npm - @openwop/openwop-conformance - Versions diffs - 1.6.1 → 1.10.0 - Mend

@openwop/openwop-conformance 1.6.1 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (159) hide show

package/src/scenarios/wasm-pack-invoke-completed.test.ts CHANGED Viewed

@@ -16,14 +16,14 @@ import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
 import { pollUntilTerminal } from '../lib/polling.js';
 import { isFixtureAdvertised } from '../lib/fixtures.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 const FIXTURE = 'conformance-wasm-pack-roundtrip';
 async function isWasmSupported(): Promise<boolean> {
   const disco = await driver.get('/.well-known/openwop');
   return Boolean(
-    (disco.json as { capabilities?: { nodePackRuntimes?: { wasm?: { supported?: boolean } } } })
-      .capabilities?.nodePackRuntimes?.wasm?.supported,
+    capabilityFamily<{ wasm?: { supported?: boolean } }>(disco.json, 'nodePackRuntimes')?.wasm?.supported,
   );
 }

package/src/scenarios/wasm-pack-invoke-suspended.test.ts CHANGED Viewed

@@ -20,14 +20,14 @@ import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
 import { pollUntilTerminal } from '../lib/polling.js';
 import { isFixtureAdvertised } from '../lib/fixtures.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 const FIXTURE = 'conformance-wasm-pack-roundtrip';
 async function isWasmSupported(): Promise<boolean> {
   const disco = await driver.get('/.well-known/openwop');
   return Boolean(
-    (disco.json as { capabilities?: { nodePackRuntimes?: { wasm?: { supported?: boolean } } } })
-      .capabilities?.nodePackRuntimes?.wasm?.supported,
+    capabilityFamily<{ wasm?: { supported?: boolean } }>(disco.json, 'nodePackRuntimes')?.wasm?.supported,
   );
 }

package/src/scenarios/wasm-pack-load.test.ts CHANGED Viewed

@@ -15,6 +15,7 @@
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
 import { isFixtureAdvertised } from '../lib/fixtures.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 const FIXTURE = 'conformance-wasm-pack-roundtrip';
@@ -28,8 +29,7 @@ interface WasmCaps {
 async function getWasmCaps(): Promise<WasmCaps | null> {
   const disco = await driver.get('/.well-known/openwop');
   const caps =
-    (disco.json as { capabilities?: { nodePackRuntimes?: { wasm?: WasmCaps } } })
-      .capabilities?.nodePackRuntimes?.wasm ?? null;
+    capabilityFamily<{ wasm?: WasmCaps }>(disco.json, 'nodePackRuntimes')?.wasm ?? null;
   return caps;
 }

package/src/scenarios/wasm-pack-memory-cap.test.ts CHANGED Viewed

@@ -26,6 +26,7 @@ import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
 import { pollUntilTerminal } from '../lib/polling.js';
 import { isFixtureAdvertised } from '../lib/fixtures.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 const CAP_BREACH_FIXTURE = 'conformance-wasm-pack-memory-cap-breach';
@@ -33,9 +34,7 @@ describe('wasm-pack-memory-cap: host advertises maxMemoryBytes', () => {
   it('capabilities.nodePackRuntimes.wasm.maxMemoryBytes is a plausible number', async () => {
     const disco = await driver.get('/.well-known/openwop');
     const wasm =
-      (disco.json as {
-        capabilities?: { nodePackRuntimes?: { wasm?: { supported?: boolean; maxMemoryBytes?: unknown } } };
-      }).capabilities?.nodePackRuntimes?.wasm;
+      capabilityFamily<{ wasm?: Record<string, unknown> }>(disco.json, 'nodePackRuntimes')?.wasm;
     if (!wasm?.supported) return;
@@ -64,9 +63,7 @@ describe('wasm-pack-memory-cap: positive path via misbehaving pack', () => {
     }
     const disco = await driver.get('/.well-known/openwop');
     const wasm =
-      (disco.json as {
-        capabilities?: { nodePackRuntimes?: { wasm?: { supported?: boolean } } };
-      }).capabilities?.nodePackRuntimes?.wasm;
+      capabilityFamily<{ wasm?: Record<string, unknown> }>(disco.json, 'nodePackRuntimes')?.wasm;
     if (!wasm?.supported) return;
     const create = await driver.post('/v1/runs', {

