('artifact-type-packs.md declares the bounded-compilation MUST', () => {
+    expect(
+      /Bounded schema compilation/i.test(artifactDoc),
+      why('artifact-type-packs.md', 'a "Bounded schema compilation" section MUST exist'),
+    ).toBe(true);
+    expect(
+      /MUST bound/i.test(artifactDoc) && /MUST reject/i.test(artifactDoc),
+      why('artifact-type-packs.md §"Bounded schema compilation"', 'host MUST bound + MUST reject over-limit schemas'),
+    ).toBe(true);
+    // The three structural axes + the timeout MUST all be named.
+    for (const axis of [/byte size/i, /\$ref/i, /keyword/i, /timeout/i]) {
+      expect(axis.test(artifactDoc), why('artifact-type-packs.md', `bound axis ${axis} MUST be named`)).toBe(true);
+    }
+  });
+  it.skipIf(V1_DIR === null)('host-capabilities.md §host.artifactTypes references the bound', () => {
+    expect(
+      /artifact-schema-compile-bounded/.test(hostCaps),
+      why('host-capabilities.md §host.artifactTypes', 'MUST reference the bounded-compilation invariant'),
+    ).toBe(true);
+  });
+});
+describe('artifact-schema-compile-bounded: a finite bound catches schema bombs (RFC 0071, server-free)', () => {
+  // Representative, host-configurable limits (the spec leaves the exact values
+  // to host advertisement; these stand in for "some finite bound").
+  const LIMITS = { maxBytes: 64 * 1024, maxRefDepth: 16, maxKeywords: 2000 };
+  function refDepth(node: unknown, seen = 0): number {
+    if (node === null || typeof node !== 'object') return seen;
+    const obj = node as Record<string, unknown>;
+    const here = '$ref' in obj ? seen + 1 : seen;
+    let max = here;
+    for (const v of Object.values(obj)) max = Math.max(max, refDepth(v, here));
+    return max;
+  }
+  function keywordCount(node: unknown): number {
+    if (node === null || typeof node !== 'object') return 0;
+    const obj = node as Record<string, unknown>;
+    let n = Object.keys(obj).length;
+    for (const v of Object.values(obj)) n += keywordCount(v);
+    return n;
+  }
+  /** Reference bound predicate — the shape a conformant host applies at PUT/install. */
+  function exceedsBounds(schema: unknown): boolean {
+    const bytes = Buffer.byteLength(JSON.stringify(schema), 'utf8');
+    if (bytes > LIMITS.maxBytes) return true;
+    if (refDepth(schema) > LIMITS.maxRefDepth) return true;
+    if (keywordCount(schema) > LIMITS.maxKeywords) return true;
+    return false;
+  }
+  it('admits a benign artifact schema', () => {
+    const benign = {
+      $schema: 'https://json-schema.org/draft/2020-12/schema',
+      $id: 'https://h.example/schemas/artifacts/vendor.acme.cad.model.schema.json',
+      type: 'object',
+      additionalProperties: false,
+      required: ['name'],
+      properties: { name: { type: 'string' }, dims: { type: 'array', items: { type: 'number' } } },
+    };
+    expect(exceedsBounds(benign), why('artifact-type-packs.md', 'a legitimate artifact schema MUST NOT be rejected')).toBe(false);
+  });
+  it('rejects a $ref-depth bomb', () => {
+    // Nest $ref-bearing objects deeper than maxRefDepth so resolution depth accumulates.
+    let node: Record<string, unknown> = { type: 'string' };
+    for (let i = 0; i < LIMITS.maxRefDepth + 4; i++) node = { $ref: '#/x', properties: { nested: node } };
+    expect(exceedsBounds({ type: 'object', properties: { deep: node } }), why('threat-model-node-packs.md', 'a $ref-depth bomb MUST be rejected')).toBe(true);
+  });
+  it('rejects a keyword-count bomb', () => {
+    const props: Record<string, unknown> = {};
+    for (let i = 0; i < LIMITS.maxKeywords + 100; i++) props[`p${i}`] = { type: 'string' };
+    expect(exceedsBounds({ type: 'object', properties: props }), why('threat-model-node-packs.md', 'a keyword-count bomb MUST be rejected')).toBe(true);
+  });
+  it('rejects an oversized schema', () => {
+    const huge = { type: 'object', description: 'x'.repeat(LIMITS.maxBytes + 1) };
+    expect(exceedsBounds(huge), why('threat-model-node-packs.md', 'an over-size schema MUST be rejected')).toBe(true);
+  });
+});

