@openwop/openwop-conformance 1.6.1 → 1.10.0

package/src/scenarios/envelope-refusal-shape.test.ts

@@ -64,7 +64,7 @@ describe.skipIf(HTTP_SKIP)('envelope-refusal-shape: seam emission (RFC 0032 §B.
   it('accepts a well-formed `envelope.refusal` payload + writes it to the test event log', async () => {
     const d = await readDiscovery();
     if (d === null) return;
-    const reliability = d.capabilities?.envelopes?.reliability;
+    const reliability = capabilityFamily<{ reasoning?: Record<string, unknown>; tierOneSubsetCompliance?: unknown; reliability?: { completion?: Record<string, unknown> } & Record<string, unknown> }>(d, 'envelopes')?.reliability;
     if (!reliability || reliability.supported !== true) return;
     if (!Array.isArray(reliability.events) || !(reliability.events as unknown[]).includes('envelope.refusal')) return;
 
@@ -154,7 +154,7 @@ describe.skipIf(HTTP_SKIP)('envelope-refusal-shape: advertisement contract (RFC
   it('capabilities.envelopes.reliability (when supported: true with non-empty events[]) MUST list both MUST-tier events', async () => {
     const d = await readDiscovery();
     if (d === null) return;
-    const reliability = d.capabilities?.envelopes?.reliability;
+    const reliability = capabilityFamily<{ reasoning?: Record<string, unknown>; tierOneSubsetCompliance?: unknown; reliability?: { completion?: Record<string, unknown> } & Record<string, unknown> }>(d, 'envelopes')?.reliability;
     if (!reliability || reliability.supported !== true) return;
     // Hosts running the legacy undifferentiated retry loop advertise
     // `events: []` (per the OPENWOP_ENVELOPE_RELIABILITY_END_TO_END=false
@@ -190,6 +190,7 @@ describe.skipIf(HTTP_SKIP)('envelope-refusal-shape: advertisement contract (RFC
 
 import { pollUntilTerminal } from '../lib/polling.js';
 import { isFixtureAdvertised } from '../lib/fixtures.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 const E2E_FIXTURE = 'conformance-envelope-refusal';
 const E2E_NODE_ID = 'structured-call';

