@openwop/openwop-conformance 1.6.1 → 1.11.0

package/src/scenarios/agent-manifest-runtime.test.ts

@@ -0,0 +1,85 @@
+/**
+ * agent-manifest-runtime — RFC 0070. When a host advertises
+ * `capabilities.agents.manifestRuntime.supported`, it has loaded pack `agents[]`
+ * (RFC 0003) into an AgentRegistry and can dispatch a manifest agent on the
+ * existing core.dispatch/orchestrator loop, enforcing toolAllowlist (RFC 0002
+ * §A14) and confidence escalation (§F).
+ *
+ * The inventory leg is exercised against the NORMATIVE `GET /v1/agents` surface
+ * (RFC 0072 §A), so it runs black-box against any conformant host. The dispatch
+ * leg uses the sample-extension seam and soft-skips on hosts that don't expose
+ * it (full black-box dispatch is the sequenced executor-integration tier). Both
+ * legs gate on `capabilities.agents.manifestRuntime.supported`.
+ *
+ * @see RFCS/0070-agent-manifest-runtime.md, RFCS/0072-agent-inventory-and-dispatch.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { readManifestRuntimeCap, listManifestAgents, dispatchAgent } from '../lib/agentRuntime.js';
+
+describe('agent-manifest-runtime (RFC 0070)', () => {
+  it('lists installed manifest agents and dispatches one with attributed events', async () => {
+    const cap = await readManifestRuntimeCap();
+    if (cap?.supported !== true) return; // unadvertised — soft-skip
+
+    // RFC 0074 §B — installScope governs how GET /v1/agents is scoped.
+    const installScope = typeof cap.installScope === 'string' ? cap.installScope : 'host';
+    expect(
+      installScope === 'host' || installScope === 'tenant',
+      driver.describe('RFC 0074 §B', "agents.manifestRuntime.installScope (when present) MUST be 'host' or 'tenant'"),
+    ).toBe(true);
+
+    const inv = await listManifestAgents();
+    if (inv === null) return; // seam absent — soft-skip
+    const agents = inv.agents ?? [];
+    expect(
+      Array.isArray(agents),
+      driver.describe('RFC 0072 §A', 'GET /v1/agents MUST return an agents[] array'),
+    ).toBe(true);
+
+    if (installScope === 'host') {
+      // Host-global inventory (RFC 0072 §A): a manifestRuntime host MUST surface ≥1 agent.
+      expect(
+        agents.length > 0,
+        driver.describe('RFC 0070 §A', 'a host-scoped manifestRuntime host MUST surface ≥1 installed manifest agent'),
+      ).toBe(true);
+    } else if (agents.length === 0) {
+      // RFC 0074 §A + Unresolved Q3 — tenant-scoped: GET /v1/agents is the
+      // authenticated principal's workspace set, which MAY be empty (the workspace
+      // approved no agent packs) while manifestRuntime is advertised host-wide.
+      // Empty is conformant; the cross-tenant no-disclosure 404 is covered by the
+      // owner-triple isolation harness (RFC 0048/0059), not re-probed here. Nothing
+      // to dispatch.
+      return;
+    }
+
+    const agentId = agents[0]?.agentId;
+    if (typeof agentId !== 'string') return;
+
+    // Opaque-payload dispatch (validateHandoff:false) so the assertion is
+    // independent of the chosen agent's handoff schema.
+    const res = await dispatchAgent(agentId, { task: {}, validateHandoff: false, availableTools: [] });
+    if (res === null) return; // seam absent — soft-skip
+    expect(
+      res.status === 'completed' || res.status === 'escalated',
+      driver.describe('RFC 0070', 'dispatch MUST resolve to a terminal status (completed | escalated)'),
+    ).toBe(true);
+    const types = (res.events ?? []).map((e) => e.type);
+    expect(
+      types.includes('agent.reasoned') && types.includes('agent.decided'),
+      driver.describe('RFC 0002 §A', 'dispatch MUST emit attributed agent.reasoned + agent.decided events'),
+    ).toBe(true);
+    expect(
+      (res.events ?? []).every((e) => e.agentId === agentId),
+      driver.describe('RFC 0002 §A', 'every emitted agent.* event MUST carry the dispatched agentId'),
+    ).toBe(true);
+  });
+
+  // NOTE: RFC 0002 §F confidence escalation is NOT asserted here. Forcing a
+  // sub-threshold decision black-box would require a non-normative test hook
+  // (the reference host's `simulateConfidence`); a conformant host need not
+  // expose one, so asserting it here would wrongly fail conformant peers.
