@openwop/openwop-conformance 1.6.0 → 1.10.0

package/src/scenarios/feedback-fork-not-copied.test.ts

@@ -0,0 +1,40 @@
+/**
+ * feedback-fork-not-copied — RFC 0056 §D. Annotations are a per-run
+ * side-store, NOT replayable event-log entries — so a fork of an annotated
+ * run starts with ZERO annotations. Gated on feedback + fork; soft-skips
+ * when either is unavailable.
+ *
+ * @see RFCS/0056-run-feedback-and-annotation-event.md §D
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { pollUntilTerminal } from '../lib/polling.js';
+import { readFeedbackCap, seedRun } from '../lib/feedback.js';
+
+describe('feedback-fork-not-copied (RFC 0056 §D)', () => {
+  it('a fork of an annotated run starts with zero annotations', async () => {
+    const cap = await readFeedbackCap();
+    if (cap?.supported !== true) return;
+    const runId = await seedRun('feedback-fork');
+    if (!runId) return;
+    const post = await driver.post(`/v1/runs/${runId}/annotations`, { signal: { kind: 'flag' } });
+    if (post.status === 501 || post.status === 404) return;
+    expect(post.status).toBe(201);
+    try {
+      await pollUntilTerminal(runId, { timeoutMs: 10_000 });
+    } catch {
+      return;
+    }
+    const fork = await driver.post(`/v1/runs/${runId}:fork`, { fromSeq: 0, mode: 'branch' });
+    if (fork.status !== 200 && fork.status !== 201) return; // fork unsupported — soft-skip
+    const forkId = (fork.json as { runId?: string } | undefined)?.runId;
+    if (!forkId) return;
+    const list = await driver.get(`/v1/runs/${forkId}/annotations`);
+    const ann = (list.json as { annotations?: unknown[] } | undefined)?.annotations ?? [];
+    expect(
+      ann.length,
+      driver.describe('RFC 0056 §D', 'annotations are a side-store and MUST NOT be copied into a fork'),
+    ).toBe(0);
+  });
+});

package/src/scenarios/feedback-on-terminal-run.test.ts

@@ -0,0 +1,32 @@
+/**
+ * feedback-on-terminal-run — RFC 0056 §C. An annotation on a COMPLETED run
+ * is accepted (proves feedback is non-blocking and post-hoc). Gated on
+ * `capabilities.feedback.supported`; soft-skips when a run can't be seeded.
+ *
+ * @see RFCS/0056-run-feedback-and-annotation-event.md §C
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { pollUntilTerminal } from '../lib/polling.js';
+import { readFeedbackCap, seedRun } from '../lib/feedback.js';
+
+describe('feedback-on-terminal-run (RFC 0056 §C)', () => {
+  it('annotating a terminal run is accepted', async () => {
+    const cap = await readFeedbackCap();
+    if (cap?.supported !== true) return;
+    const runId = await seedRun('feedback-terminal');
+    if (!runId) return;
+    try {
+      await pollUntilTerminal(runId, { timeoutMs: 10_000 });
+    } catch {
+      return; // run didn't reach terminal in time — soft-skip
+    }
+    const post = await driver.post(`/v1/runs/${runId}/annotations`, { signal: { kind: 'flag' }, note: 'post-hoc review' });
+    if (post.status === 501 || post.status === 404) return;
+    expect(
+      post.status,
+      driver.describe('RFC 0056 §C', 'a host MUST accept an annotation on a terminal run'),
+    ).toBe(201);
+  });
+});