package/src/scenarios/envelope-rendering-hint.test.ts

@@ -0,0 +1,95 @@
+/**
+ * envelope-rendering-hint — RFC 0055 §B `meta.rendering` shape conformance.
+ *
+ * Server-free schema assertions that the optional rendering hint is exactly
+ * that — optional and additive:
+ *   1. An envelope WITH a well-formed `meta.rendering` validates.
+ *   2. An envelope WITHOUT `meta.rendering` still validates (proves the
+ *      property is optional — existing envelopes are unaffected).
+ *   3. An unknown `display` value is rejected by the closed enum (the
+ *      vocabulary is fixed; consumers fall back, producers don't invent).
+ *   4. An unknown property under `rendering` is rejected
+ *      (additionalProperties:false on the hint object).
+ *
+ * Always runs (pure on-disk Ajv2020 validation).
+ *
+ * @see RFCS/0055-multimodal-envelope-variants-and-rendering-hints.md §B
+ * @see spec/v1/ai-envelope.md §"Rendering hints"
+ * @see schemas/ai-envelope.schema.json ($defs.EnvelopeMeta.rendering)
+ */
+
+import { describe, it, expect } from 'vitest';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+
+function compileEnvelope(): ReturnType<Ajv2020['compile']> {
+  const ajv = new Ajv2020({ strict: false, allErrors: true });
+  addFormats(ajv);
+  const schema = JSON.parse(
+    readFileSync(join(SCHEMAS_DIR, 'ai-envelope.schema.json'), 'utf8'),
+  ) as Record<string, unknown>;
+  return ajv.compile(schema);
+}
+
+const baseEnvelope = {
+  type: 'error',
+  schemaVersion: 1,
+  envelopeId: 'env-rendering-1',
+  correlationId: 'run-1:node-2:turn-0:abc123',
+  payload: { code: 'x', message: 'y' },
+  meta: { source: 'ai-generation' as const, ts: '2026-05-25T10:00:00Z' },
+};
+
+describe('envelope-rendering-hint: meta.rendering shape (RFC 0055 §B)', () => {
+  const validate = compileEnvelope();
+
+  it('accepts an envelope carrying a well-formed meta.rendering hint', () => {
+    const env = {
+      ...baseEnvelope,
+      meta: {
+        ...baseEnvelope.meta,
+        rendering: { display: 'image', mimeType: 'image/png', alt: 'Q3 revenue chart', title: 'Revenue' },
+      },
+    };
+    const ok = validate(env);
+    expect(
+      ok,
+      'ai-envelope.md §"Rendering hints": ' + `meta.rendering MUST validate; errors: ${JSON.stringify(validate.errors)}`,
+    ).toBe(true);
+  });
+
+  it('accepts an envelope with NO meta.rendering (proves the property is optional)', () => {
+    const ok = validate(baseEnvelope);
+    expect(
+      ok,
+      'ai-envelope.md §"Rendering hints": ' + 'meta.rendering MUST be optional — envelopes omitting it still validate',
+    ).toBe(true);
+  });
+
+  it('rejects an unknown display value (closed enum)', () => {
+    const env = {
+      ...baseEnvelope,
+      meta: { ...baseEnvelope.meta, rendering: { display: 'hologram' } },
+    };
+    const ok = validate(env);
+    expect(
+      ok,
+      'ai-envelope.md §"Rendering hints": ' + 'display is a closed enum — unknown families MUST be rejected',
+    ).toBe(false);
+  });
+
+  it('rejects an unknown property under rendering (additionalProperties:false)', () => {
+    const env = {
+      ...baseEnvelope,
+      meta: { ...baseEnvelope.meta, rendering: { display: 'markdown', wat: true } },
+    };
+    const ok = validate(env);
+    expect(
+      ok,
+      'ai-envelope.md §"Rendering hints": ' + 'rendering is additionalProperties:false',
+    ).toBe(false);
+  });
+});

package/src/scenarios/envelope-retry-attempted.test.ts

@@ -59,7 +59,7 @@ describe.skipIf(HTTP_SKIP)('envelope-retry-attempted: advertisement shape (RFC 0
   it('capabilities.envelopes.reliability (when present) conforms to RFC 0032 §C', async () => {
     const d = await readDiscovery();
     if (d === null) return;
-    const reliability = d.capabilities?.envelopes?.reliability;
+    const reliability = capabilityFamily<{ reasoning?: Record<string, unknown>; tierOneSubsetCompliance?: unknown; reliability?: { completion?: Record<string, unknown> } & Record<string, unknown> }>(d, 'envelopes')?.reliability;
     if (reliability === undefined) return;
     expect(typeof reliability.supported, 'reliability.supported MUST be boolean').toBe('boolean');
     if (reliability.events !== undefined) {
@@ -114,6 +114,7 @@ describe.skipIf(HTTP_SKIP)('envelope-retry-attempted: advertisement shape (RFC 0
 
 import { pollUntilTerminal } from '../lib/polling.js';
 import { isFixtureAdvertised } from '../lib/fixtures.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 const FIXTURE = 'conformance-envelope-retry-attempted';
 const NODE_ID = 'structured-call';

package/src/scenarios/envelope-tier-one-subset-static.test.ts

@@ -34,6 +34,7 @@ import { readFileSync, existsSync } from 'node:fs';
 import { join } from 'node:path';
 import { driver } from '../lib/driver.js';
 import { SCHEMAS_DIR } from '../lib/paths.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 const HTTP_SKIP = !process.env.OPENWOP_BASE_URL;
 
