@openwop/openwop-conformance 1.6.1 → 1.11.0

package/src/scenarios/agent-roster-shape.test.ts

@@ -0,0 +1,146 @@
+/**
+ * Standing agent roster — entry + capability + attribution-event shapes (RFC 0086).
+ *
+ * Always-on, server-free schema-shape probe. Verifies that:
+ *   - `capabilities.agents.roster` is declared with its `supported` /
+ *     `installScope` / `portfolioTriggerSources` sub-flags.
+ *   - `agent-roster-entry.schema.json` compiles and round-trips a conforming
+ *     entry, and rejects malformed ones (a non-`host:` rosterId; an `agentRef`
+ *     carrying BOTH `version` and `channel` — the RFC 0082 §A XOR rule).
+ *   - the `roster.run.initiated` payload $def validates a conforming
+ *     content-free attribution record and requires its ids + persona.
+ *   - `roster.run.initiated` is CONTENT-FREE: a payload carrying a work-item
+ *     `body` or a `prompt` is rejected (`additionalProperties:false`). This is
+ *     the public test for the protocol-tier SECURITY invariant
+ *     `roster-attribution-no-content`.
+ *   - the `AgentInventoryEntry` carries the additive optional `roster`
+ *     portfolio projection (RFC 0086 §B).
+ *   - `roster.run.initiated` appears in the RunEventType enum.
+ *
+ * Behavioral assertions (a scheduled portfolio fire emitting roster.run.initiated
+ * before agent.invocation.started; the work-item causation chain; the replay
+ * re-read; cross-tenant 404) are gated on `capabilities.agents.roster.supported`
+ * and land at Active → Accepted (reference-host roster store deferred per RFC 0086
+ * §Conformance). This scenario asserts the wire contract, not host behavior.
+ *
+ * Spec references:
+ *   - https://github.com/openwop/openwop/blob/main/spec/v1/agent-roster.md
+ *   - https://github.com/openwop/openwop/blob/main/RFCS/0086-standing-agent-roster-and-workflow-portfolio.md
+ *   - https://github.com/openwop/openwop/blob/main/SECURITY/invariants.yaml (roster-attribution-no-content)
+ */
+
+import { describe, it, expect } from 'vitest';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+
+/** Server-free assertion-message helper. */
+const why = (specRef: string, requirement: string): string => `${specRef} — ${requirement}`;
+
+function loadSchema(name: string): Record<string, unknown> {
+  return JSON.parse(readFileSync(join(SCHEMAS_DIR, name), 'utf8')) as Record<string, unknown>;
+}
+
+describe('agent-roster-shape: capability advertisement (RFC 0086, server-free)', () => {
+  it('the capabilities schema declares agents.roster with its sub-flags', () => {
+    const caps = loadSchema('capabilities.schema.json');
+    const agents = (caps.properties as Record<string, { properties?: Record<string, { properties?: Record<string, unknown> }> }>).agents;
+    const roster = agents?.properties?.roster;
+    expect(roster, why('capabilities.md §agents', 'agents.roster MUST be declared')).toBeDefined();
+    for (const flag of ['supported', 'installScope', 'portfolioTriggerSources']) {
+      expect(roster?.properties?.[flag], why('agent-roster.md §F', `agents.roster.${flag} MUST be declared`)).toBeDefined();
+    }
+  });
+});
+
+describe('agent-roster-shape: roster entry (RFC 0086 §A, server-free)', () => {
+  const ajv = new Ajv2020({ strict: false, allErrors: true });
+  addFormats(ajv);
+  const entry = ajv.compile(loadSchema('agent-roster-entry.schema.json'));
+
+  it('AgentRosterEntry validates a conforming entry', () => {
+    const good = {
+      rosterId: 'host:sally-marketing',
+      persona: 'Sally',
+      agentRef: { agentId: 'core.openwop.agents.brief-writer', channel: 'stable' },
+      workflows: ['marketing-email-campaign'],
+      owner: { tenantId: 'acme', workspaceId: 'growth' },
+      enabled: true,
+    };
+    expect(entry(good), why('RFC 0086 §A', 'a conforming roster entry MUST validate')).toBe(true);
+  });
+
+  it('rejects a non-host: rosterId and an agentRef carrying both version and channel', () => {
+    const base = {
+      rosterId: 'host:sally-marketing',
+      persona: 'Sally',
+      agentRef: { agentId: 'core.openwop.agents.brief-writer' },
+      owner: { tenantId: 'acme' },
+    };
+    expect(entry({ ...base, rosterId: 'core.openwop.agents.sally' }), why('RFC 0086 §A', 'a non-`host:` rosterId MUST be rejected')).toBe(false);