package/src/scenarios/feedback-record-and-list.test.ts

@@ -0,0 +1,32 @@
+/**
+ * feedback-record-and-list — RFC 0056 §C. POST an annotation, then GET
+ * lists it back. Gated on `capabilities.feedback.supported` + the
+ * `conformance-a` seed fixture; soft-skips otherwise.
+ *
+ * @see RFCS/0056-run-feedback-and-annotation-event.md §C
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { readFeedbackCap, seedRun } from '../lib/feedback.js';
+
+describe('feedback-record-and-list (RFC 0056 §C)', () => {
+  it('POST an annotation then GET returns it', async () => {
+    const cap = await readFeedbackCap();
+    if (cap?.supported !== true) return;
+    const runId = await seedRun('feedback-rl');
+    if (!runId) return;
+    const post = await driver.post(`/v1/runs/${runId}/annotations`, { signal: { kind: 'rating', rating: 5 } });
+    if (post.status === 501 || post.status === 404) return;
+    expect(
+      post.status,
+      driver.describe('RFC 0056 §C', 'POST annotation returns 201 with the persisted annotation'),
+    ).toBe(201);
+    const created = post.json as { annotationId?: string };
+    expect(typeof created.annotationId).toBe('string');
+    const list = await driver.get(`/v1/runs/${runId}/annotations`);
+    expect(list.status).toBe(200);
+    const ann = (list.json as { annotations?: Array<{ annotationId?: string }> } | undefined)?.annotations ?? [];
+    expect(ann.some((a) => a.annotationId === created.annotationId)).toBe(true);
+  });
+});

package/src/scenarios/feedback-unsupported-501.test.ts

@@ -0,0 +1,32 @@
+/**
+ * feedback-unsupported-501 — RFC 0056 §C. A host that does NOT advertise
+ * `capabilities.feedback.supported` MUST return `501 capability_not_provided`
+ * on the annotation endpoints (the honest signal, per `capabilities.md`) —
+ * not silently 404 the route.
+ *
+ * Soft-skips when the host advertises feedback (501 is N/A) or when the
+ * route is entirely absent (404/405 — host predates RFC 0056).
+ *
+ * @see RFCS/0056-run-feedback-and-annotation-event.md §C
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { readFeedbackCap } from '../lib/feedback.js';
+
+describe('feedback-unsupported-501 (RFC 0056 §C)', () => {
+  it('POST annotations returns 501 capability_not_provided when feedback is unadvertised', async () => {
+    const cap = await readFeedbackCap();
+    if (cap?.supported === true) return; // host supports feedback — 501 N/A
+    const res = await driver.post('/v1/runs/probe-run-rfc0056/annotations', {
+      signal: { kind: 'flag' },
+    });
+    if (res.status === 404 || res.status === 405) return; // route absent — host predates RFC 0056
+    expect(
+      res.status,
+      driver.describe('rest-endpoints.md / RFC 0056 §C', 'unadvertised feedback MUST return 501, not 404'),
+    ).toBe(501);
+    const code = (res.json as { error?: string } | undefined)?.error;
+    expect(code).toBe('capability_not_provided');
+  });
+});

package/src/scenarios/fs-path-traversal.test.ts

@@ -27,6 +27,7 @@
 
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 interface DiscoveryFs {
   supported?: boolean;
@@ -43,7 +44,7 @@ interface DiscoveryDoc {
 async function readFs(): Promise<DiscoveryFs | null> {
   const res = await driver.get('/.well-known/openwop');
   const body = res.json as DiscoveryDoc | undefined;
-  return body?.capabilities?.fs ?? null;
+  return capabilityFamily(body, 'fs') ?? null;
 }
 
 const PATH_REJECTION_CODES: ReadonlySet<string> = new Set([

package/src/scenarios/heartbeat-capability-shape.test.ts

@@ -0,0 +1,35 @@
+/**
+ * heartbeat-capability-shape — RFC 0060 §A. The `capabilities.heartbeat`
+ * advertisement block is either absent or a well-formed object.
+ *
+ * Status: ACTIVE (advertisement-shape; always runs). Behavioral coverage
+ * lives in the sibling heartbeat-*.test.ts scenarios, gated on
+ * `capabilities.heartbeat.supported` + the host's heartbeat tick seam.
+ *
+ * @see RFCS/0060-host-heartbeat-capability.md §A
+ * @see spec/v1/host-capabilities.md §host.heartbeat
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { readHeartbeatCap } from '../lib/heartbeat.js';
+
+describe('heartbeat-capability-shape: advertisement (RFC 0060 §A)', () => {
+  it('capabilities.heartbeat is absent or a well-formed object', async () => {
+    const cap = await readHeartbeatCap();
+    if (cap === null) return; // not advertised — valid
+    expect(
+      typeof cap.supported,
+      driver.describe('capabilities.schema.json §heartbeat', 'heartbeat.supported MUST be a boolean when the block is present'),
+    ).toBe('boolean');
+    for (const k of ['minIntervalSec', 'maxRuntimeMs'] as const) {
+      if (cap[k] !== undefined) {
+        const v = cap[k];
+        expect(
+          typeof v === 'number' && Number.isInteger(v) && v >= 1,
+          driver.describe('capabilities.schema.json §heartbeat', `heartbeat.${k} MUST be a positive integer when present`),
+        ).toBe(true);
+      }
+    }
+  });
+});