@@ -179,9 +180,9 @@ describe.skipIf(HTTP_SKIP)('envelope-tier-one-subset-static (RFC 0030 §B)', ()
   it('hosts advertising tierOneSubsetCompliance: "strict" have payload schemas that satisfy the Tier-1 intersection', async () => {
     const d = await readDiscovery();
     if (d === null) return; // host unreachable; soft-skip
-    const compliance = d.capabilities?.envelopes?.tierOneSubsetCompliance;
+    const compliance = capabilityFamily(d, 'envelopes')?.tierOneSubsetCompliance;
     if (compliance !== 'strict') return; // gated on "strict" only
-    const advertised = (d.capabilities?.supportedEnvelopes ?? []) as string[];
+    const advertised = (capabilityFamily(d, 'supportedEnvelopes') ?? []) as string[];
     if (advertised.length === 0) return;
 
     const violationsByKind: Record<string, Violation[]> = {};

package/src/scenarios/exec-not-protocol-tier.test.ts

@@ -0,0 +1,137 @@
+/**
+ * exec-class tools MUST NOT be protocol-tier (RFC 0069, `Draft`).
+ *
+ * Always-on, server-free structural assertion over the spec corpus. Verifies
+ * the SECURITY invariant `exec-must-not-be-protocol-tier`: the protocol
+ * defines NO arbitrary-command (`exec`-class) primitive under a
+ * protocol-owned namespace (`core.*` / `openwop.*`), NO exec capability
+ * flag in `capabilities.schema.json`, and NO exec-class entry in the
+ * canonical RunEventType vocabulary.
+ *
+ * This guards against an independent implementer reading the protocol's
+ * silence as permission to ship a `core.exec` RCE primitive other hosts
+ * would treat as canonical. The assertion is against the protocol's OWN
+ * surface — it must hold for every release of the corpus regardless of
+ * which host runs it. A `vendor.acme.exec` / `x-host-acme-exec` identifier
+ * is allowed (host-extension namespace); the check fires only on
+ * protocol-owned namespaces.
+ *
+ * Spec references:
+ *   - https://github.com/openwop/openwop/blob/main/spec/v1/host-extensions.md §"exec-class tools"
+ *   - https://github.com/openwop/openwop/blob/main/SECURITY/threat-model-prompt-injection.md §"exec tools"
+ *   - https://github.com/openwop/openwop/blob/main/RFCS/0069-exec-class-tool-host-extension-safety-contract.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { readFileSync, readdirSync } from 'node:fs';
+import { join } from 'node:path';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+
+/** Server-free assertion-message helper (mirrors driver.describe's "spec — requirement" shape without requiring OPENWOP_BASE_URL). */
+const why = (specRef: string, requirement: string): string => `${specRef} — ${requirement}`;
+
+/**
+ * Closed denylist of exec-class identifier *segments* (whole tokens). The
+ * check matches a protocol-owned namespaced id whose final segment IS one
+ * of these — it does NOT flag substrings like `execution` in
+ * `multi-agent-execution` or `subprocess` inside an unrelated word.
+ */
+const EXEC_SEGMENTS = new Set([
+  'exec',
+  'shell',
+  'spawn',
+  'runcommand',
+  'runscript',
+  'subprocess',
+  'systemcall',
+  'eval',
+]);
+
+/** Protocol-owned namespace prefixes per host-extensions.md §"Canonical prefixes". */
+const PROTOCOL_PREFIXES = ['core.', 'openwop.'];
+
+/** Pull every `"core.*"` / `"openwop.*"` quoted identifier out of a corpus file. */
+function protocolOwnedIds(text: string): string[] {
+  const out: string[] = [];
+  const re = /["'`](core|openwop)\.[a-zA-Z0-9_.-]+["'`]/g;