package/src/scenarios/wasm-pack-replay-determinism.test.ts CHANGED Viewed

@@ -14,14 +14,14 @@ import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
 import { pollUntilTerminal } from '../lib/polling.js';
 import { isFixtureAdvertised } from '../lib/fixtures.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 const FIXTURE = 'conformance-wasm-pack-roundtrip';
 async function isWasmSupported(): Promise<boolean> {
   const disco = await driver.get('/.well-known/openwop');
   return Boolean(
-    (disco.json as { capabilities?: { nodePackRuntimes?: { wasm?: { supported?: boolean } } } })
-      .capabilities?.nodePackRuntimes?.wasm?.supported,
+    capabilityFamily<{ wasm?: { supported?: boolean } }>(disco.json, 'nodePackRuntimes')?.wasm?.supported,
   );
 }

package/src/scenarios/workflow-primary-output-annotation.test.ts ADDED Viewed

@@ -0,0 +1,142 @@
+/**
+ * workflow-primary-output-annotation — RFC 0065 schema shape conformance.
+ *
+ * Server-free schema assertions that the optional `outputRole` field on
+ * `WorkflowNode` is exactly that — optional, additive, and a closed enum:
+ *   1. A WorkflowDefinition with one node declaring `outputRole: "primary"`
+ *      and another declaring `outputRole: "secondary"` validates.
+ *   2. A WorkflowDefinition with the field absent (legacy shape) still
+ *      validates — preserves the additive promise.
+ *   3. An unknown `outputRole` value is rejected by the closed enum.
+ *   4. The field set to a non-string is rejected.
+ *
+ * Always runs (pure on-disk Ajv2020 validation; no host involvement —
+ * the field has no engine-observable effect by design).
+ *
+ * @see RFCS/0065-workflow-node-primary-output-annotation.md
+ * @see schemas/workflow-definition.schema.json ($defs.WorkflowNode.outputRole)
+ */
+import { describe, it, expect } from 'vitest';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+function compileWorkflowDefinition(): ReturnType<Ajv2020['compile']> {
+  const ajv = new Ajv2020({ strict: false, allErrors: true });
+  addFormats(ajv);
+  // Register cross-file `$ref` targets — same pattern as
+  // `fixtures-valid.test.ts`. Without these, Ajv throws
+  // `missingRef` when compiling `workflow-definition.schema.json`
+  // because it references agent-ref + prompt-ref by URL.
+  const agentRefSchema = JSON.parse(
+    readFileSync(join(SCHEMAS_DIR, 'agent-ref.schema.json'), 'utf8'),
+  ) as Record<string, unknown>;
+  const promptRefSchema = JSON.parse(
+    readFileSync(join(SCHEMAS_DIR, 'prompt-ref.schema.json'), 'utf8'),
+  ) as Record<string, unknown>;
+  const promptKindSchema = JSON.parse(
+    readFileSync(join(SCHEMAS_DIR, 'prompt-kind.schema.json'), 'utf8'),
+  ) as Record<string, unknown>;
+  ajv.addSchema(agentRefSchema, 'agent-ref.schema.json');
+  ajv.addSchema(promptRefSchema, 'prompt-ref.schema.json');
+  ajv.addSchema(promptRefSchema, './prompt-ref.schema.json');
+  ajv.addSchema(promptKindSchema, 'prompt-kind.schema.json');
+  ajv.addSchema(promptKindSchema, './prompt-kind.schema.json');
+  const schema = JSON.parse(
+    readFileSync(join(SCHEMAS_DIR, 'workflow-definition.schema.json'), 'utf8'),
+  ) as Record<string, unknown>;
+  return ajv.compile(schema);
+}
+/** Build the minimal-required shape of a WorkflowDefinition. Tests
+ *  inject per-case node overrides via the `nodes` arg. */
+function baseDefinition(nodes: Array<Record<string, unknown>>): Record<string, unknown> {
+  return {
+    id: 'wf-test',
+    name: 'Test',
+    version: '1.0.0',
+    nodes,
+    edges: [],
+    triggers: [],
+    variables: [],
+    metadata: { createdAt: '2026-05-25T00:00:00Z' },
+    settings: {},
+  };
+}
+function baseNode(id: string, extras: Record<string, unknown> = {}): Record<string, unknown> {
+  return {
+    id,
+    typeId: 'core.test.noop',
+    name: id,
+    position: { x: 0, y: 0 },
+    config: {},
+    inputs: {},
+    ...extras,
+  };
+}
+describe('workflow-primary-output-annotation: outputRole shape (RFC 0065)', () => {
+  const validate = compileWorkflowDefinition();
+  it('accepts a workflow with one node declaring outputRole="primary"', () => {
+    const def = baseDefinition([
+      baseNode('a', { outputRole: 'primary' }),
+      baseNode('b'),
+    ]);
+    const ok = validate(def);
+    expect(ok, JSON.stringify(validate.errors, null, 2)).toBe(true);
+  });
+  it('accepts primary AND secondary annotations on different nodes', () => {
+    const def = baseDefinition([
+      baseNode('a', { outputRole: 'primary' }),
+      baseNode('b', { outputRole: 'secondary' }),
+      baseNode('c'),
+    ]);
+    const ok = validate(def);
+    expect(ok, JSON.stringify(validate.errors, null, 2)).toBe(true);
+  });
+  it('accepts a workflow with the field absent (additive promise)', () => {
+    const def = baseDefinition([
+      baseNode('a'),
+      baseNode('b'),
+    ]);
+    const ok = validate(def);
+    expect(ok, JSON.stringify(validate.errors, null, 2)).toBe(true);
+  });
+  it('rejects an unknown outputRole enum value', () => {
+    const def = baseDefinition([
+      baseNode('a', { outputRole: 'tertiary' }),
+    ]);
+    const ok = validate(def);
+    expect(ok).toBe(false);
+    expect(validate.errors).toBeTruthy();
+  });
+  it('rejects outputRole set to a non-string', () => {
+    const def = baseDefinition([
+      baseNode('a', { outputRole: 1 }),
+    ]);
+    const ok = validate(def);
+    expect(ok).toBe(false);
+  });
+  it('permits multiple nodes declaring outputRole="primary" (tooling decides)', () => {
+    // The schema doesn't reject multiple primaries — tooling MAY pick
+    // any (lexicographic node id is the RFC's recommended tiebreaker).
+    // This test pins that the schema-layer doesn't enforce uniqueness,
+    // matching the RFC's "schema permits N primaries" promise.
+    const def = baseDefinition([
+      baseNode('a', { outputRole: 'primary' }),
+      baseNode('b', { outputRole: 'primary' }),
+    ]);
+    const ok = validate(def);
+    expect(ok, JSON.stringify(validate.errors, null, 2)).toBe(true);
+  });
+});