package/src/scenarios/artifact-type-pack-install.test.ts ADDED Viewed

@@ -0,0 +1,78 @@
+/**
+ * artifact-type-pack-install — RFC 0071 Phase 1 §"Binding the existing artifact
+ * surfaces". A host that advertises `host.artifactTypes` installs an
+ * artifact-type pack, then produces an artifact of a registered type:
+ *
+ *   - a payload that conforms to the pack schema is stored and surfaces an
+ *     `artifact.created` with `registered: true` (validated against the pack);
+ *   - a payload that violates the schema is rejected (not stored, no
+ *     `registered: true` artifact.created).
+ *
+ * Gated on `capabilities.host.artifactTypes.supported` + the host-sample
+ * install/produce seam; soft-skips when either is absent (`host-pending`
+ * until a reference host wires RFC 0071 — see the migration request at
+ * docs/openwop-adoption/0071-artifact-type-packs-migration-request.md).
+ *
+ * @see spec/v1/artifact-type-packs.md §"Binding the existing artifact surfaces"
+ * @see RFCS/0071-artifact-type-and-chat-card-packs.md
+ */
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import {
+  readArtifactTypesCap,
+  artifactTypesSupported,
+  installArtifactTypePack,
+  produceArtifact,
+  sampleArtifactTypePack,
+} from '../lib/artifactTypes.js';
+describe('artifact-type-pack-install: registered artifacts are schema-validated (RFC 0071)', () => {
+  it('a conforming payload yields artifact.created { registered: true }', async () => {
+    if (!artifactTypesSupported(await readArtifactTypesCap())) return; // unadvertised — soft-skip
+    const { artifactTypeId, manifest, schema } = sampleArtifactTypePack();
+    const installed = await installArtifactTypePack(manifest, { [artifactTypeId]: schema });
+    if (installed === null) return; // seam absent — soft-skip
+    expect(
+      installed.status >= 200 && installed.status < 300,
+      driver.describe('artifact-type-packs.md §"Pack kind"', 'a valid artifact-type pack MUST install cleanly'),
+    ).toBe(true);
+    const produced = await produceArtifact(artifactTypeId, { title: 'Hello', body: 'World' });
+    if (produced === null) return; // seam absent — soft-skip
+    expect(
+      produced.json['registered'],
+      driver.describe('artifact-type-packs.md §"Binding the existing artifact surfaces"', 'a payload matching a registered artifactTypeId MUST be marked registered'),
+    ).toBe(true);
+    expect(
+      produced.json['validated'],
+      driver.describe('artifact-type-packs.md', 'the host MUST validate the payload against the pack schema before emitting artifact.created'),
+    ).toBe(true);
+    const evt = produced.json['artifactCreated'] as { registered?: unknown } | undefined;
+    if (evt && 'registered' in evt) {
+      expect(
+        evt.registered,
+        driver.describe('run-event-payloads.schema.json §artifactCreated', 'artifact.created.registered MUST be true for a validated registered artifact'),
+      ).toBe(true);
+    }
+  });
+  it('a schema-violating payload is rejected (not stored as a validated registered artifact)', async () => {
+    if (!artifactTypesSupported(await readArtifactTypesCap())) return;
+    const { artifactTypeId, manifest, schema } = sampleArtifactTypePack();
+    if ((await installArtifactTypePack(manifest, { [artifactTypeId]: schema })) === null) return;
+    // `body` missing + a foreign key → fails additionalProperties:false + required.
+    const produced = await produceArtifact(artifactTypeId, { title: 'Hello', extra: true });
+    if (produced === null) return;
+    const rejected =
+      produced.status >= 400 ||
+      produced.json['validated'] === false ||
+      produced.json['stored'] === false;
+    expect(
+      rejected,
+      driver.describe('artifact-type-packs.md §"Binding the existing artifact surfaces"', 'a payload that fails the pack schema MUST NOT be emitted as a validated registered artifact'),
+    ).toBe(true);
+  });
+});

package/src/scenarios/artifact-type-pack-manifest-validation.test.ts ADDED Viewed