+  // Escalation is covered against the reference host in
+  // apps/workflow-engine/backend/typescript/test/{agents,agent-dispatch-route}.test.ts.
+});

package/src/scenarios/agent-org-chart-shape.test.ts

@@ -0,0 +1,127 @@
+/**
+ * Agent org-chart — record + capability + the non-authority guarantee (RFC 0087).
+ *
+ * Always-on, server-free schema-shape probe. Verifies that:
+ *   - `capabilities.agents.orgChart` is declared with its `supported` /
+ *     `installScope` / `departmentNesting` / `responsibilityView` sub-flags.
+ *   - `agent-org-chart.schema.json` compiles and round-trips a conforming
+ *     chart, and rejects malformed ones (a non-`host:` member rosterId).
+ *   - the §B structural non-authority guarantee: the schema REJECTS an
+ *     authority-bearing field on a member (`scopes` / `canDispatch` /
+ *     `permissions`) — every object is `additionalProperties:false`, so a
+ *     host cannot express position-as-authority through it. This is the public
+ *     test for the protocol-tier SECURITY invariant
+ *     `org-position-no-authority-escalation`.
+ *
+ * Behavioral assertions (a manager's tool over-reach is refused; an RFC 0049
+ * decision is invariant to org position; the cross-tenant 404; the §D roll-up
+ * over live roster portfolios) are gated on `capabilities.agents.orgChart.supported`
+ * and land at Active → Accepted (reference-host org store deferred per RFC 0087
+ * §Conformance — the host-extension at `/v1/host/sample/org-chart`, #371, is the
+ * reference demonstration). This scenario asserts the wire contract, not host behavior.
+ *
+ * Spec references:
+ *   - https://github.com/openwop/openwop/blob/main/spec/v1/agent-org-chart.md
+ *   - https://github.com/openwop/openwop/blob/main/RFCS/0087-agent-org-chart.md
+ *   - https://github.com/openwop/openwop/blob/main/SECURITY/invariants.yaml (org-position-no-authority-escalation)
+ */
+
+import { describe, it, expect } from 'vitest';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+
+/** Server-free assertion-message helper. */
+const why = (specRef: string, requirement: string): string => `${specRef} — ${requirement}`;
+
+function loadSchema(name: string): Record<string, unknown> {
+  return JSON.parse(readFileSync(join(SCHEMAS_DIR, name), 'utf8')) as Record<string, unknown>;
+}
+
+const CHART = {
+  owner: { tenantId: 'acme', workspaceId: 'growth' },
+  departments: [
+    {
+      departmentId: 'dept-marketing',
+      name: 'Marketing',
+      parentDepartmentId: null,
+      roles: [
+        { roleId: 'role-cm', name: 'Campaign Manager' },
+        { roleId: 'role-bw', name: 'Brief Writer' },
+      ],
+    },
+  ],
+  members: [
+    { rosterId: 'host:sally-marketing', departmentId: 'dept-marketing', roleId: 'role-bw', reportsTo: 'host:morgan-cmo' },
+    { rosterId: 'host:morgan-cmo', departmentId: 'dept-marketing', roleId: 'role-cm', reportsTo: null },
+  ],
+};
+
+describe('agent-org-chart-shape: capability advertisement (RFC 0087, server-free)', () => {
+  it('the capabilities schema declares agents.orgChart with its sub-flags', () => {
+    const caps = loadSchema('capabilities.schema.json');
+    const agents = (caps.properties as Record<string, { properties?: Record<string, { properties?: Record<string, unknown> }> }>).agents;
+    const orgChart = agents?.properties?.orgChart;
+    expect(orgChart, why('capabilities.md §agents', 'agents.orgChart MUST be declared')).toBeDefined();
+    for (const flag of ['supported', 'installScope', 'departmentNesting', 'responsibilityView']) {
+      expect(orgChart?.properties?.[flag], why('agent-org-chart.md §E', `agents.orgChart.${flag} MUST be declared`)).toBeDefined();
+    }
+  });
+});
+
+describe('agent-org-chart-shape: chart record (RFC 0087 §A, server-free)', () => {
+  const ajv = new Ajv2020({ strict: false, allErrors: true });
+  addFormats(ajv);