package/src/scenarios/workspace-behavior.test.ts ADDED Viewed

@@ -0,0 +1,134 @@
+/**
+ * workspace-behavior — RFC 0059 §C/§D behavioral verification for a host
+ * advertising `capabilities.workspace.supported: true`.
+ *
+ * Status: ACTIVE. Capability-gated: every block soft-skips when the host does
+ * not advertise the workspace store.
+ *
+ * What this scenario asserts:
+ *   1. §C CRUD round-trip — PUT create (version 1, etag), GET, list (metadata
+ *      only, no `content`), DELETE, then GET → 404.
+ *   2. §C optimistic concurrency — a PUT with a stale `If-Match` MUST return
+ *      `409 workspace_conflict` with `details.currentVersion`; a matching
+ *      `If-Match` MUST bump `version`.
+ *   3. §C size ceiling — `content` beyond `maxFileBytes` MUST return
+ *      `workspace_too_large`.
+ *   4. §D run snapshot — a run started after a write exposes the workspace
+ *      read snapshot on its run snapshot.
+ *
+ * @see RFCS/0059-agent-workspace.md §C §D
+ * @see spec/v1/agent-workspace.md §"§C — Endpoints" / §"§D — Run-time exposure"
+ */
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
+interface DiscoveryWorkspace {
+  supported?: boolean;
+  maxFileBytes?: number;
+}
+interface DiscoveryDoc {
+  capabilities?: { workspace?: DiscoveryWorkspace };
+}
+async function workspaceCap(): Promise<DiscoveryWorkspace | null> {
+  const res = await driver.get('/.well-known/openwop');
+  const ws = capabilityFamily((res.json as DiscoveryDoc | undefined), 'workspace');
+  return ws?.supported === true ? ws : null;
+}
+const FILES = '/v1/host/workspace/files';
+interface WorkspaceFile {
+  path: string;
+  content?: string;
+  version: number;
+  etag?: string;
+}
+describe('workspace-behavior: §C CRUD round-trip (RFC 0059)', () => {
+  it('PUT creates v1, GET returns it, list omits content, DELETE removes it', async () => {
+    if (!(await workspaceCap())) return;
+    const path = 'behavior/CRUD.md';
+    const created = await driver.put(`${FILES}/${encodeURIComponent(path)}`, { content: 'first body' });
+    expect(created.status, driver.describe('agent-workspace.md §C PUT', 'create MUST return 200')).toBe(200);
+    const file = created.json as WorkspaceFile;
+    expect(file.version, driver.describe('agent-workspace.md §File model', 'version MUST start at 1')).toBe(1);
+    expect(typeof file.etag, driver.describe('agent-workspace.md §File model', 'PUT MUST return an etag')).toBe('string');
+    const got = await driver.get(`${FILES}/${encodeURIComponent(path)}`);
+    expect((got.json as WorkspaceFile).content, driver.describe('agent-workspace.md §C GET', 'GET MUST return the content')).toBe('first body');
+    const list = await driver.get(FILES);
+    const rows = (list.json as { files?: WorkspaceFile[] }).files ?? [];
+    const row = rows.find((r) => r.path === path);
+    expect(row, driver.describe('agent-workspace.md §C list', 'list MUST include the created file')).toBeDefined();
+    expect('content' in (row as object), driver.describe('agent-workspace.md §C list', 'list MUST NOT include file bodies (metadata only)')).toBe(false);
+    const del = await driver.del(`${FILES}/${encodeURIComponent(path)}`);
+    expect(del.status, driver.describe('agent-workspace.md §C DELETE', 'DELETE MUST return 2xx')).toBeGreaterThanOrEqual(200);
+    expect(del.status, 'DELETE MUST be < 300').toBeLessThan(300);
+    const gone = await driver.get(`${FILES}/${encodeURIComponent(path)}`);
+    expect(gone.status, driver.describe('agent-workspace.md §C GET', 'GET after DELETE MUST be 404')).toBe(404);