package/src/scenarios/heartbeat-fires-once-per-tick.test.ts

@@ -0,0 +1,28 @@
+/**
+ * heartbeat-fires-once-per-tick — RFC 0060 §B.1. A tick produces exactly one
+ * `heartbeat.evaluated`; an overlapping tick while a prior evaluation is still
+ * running is skipped (not queued).
+ *
+ * Gated on `capabilities.heartbeat.supported` + the host heartbeat tick seam
+ * (`POST /v1/host/sample/heartbeat/tick`); soft-skips when either is absent.
+ *
+ * @see RFCS/0060-host-heartbeat-capability.md §B
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { readHeartbeatCap, heartbeatSupported, tickHeartbeat } from '../lib/heartbeat.js';
+
+describe('heartbeat-fires-once-per-tick (RFC 0060 §B.1)', () => {
+  it('one tick emits exactly one heartbeat.evaluated', async () => {
+    if (!heartbeatSupported(await readHeartbeatCap())) return;
+    const res = await tickHeartbeat({ heartbeatId: 'conformance-hb', observedState: { n: 0 } });
+    if (res === null) return; // seam absent — soft-skip
+    const evaluated = (res.json as { evaluated?: unknown[] } | undefined)?.evaluated;
+    if (!Array.isArray(evaluated)) return; // host doesn't surface per-tick events on the seam
+    expect(
+      evaluated.length,
+      driver.describe('RFC 0060 §B.1', 'a single tick MUST emit exactly one heartbeat.evaluated'),
+    ).toBe(1);
+  });
+});

package/src/scenarios/heartbeat-idempotent-no-spam.test.ts

@@ -0,0 +1,43 @@
+/**
+ * heartbeat-idempotent-no-spam — RFC 0060 §B.5. Two ticks at unchanged state
+ * produce zero enqueued runs and zero `heartbeat.stateChanged`; only the
+ * transitioning tick produces exactly one of each. This is the anti-spam
+ * guarantee — action is gated on a state *transition*, not on the tick.
+ *
+ * Gated on `capabilities.heartbeat.supported` + the host tick seam;
+ * soft-skips when either is absent.
+ *
+ * @see RFCS/0060-host-heartbeat-capability.md §B
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { readHeartbeatCap, heartbeatSupported, tickHeartbeat } from '../lib/heartbeat.js';
+
+function changedCount(json: unknown): number | null {
+  const sc = (json as { stateChanged?: unknown[] } | undefined)?.stateChanged;
+  return Array.isArray(sc) ? sc.length : null;
+}
+
+describe('heartbeat-idempotent-no-spam (RFC 0060 §B.5)', () => {
+  it('an unchanged tick enqueues nothing; only a transition does', async () => {
+    if (!heartbeatSupported(await readHeartbeatCap())) return;
+    const hb = 'conformance-hb-spam';
+    const first = await tickHeartbeat({ heartbeatId: hb, observedState: { unread: 0 } });
+    if (first === null) return; // seam absent — soft-skip
+    const second = await tickHeartbeat({ heartbeatId: hb, observedState: { unread: 0 } });
+    if (second === null) return;
+    const unchanged = changedCount(second.json);
+    if (unchanged === null) return; // host doesn't surface stateChanged on the seam
+    expect(
+      unchanged,
+      driver.describe('RFC 0060 §B.5', 'an unchanged tick MUST NOT emit heartbeat.stateChanged'),
+    ).toBe(0);
+    const transition = await tickHeartbeat({ heartbeatId: hb, observedState: { unread: 3 } });
+    if (transition === null) return;
+    expect(
+      changedCount(transition.json),
+      driver.describe('RFC 0060 §B.5', 'a transitioning tick MUST emit exactly one heartbeat.stateChanged'),
+    ).toBe(1);
+  });
+});