+    expect(
+      entry({ ...base, agentRef: { agentId: 'core.x.y.z', version: '1.0.0', channel: 'stable' } }),
+      why('RFC 0082 §A', 'an agentRef with BOTH version and channel MUST be rejected'),
+    ).toBe(false);
+    expect(entry({ persona: 'x', agentRef: { agentId: 'core.x.y.z' }, owner: { tenantId: 'acme' } }), why('RFC 0086 §A', 'a roster entry without rosterId MUST be rejected')).toBe(false);
+  });
+});
+
+describe('agent-roster-shape: roster.run.initiated event (RFC 0086 §C, server-free)', () => {
+  const payloads = loadSchema('run-event-payloads.schema.json');
+  const ajv = new Ajv2020({ strict: false, allErrors: true });
+  addFormats(ajv);
+  ajv.addSchema(payloads, 'payloads');
+  const initiated = ajv.getSchema('payloads#/$defs/rosterRunInitiated');
+
+  it('roster.run.initiated validates a content-free attribution record and requires its ids', () => {
+    expect(initiated, 'the rosterRunInitiated $def MUST exist').toBeTruthy();
+    expect(
+      initiated!({ rosterId: 'host:sally-marketing', persona: 'Sally', agentId: 'core.openwop.agents.brief-writer', workflowId: 'marketing-email-campaign', triggerSource: 'schedule' }),
+      why('RFC 0086 §C', 'a conforming roster.run.initiated payload MUST validate'),
+    ).toBe(true);
+    expect(initiated!({ rosterId: 'host:s', persona: 'S' }), why('RFC 0086 §C', 'roster.run.initiated without agentId/workflowId/triggerSource MUST be rejected')).toBe(false);
+  });
+
+  it('roster.run.initiated is content-free — a work-item body and a prompt are rejected (roster-attribution-no-content)', () => {
+    const base = { rosterId: 'host:s', persona: 'S', agentId: 'a.b.c.d', workflowId: 'wf', triggerSource: 'queue' };
+    expect(
+      initiated!({ ...base, body: 'the card description' }),
+      why('SECURITY invariant roster-attribution-no-content', 'roster.run.initiated MUST NOT carry the work-item body'),
+    ).toBe(false);
+    expect(
+      initiated!({ ...base, prompt: 'system: …' }),
+      why('SECURITY invariant roster-attribution-no-content', 'roster.run.initiated MUST NOT carry prompt content'),
+    ).toBe(false);
+  });
+});
+
+describe('agent-roster-shape: inventory projection + enum (RFC 0086 §B, server-free)', () => {
+  it('AgentInventoryEntry carries the additive optional roster portfolio projection', () => {
+    const inv = loadSchema('agent-inventory-response.schema.json');
+    const entry = (inv.$defs as Record<string, { properties?: Record<string, unknown> }>).AgentInventoryEntry?.properties ?? {};
+    expect(entry.roster, why('RFC 0086 §B', 'AgentInventoryEntry.roster (the portfolio projection) MUST be declared')).toBeDefined();
+  });
+
+  it('roster.run.initiated appears in the RunEventType enum', () => {
+    const runEvent = loadSchema('run-event.schema.json');
+    const enumVals = (runEvent.$defs as Record<string, { enum?: string[] }>).RunEventType?.enum ?? [];
+    expect(enumVals).toContain('roster.run.initiated');
+  });
+
+  it('the GET /v1/agents/roster response schema validates + rejects extras (RFC 0086 §B)', () => {
+    const ajv = new Ajv2020({ strict: false, allErrors: true });
+    addFormats(ajv);
+    ajv.addSchema(loadSchema('agent-roster-entry.schema.json'), 'https://openwop.dev/spec/v1/agent-roster-entry.schema.json');
+    const resp = ajv.compile(loadSchema('agent-roster-response.schema.json'));
+    const good = {
+      roster: [{ rosterId: 'host:sally', persona: 'Sally', agentRef: { agentId: 'core.x.y.z' }, owner: { tenantId: 'acme' } }],
+      total: 1,
+    };
+    expect(resp(good), why('RFC 0086 §B', 'a conforming GET /v1/agents/roster response MUST validate')).toBe(true);
+    expect(resp({ ...good, unexpected: true }), why('RFC 0086 §B', 'an extra top-level property MUST be rejected')).toBe(false);
+    expect(resp({ roster: [] }), why('RFC 0086 §B', 'the response MUST require `total`')).toBe(false);
+  });
+});

package/src/scenarios/ai-envelope-shape.test.ts

@@ -23,15 +23,10 @@ import Ajv2020 from 'ajv/dist/2020.js';
 import { readFileSync } from 'node:fs';
 import { join } from 'node:path';
 import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 import { SCHEMAS_DIR } from '../lib/paths.js';
 