+  });
+});
+describe('workspace-behavior: §C optimistic concurrency (RFC 0059)', () => {
+  it('stale If-Match → 409 workspace_conflict; matching If-Match bumps version', async () => {
+    if (!(await workspaceCap())) return;
+    const path = 'behavior/ETAG.md';
+    const v1 = await driver.put(`${FILES}/${encodeURIComponent(path)}`, { content: 'v1' });
+    const etag = (v1.json as WorkspaceFile).etag!;
+    const stale = await driver.put(`${FILES}/${encodeURIComponent(path)}`, { content: 'nope' }, { headers: { 'If-Match': '"definitely-stale"' } });
+    expect(stale.status, driver.describe('agent-workspace.md §C PUT', 'a stale If-Match MUST return 409 workspace_conflict')).toBe(409);
+    expect((stale.json as { error?: string }).error, driver.describe('rest-endpoints.md workspace_conflict', 'error code MUST be workspace_conflict')).toBe('workspace_conflict');
+    const details = (stale.json as { details?: { currentVersion?: number } }).details;
+    expect(typeof details?.currentVersion, driver.describe('agent-workspace.md §C PUT', '409 MUST carry details.currentVersion')).toBe('number');
+    const v2 = await driver.put(`${FILES}/${encodeURIComponent(path)}`, { content: 'v2' }, { headers: { 'If-Match': etag } });
+    expect(v2.status, 'a matching If-Match MUST succeed').toBe(200);
+    expect((v2.json as WorkspaceFile).version, driver.describe('agent-workspace.md §File model', 'a successful PUT MUST bump version')).toBe(2);
+    await driver.del(`${FILES}/${encodeURIComponent(path)}`);
+  });
+});
+describe('workspace-behavior: §C size ceiling (RFC 0059)', () => {
+  it('content beyond maxFileBytes returns workspace_too_large', async () => {
+    const cap = await workspaceCap();
+    if (cap === null) return;
+    const max = typeof cap.maxFileBytes === 'number' ? cap.maxFileBytes : 1_048_576;
+    const tooBig = 'x'.repeat(max + 1);
+    const res = await driver.put(`${FILES}/${encodeURIComponent('behavior/TOOBIG.md')}`, { content: tooBig });
+    expect(res.status, driver.describe('agent-workspace.md §C PUT', 'oversize content MUST be rejected (4xx)')).toBeGreaterThanOrEqual(400);
+    expect((res.json as { error?: string }).error, driver.describe('rest-endpoints.md workspace_too_large', 'error code MUST be workspace_too_large')).toBe('workspace_too_large');
+  });
+});
+describe('workspace-behavior: §D run-start snapshot (RFC 0059)', () => {
+  it('a run started after a write exposes the workspace snapshot', async () => {
+    if (!(await workspaceCap())) return;
+    const path = 'behavior/SNAPSHOT.md';
+    await driver.put(`${FILES}/${encodeURIComponent(path)}`, { content: 'snapshot body' });
+    const create = await driver.post('/v1/runs', { workflowId: 'conformance-noop' });
+    if (create.status !== 201 && create.status !== 200) return; // host lacks the noop fixture — skip
+    const runId = (create.json as { runId?: string }).runId;
+    if (runId === undefined) return;
+    const snap = await driver.get(`/v1/runs/${encodeURIComponent(runId)}`);
+    const ws = (snap.json as { workspace?: Array<{ path: string }> }).workspace;
+    if (ws === undefined) return; // host doesn't expose the snapshot field — skip
+    expect(
+      ws.some((f) => f.path === path),
+      driver.describe('agent-workspace.md §D', 'the run snapshot MUST reflect a workspace file present at run start'),
+    ).toBe(true);
+    await driver.del(`${FILES}/${encodeURIComponent(path)}`);
+  });
+});