package/src/scenarios/heartbeat-runtime-bound.test.ts

@@ -0,0 +1,30 @@
+/**
+ * heartbeat-runtime-bound — RFC 0060 §B.2. A predicate exceeding `maxRuntimeMs`
+ * is terminated and reported `heartbeat.evaluated { status: "timeout" }`,
+ * never left running.
+ *
+ * Gated on `capabilities.heartbeat.supported` + the host tick seam;
+ * soft-skips when either is absent.
+ *
+ * @see RFCS/0060-host-heartbeat-capability.md §B
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { readHeartbeatCap, heartbeatSupported, tickHeartbeat } from '../lib/heartbeat.js';
+
+describe('heartbeat-runtime-bound (RFC 0060 §B.2)', () => {
+  it('an over-budget predicate is reported as timeout', async () => {
+    if (!heartbeatSupported(await readHeartbeatCap())) return;
+    // `simulateSlowMs` is a host-seam hint asking the predicate to overrun
+    // its maxRuntimeMs budget; hosts not honoring it surface no `timeout`.
+    const res = await tickHeartbeat({ heartbeatId: 'conformance-hb-slow', observedState: {}, simulateSlowMs: 60_000 });
+    if (res === null) return; // seam absent — soft-skip
+    const evaluated = (res.json as { evaluated?: Array<{ status?: unknown }> } | undefined)?.evaluated;
+    if (!Array.isArray(evaluated) || evaluated.length === 0) return; // host doesn't surface per-tick events
+    expect(
+      evaluated.every((e) => e.status === 'timeout'),
+      driver.describe('RFC 0060 §B.2', 'an over-budget predicate MUST be terminated and reported status:"timeout"'),
+    ).toBe(true);
+  });
+});

package/src/scenarios/http-client-ssrf.test.ts

@@ -20,12 +20,13 @@
 
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 async function isHttpClientSupported(): Promise<boolean> {
   const disco = await driver.get('/.well-known/openwop');
-  const caps = (disco.json as { capabilities?: { httpClient?: { supported?: boolean } } })
-    .capabilities;
-  return caps?.httpClient?.supported === true;
+  return (
+    capabilityFamily<{ supported?: boolean }>(disco.json, 'httpClient')?.supported === true
+  );
 }
 
 describe('http-client-ssrf: capability advertisement contract', () => {
@@ -36,16 +37,12 @@ describe('http-client-ssrf: capability advertisement contract', () => {
       return;
     }
     const disco = await driver.get('/.well-known/openwop');
-    const cap = (disco.json as {
-      capabilities?: {
-        httpClient?: {
-          supported?: boolean;
-          ssrfGuard?: boolean;
-          maxResponseBodyBytes?: number;
-          methods?: unknown;
-        };
-      };
-    }).capabilities?.httpClient;
+    const cap = capabilityFamily<{
+      supported?: boolean;
+      ssrfGuard?: boolean;
+      maxResponseBodyBytes?: number;
+      methods?: unknown;
+    }>(disco.json, 'httpClient');
 
     expect(cap?.supported, driver.describe(
       'capabilities.md §httpClient',

package/src/scenarios/mcp-toolcall-redaction.test.ts

@@ -21,6 +21,7 @@
 
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 async function isMcpClientSupported(): Promise<boolean> {
   const disco = await driver.get('/.well-known/openwop');
@@ -37,11 +38,11 @@ describe('mcp-toolcall-redaction: capability advertisement contract', () => {
       return;
     }
     const disco = await driver.get('/.well-known/openwop');
-    const cap = (disco.json as {
+    const cap = capabilityFamily((disco.json as {
       capabilities?: {
         mcpClient?: { supported?: boolean; transports?: unknown; trustBoundary?: string };
       };
-    }).capabilities?.mcpClient;
+    }), 'mcpClient');
 