+  let m: RegExpExecArray | null;
+  while ((m = re.exec(text)) !== null) {
+    out.push(m[0].slice(1, -1));
+  }
+  return out;
+}
+
+function isExecClass(id: string): boolean {
+  if (!PROTOCOL_PREFIXES.some((p) => id.startsWith(p))) return false;
+  const lastSegment = id.split('.').pop()?.toLowerCase().replace(/-/g, '') ?? '';
+  return EXEC_SEGMENTS.has(lastSegment);
+}
+
+describe('exec-not-protocol-tier: no exec-class primitive in the protocol corpus (RFC 0069, server-free)', () => {
+  it('no protocol-owned (core.* / openwop.*) identifier denotes arbitrary command execution', () => {
+    const schemaFiles = readdirSync(SCHEMAS_DIR).filter((f) => f.endsWith('.schema.json'));
+    const offenders: string[] = [];
+    for (const f of schemaFiles) {
+      const text = readFileSync(join(SCHEMAS_DIR, f), 'utf8');
+      for (const id of protocolOwnedIds(text)) {
+        if (isExecClass(id)) offenders.push(`${f}: ${id}`);
+      }
+    }
+    expect(
+      offenders,
+      why(
+        'host-extensions.md §exec-class tools',
+        'the protocol corpus MUST NOT define a core.*/openwop.* exec-class identifier',
+      ),
+    ).toEqual([]);
+  });
+
+  it('no capabilities.schema.json property name denotes arbitrary command execution', () => {
+    const caps = JSON.parse(readFileSync(join(SCHEMAS_DIR, 'capabilities.schema.json'), 'utf8')) as Record<string, unknown>;
+    const offenders: string[] = [];
+    const walkProps = (node: unknown, path: string): void => {
+      if (!node || typeof node !== 'object') return;
+      const obj = node as Record<string, unknown>;
+      const props = obj.properties as Record<string, unknown> | undefined;
+      if (props) {
+        for (const key of Object.keys(props)) {
+          if (EXEC_SEGMENTS.has(key.toLowerCase().replace(/-/g, ''))) {
+            offenders.push(`${path}.${key}`);
+          }
+          walkProps(props[key], `${path}.${key}`);
+        }
+      }
+    };
+    walkProps(caps, 'capabilities');
+    expect(
+      offenders,
+      why('host-extensions.md §exec-class tools', 'capabilities.schema.json MUST NOT declare an exec-class capability flag'),
+    ).toEqual([]);
+  });
+
+  it('the canonical RunEventType vocabulary contains no exec-class event', () => {
+    const runEvent = JSON.parse(readFileSync(join(SCHEMAS_DIR, 'run-event.schema.json'), 'utf8')) as {
+      $defs?: { RunEventType?: { enum?: string[] } };
+    };
+    const enumVals = runEvent.$defs?.RunEventType?.enum ?? [];
+    const offenders = enumVals.filter((v) => {
+      const lastSegment = v.split('.').pop()?.toLowerCase().replace(/-/g, '') ?? '';
+      return EXEC_SEGMENTS.has(lastSegment);
+    });
+    expect(
+      offenders,
+      why('host-extensions.md §exec-class tools', 'no RunEventType MUST denote arbitrary command execution'),
+    ).toEqual([]);
+  });
+
+  it('positive control: a vendor / x-host exec identifier is allowed (host-extension namespace)', () => {
+    expect(isExecClass('vendor.acme.exec')).toBe(false);
+    expect(isExecClass('x-host-acme-exec')).toBe(false);
+    expect(isExecClass('private.host.shell')).toBe(false);
+    // And the denylist actually fires on a protocol-owned id:
+    expect(isExecClass('core.exec')).toBe(true);
+    expect(isExecClass('openwop.shell')).toBe(true);
+    // Negative control: a benign substring is not flagged.
+    expect(isExecClass('core.workflowChain.event')).toBe(false);
+  });
+});