-interface DiscoveryDoc {
-  capabilities?: {
-    aiProviders?: { supported?: unknown };
-    supportedEnvelopes?: unknown;
-  };
-  supportedEnvelopes?: unknown;
-}
+type DiscoveryDoc = Record<string, unknown>;
 
 const UNIVERSAL_KINDS = [
   'clarification.request',
@@ -47,19 +42,19 @@ async function readDiscovery(): Promise<DiscoveryDoc | null> {
 }
 
 function aiProvidersSupported(d: DiscoveryDoc | null): boolean {
-  if (!d?.capabilities?.aiProviders?.supported) return false;
+  // Root-first per RFC 0073; `capabilities.aiProviders` is the deprecated wrapper shape.
+  const ap = capabilityFamily<{ supported?: unknown }>(d ?? undefined, 'aiProviders');
+  if (!ap?.supported) return false;
   // aiProviders.supported can be `true` or an array per the capabilities schema.
-  const v = d.capabilities.aiProviders.supported;
+  const v = ap.supported;
   return v === true || (Array.isArray(v) && v.length > 0);
 }
 
 function supportedEnvelopes(d: DiscoveryDoc | null): string[] {
-  // supportedEnvelopes is at the top level per the capabilities schema, but
-  // some hosts nest it under capabilities — tolerate both.
-  const top = d?.supportedEnvelopes;
-  const nested = d?.capabilities?.supportedEnvelopes;
-  const raw = Array.isArray(top) ? top : Array.isArray(nested) ? nested : [];
-  return raw.filter((s): s is string => typeof s === 'string');
+  // supportedEnvelopes is a document-root field per capabilities.md §"Document-root
+  // layout" (RFC 0073); a `capabilities.*` wrapper is the deprecated fallback.
+  const raw = capabilityFamily<unknown>(d ?? undefined, 'supportedEnvelopes');
+  return Array.isArray(raw) ? raw.filter((s): s is string => typeof s === 'string') : [];
 }
 
 // HTTP-driven blocks soft-skip when no base URL is configured (gate's
@@ -76,9 +71,10 @@ describe.skipIf(HTTP_SKIP)('ai-envelope-shape: advertisement contract (RFC 0021
     for (const k of env) {
       expect(typeof k, driver.describe('capabilities.md §supportedEnvelopes', 'each entry MUST be a string')).toBe('string');
     }
-    // Re-affirm shape: array if present.
-    if (d.capabilities?.supportedEnvelopes !== undefined) {
-      expect(Array.isArray(d.capabilities.supportedEnvelopes), 'supportedEnvelopes MUST be an array').toBe(true);
+    // Re-affirm shape: array if present (root-first per RFC 0073).
+    const advertised = capabilityFamily<unknown>(d, 'supportedEnvelopes');
+    if (advertised !== undefined) {
+      expect(Array.isArray(advertised), 'supportedEnvelopes MUST be an array').toBe(true);
     }
   });
 });

package/src/scenarios/aiEnvelope.capBreached.test.ts

@@ -33,7 +33,7 @@ interface DiscoveryDoc {
 async function readLimits(): Promise<Record<string, number> | null> {
   const res = await driver.get('/.well-known/openwop');
   const body = res.json as DiscoveryDoc | undefined;
-  const limits = body?.limits ?? body?.capabilities?.limits ?? null;
+  const limits = body?.limits ?? capabilityFamily(body, 'limits') ?? null;
   return limits && typeof limits === 'object' ? (limits as Record<string, number>) : null;
 }
 