+  const chart = ajv.compile(loadSchema('agent-org-chart.schema.json'));
+
+  it('AgentOrgChart validates a conforming chart', () => {
+    expect(chart(CHART), why('RFC 0087 §A', 'a conforming org-chart MUST validate')).toBe(true);
+  });
+
+  it('rejects a non-host: member rosterId and a chart missing required arrays', () => {
+    const badMember = { ...CHART, members: [{ rosterId: 'core.openwop.agents.sally', departmentId: 'dept-marketing', roleId: 'role-bw', reportsTo: null }] };
+    expect(chart(badMember), why('RFC 0087 §A', 'a non-`host:` member rosterId MUST be rejected')).toBe(false);
+    expect(chart({ owner: { tenantId: 'acme' }, departments: [] }), why('RFC 0087 §A', 'a chart without `members` MUST be rejected')).toBe(false);
+  });
+});
+
+describe('agent-org-chart-shape: §B non-authority guarantee (RFC 0087, server-free)', () => {
+  const ajv = new Ajv2020({ strict: false, allErrors: true });
+  addFormats(ajv);
+  const chart = ajv.compile(loadSchema('agent-org-chart.schema.json'));
+
+  it('the schema rejects an authority-bearing field on a member (org-position-no-authority-escalation)', () => {
+    for (const authorityField of ['scopes', 'canDispatch', 'permissions', 'authority']) {
+      const withAuthority = {
+        ...CHART,
+        members: [{ ...CHART.members[1], [authorityField]: ['anything'] }],
+      };
+      expect(
+        chart(withAuthority),
+        why('SECURITY invariant org-position-no-authority-escalation', `a member carrying \`${authorityField}\` MUST be rejected (additionalProperties:false — position confers no authority)`),
+      ).toBe(false);
+    }
+  });
+
+  it('a conforming member object carries exactly the descriptive key set — nothing authority-bearing', () => {
+    const memberKeys = Object.keys(CHART.members[1]!).sort();
+    expect(memberKeys, why('RFC 0087 §B', 'a member is descriptive only: {departmentId, reportsTo, roleId, rosterId}')).toEqual(['departmentId', 'reportsTo', 'roleId', 'rosterId']);
+  });
+
+  it('the GET /v1/agents/org-chart/{departmentId} responsibility-view response validates (RFC 0087 §D)', () => {
+    const ajv = new Ajv2020({ strict: false, allErrors: true });
+    addFormats(ajv);
+    ajv.addSchema(loadSchema('agent-org-chart.schema.json'), 'https://openwop.dev/spec/v1/agent-org-chart.schema.json');
+    const view = ajv.compile(loadSchema('org-chart-responsibility-view.schema.json'));
+    const good = {
+      department: CHART.departments[0],
+      members: CHART.members,
+      responsibilities: ['marketing-email-campaign', 'social-post-scheduler'],
+    };
+    expect(view(good), why('RFC 0087 §D', 'a conforming responsibility-view response MUST validate')).toBe(true);
+    expect(view({ ...good, unexpected: true }), why('RFC 0087 §D', 'an extra top-level property MUST be rejected')).toBe(false);
+    expect(view({ department: CHART.departments[0], members: CHART.members }), why('RFC 0087 §D', '`responsibilities` is required')).toBe(false);
+  });
+});

package/src/scenarios/agent-platform-profile.test.ts

@@ -0,0 +1,158 @@
+/**
+ * openwop-agent-platform — operational-annex predicate + status derivation (RFC 0085).
+ *
+ * Always-on, server-free derivation probe. Verifies that:
+ *   - `isAgentPlatformPartial` / `isAgentPlatformFull` / `agentPlatformStatus`
+ *     derive `none` / `partial` / `full` correctly from representative discovery
+ *     payloads (RFC 0085 §B).
+ *   - the floor's replay-OR-nondeterminism term is honored: a host with no
+ *     `replay.supported` but `nondeterminismPolicy.declared: true` still meets the
+ *     floor.
+ *   - the `full` tier requires the governance terms (RBAC + tenant installScope +
+ *     memory.attribution + debug-bundle + trigger-bridge + egress-policy); a host
+ *     missing any reports `partial`, never `full` (the honest-advertisement rule).
+ *   - `capabilities.nondeterminismPolicy.declared` is declared in the schema.