package/src/scenarios/experimental-tier-shape.test.ts

@@ -29,6 +29,7 @@
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
 import { experimentalGate } from '../lib/behavior-gate.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 const HTTP_SKIP = !process.env.OPENWOP_BASE_URL;
 
@@ -57,7 +58,7 @@ async function readDiscovery(): Promise<DiscoveryDoc | null> {
 describe.skipIf(HTTP_SKIP)('experimental-tier-shape: §A schema discipline (RFC 0042 §A)', () => {
   it('multiAgent.executionModel.tier (when present) MUST be one of {stable, experimental}', async (ctx) => {
     const d = await readDiscovery();
-    const em = d?.capabilities?.multiAgent?.executionModel;
+    const em = capabilityFamily<{ executionModel?: { [k: string]: unknown; crossHostCausation?: Record<string, unknown>; replayDeterminism?: Record<string, unknown> } }>(d, 'multiAgent')?.executionModel;
     if (em === undefined) {
       ctx.skip();
       return;
@@ -77,7 +78,7 @@ describe.skipIf(HTTP_SKIP)('experimental-tier-shape: §A schema discipline (RFC
 
   it('when tier === "experimental", experimentalUntil MUST be present + valid date', async (ctx) => {
     const d = await readDiscovery();
-    const em = d?.capabilities?.multiAgent?.executionModel;
+    const em = capabilityFamily<{ executionModel?: { [k: string]: unknown; crossHostCausation?: Record<string, unknown>; replayDeterminism?: Record<string, unknown> } }>(d, 'multiAgent')?.executionModel;
     if (em === undefined || em.tier !== 'experimental') {
       ctx.skip();
       return;
@@ -112,7 +113,7 @@ describe.skipIf(HTTP_SKIP)('experimental-tier-shape: §A schema discipline (RFC
 
   it('experimentalUntil MUST be ≤ 365 days in the future (sunset bound)', async (ctx) => {
     const d = await readDiscovery();
-    const em = d?.capabilities?.multiAgent?.executionModel;
+    const em = capabilityFamily<{ executionModel?: { [k: string]: unknown; crossHostCausation?: Record<string, unknown>; replayDeterminism?: Record<string, unknown> } }>(d, 'multiAgent')?.executionModel;
     if (em === undefined || em.tier !== 'experimental') {
       ctx.skip();
       return;
@@ -135,7 +136,7 @@ describe.skipIf(HTTP_SKIP)('experimental-tier-shape: §A schema discipline (RFC
 
   it('sunset detection: experimentalUntil in the past is non-conformant', async (ctx) => {
     const d = await readDiscovery();
-    const em = d?.capabilities?.multiAgent?.executionModel;
+    const em = capabilityFamily<{ executionModel?: { [k: string]: unknown; crossHostCausation?: Record<string, unknown>; replayDeterminism?: Record<string, unknown> } }>(d, 'multiAgent')?.executionModel;
     if (em === undefined || em.tier !== 'experimental') {
       ctx.skip();
       return;

package/src/scenarios/fs-path-traversal.test.ts

@@ -27,6 +27,7 @@
 
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 interface DiscoveryFs {
   supported?: boolean;
@@ -43,7 +44,7 @@ interface DiscoveryDoc {
 async function readFs(): Promise<DiscoveryFs | null> {
   const res = await driver.get('/.well-known/openwop');
   const body = res.json as DiscoveryDoc | undefined;
-  return body?.capabilities?.fs ?? null;
+  return capabilityFamily(body, 'fs') ?? null;
 }
 
 const PATH_REJECTION_CODES: ReadonlySet<string> = new Set([

package/src/scenarios/heartbeat-capability-shape.test.ts

@@ -0,0 +1,35 @@
+/**
+ * heartbeat-capability-shape — RFC 0060 §A. The `capabilities.heartbeat`
+ * advertisement block is either absent or a well-formed object.
+ *
+ * Status: ACTIVE (advertisement-shape; always runs). Behavioral coverage
+ * lives in the sibling heartbeat-*.test.ts scenarios, gated on
+ * `capabilities.heartbeat.supported` + the host's heartbeat tick seam.
+ *
+ * @see RFCS/0060-host-heartbeat-capability.md §A
+ * @see spec/v1/host-capabilities.md §host.heartbeat
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { readHeartbeatCap } from '../lib/heartbeat.js';
+
+describe('heartbeat-capability-shape: advertisement (RFC 0060 §A)', () => {
+  it('capabilities.heartbeat is absent or a well-formed object', async () => {
+    const cap = await readHeartbeatCap();
+    if (cap === null) return; // not advertised — valid
+    expect(
+      typeof cap.supported,
+      driver.describe('capabilities.schema.json §heartbeat', 'heartbeat.supported MUST be a boolean when the block is present'),
+    ).toBe('boolean');
+    for (const k of ['minIntervalSec', 'maxRuntimeMs'] as const) {
+      if (cap[k] !== undefined) {
+        const v = cap[k];
+        expect(
+          typeof v === 'number' && Number.isInteger(v) && v >= 1,
+          driver.describe('capabilities.schema.json §heartbeat', `heartbeat.${k} MUST be a positive integer when present`),
+        ).toBe(true);
+      }
+    }
+  });
+});