@@ -166,6 +166,7 @@ describe('aiEnvelope.capBreached: behavioral cap enforcement (FINAL v1.1)', () =
 // node.failed per capabilities.md §"Engine-enforced limits". Tests
 // soft-skip on HTTP 404 when the seam isn't exposed.
 import { queryTestEvents, isEventLogSeamAvailable, resetTestSeam } from '../lib/event-log-query.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 describe('aiEnvelope.capBreached: engine projection via event-log seam (capabilities.md §"cap.breached")', () => {
   it('breached outcome projects to cap.breached { kind: "envelopes" } event with causationId chain', async () => {

package/src/scenarios/aiEnvelope.schemaDrift.test.ts

@@ -54,7 +54,7 @@ describe('aiEnvelope.schemaDrift: advertisement shape (FINAL v1.1)', () => {
     if (!(await isEnvelopeContractsAdvertised())) return; // not opted in — skip
     const res = await driver.get('/.well-known/openwop');
     const body = res.json as { schemaVersions?: Record<string, number>; capabilities?: { schemaVersions?: Record<string, number> } } | undefined;
-    const versions = body?.schemaVersions ?? body?.capabilities?.schemaVersions ?? {};
+    const versions = body?.schemaVersions ?? capabilityFamily(body, 'schemaVersions') ?? {};
     expect(
       Object.keys(versions).length > 0,
       driver.describe(
@@ -189,6 +189,7 @@ describe('aiEnvelope.schemaDrift: behavioral strictness gate (FINAL v1.1)', () =
 // E.2 OTel scrape seam.
 import { queryTestSpans, isOtelSeamAvailable } from '../lib/otel-scrape.js';
 import { resetTestSeam } from '../lib/event-log-query.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 describe('aiEnvelope.schemaDrift: OTel drift attribute projection (E.2)', () => {
   it('below-floor + strictness:warn → OTel span MUST carry envelope_schema_version_drift attribute', async () => {

package/src/scenarios/aiEnvelope.universalKinds.test.ts

@@ -166,6 +166,7 @@ describe('aiEnvelope.universalKinds: behavioral accept via /v1/host/sample/envel
 
 // E.1 engine-projection via the test-only event-log seam.
 import { queryTestEvents, isEventLogSeamAvailable, resetTestSeam } from '../lib/event-log-query.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
 
 describe('aiEnvelope.universalKinds: engine projection via event-log seam', () => {
   it('clarification.request MUST be lifted to interrupt.requested { kind: "clarification" } per interrupt.md', async () => {
@@ -254,7 +255,7 @@ describe('aiEnvelope.universalKinds: schema.response counter-policy advertisemen
     // advertising a policy field use a documented value.
     const res = await driver.get('/.well-known/openwop');
     const body = res.json as { capabilities?: { aiEnvelope?: { schemaResponseCounterPolicy?: string } } } | undefined;
-    const policy = body?.capabilities?.aiEnvelope?.schemaResponseCounterPolicy;
+    const policy = capabilityFamily<{ schemaResponseCounterPolicy?: string }>(body, 'aiEnvelope')?.schemaResponseCounterPolicy;
     if (policy === undefined) return; // no policy advertised — host MAY omit
     expect(
       ['counted', 'exempt'].includes(policy),

package/src/scenarios/approval-gate-flow.test.ts

@@ -22,14 +22,12 @@
 
 import { describe, it, expect } from 'vitest';
 import { driver } from '../lib/driver.js';
-
-interface DiscoveryDoc {
-  capabilities?: { authorization?: { supported?: boolean } };
-}
+import { readCapabilityFamily } from '../lib/discovery-capabilities.js';
 
 async function authorizationSupported(): Promise<boolean> {
-  const res = await driver.get('/.well-known/openwop');
-  return (res.json as DiscoveryDoc | undefined)?.capabilities?.authorization?.supported === true;
+  // Root-first per RFC 0073 (`capabilities.authorization` is the deprecated wrapper shape).
+  const authz = await readCapabilityFamily<{ supported?: unknown }>('authorization');
+  return authz?.supported === true;
 }
 
 describe('approval-gate-flow: role-gated, audited approval (RFC 0051 §A)', () => {