@@ -0,0 +1,140 @@
+/**
+ * Artifact-type pack manifest validation — `artifact-type-packs.md` §"Manifest format"
+ * + `schemas/artifact-type-pack-manifest.schema.json` (RFC 0071 Phase 1).
+ *
+ * Server-free schema-validation scenario. Exercises the new
+ * `artifact-type-pack-manifest.schema.json` with a positive sample and the
+ * negative samples derived from the RFC's "Examples" section that are
+ * expressible at the JSON-Schema layer:
+ *
+ *   1. Positive: a valid `kind: "artifact-type"` manifest with a single
+ *      `artifactTypes[]` entry validates cleanly.
+ *   2. Negative — kind/contents mismatch: a manifest carrying BOTH
+ *      `artifactTypes[]` AND `nodes[]` is rejected. Surface-level outcome at
+ *      the registry HTTP API is `pack_kind_invalid` per the spec;
+ *      schema-level outcome is an `additionalProperties` violation on
+ *      `nodes` (this schema does not declare that field).
+ *   3. Negative — empty `artifactTypes[]`: rejected with a `minItems`
+ *      violation (a pack MUST declare at least one artifact type).
+ *   4. Negative — invalid `artifactTypeId`: a value that does not match the
+ *      reverse-DNS pattern (e.g. an uppercase scope) is rejected with a
+ *      `pattern` violation.
+ *   5. Negative — unknown `rendering.display`: a value outside the closed
+ *      enum (`"3d-viewport"`) is rejected with an `enum` violation
+ *      (the RenderingHint vocabulary is reused from RFC 0055, `card` excluded).
+ *   6. Negative — non-conforming `exportFormats` identifier: an uppercase /
+ *      unprefixed value is rejected with a `pattern` violation (reserved-core
+ *      + `vendor.*`/`x-` extension idiom).
+ *
+ * NOTE: the RFC's "core scope published from a non-core account" negative is a
+ * registry-PUT enforcement rule (account ↔ scope binding), NOT a schema
+ * constraint — `core.*` is a valid `artifactTypeId` pattern. It is therefore
+ * not asserted here; it belongs to the capability-gated publish scenario.
+ *
+ * Capability-gated end-to-end scenarios (install + validate; store-without-
+ * render negotiation) are deferred and gate on `host.artifactTypes.supported`
+ * per the RFC; behavior grade is `host-pending` until a reference host lands.
+ *
+ * @see spec/v1/artifact-type-packs.md
+ * @see schemas/artifact-type-pack-manifest.schema.json
+ * @see RFCS/0071-artifact-type-and-chat-card-packs.md
+ */
+import { describe, it, expect } from 'vitest';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+import type { ErrorObject } from 'ajv';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+const SCHEMA_PATH = join(SCHEMAS_DIR, 'artifact-type-pack-manifest.schema.json');
+function validManifest() {
+  return {
+    kind: 'artifact-type',
+    name: 'vendor.acme.cad',
+    version: '1.0.0',
+    engines: { openwop: '>=1.1 <2.0.0' },
+    artifactTypes: [
+      {
+        artifactTypeId: 'vendor.acme.cad.model',
+        schemaVersion: 1,
+        schemaRef: 'schemas/cad-model.schema.json',
+        rendering: { display: 'file', mimeType: 'model/step' },
+        exportFormats: ['step', 'stl', 'pdf'],
+        syncOn: 'completion',
+        supportsCheckpoint: true,
+      },
+    ],
+  };
+}
+describe('category: artifact-type-pack manifest validation', () => {
+  const ajv = new Ajv2020({ allErrors: true, strict: false });
+  addFormats(ajv);
+  const schema = JSON.parse(readFileSync(SCHEMA_PATH, 'utf8'));
+  const validate = ajv.compile(schema);
+  const failsWith = (manifest: unknown, keyword: string): ErrorObject[] => {
+    const ok = validate(manifest);
+    expect(ok).toBe(false);
+    const errs = (validate.errors ?? []).filter((e) => e.keyword === keyword);
+    return errs;
+  };
+  it('positive: a valid artifact-type pack manifest validates cleanly', () => {
+    const ok = validate(validManifest());
+    expect(
+      ok,
+      `artifact-type-packs.md §"Manifest format": a well-formed kind:"artifact-type" manifest MUST validate. Errors: ${JSON.stringify(validate.errors)}`,
+    ).toBe(true);
+  });
+  it('negative: a manifest mixing artifactTypes[] and nodes[] is rejected (pack_kind_invalid at the registry)', () => {
+    const manifest = { ...validManifest(), nodes: [{ typeId: 'vendor.acme.x', version: '1.0.0', category: 'data', role: 'pure' }] };
+    const errs = failsWith(manifest, 'additionalProperties');
+    expect(
+      errs.some((e) => (e.params as { additionalProperty?: string }).additionalProperty === 'nodes'),
+      'artifact-type-packs.md §"Pack kind": one kind per pack — a foreign `nodes[]` field MUST be rejected (additionalProperties:false)',
+    ).toBe(true);
+  });
+  it('negative: an empty artifactTypes[] is rejected (a pack MUST declare ≥1 type)', () => {
+    const manifest = { ...validManifest(), artifactTypes: [] };
+    const errs = failsWith(manifest, 'minItems');
+    expect(errs.length, 'artifact-type-pack-manifest.schema.json: artifactTypes minItems:1').toBeGreaterThan(0);
+  });
+  it('negative: an artifactTypeId that is not reverse-DNS scoped is rejected', () => {
+    const manifest = validManifest();
+    manifest.artifactTypes[0]!.artifactTypeId = 'Vendor.Acme.Model'; // uppercase scope
+    const errs = failsWith(manifest, 'pattern');
+    expect(errs.length, 'artifact-type-packs.md: artifactTypeId MUST match the reverse-DNS pattern').toBeGreaterThan(0);
+  });
+  it('negative: an unknown rendering.display value is rejected (closed RFC 0055 enum, card excluded)', () => {
+    const manifest = validManifest();
+    (manifest.artifactTypes[0]!.rendering as { display: string }).display = '3d-viewport';
+    const errs = failsWith(manifest, 'enum');
+    expect(errs.length, 'artifact-type-packs.md: rendering.display reuses the closed ai-envelope §"Rendering hints" enum').toBeGreaterThan(0);
+  });
+  it('negative: a non-conforming exportFormats identifier is rejected (reserved-core + vendor.*/x- only)', () => {
+    const manifest = validManifest();
+    manifest.artifactTypes[0]!.exportFormats = ['PPTX']; // uppercase, unprefixed
+    const errs = failsWith(manifest, 'pattern');
+    expect(errs.length, 'artifact-type-packs.md: exportFormats identifiers are lowercase core ids OR vendor.*/x- extensions').toBeGreaterThan(0);
+  });
+  it('positive: the validation field accepts "open"/"closed" and rejects other values (RFC 0075)', () => {
+    for (const v of ['open', 'closed']) {
+      const m = validManifest();
+      (m.artifactTypes[0] as Record<string, unknown>).validation = v;
+      expect(validate(m), `artifact-type-packs.md §validation: "${v}" MUST validate (RFC 0075)`).toBe(true);
+    }
+    const bad = validManifest();
+    (bad.artifactTypes[0] as Record<string, unknown>).validation = 'lenient';
+    expect(failsWith(bad, 'enum').length, 'validation MUST be open|closed').toBeGreaterThan(0);
+  });
+});