+ *
+ * The LIVE aggregate-evidence assertion (does every required constituent scenario
+ * actually pass against a host claiming `full`?) is the `Active → Accepted` step
+ * per RFC 0085 §C — naturally gated on a reference host reaching partial/full, and
+ * deferred here. This scenario asserts the discovery-predicate derivation only.
+ *
+ * Spec references:
+ *   - https://github.com/openwop/openwop/blob/main/spec/v1/agent-platform-profile.md
+ *   - https://github.com/openwop/openwop/blob/main/RFCS/0085-agent-platform-meta-profile.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+import { isAgentPlatformPartial, isAgentPlatformFull, agentPlatformStatus, agentPlatformSatisfiedTerms } from '../lib/profiles.js';
+
+const why = (specRef: string, requirement: string): string => `${specRef} — ${requirement}`;
+
+const CORE = {
+  protocolVersion: '1.0',
+  supportedEnvelopes: ['clarification.request'],
+  schemaVersions: {},
+  limits: { clarificationRounds: 1, schemaRounds: 1, envelopesPerTurn: 1 },
+};
+
+/** A discovery payload meeting the §B floor (partial). */
+function floorPayload(extra: Record<string, unknown> = {}): Record<string, unknown> {
+  return {
+    ...CORE,
+    agents: { manifestRuntime: { supported: true }, liveRuntime: { supported: true } },
+    toolCatalog: { supported: true },
+    toolHooks: { supported: true },
+    httpClient: { safeFetch: { supported: true } },
+    providerUsage: { supported: true },
+    prompts: { supported: true },
+    memory: { supported: true },
+    feedback: { supported: true },
+    replay: { supported: true },
+    ...extra,
+  };
+}
+
+describe('agent-platform-profile: floor (partial) predicate (RFC 0085 §B, server-free)', () => {
+  it('a host meeting all floor flags is partial', () => {
+    const c = floorPayload();
+    expect(isAgentPlatformPartial(c), why('agent-platform-profile.md §B', 'all floor flags ⇒ partial')).toBe(true);
+    expect(agentPlatformStatus(c)).toBe('partial');
+  });
+
+  it('missing a single floor flag (feedback) ⇒ none', () => {
+    const c = floorPayload({ feedback: { supported: false } });
+    expect(isAgentPlatformPartial(c), why('agent-platform-profile.md §B', 'a missing floor flag ⇒ not partial')).toBe(false);
+    expect(agentPlatformStatus(c)).toBe('none');
+  });
+
+  it('replay-OR-nondeterminism: no replay but declared nondeterminism still meets the floor', () => {
+    const c = floorPayload({ replay: { supported: false }, nondeterminismPolicy: { declared: true } });
+    expect(isAgentPlatformPartial(c), why('agent-platform-profile.md §B', 'declared nondeterminism satisfies the replay-OR term')).toBe(true);
+  });
+
+  it('neither replay nor declared nondeterminism ⇒ floor unmet', () => {
+    const c = floorPayload({ replay: { supported: false } });
+    expect(isAgentPlatformPartial(c), why('agent-platform-profile.md §B', 'neither replay nor declared policy ⇒ not partial')).toBe(false);
+  });
+});
+
+describe('agent-platform-profile: full predicate + honest-advertisement (RFC 0085 §B/§D, server-free)', () => {
+  const fullExtra = {
+    authorization: { supported: true },
+    agents: { manifestRuntime: { supported: true, installScope: 'tenant' }, liveRuntime: { supported: true } },
+    memory: { supported: true, attribution: { supported: true } },
+    debugBundle: { supported: true },
+    triggerBridge: { supported: true },
+    httpClient: { safeFetch: { supported: true }, egressPolicy: { supported: true } },
+  };
+
+  it('a host meeting floor + all governance terms is full', () => {
+    const c = floorPayload(fullExtra);
+    expect(isAgentPlatformFull(c), why('agent-platform-profile.md §B', 'floor + governance ⇒ full')).toBe(true);
+    expect(agentPlatformStatus(c)).toBe('full');
+  });
+
+  it('a host advertising governance flags but missing tenant installScope reports partial, not full', () => {
+    const c = floorPayload({
+      ...fullExtra,
+      agents: { manifestRuntime: { supported: true, installScope: 'host' }, liveRuntime: { supported: true } },
+    });
+    expect(isAgentPlatformFull(c), why('agent-platform-profile.md §D', 'missing a governance term ⇒ MUST NOT be full')).toBe(false);
+    expect(agentPlatformStatus(c)).toBe('partial');
+  });
+
+  it('eval/deploy/budget are NOT hard full terms (a full host without them is still full)', () => {
+    const c = floorPayload(fullExtra); // no agents.evalSuite / agents.deployment / budget
+    expect(isAgentPlatformFull(c), why('agent-platform-profile.md §B', 'platform-plus tier is advisory, not a hard full term')).toBe(true);
+  });
+});
+
+describe('agent-platform-profile: satisfiedTerms[] non-contiguous adoption (RFC 0085 §D, server-free)', () => {
+  it('a host honoring full-tier terms but failing floor terms is status none yet has a non-empty satisfiedTerms[]', () => {
+    // The real-host (MyndHyve) shape: RBAC + memory.attribution + tenant installScope (3 full terms)
+    // satisfied, while liveRuntime / toolCatalog / providerUsage / memory floor terms are absent.