package/src/scenarios/artifact-schema-compile-bounded.test.ts

@@ -0,0 +1,126 @@
+/**
+ * Bounded artifact-schema compilation (RFC 0071, `Active`).
+ *
+ * Always-on, server-free assertion for the SECURITY invariant
+ * `artifact-schema-compile-bounded`. Artifact-type packs ship third-party
+ * JSON Schemas that the engine compiles (Ajv) at install + validation time;
+ * an unbounded compile is a denial-of-service vector (schema bombs:
+ * pathological `$ref` recursion, keyword-count explosion, oversized payloads,
+ * catastrophic-backtracking `pattern`s). This scenario asserts two things
+ * that must hold for every release regardless of which host runs it:
+ *
+ *   PART 1 — contract present. `artifact-type-packs.md` carries the normative
+ *   bounded-compilation MUST (serialized-size, `$ref`-depth, keyword-count
+ *   bounds + wall-clock timeout), and `host-capabilities.md` §host.artifactTypes
+ *   references it. Guards against the requirement being silently dropped.
+ *
+ *   PART 2 — defense is well-defined + implementable. A reference bounding
+ *   predicate built from representative finite limits rejects three schema
+ *   bombs and admits a benign artifact schema. The specific numeric limits are
+ *   host-configurable per the spec (advertised, not protocol-mandated); the
+ *   point is that *some* finite bound exists and catches the bombs while
+ *   passing legitimate schemas.
+ *
+ * The behavioral end-to-end form (a host rejects an over-bounds pack at
+ * registry `PUT` with `pack_validation_failed`) is capability-gated on
+ * `host.artifactTypes.supported` and is `host-pending` until a reference host
+ * lands; this server-free scenario is the always-on floor.
+ *
+ * @see spec/v1/artifact-type-packs.md §"Bounded schema compilation (normative)"
+ * @see SECURITY/threat-model-node-packs.md §"Distributed artifact schemas"
+ * @see RFCS/0071-artifact-type-and-chat-card-packs.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { V1_DIR } from '../lib/paths.js';
+
+const why = (specRef: string, requirement: string): string => `${specRef} — ${requirement}`;
+
+describe('artifact-schema-compile-bounded: contract present in the corpus (RFC 0071, server-free)', () => {
+  const artifactDoc = V1_DIR ? readFileSync(join(V1_DIR, 'artifact-type-packs.md'), 'utf8') : '';
+  const hostCaps = V1_DIR ? readFileSync(join(V1_DIR, 'host-capabilities.md'), 'utf8') : '';
+
+  it.skipIf(V1_DIR === null)('artifact-type-packs.md declares the bounded-compilation MUST', () => {
+    expect(
+      /Bounded schema compilation/i.test(artifactDoc),
+      why('artifact-type-packs.md', 'a "Bounded schema compilation" section MUST exist'),
+    ).toBe(true);
+    expect(
+      /MUST bound/i.test(artifactDoc) && /MUST reject/i.test(artifactDoc),
+      why('artifact-type-packs.md §"Bounded schema compilation"', 'host MUST bound + MUST reject over-limit schemas'),
+    ).toBe(true);
+    // The three structural axes + the timeout MUST all be named.
+    for (const axis of [/byte size/i, /\$ref/i, /keyword/i, /timeout/i]) {
+      expect(axis.test(artifactDoc), why('artifact-type-packs.md', `bound axis ${axis} MUST be named`)).toBe(true);
+    }
+  });
+
+  it.skipIf(V1_DIR === null)('host-capabilities.md §host.artifactTypes references the bound', () => {
+    expect(
+      /artifact-schema-compile-bounded/.test(hostCaps),
+      why('host-capabilities.md §host.artifactTypes', 'MUST reference the bounded-compilation invariant'),
+    ).toBe(true);
+  });
+});
+
+describe('artifact-schema-compile-bounded: a finite bound catches schema bombs (RFC 0071, server-free)', () => {
+  // Representative, host-configurable limits (the spec leaves the exact values
+  // to host advertisement; these stand in for "some finite bound").
+  const LIMITS = { maxBytes: 64 * 1024, maxRefDepth: 16, maxKeywords: 2000 };
+
+  function refDepth(node: unknown, seen = 0): number {
+    if (node === null || typeof node !== 'object') return seen;
+    const obj = node as Record<string, unknown>;
+    const here = '$ref' in obj ? seen + 1 : seen;
+    let max = here;
+    for (const v of Object.values(obj)) max = Math.max(max, refDepth(v, here));
+    return max;
+  }
+  function keywordCount(node: unknown): number {
+    if (node === null || typeof node !== 'object') return 0;
+    const obj = node as Record<string, unknown>;
+    let n = Object.keys(obj).length;
+    for (const v of Object.values(obj)) n += keywordCount(v);
+    return n;
+  }
+  /** Reference bound predicate — the shape a conformant host applies at PUT/install. */
+  function exceedsBounds(schema: unknown): boolean {
+    const bytes = Buffer.byteLength(JSON.stringify(schema), 'utf8');
+    if (bytes > LIMITS.maxBytes) return true;
+    if (refDepth(schema) > LIMITS.maxRefDepth) return true;
+    if (keywordCount(schema) > LIMITS.maxKeywords) return true;
+    return false;
+  }
+
+  it('admits a benign artifact schema', () => {
+    const benign = {
+      $schema: 'https://json-schema.org/draft/2020-12/schema',
+      $id: 'https://h.example/schemas/artifacts/vendor.acme.cad.model.schema.json',
+      type: 'object',
+      additionalProperties: false,
+      required: ['name'],
+      properties: { name: { type: 'string' }, dims: { type: 'array', items: { type: 'number' } } },
+    };
+    expect(exceedsBounds(benign), why('artifact-type-packs.md', 'a legitimate artifact schema MUST NOT be rejected')).toBe(false);
+  });
+
+  it('rejects a $ref-depth bomb', () => {
+    // Nest $ref-bearing objects deeper than maxRefDepth so resolution depth accumulates.
+    let node: Record<string, unknown> = { type: 'string' };
+    for (let i = 0; i < LIMITS.maxRefDepth + 4; i++) node = { $ref: '#/x', properties: { nested: node } };
+    expect(exceedsBounds({ type: 'object', properties: { deep: node } }), why('threat-model-node-packs.md', 'a $ref-depth bomb MUST be rejected')).toBe(true);
+  });
+
+  it('rejects a keyword-count bomb', () => {
+    const props: Record<string, unknown> = {};
+    for (let i = 0; i < LIMITS.maxKeywords + 100; i++) props[`p${i}`] = { type: 'string' };
+    expect(exceedsBounds({ type: 'object', properties: props }), why('threat-model-node-packs.md', 'a keyword-count bomb MUST be rejected')).toBe(true);
+  });
+
+  it('rejects an oversized schema', () => {
+    const huge = { type: 'object', description: 'x'.repeat(LIMITS.maxBytes + 1) };
+    expect(exceedsBounds(huge), why('threat-model-node-packs.md', 'an over-size schema MUST be rejected')).toBe(true);
+  });
+});