package/src/scenarios/workspace-capability-shape.test.ts ADDED Viewed

@@ -0,0 +1,73 @@
+/**
+ * workspace-capability-shape — RFC 0059 §A advertisement-shape verification.
+ *
+ * Status: ACTIVE (advertisement-shape; always runs). RFC 0059 (agent
+ * workspace) promoted Draft → Active 2026-05-25 — the `capabilities.workspace`
+ * block has landed in `schemas/capabilities.schema.json`.
+ *
+ * Always runs (shape-only): when the host advertises `capabilities.workspace`,
+ * its fields MUST be well-formed.
+ *
+ * What this scenario asserts:
+ *   1. `capabilities.workspace` is either absent or a well-formed object.
+ *   2. `supported` is a boolean when the block is present.
+ *   3. `maxFileBytes` / `maxFiles` / `maxVersions` are positive integers when present.
+ *
+ * Behavioral coverage (CRUD / ETag / cross-tenant isolation / run-snapshot)
+ * lands at the implementation milestone (RFC 0059 §E), capability-gated on
+ * `capabilities.workspace.supported`.
+ *
+ * @see RFCS/0059-agent-workspace.md §A
+ * @see spec/v1/agent-workspace.md §"Capability advertisement"
+ */
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
+interface DiscoveryWorkspace {
+  supported?: boolean;
+  versioned?: boolean;
+  maxFileBytes?: number;
+  maxFiles?: number;
+  maxVersions?: number;
+}
+interface DiscoveryDoc {
+  capabilities?: { workspace?: DiscoveryWorkspace };
+}
+async function readWorkspace(): Promise<DiscoveryWorkspace | null> {
+  const res = await driver.get('/.well-known/openwop');
+  const body = res.json as DiscoveryDoc | undefined;
+  return capabilityFamily(body, 'workspace') ?? null;
+}
+const POSITIVE_INT_FIELDS = ['maxFileBytes', 'maxFiles', 'maxVersions'] as const;
+describe('workspace-capability-shape: advertisement shape (RFC 0059 §A)', () => {
+  it('capabilities.workspace is either absent or well-formed', async () => {
+    const ws = await readWorkspace();
+    if (ws === null) return; // host doesn't advertise workspace at all
+    expect(
+      typeof ws.supported,
+      driver.describe(
+        'capabilities.schema.json §workspace',
+        'capabilities.workspace.supported MUST be a boolean when workspace is advertised',
+      ),
+    ).toBe('boolean');
+  });
+  it('maxFileBytes / maxFiles / maxVersions are positive integers when present', async () => {
+    const ws = await readWorkspace();
+    if (ws === null) return;
+    for (const field of POSITIVE_INT_FIELDS) {
+      const v = ws[field];
+      if (v === undefined) continue;
+      expect(
+        Number.isInteger(v) && v >= 1,
+        driver.describe('RFC 0059 §A', `capabilities.workspace.${field} MUST be an integer >= 1, got: ${v}`),
+      ).toBe(true);
+    }
+  });
+});