+    const c = {
+      ...CORE,
+      agents: { manifestRuntime: { supported: true, installScope: 'tenant' } }, // no liveRuntime
+      authorization: { supported: true },
+      memory: { attribution: { supported: true } }, // attribution but NOT memory.supported
+      toolHooks: { supported: true },
+      httpClient: { safeFetch: { supported: true } },
+      prompts: { supported: true },
+      feedback: { supported: true },
+      replay: { supported: true },
+    } as Record<string, unknown>;
+    expect(agentPlatformStatus(c), why('agent-platform-profile.md §D', 'floor unmet ⇒ none')).toBe('none');
+    const terms = agentPlatformSatisfiedTerms(c);
+    expect(terms.includes('full:authorization'), why('§D', 'a satisfied full term is reported even at none')).toBe(true);
+    expect(terms.includes('full:memory.attribution')).toBe(true);
+    expect(terms.includes('full:tenant-installScope')).toBe(true);
+    expect(terms.includes('floor:agents.liveRuntime'), why('§D', 'an unmet floor term is NOT reported')).toBe(false);
+    expect(terms.length).toBeGreaterThan(0); // distinguishable from a 0/16 do-nothing host
+  });
+
+  it('a full host reports all sixteen terms satisfied', () => {
+    const c = floorPayload({
+      authorization: { supported: true },
+      agents: { manifestRuntime: { supported: true, installScope: 'tenant' }, liveRuntime: { supported: true } },
+      memory: { supported: true, attribution: { supported: true } },
+      debugBundle: { supported: true },
+      triggerBridge: { supported: true },
+      httpClient: { safeFetch: { supported: true }, egressPolicy: { supported: true } },
+    });
+    expect(agentPlatformSatisfiedTerms(c).length, why('§D', 'a full host satisfies all 16 terms')).toBe(16);
+  });
+});
+
+describe('agent-platform-profile: capability shape (RFC 0085, server-free)', () => {
+  it('capabilities.nondeterminismPolicy.declared is declared', () => {
+    const caps = JSON.parse(readFileSync(join(SCHEMAS_DIR, 'capabilities.schema.json'), 'utf8')) as { properties?: Record<string, { properties?: Record<string, unknown> }> };
+    expect(
+      caps.properties?.nondeterminismPolicy?.properties?.declared,
+      why('agent-platform-profile.md §B', 'capabilities.nondeterminismPolicy.declared MUST be declared'),
+    ).toBeDefined();
+  });
+});

package/src/scenarios/agent-roster-attribution.test.ts

@@ -0,0 +1,179 @@
+/**
+ * Standing-agent roster attribution + ordering (RFC 0086 §B/§C) — behavioral.
+ *
+ * Gated on `capabilities.agents.roster.supported` (root-first per RFC 0073).
+ * Soft-skips when unadvertised (default) / hard-fails under
+ * `OPENWOP_REQUIRE_BEHAVIOR=true` via `behaviorGate`. The companion always-on
+ * wire-shape coverage lives in `agent-roster-shape.test.ts`; this scenario
+ * asserts host BEHAVIOR:
+ *
+ *   1. NORMATIVE read — `GET /v1/agents/roster` (RFC 0086 §B) returns the
+ *      `agent-roster-response` shape (roster[] + `total == roster.length`), and
+ *      every entry carries a `host:<id>` `rosterId`, a `persona`, an
+ *      `agentRef.agentId`, and an `owner.tenantId`. Runs black-box against the
+ *      normative path on any roster host.