package/src/scenarios/artifact-type-pack-install.test.ts

@@ -0,0 +1,78 @@
+/**
+ * artifact-type-pack-install — RFC 0071 Phase 1 §"Binding the existing artifact
+ * surfaces". A host that advertises `host.artifactTypes` installs an
+ * artifact-type pack, then produces an artifact of a registered type:
+ *
+ *   - a payload that conforms to the pack schema is stored and surfaces an
+ *     `artifact.created` with `registered: true` (validated against the pack);
+ *   - a payload that violates the schema is rejected (not stored, no
+ *     `registered: true` artifact.created).
+ *
+ * Gated on `capabilities.host.artifactTypes.supported` + the host-sample
+ * install/produce seam; soft-skips when either is absent (`host-pending`
+ * until a reference host wires RFC 0071 — see the migration request at
+ * docs/openwop-adoption/0071-artifact-type-packs-migration-request.md).
+ *
+ * @see spec/v1/artifact-type-packs.md §"Binding the existing artifact surfaces"
+ * @see RFCS/0071-artifact-type-and-chat-card-packs.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import {
+  readArtifactTypesCap,
+  artifactTypesSupported,
+  installArtifactTypePack,
+  produceArtifact,
+  sampleArtifactTypePack,
+} from '../lib/artifactTypes.js';
+
+describe('artifact-type-pack-install: registered artifacts are schema-validated (RFC 0071)', () => {
+  it('a conforming payload yields artifact.created { registered: true }', async () => {
+    if (!artifactTypesSupported(await readArtifactTypesCap())) return; // unadvertised — soft-skip
+    const { artifactTypeId, manifest, schema } = sampleArtifactTypePack();
+
+    const installed = await installArtifactTypePack(manifest, { [artifactTypeId]: schema });
+    if (installed === null) return; // seam absent — soft-skip
+    expect(
+      installed.status >= 200 && installed.status < 300,
+      driver.describe('artifact-type-packs.md §"Pack kind"', 'a valid artifact-type pack MUST install cleanly'),
+    ).toBe(true);
+
+    const produced = await produceArtifact(artifactTypeId, { title: 'Hello', body: 'World' });
+    if (produced === null) return; // seam absent — soft-skip
+    expect(
+      produced.json['registered'],
+      driver.describe('artifact-type-packs.md §"Binding the existing artifact surfaces"', 'a payload matching a registered artifactTypeId MUST be marked registered'),
+    ).toBe(true);
+    expect(
+      produced.json['validated'],
+      driver.describe('artifact-type-packs.md', 'the host MUST validate the payload against the pack schema before emitting artifact.created'),
+    ).toBe(true);
+    const evt = produced.json['artifactCreated'] as { registered?: unknown } | undefined;
+    if (evt && 'registered' in evt) {
+      expect(
+        evt.registered,
+        driver.describe('run-event-payloads.schema.json §artifactCreated', 'artifact.created.registered MUST be true for a validated registered artifact'),
+      ).toBe(true);
+    }
+  });
+
+  it('a schema-violating payload is rejected (not stored as a validated registered artifact)', async () => {
+    if (!artifactTypesSupported(await readArtifactTypesCap())) return;
+    const { artifactTypeId, manifest, schema } = sampleArtifactTypePack();
+    if ((await installArtifactTypePack(manifest, { [artifactTypeId]: schema })) === null) return;
+
+    // `body` missing + a foreign key → fails additionalProperties:false + required.
+    const produced = await produceArtifact(artifactTypeId, { title: 'Hello', extra: true });
+    if (produced === null) return;
+    const rejected =
+      produced.status >= 400 ||
+      produced.json['validated'] === false ||
+      produced.json['stored'] === false;
+    expect(
+      rejected,
+      driver.describe('artifact-type-packs.md §"Binding the existing artifact surfaces"', 'a payload that fails the pack schema MUST NOT be emitted as a validated registered artifact'),
+    ).toBe(true);
+  });
+});