package/src/scenarios/heartbeat-fires-once-per-tick.test.ts

@@ -0,0 +1,28 @@
+/**
+ * heartbeat-fires-once-per-tick — RFC 0060 §B.1. A tick produces exactly one
+ * `heartbeat.evaluated`; an overlapping tick while a prior evaluation is still
+ * running is skipped (not queued).
+ *
+ * Gated on `capabilities.heartbeat.supported` + the host heartbeat tick seam
+ * (`POST /v1/host/sample/heartbeat/tick`); soft-skips when either is absent.
+ *
+ * @see RFCS/0060-host-heartbeat-capability.md §B
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { readHeartbeatCap, heartbeatSupported, tickHeartbeat } from '../lib/heartbeat.js';
+
+describe('heartbeat-fires-once-per-tick (RFC 0060 §B.1)', () => {
+  it('one tick emits exactly one heartbeat.evaluated', async () => {
+    if (!heartbeatSupported(await readHeartbeatCap())) return;
+    const res = await tickHeartbeat({ heartbeatId: 'conformance-hb', observedState: { n: 0 } });
+    if (res === null) return; // seam absent — soft-skip
+    const evaluated = (res.json as { evaluated?: unknown[] } | undefined)?.evaluated;
+    if (!Array.isArray(evaluated)) return; // host doesn't surface per-tick events on the seam
+    expect(
+      evaluated.length,
+      driver.describe('RFC 0060 §B.1', 'a single tick MUST emit exactly one heartbeat.evaluated'),
+    ).toBe(1);
+  });
+});

package/src/scenarios/heartbeat-idempotent-no-spam.test.ts

@@ -0,0 +1,43 @@
+/**
+ * heartbeat-idempotent-no-spam — RFC 0060 §B.5. Two ticks at unchanged state
+ * produce zero enqueued runs and zero `heartbeat.stateChanged`; only the
+ * transitioning tick produces exactly one of each. This is the anti-spam
+ * guarantee — action is gated on a state *transition*, not on the tick.
+ *
+ * Gated on `capabilities.heartbeat.supported` + the host tick seam;
+ * soft-skips when either is absent.
+ *
+ * @see RFCS/0060-host-heartbeat-capability.md §B
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { readHeartbeatCap, heartbeatSupported, tickHeartbeat } from '../lib/heartbeat.js';
+
+function changedCount(json: unknown): number | null {
+  const sc = (json as { stateChanged?: unknown[] } | undefined)?.stateChanged;
+  return Array.isArray(sc) ? sc.length : null;
+}
+
+describe('heartbeat-idempotent-no-spam (RFC 0060 §B.5)', () => {
+  it('an unchanged tick enqueues nothing; only a transition does', async () => {
+    if (!heartbeatSupported(await readHeartbeatCap())) return;
+    const hb = 'conformance-hb-spam';
+    const first = await tickHeartbeat({ heartbeatId: hb, observedState: { unread: 0 } });
+    if (first === null) return; // seam absent — soft-skip
+    const second = await tickHeartbeat({ heartbeatId: hb, observedState: { unread: 0 } });
+    if (second === null) return;
+    const unchanged = changedCount(second.json);
+    if (unchanged === null) return; // host doesn't surface stateChanged on the seam
+    expect(
+      unchanged,
+      driver.describe('RFC 0060 §B.5', 'an unchanged tick MUST NOT emit heartbeat.stateChanged'),
+    ).toBe(0);
+    const transition = await tickHeartbeat({ heartbeatId: hb, observedState: { unread: 3 } });
+    if (transition === null) return;
+    expect(
+      changedCount(transition.json),
+      driver.describe('RFC 0060 §B.5', 'a transitioning tick MUST emit exactly one heartbeat.stateChanged'),
+    ).toBe(1);
+  });
+});