+ *   2. ATTRIBUTION + ORDERING (seam-gated) — a portfolio fire emits
+ *      `roster.run.initiated` as the run's FIRST attribution event, BEFORE any
+ *      `agent.invocation.*` / `agent.*` event (§C), content-free (no work-item
+ *      `body`/`prompt`/credential — the `roster-attribution-no-content`
+ *      invariant), with `rosterId`/`persona`/`agentId`/`workflowId`/
+ *      `triggerSource`. A durable work-item fire additionally carries
+ *      `triggerSubscriptionId` (RFC 0083) traceable on the run's `causationId`.
+ *   3. TENANT SCOPING (§B / RFC 0074) — a `GET /v1/agents/roster/{id}` for an id
+ *      outside the caller's owner triple 404s (probed only when a cross-tenant id
+ *      is supplied via `OPENWOP_CROSS_TENANT_ROSTER_ID`; soft-skip otherwise).
+ *
+ * The fire + event-log seams are OPTIONAL (reference roster store deferred per
+ * RFC 0086 §Conformance); each leg soft-skips independently so a host that
+ * serves only the normative read still exercises leg 1.
+ *
+ * Spec references:
+ *   - https://github.com/openwop/openwop/blob/main/spec/v1/agent-roster.md
+ *   - https://github.com/openwop/openwop/blob/main/RFCS/0086-standing-agent-roster-and-workflow-portfolio.md
+ *   - https://github.com/openwop/openwop/blob/main/SECURITY/invariants.yaml (roster-attribution-no-content)
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { behaviorGate } from '../lib/behavior-gate.js';
+import { readRosterCap, listRoster, getRosterEntry, fireRosterPortfolio } from '../lib/agentRoster.js';
+import {
+  queryTestEvents,
+  isEventLogSeamAvailable,
+  resetTestSeam,
+  type TestEvent,
+} from '../lib/event-log-query.js';
+
+const ROSTER_ID_RE = /^host:[a-z0-9][a-z0-9._-]*$/;
+
+/** Lowest-sequence event matching one of `types`; undefined when none present. */
+function firstOf(events: TestEvent[], types: string[]): TestEvent | undefined {
+  return events
+    .filter((e) => types.includes(e.type))
+    .sort((a, b) => a.sequence - b.sequence)[0];
+}
+
+describe('agent-roster-attribution (RFC 0086 §B/§C)', () => {
+  it('serves the normative roster, attributes a portfolio fire content-free + ordered, and tenant-scopes', async () => {
+    const cap = await readRosterCap();
+    if (!behaviorGate('openwop-roster-attribution', cap?.supported === true)) return;
+
+    // RFC 0074 carry-forward: installScope MUST be host|tenant when present.
+    const installScope = typeof cap?.installScope === 'string' ? cap.installScope : 'host';
+    expect(
+      installScope === 'host' || installScope === 'tenant',
+      driver.describe('RFC 0086 §F / RFC 0074 §B', "agents.roster.installScope (when present) MUST be 'host' or 'tenant'"),
+    ).toBe(true);
+
+    // ---- Leg 1: normative read (black-box on any roster host) -------------
+    const body = await listRoster();
+    if (body === null) return; // host advertises roster but doesn't serve the read yet — soft-skip
+    const roster = body.roster ?? [];
+    expect(
+      Array.isArray(roster),
+      driver.describe('agent-roster.md §B', 'GET /v1/agents/roster MUST return a roster[] array'),
+    ).toBe(true);
+    expect(
+      body.total === roster.length,
+      driver.describe('agent-roster-response.schema.json', 'total MUST equal roster.length'),
+    ).toBe(true);
+    for (const entry of roster) {
+      expect(
+        typeof entry.rosterId === 'string' && ROSTER_ID_RE.test(entry.rosterId),
+        driver.describe('agent-roster-entry.schema.json', 'each entry MUST carry a host:<id> rosterId'),
+      ).toBe(true);
+      expect(
+        typeof entry.persona === 'string' && entry.persona.length > 0,
+        driver.describe('agent-roster.md §A', 'each entry MUST carry a non-empty persona'),
+      ).toBe(true);
+      expect(
+        typeof entry.agentRef?.agentId === 'string',
+        driver.describe('agent-roster.md §A', 'each entry MUST reference an agentRef.agentId'),
+      ).toBe(true);
+      expect(
+        typeof entry.owner?.tenantId === 'string',
+        driver.describe('agent-roster.md §B / RFC 0074', 'each entry MUST carry an owner.tenantId scope'),
+      ).toBe(true);
+      // RFC 0082 §A XOR: an agentRef MUST NOT pin both version and channel.