package/src/scenarios/artifact-type-pack-manifest-validation.test.ts

@@ -0,0 +1,140 @@
+/**
+ * Artifact-type pack manifest validation — `artifact-type-packs.md` §"Manifest format"
+ * + `schemas/artifact-type-pack-manifest.schema.json` (RFC 0071 Phase 1).
+ *
+ * Server-free schema-validation scenario. Exercises the new
+ * `artifact-type-pack-manifest.schema.json` with a positive sample and the
+ * negative samples derived from the RFC's "Examples" section that are
+ * expressible at the JSON-Schema layer:
+ *
+ *   1. Positive: a valid `kind: "artifact-type"` manifest with a single
+ *      `artifactTypes[]` entry validates cleanly.
+ *   2. Negative — kind/contents mismatch: a manifest carrying BOTH
+ *      `artifactTypes[]` AND `nodes[]` is rejected. Surface-level outcome at
+ *      the registry HTTP API is `pack_kind_invalid` per the spec;
+ *      schema-level outcome is an `additionalProperties` violation on
+ *      `nodes` (this schema does not declare that field).
+ *   3. Negative — empty `artifactTypes[]`: rejected with a `minItems`
+ *      violation (a pack MUST declare at least one artifact type).
+ *   4. Negative — invalid `artifactTypeId`: a value that does not match the
+ *      reverse-DNS pattern (e.g. an uppercase scope) is rejected with a
+ *      `pattern` violation.
+ *   5. Negative — unknown `rendering.display`: a value outside the closed
+ *      enum (`"3d-viewport"`) is rejected with an `enum` violation
+ *      (the RenderingHint vocabulary is reused from RFC 0055, `card` excluded).
+ *   6. Negative — non-conforming `exportFormats` identifier: an uppercase /
+ *      unprefixed value is rejected with a `pattern` violation (reserved-core
+ *      + `vendor.*`/`x-` extension idiom).
+ *
+ * NOTE: the RFC's "core scope published from a non-core account" negative is a
+ * registry-PUT enforcement rule (account ↔ scope binding), NOT a schema
+ * constraint — `core.*` is a valid `artifactTypeId` pattern. It is therefore
+ * not asserted here; it belongs to the capability-gated publish scenario.
+ *
+ * Capability-gated end-to-end scenarios (install + validate; store-without-
+ * render negotiation) are deferred and gate on `host.artifactTypes.supported`
+ * per the RFC; behavior grade is `host-pending` until a reference host lands.
+ *
+ * @see spec/v1/artifact-type-packs.md
+ * @see schemas/artifact-type-pack-manifest.schema.json
+ * @see RFCS/0071-artifact-type-and-chat-card-packs.md
+ */
+
+import { describe, it, expect } from 'vitest';
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+import type { ErrorObject } from 'ajv';
+import { SCHEMAS_DIR } from '../lib/paths.js';
+
+const SCHEMA_PATH = join(SCHEMAS_DIR, 'artifact-type-pack-manifest.schema.json');
+
+function validManifest() {
+  return {
+    kind: 'artifact-type',
+    name: 'vendor.acme.cad',
+    version: '1.0.0',
+    engines: { openwop: '>=1.1 <2.0.0' },
+    artifactTypes: [
+      {
+        artifactTypeId: 'vendor.acme.cad.model',
+        schemaVersion: 1,
+        schemaRef: 'schemas/cad-model.schema.json',
+        rendering: { display: 'file', mimeType: 'model/step' },
+        exportFormats: ['step', 'stl', 'pdf'],
+        syncOn: 'completion',
+        supportsCheckpoint: true,
+      },
+    ],
+  };
+}
+
+describe('category: artifact-type-pack manifest validation', () => {
+  const ajv = new Ajv2020({ allErrors: true, strict: false });
+  addFormats(ajv);
+  const schema = JSON.parse(readFileSync(SCHEMA_PATH, 'utf8'));