package/src/scenarios/artifact-type-store-without-render.test.ts ADDED Viewed

@@ -0,0 +1,54 @@
+/**
+ * artifact-type-store-without-render — RFC 0071 Phase 1 §host.artifactTypes.
+ * The cross-host negotiation guarantee: a host that can STORE an artifact type
+ * but cannot RENDER it MUST still accept + store the artifact and MUST NOT fail
+ * the run for lack of a renderer. An artifact produced on a richly-rendering
+ * host stays storable + forwardable + inspectable on a store-only host.
+ *
+ * Gated on `host.artifactTypes.supported` AND the advertised facets
+ * `store: true, render: false` (a host that renders everything can't exercise
+ * this path — it soft-skips), plus the host-sample produce seam. `host-pending`
+ * until a reference host advertises a store-without-render posture.
+ *
+ * @see spec/v1/artifact-type-packs.md §host.artifactTypes
+ * @see spec/v1/host-capabilities.md §host.artifactTypes
+ * @see RFCS/0071-artifact-type-and-chat-card-packs.md
+ */
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import {
+  readArtifactTypesCap,
+  artifactTypesSupported,
+  installArtifactTypePack,
+  produceArtifact,
+  sampleArtifactTypePack,
+} from '../lib/artifactTypes.js';
+describe('artifact-type-store-without-render: store-only hosts must not fail the run (RFC 0071)', () => {
+  it('a stored-but-unrendered artifact completes the run', async () => {
+    const cap = await readArtifactTypesCap();
+    if (!artifactTypesSupported(cap)) return; // unadvertised — soft-skip
+    // Only meaningful for a host that stores but does NOT render.
+    if (cap?.['store'] !== true || cap?.['render'] !== false) return; // not a store-without-render host — soft-skip
+    const { artifactTypeId, manifest, schema } = sampleArtifactTypePack();
+    if ((await installArtifactTypePack(manifest, { [artifactTypeId]: schema })) === null) return;
+    const produced = await produceArtifact(artifactTypeId, { title: 'Stored', body: 'Not rendered here' });
+    if (produced === null) return; // seam absent — soft-skip
+    expect(
+      produced.json['stored'],
+      driver.describe('artifact-type-packs.md §host.artifactTypes', 'a host advertising store:true MUST persist the artifact'),
+    ).toBe(true);
+    expect(
+      produced.json['rendered'],
+      driver.describe('artifact-type-packs.md §host.artifactTypes', 'render:false host MUST NOT render'),
+    ).toBe(false);
+    expect(
+      produced.json['runStatus'],
+      driver.describe('artifact-type-packs.md §host.artifactTypes', 'a host MUST NOT fail the run solely because it lacks a renderer for a stored artifact type'),
+    ).toBe('completed');
+  });
+});