+      expect(
+        !(entry.agentRef?.version !== undefined && entry.agentRef?.channel !== undefined),
+        driver.describe('RFC 0082 §A', 'agentRef MUST NOT carry both version and channel'),
+      ).toBe(true);
+    }
+
+    // ---- Leg 2: attribution + ordering (seam-gated) ----------------------
+    if (await isEventLogSeamAvailable()) {
+      // Scheduled portfolio fire.
+      const fired = await fireRosterPortfolio({ triggerSource: 'schedule' });
+      if (fired?.runId) {
+        const q = await queryTestEvents(fired.runId);
+        if (q.ok) {
+          const init = firstOf(q.events, ['roster.run.initiated']);
+          expect(
+            init !== undefined,
+            driver.describe('agent-roster.md §C', 'a portfolio fire MUST emit roster.run.initiated'),
+          ).toBe(true);
+
+          if (init) {
+            // Ordering: roster.run.initiated precedes ANY agent invocation/event.
+            const firstAgent = firstOf(q.events, [
+              'agent.invocation.started',
+              'agent.reasoned',
+              'agent.decided',
+            ]);
+            if (firstAgent) {
+              expect(
+                init.sequence < firstAgent.sequence,
+                driver.describe('agent-roster.md §C', 'roster.run.initiated MUST precede any agent.* event in the run'),
+              ).toBe(true);
+            }
+
+            // Content-free: required ids present; NO work-item body/prompt/credential.
+            const p = init.payload;
+            for (const key of ['rosterId', 'persona', 'agentId', 'workflowId', 'triggerSource']) {
+              expect(
+                typeof p[key] === 'string' && (p[key] as string).length > 0,
+                driver.describe('run-event-payloads.schema.json#rosterRunInitiated', `roster.run.initiated MUST carry ${key}`),
+              ).toBe(true);
+            }
+            for (const forbidden of ['body', 'prompt', 'input', 'payload', 'apiKey', 'secret', 'credentials', 'token']) {
+              expect(
+                !(forbidden in p),
+                driver.describe('SECURITY roster-attribution-no-content', `roster.run.initiated MUST be content-free (no ${forbidden})`),
+              ).toBe(true);
+            }
+            expect(
+              typeof p.rosterId === 'string' && ROSTER_ID_RE.test(p.rosterId),
+              driver.describe('agent-roster.md §C', 'roster.run.initiated.rosterId MUST be a host:<id> AgentRef id'),
+            ).toBe(true);
+          }
+        }
+      }
+
+      // Durable work-item fire: carries the RFC 0083 triggerSubscriptionId + causation.
+      const work = await fireRosterPortfolio({ triggerSource: 'webhook', asWorkItem: true });
+      if (work?.runId) {
+        const q = await queryTestEvents(work.runId, { type: 'roster.run.initiated' });
+        if (q.ok && q.events[0]) {
+          const p = q.events[0].payload;
+          expect(
+            typeof p.triggerSubscriptionId === 'string' && (p.triggerSubscriptionId as string).length > 0,
+            driver.describe('agent-roster.md §D / RFC 0083', 'a durable work-item fire MUST carry triggerSubscriptionId for trigger→run→roster ancestry'),
+          ).toBe(true);
+        }
+      }
+
+      await resetTestSeam();
+    }
+
+    // ---- Leg 3: tenant scoping (RFC 0074) --------------------------------
+    const crossTenantId = process.env.OPENWOP_CROSS_TENANT_ROSTER_ID;
+    if (typeof crossTenantId === 'string' && crossTenantId.length > 0) {
+      const probe = await getRosterEntry(crossTenantId);
+      expect(
+        probe.status === 404,
+        driver.describe('agent-roster.md §B / RFC 0074', "GET /v1/agents/roster/{id} for a cross-tenant id MUST 404 (no cross-tenant disclosure)"),
+      ).toBe(true);
+    }
+  });
+});