+  const validate = ajv.compile(schema);
+
+  const failsWith = (manifest: unknown, keyword: string): ErrorObject[] => {
+    const ok = validate(manifest);
+    expect(ok).toBe(false);
+    const errs = (validate.errors ?? []).filter((e) => e.keyword === keyword);
+    return errs;
+  };
+
+  it('positive: a valid artifact-type pack manifest validates cleanly', () => {
+    const ok = validate(validManifest());
+    expect(
+      ok,
+      `artifact-type-packs.md §"Manifest format": a well-formed kind:"artifact-type" manifest MUST validate. Errors: ${JSON.stringify(validate.errors)}`,
+    ).toBe(true);
+  });
+
+  it('negative: a manifest mixing artifactTypes[] and nodes[] is rejected (pack_kind_invalid at the registry)', () => {
+    const manifest = { ...validManifest(), nodes: [{ typeId: 'vendor.acme.x', version: '1.0.0', category: 'data', role: 'pure' }] };
+    const errs = failsWith(manifest, 'additionalProperties');
+    expect(
+      errs.some((e) => (e.params as { additionalProperty?: string }).additionalProperty === 'nodes'),
+      'artifact-type-packs.md §"Pack kind": one kind per pack — a foreign `nodes[]` field MUST be rejected (additionalProperties:false)',
+    ).toBe(true);
+  });
+
+  it('negative: an empty artifactTypes[] is rejected (a pack MUST declare ≥1 type)', () => {
+    const manifest = { ...validManifest(), artifactTypes: [] };
+    const errs = failsWith(manifest, 'minItems');
+    expect(errs.length, 'artifact-type-pack-manifest.schema.json: artifactTypes minItems:1').toBeGreaterThan(0);
+  });
+
+  it('negative: an artifactTypeId that is not reverse-DNS scoped is rejected', () => {
+    const manifest = validManifest();
+    manifest.artifactTypes[0]!.artifactTypeId = 'Vendor.Acme.Model'; // uppercase scope
+    const errs = failsWith(manifest, 'pattern');
+    expect(errs.length, 'artifact-type-packs.md: artifactTypeId MUST match the reverse-DNS pattern').toBeGreaterThan(0);
+  });
+
+  it('negative: an unknown rendering.display value is rejected (closed RFC 0055 enum, card excluded)', () => {
+    const manifest = validManifest();
+    (manifest.artifactTypes[0]!.rendering as { display: string }).display = '3d-viewport';
+    const errs = failsWith(manifest, 'enum');
+    expect(errs.length, 'artifact-type-packs.md: rendering.display reuses the closed ai-envelope §"Rendering hints" enum').toBeGreaterThan(0);
+  });
+
+  it('negative: a non-conforming exportFormats identifier is rejected (reserved-core + vendor.*/x- only)', () => {
+    const manifest = validManifest();
+    manifest.artifactTypes[0]!.exportFormats = ['PPTX']; // uppercase, unprefixed
+    const errs = failsWith(manifest, 'pattern');
+    expect(errs.length, 'artifact-type-packs.md: exportFormats identifiers are lowercase core ids OR vendor.*/x- extensions').toBeGreaterThan(0);
+  });
+
+  it('positive: the validation field accepts "open"/"closed" and rejects other values (RFC 0075)', () => {
+    for (const v of ['open', 'closed']) {
+      const m = validManifest();
+      (m.artifactTypes[0] as Record<string, unknown>).validation = v;
+      expect(validate(m), `artifact-type-packs.md §validation: "${v}" MUST validate (RFC 0075)`).toBe(true);
+    }
+    const bad = validManifest();
+    (bad.artifactTypes[0] as Record<string, unknown>).validation = 'lenient';
+    expect(failsWith(bad, 'enum').length, 'validation MUST be open|closed').toBeGreaterThan(0);
+  });
+});