     expect(cap?.supported, driver.describe(
       'host-capabilities.md §host.mcp',

package/src/scenarios/media-url-inline-cap.test.ts

@@ -0,0 +1,167 @@
+/**
+ * media-url-inline-cap — RFC 0055 §C media envelope kinds + asset-URL discipline.
+ *
+ * SECURITY invariant: `media-asset-url-tenant-scoped` (RFC 0055 §C rule 1 + 4).
+ *
+ * Always-on (server-free):
+ *   1. The three `media.{image,audio,file}` payload schemas compile (Ajv2020).
+ *   2. Positive round-trip: a URL-reference payload and an inline-base64
+ *      payload each validate.
+ *   3. Negative: a payload missing the required `bytes` is rejected; an
+ *      unknown property is rejected (additionalProperties:false).
+ *
+ * Advertisement-shape (HTTP, soft-skip offline):
+ *   4. When a host advertises `aiProviders.maxInlineMediaBytes`, it MUST be a
+ *      non-negative integer.
+ *
+ * Behavioral (cross-tenant scoping + cap enforcement) is staged via `it.todo`
+ * until a reference host wires tenant-scoped asset serving (greenfield;
+ * RFC 0027 §G precedent — advertisement + schema land first).
+ *
+ * @see RFCS/0055-multimodal-envelope-variants-and-rendering-hints.md §C
+ * @see spec/v1/ai-envelope.md §"Media reference payloads"
+ * @see SECURITY/invariants.yaml#media-asset-url-tenant-scoped
+ */
+
+import { describe, it, expect } from 'vitest';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { driver } from '../lib/driver.js';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
+
+const MEDIA_KINDS = ['media.image', 'media.audio', 'media.file'] as const;
+const HTTP_SKIP = !process.env.OPENWOP_BASE_URL;
+
+function compile(kind: string): ReturnType<Ajv2020['compile']> {
+  const ajv = new Ajv2020({ strict: false, allErrors: true });
+  addFormats(ajv);
+  const schema = JSON.parse(
+    readFileSync(join(SCHEMAS_DIR, `envelopes/${kind}.schema.json`), 'utf8'),
+  ) as Record<string, unknown>;
+  return ajv.compile(schema);
+}
+
+describe('media-url-inline-cap: media payload schemas compile + round-trip (RFC 0055 §C)', () => {
+  for (const kind of MEDIA_KINDS) {
+    it(`envelopes/${kind}.schema.json compiles under Ajv2020`, () => {
+      expect(
+        compile(kind),
+        `ai-envelope.md §"Media reference payloads": ${kind} payload schema MUST compile`,
+      ).toBeTypeOf('function');
+    });
+  }
+
+  it('accepts a URL-reference image payload', () => {
+    const ok = compile('media.image')({
+      url: 'https://host.example/v1/runs/run_1/assets/img_9.png',
+      bytes: 184320,
+      mimeType: 'image/png',
+    });
+    expect(ok, 'URL-reference media payload MUST validate').toBe(true);
+  });
+
+  it('accepts an inline-base64 audio payload', () => {
+    const ok = compile('media.audio')({ base64: 'AAAA', bytes: 3, mimeType: 'audio/ogg', durationSeconds: 1.2 });
+    expect(ok, 'inline-base64 media payload MUST validate').toBe(true);
+  });
+
+  it('rejects a payload missing required bytes', () => {
+    const ok = compile('media.file')({ url: 'https://host.example/v1/runs/run_1/assets/report.pdf' });
+    expect(ok, 'ai-envelope.md §"Media reference payloads": `bytes` is required').toBe(false);
+  });
+
+  it('rejects an unknown property (additionalProperties:false)', () => {
+    const ok = compile('media.image')({ bytes: 1, wat: true });
+    expect(ok, 'media payload is additionalProperties:false').toBe(false);
+  });
+});
+
+interface DiscoveryDoc {
+  capabilities?: { aiProviders?: { maxInlineMediaBytes?: unknown } };
+}
+
+describe.skipIf(HTTP_SKIP)('media-url-inline-cap: advertisement shape (RFC 0055 §C rule 2)', () => {
+  it('aiProviders.maxInlineMediaBytes is a non-negative integer when advertised', async () => {
+    const res = await driver.get('/.well-known/openwop');
+    if (res.status !== 200) return;
+    const cap = capabilityFamily((res.json as DiscoveryDoc), 'aiProviders')?.maxInlineMediaBytes;
+    if (cap === undefined) return; // optional — soft-skip when absent
+    expect(
+      Number.isInteger(cap) && (cap as number) >= 0,
+      driver.describe('capabilities.md §aiProviders.maxInlineMediaBytes', 'cap MUST be a non-negative integer'),
+    ).toBe(true);
+  });
+