package/src/scenarios/heartbeat-runtime-bound.test.ts

@@ -0,0 +1,30 @@
+/**
+ * heartbeat-runtime-bound — RFC 0060 §B.2. A predicate exceeding `maxRuntimeMs`
+ * is terminated and reported `heartbeat.evaluated { status: "timeout" }`,
+ * never left running.
+ *
+ * Gated on `capabilities.heartbeat.supported` + the host tick seam;
+ * soft-skips when either is absent.
+ *
+ * @see RFCS/0060-host-heartbeat-capability.md §B
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { readHeartbeatCap, heartbeatSupported, tickHeartbeat } from '../lib/heartbeat.js';
+
+describe('heartbeat-runtime-bound (RFC 0060 §B.2)', () => {
+  it('an over-budget predicate is reported as timeout', async () => {
+    if (!heartbeatSupported(await readHeartbeatCap())) return;
+    // `simulateSlowMs` is a host-seam hint asking the predicate to overrun
+    // its maxRuntimeMs budget; hosts not honoring it surface no `timeout`.
+    const res = await tickHeartbeat({ heartbeatId: 'conformance-hb-slow', observedState: {}, simulateSlowMs: 60_000 });
+    if (res === null) return; // seam absent — soft-skip
+    const evaluated = (res.json as { evaluated?: Array<{ status?: unknown }> } | undefined)?.evaluated;
+    if (!Array.isArray(evaluated) || evaluated.length === 0) return; // host doesn't surface per-tick events
+    expect(
+      evaluated.every((e) => e.status === 'timeout'),
+      driver.describe('RFC 0060 §B.2', 'an over-budget predicate MUST be terminated and reported status:"timeout"'),
+    ).toBe(true);
+  });
+});

package/src/scenarios/http-client-ssrf.test.ts

@@ -20,12 +20,13 @@
 
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 async function isHttpClientSupported(): Promise<boolean> {
   const disco = await driver.get('/.well-known/openwop');
-  const caps = (disco.json as { capabilities?: { httpClient?: { supported?: boolean } } })
-    .capabilities;
-  return caps?.httpClient?.supported === true;
+  return (
+    capabilityFamily<{ supported?: boolean }>(disco.json, 'httpClient')?.supported === true
+  );
 }
 
 describe('http-client-ssrf: capability advertisement contract', () => {
@@ -36,16 +37,12 @@ describe('http-client-ssrf: capability advertisement contract', () => {
       return;
     }
     const disco = await driver.get('/.well-known/openwop');
-    const cap = (disco.json as {
-      capabilities?: {
-        httpClient?: {
-          supported?: boolean;
-          ssrfGuard?: boolean;
-          maxResponseBodyBytes?: number;
-          methods?: unknown;
-        };
-      };
-    }).capabilities?.httpClient;
+    const cap = capabilityFamily<{
+      supported?: boolean;
+      ssrfGuard?: boolean;
+      maxResponseBodyBytes?: number;
+      methods?: unknown;
+    }>(disco.json, 'httpClient');
 
     expect(cap?.supported, driver.describe(
       'capabilities.md §httpClient',

package/src/scenarios/mcp-toolcall-redaction.test.ts

@@ -21,6 +21,7 @@
 
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 async function isMcpClientSupported(): Promise<boolean> {
   const disco = await driver.get('/.well-known/openwop');
@@ -37,11 +38,11 @@ describe('mcp-toolcall-redaction: capability advertisement contract', () => {
       return;
     }
     const disco = await driver.get('/.well-known/openwop');
-    const cap = (disco.json as {
+    const cap = capabilityFamily((disco.json as {
       capabilities?: {
         mcpClient?: { supported?: boolean; transports?: unknown; trustBoundary?: string };
       };
-    }).capabilities?.mcpClient;
+    }), 'mcpClient');
 
     expect(cap?.supported, driver.describe(
       'host-capabilities.md §host.mcp',