package/src/scenarios/audit-log-integrity.test.ts CHANGED Viewed

@@ -18,6 +18,7 @@
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
 import { behaviorGate } from '../lib/behavior-gate.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 interface AuditIntegrityCaps {
   hashChain?: boolean;
@@ -34,7 +35,7 @@ interface AuthCaps {
 async function isProfileAdvertised(): Promise<boolean> {
   const disco = await driver.get('/.well-known/openwop');
-  const auth = (disco.json as { capabilities?: { auth?: AuthCaps } }).capabilities?.auth ?? {};
+  const auth = capabilityFamily<AuthCaps>(disco.json, 'auth') ?? {};
   return Array.isArray(auth.profiles) && auth.profiles.includes('openwop-audit-log-integrity');
 }
@@ -46,7 +47,7 @@ describe('audit-log-integrity: profile shape', () => {
     const disco = await driver.get('/.well-known/openwop');
     const integrity =
-      (disco.json as { capabilities?: { auth?: AuthCaps } }).capabilities?.auth
+      capabilityFamily<AuthCaps>(disco.json, 'auth')
         ?.auditLogIntegrity ?? {};
     expect(integrity.hashChain, driver.describe(

package/src/scenarios/auth-api-key-rotation.test.ts CHANGED Viewed

@@ -28,6 +28,7 @@ import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
 import { behaviorGate } from '../lib/behavior-gate.js';
 import { isFixtureAdvertised } from '../lib/fixtures.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 interface RotationCaps {
   supported?: boolean;
@@ -45,7 +46,7 @@ const CANARY = 'hk_openwop_canary_d1d2d3d4_NOT_A_REAL_KEY';
 async function readAuthCaps(): Promise<AuthCaps | undefined> {
   const disco = await driver.get('/.well-known/openwop');
-  return (disco.json as { capabilities?: { auth?: AuthCaps } }).capabilities?.auth;
+  return capabilityFamily((disco.json as { capabilities?: { auth?: AuthCaps } }), 'auth');
 }
 function isProfileAdvertised(auth: AuthCaps | undefined): boolean {

package/src/scenarios/auth-mtls.test.ts CHANGED Viewed

@@ -45,6 +45,7 @@ import { driver } from '../lib/driver.js';
 import { loadEnv } from '../lib/env.js';
 import { behaviorGate } from '../lib/behavior-gate.js';
 import { isFixtureAdvertised } from '../lib/fixtures.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 interface MtlsCaps {
   supported?: boolean;
@@ -74,7 +75,7 @@ interface HttpsResponse {
 async function readAuthCaps(): Promise<AuthCaps | undefined> {
   const disco = await driver.get('/.well-known/openwop');
-  return (disco.json as { capabilities?: { auth?: AuthCaps } }).capabilities?.auth;
+  return capabilityFamily((disco.json as { capabilities?: { auth?: AuthCaps } }), 'auth');
 }
 function isProfileAdvertised(auth: AuthCaps | undefined): boolean {