+  // Behavioral assertions for `media-asset-url-tenant-scoped`. Driven via the
+  // reference host's media-asset seam (store: POST /v1/host/sample/media/put,
+  // env-gated; serve: GET /v1/host/sample/assets/{token}, public token-auth).
+  // Soft-skip (return) when the host doesn't expose the store seam (404).
+  const PNG_1x1 =
+    'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==';
+
+  it('a stored media asset is served by a tenant-scoped URL, not inlined', async () => {
+    const stored = await driver.post('/v1/host/sample/media/put', { contentBase64: PNG_1x1, contentType: 'image/png' });
+    if (stored.status === 404) return; // store seam disabled — soft-skip
+    expect(stored.status, 'media store MUST return 201').toBe(201);
+    const body = stored.json as { url?: string; bytes?: number };
+    expect(
+      typeof body.url === 'string' && /\/v1\/host\/sample\/assets\//.test(body.url!),
+      driver.describe('ai-envelope.md §"Media reference payloads"', 'asset MUST be served by a URL reference, not inlined'),
+    ).toBe(true);
+    const served = await driver.get(body.url!);
+    expect(served.status, 'the asset URL MUST resolve').toBe(200);
+  });
+
+  it('an unminted/guessed asset token does not resolve (media-asset-url-tenant-scoped)', async () => {
+    // Probe whether the serve route exists at all; soft-skip if not.
+    const probe = await driver.get('/v1/host/sample/assets/probe-never-minted-token');
+    if (probe.status === 404 && !process.env.OPENWOP_BASE_URL) return;
+    expect(
+      probe.status,
+      driver.describe('SECURITY/invariants.yaml#media-asset-url-tenant-scoped', 'a token not held by the caller (unguessable 256-bit) MUST NOT resolve'),
+    ).toBe(404);
+  });
+
+  it('a media.* payload in a run debug bundle is referenced by URL, not inlined (RFC 0055 §C rule 3)', async () => {
+    // RFC 0055 §C rule 3: asset URLs are part of a run's debug-bundle manifest
+    // BY REFERENCE, never by inlining the binary. Gated on a host that both
+    // serves media (advertises aiProviders.maxInlineMediaBytes) and exports
+    // debug bundles (capabilities.debugBundle.supported). Soft-skips otherwise
+    // — and on the reference host, which exports debug bundles but has no node
+    // that emits a media.* envelope into a run (so no media payload appears).
+    const disc = await driver.get('/.well-known/openwop');
+    if (disc.status !== 200) return;
+    const caps = (disc.json as {
+      capabilities?: { aiProviders?: { maxInlineMediaBytes?: unknown }; debugBundle?: { supported?: unknown } };
+    }).capabilities;
+    if (caps?.aiProviders?.maxInlineMediaBytes === undefined || caps.debugBundle?.supported !== true) {
+      return; // host doesn't serve media + export debug bundles — contract not exercisable
+    }
+    // Find a recent run and inspect its debug bundle for any media.* event.
+    const runs = await driver.get('/v1/runs?limit=20');
+    if (runs.status !== 200) return;
+    const runIds = ((runs.json as { runs?: { runId?: string }[] }).runs ?? [])
+      .map((r) => r.runId)
+      .filter((id): id is string => typeof id === 'string');
+    for (const runId of runIds) {
+      const bundle = await driver.get(`/v1/runs/${encodeURIComponent(runId)}/debug-bundle`);
+      if (bundle.status !== 200) continue;
+      const events = (bundle.json as { events?: { type?: string; payload?: { url?: unknown; base64?: unknown } }[] }).events ?? [];
+      for (const ev of events) {
+        if (typeof ev.type === 'string' && ev.type.startsWith('media.')) {
+          // The §C rule-3 contract: served by URL, not inlined binary.
+          expect(
+            typeof ev.payload?.url === 'string' && ev.payload?.base64 === undefined,
+            driver.describe('ai-envelope.md §"Media reference payloads"', 'a media.* payload in a debug bundle MUST be a URL reference, never inlined binary'),
+          ).toBe(true);
+          return; // asserted one — contract proven
+        }
+      }
+    }
+    // No media.* payload surfaced in any recent run's debug bundle on this
+    // host — nothing to assert (the contract holds vacuously).
+  });
+});