package/src/scenarios/workspace-cross-tenant-isolation.test.ts ADDED Viewed

@@ -0,0 +1,84 @@
+/**
+ * workspace-cross-tenant-isolation — RFC 0059 §E WCT-1.
+ *
+ * Status: ACTIVE (advertisement + behavioral). Public test for the
+ * `workspace-cross-tenant-isolation` SECURITY invariant: a workspace file
+ * owned by `{tenant, workspace}` MUST NOT be readable (get or list) under a
+ * different `{tenant′, workspace′}`, regardless of the caller's permissions
+ * elsewhere. Mirrors `kv-cross-tenant-isolation` / `agent-memory-cti-1`.
+ *
+ * The two owners are driven through the documented test seam
+ * `POST /v1/host/sample/workspace/op` (host-sample-test-seams.md §9), which
+ * lets a single-credential host exercise distinct owners. Hosts without the
+ * seam soft-skip the behavioral probe; the advertisement-shape assertion still
+ * runs whenever `capabilities.workspace.supported` is advertised.
+ *
+ * @see RFCS/0059-agent-workspace.md §E WCT-1
+ * @see spec/v1/agent-workspace.md §"§E — Invariants"
+ * @see SECURITY/invariants.yaml workspace-cross-tenant-isolation
+ */
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
+interface DiscoveryDoc {
+  capabilities?: { workspace?: { supported?: boolean } };
+}
+async function workspaceSupported(): Promise<boolean> {
+  const res = await driver.get('/.well-known/openwop');
+  const body = res.json as DiscoveryDoc | undefined;
+  return capabilityFamily(body, 'workspace')?.supported === true;
+}
+function seam(args: Record<string, unknown>) {
+  return driver.post('/v1/host/sample/workspace/op', args);
+}
+const SEAM_PATH = 'WCT1-SECRET.md';
+describe('workspace-cross-tenant-isolation: a workspace file MUST NOT leak across owners (RFC 0059 §E WCT-1)', () => {
+  it('a file written under {tenant A, workspace A} is not readable under a different owner', async () => {
+    if (!(await workspaceSupported())) return; // capability not advertised — skip
+    // Owner A writes a file.
+    const put = await seam({ tenant: 'wct1-tenant-a', workspace: 'ws-a', op: 'put', path: SEAM_PATH, content: 'A-only secret body' });
+    if (put.status === 404) return; // seam unwired — soft-skip the behavioral probe
+    expect(put.status, driver.describe('agent-workspace.md §C PUT', 'seam put MUST succeed for the owning workspace')).toBe(200);
+    // A DIFFERENT workspace (same tenant) MUST NOT read it.
+    const crossWs = await seam({ tenant: 'wct1-tenant-a', workspace: 'ws-b', op: 'get', path: SEAM_PATH });
+    expect(
+      crossWs.status === 404 || crossWs.status === 403,
+      driver.describe('agent-workspace.md §E WCT-1', `a cross-workspace get MUST fail closed (404/403, no existence leak), got ${crossWs.status}`),
+    ).toBe(true);
+    const crossWsBody = JSON.stringify(crossWs.json ?? '');
+    expect(
+      !crossWsBody.includes('A-only secret body'),
+      driver.describe('agent-workspace.md §E WCT-1', 'a cross-workspace read MUST NOT surface the other owner\'s content'),
+    ).toBe(true);
+    // A DIFFERENT tenant MUST NOT read it either.
+    const crossTenant = await seam({ tenant: 'wct1-tenant-b', workspace: 'ws-a', op: 'get', path: SEAM_PATH });
+    expect(
+      crossTenant.status === 404 || crossTenant.status === 403,
+      driver.describe('agent-workspace.md §E WCT-1', `a cross-tenant get MUST fail closed, got ${crossTenant.status}`),
+    ).toBe(true);
+    // And list MUST NOT enumerate the other owner's path.
+    const crossList = await seam({ tenant: 'wct1-tenant-a', workspace: 'ws-b', op: 'list' });
+    const listed = JSON.stringify((crossList.json as { files?: unknown })?.files ?? []);
+    expect(
+      !listed.includes(SEAM_PATH),
+      driver.describe('agent-workspace.md §E WCT-1', 'a cross-workspace list MUST NOT enumerate another owner\'s file'),
+    ).toBe(true);
+    // Sanity: the owner itself still reads its file (isolation, not loss).
+    const ownerRead = await seam({ tenant: 'wct1-tenant-a', workspace: 'ws-a', op: 'get', path: SEAM_PATH });
+    expect(
+      (ownerRead.json as { content?: string } | undefined)?.content,
+      driver.describe('agent-workspace.md §C GET', 'the owning workspace MUST still read its own file'),
+    ).toBe('A-only secret body');
+  });
+});