package/src/scenarios/auth-oauth2-client-credentials.test.ts CHANGED Viewed

@@ -33,6 +33,7 @@ import { driver } from '../lib/driver.js';
 import { behaviorGate } from '../lib/behavior-gate.js';
 import { isFixtureAdvertised } from '../lib/fixtures.js';
 import { createSyntheticOIDCIssuer } from '../lib/oidc-issuer.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 interface OAuth2Caps {
   supported?: boolean;
@@ -51,7 +52,7 @@ const FIXTURE = 'conformance-noop';
 async function readAuthCaps(): Promise<AuthCaps | undefined> {
   const disco = await driver.get('/.well-known/openwop');
-  return (disco.json as { capabilities?: { auth?: AuthCaps } }).capabilities?.auth;
+  return capabilityFamily((disco.json as { capabilities?: { auth?: AuthCaps } }), 'auth');
 }
 function isProfileAdvertised(auth: AuthCaps | undefined): boolean {

package/src/scenarios/auth-oidc-user-bearer.test.ts CHANGED Viewed

@@ -47,6 +47,7 @@ import {
   createSyntheticOIDCIssuer,
   type SyntheticOIDCIssuer,
 } from '../lib/oidc-issuer.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 interface OIDCCaps {
   supported?: boolean;
@@ -66,7 +67,7 @@ const FIXTURE = 'conformance-noop';
 async function readAuthCaps(): Promise<AuthCaps | undefined> {
   const disco = await driver.get('/.well-known/openwop');
-  return (disco.json as { capabilities?: { auth?: AuthCaps } }).capabilities?.auth;
+  return capabilityFamily((disco.json as { capabilities?: { auth?: AuthCaps } }), 'auth');
 }
 function isProfileAdvertised(auth: AuthCaps | undefined): boolean {

package/src/scenarios/auth-saml-profile.test.ts CHANGED Viewed

@@ -20,6 +20,7 @@
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
 import { createSyntheticSamlIdp, type SamlVariant } from '../lib/saml-idp.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 const SAML_PROFILE = 'openwop-auth-saml';
@@ -35,7 +36,7 @@ interface DiscoveryDoc {
 async function readProfiles(): Promise<string[] | null> {
   const res = await driver.get('/.well-known/openwop');
   const body = res.json as DiscoveryDoc | undefined;
-  return body?.capabilities?.auth?.profiles ?? body?.extensions?.auth?.profiles ?? null;
+  return capabilityFamily<{ profiles?: string[] }>(body, 'auth')?.profiles ?? body?.extensions?.auth?.profiles ?? null;
 }
 describe('auth-saml-profile: advertisement shape (RFC 0050)', () => {

package/src/scenarios/auth-scim-profile.test.ts CHANGED Viewed

@@ -17,6 +17,7 @@
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 const SCIM_PROFILE = 'openwop-auth-scim';
@@ -32,7 +33,7 @@ interface DiscoveryDoc {
 async function readProfiles(): Promise<string[] | null> {
   const res = await driver.get('/.well-known/openwop');
   const body = res.json as DiscoveryDoc | undefined;
-  return body?.capabilities?.auth?.profiles ?? body?.extensions?.auth?.profiles ?? null;
+  return capabilityFamily<{ profiles?: string[] }>(body, 'auth')?.profiles ?? body?.extensions?.auth?.profiles ?? null;
 }
 describe('auth-scim-profile: advertisement shape (RFC 0050)', () => {

package/src/scenarios/authorization-fail-closed.test.ts CHANGED Viewed

@@ -24,6 +24,7 @@
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 interface DiscoveryAuthorization {
   supported?: boolean;
@@ -39,7 +40,7 @@ interface DiscoveryDoc {
 async function readAuthorization(): Promise<DiscoveryAuthorization | null> {
   const res = await driver.get('/.well-known/openwop');
   const body = res.json as DiscoveryDoc | undefined;
-  return body?.capabilities?.authorization ?? null;
+  return capabilityFamily(body, 'authorization') ?? null;
 }
 describe('authorization-fail-closed: advertisement shape (RFC 0049 §C)', () => {

package/src/scenarios/authorization-roles-shape.test.ts CHANGED Viewed

@@ -20,6 +20,7 @@
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 interface DiscoveryRole {
   role?: string;
@@ -41,7 +42,7 @@ interface DiscoveryDoc {
 async function readAuthorization(): Promise<DiscoveryAuthorization | null> {
   const res = await driver.get('/.well-known/openwop');
   const body = res.json as DiscoveryDoc | undefined;
-  return body?.capabilities?.authorization ?? null;
+  return capabilityFamily(body, 'authorization') ?? null;
 }
 describe('authorization-roles-shape: advertisement shape (RFC 0049 §A)', () => {