package/src/scenarios/memory-attribution-emits-on-write.test.ts

@@ -0,0 +1,54 @@
+/**
+ * memory-attribution-emits-on-write — RFC 0057 §A/§B. A host advertising
+ * `capabilities.memory.attribution.emitsWriteEvents: true` emits a
+ * `memory.written` event (with resolvable identifiers) for the memory its run
+ * writes. A host NOT advertising the capability emits none and still passes
+ * the locked core.
+ *
+ * @see RFCS/0057-memory-write-attribution-event.md §A
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { pollUntilTerminal } from '../lib/polling.js';
+import { readMemoryAttributionCap, emitsWriteEvents, seedRun, memoryWrittenEvents } from '../lib/memoryAttribution.js';
+
+describe('memory-attribution-emits-on-write (RFC 0057 §A/§B)', () => {
+  it('an advertised host emits memory.written carrying a stable memoryId', async () => {
+    const cap = await readMemoryAttributionCap();
+    if (!emitsWriteEvents(cap)) return;
+    const runId = await seedRun('mem-attr-emit');
+    if (!runId) return;
+    try {
+      await pollUntilTerminal(runId, { timeoutMs: 10_000 });
+    } catch {
+      return;
+    }
+    const events = await memoryWrittenEvents(runId);
+    if (events.length === 0) return; // run wrote no memory — soft-skip
+    for (const e of events) {
+      const memoryId = (e.payload as { memoryId?: unknown } | undefined)?.memoryId;
+      expect(
+        typeof memoryId === 'string' && memoryId.length > 0,
+        driver.describe('RFC 0057 §B', 'memory.written.memoryId MUST be a stable, non-empty identifier'),
+      ).toBe(true);
+    }
+  });
+
+  it('a host without the capability emits no memory.written', async () => {
+    const cap = await readMemoryAttributionCap();
+    if (emitsWriteEvents(cap)) return; // advertised — N/A
+    const runId = await seedRun('mem-attr-absent');
+    if (!runId) return;
+    try {
+      await pollUntilTerminal(runId, { timeoutMs: 10_000 });
+    } catch {
+      return;
+    }
+    const events = await memoryWrittenEvents(runId);
+    expect(
+      events.length,
+      driver.describe('RFC 0057 §A', 'a host not advertising memory.attribution MUST NOT emit memory.written'),
+    ).toBe(0);
+  });
+});

package/src/scenarios/memory-attribution-no-content.test.ts

@@ -0,0 +1,45 @@
+/**
+ * memory-attribution-no-content — RFC 0057 §C + SECURITY/invariants.yaml
+ * `memory-attribution-no-content`. A `memory.written` payload carries
+ * identifiers + non-secret tags only — never the memory entry content (the
+ * read-side serves that, already SR-1-redacted).
+ *
+ * Gated on `capabilities.memory.attribution.emitsWriteEvents`; soft-skips when
+ * unadvertised or when the seeded run wrote no memory.
+ *
+ * @see RFCS/0057-memory-write-attribution-event.md §C
+ * @see SECURITY/invariants.yaml — memory-attribution-no-content
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { pollUntilTerminal } from '../lib/polling.js';
+import { readMemoryAttributionCap, emitsWriteEvents, seedRun, memoryWrittenEvents } from '../lib/memoryAttribution.js';
+
+describe('memory-attribution-no-content (RFC 0057 §C)', () => {
+  it('memory.written payloads carry no entry content', async () => {
+    const cap = await readMemoryAttributionCap();
+    if (!emitsWriteEvents(cap)) return;
+    const runId = await seedRun('mem-attr-no-content');
+    if (!runId) return;
+    try {
+      await pollUntilTerminal(runId, { timeoutMs: 10_000 });
+    } catch {
+      return;
+    }
+    const events = await memoryWrittenEvents(runId);
+    if (events.length === 0) return; // run wrote no memory — soft-skip
+    for (const e of events) {
+      const payload = e.payload ?? {};
+      expect(
+        'content' in payload,
+        driver.describe('RFC 0057 §C', 'memory.written MUST NOT carry the entry content field'),
+      ).toBe(false);
+      expect(
+        typeof (payload as { memoryRef?: unknown }).memoryRef === 'string' &&
+          typeof (payload as { memoryId?: unknown }).memoryId === 'string',
+        driver.describe('RFC 0057 §B', 'memory.written MUST carry memoryRef + memoryId identifiers'),
+      ).toBe(true);
+    }
+  });
+});