npm - @openwop/openwop-conformance - Versions diffs - 1.6.1 → 1.11.0 - Mend

@openwop/openwop-conformance 1.6.1 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (200) hide show

package/src/scenarios/workspace-cross-tenant-isolation.test.ts ADDED Viewed

@@ -0,0 +1,84 @@
+/**
+ * workspace-cross-tenant-isolation — RFC 0059 §E WCT-1.
+ *
+ * Status: ACTIVE (advertisement + behavioral). Public test for the
+ * `workspace-cross-tenant-isolation` SECURITY invariant: a workspace file
+ * owned by `{tenant, workspace}` MUST NOT be readable (get or list) under a
+ * different `{tenant′, workspace′}`, regardless of the caller's permissions
+ * elsewhere. Mirrors `kv-cross-tenant-isolation` / `agent-memory-cti-1`.
+ *
+ * The two owners are driven through the documented test seam
+ * `POST /v1/host/sample/workspace/op` (host-sample-test-seams.md §9), which
+ * lets a single-credential host exercise distinct owners. Hosts without the
+ * seam soft-skip the behavioral probe; the advertisement-shape assertion still
+ * runs whenever `capabilities.workspace.supported` is advertised.
+ *
+ * @see RFCS/0059-agent-workspace.md §E WCT-1
+ * @see spec/v1/agent-workspace.md §"§E — Invariants"
+ * @see SECURITY/invariants.yaml workspace-cross-tenant-isolation
+ */
+import { describe, it, expect } from 'vitest';
+import { driver } from '../lib/driver.js';
+import { capabilityFamily } from '../lib/discovery-capabilities.js';
+interface DiscoveryDoc {
+  capabilities?: { workspace?: { supported?: boolean } };
+}
+async function workspaceSupported(): Promise<boolean> {
+  const res = await driver.get('/.well-known/openwop');
+  const body = res.json as DiscoveryDoc | undefined;
+  return capabilityFamily(body, 'workspace')?.supported === true;
+}
+function seam(args: Record<string, unknown>) {
+  return driver.post('/v1/host/sample/workspace/op', args);
+}
+const SEAM_PATH = 'WCT1-SECRET.md';
+describe('workspace-cross-tenant-isolation: a workspace file MUST NOT leak across owners (RFC 0059 §E WCT-1)', () => {
+  it('a file written under {tenant A, workspace A} is not readable under a different owner', async () => {
+    if (!(await workspaceSupported())) return; // capability not advertised — skip
+    // Owner A writes a file.
+    const put = await seam({ tenant: 'wct1-tenant-a', workspace: 'ws-a', op: 'put', path: SEAM_PATH, content: 'A-only secret body' });
+    if (put.status === 404) return; // seam unwired — soft-skip the behavioral probe
+    expect(put.status, driver.describe('agent-workspace.md §C PUT', 'seam put MUST succeed for the owning workspace')).toBe(200);
+    // A DIFFERENT workspace (same tenant) MUST NOT read it.
+    const crossWs = await seam({ tenant: 'wct1-tenant-a', workspace: 'ws-b', op: 'get', path: SEAM_PATH });
+    expect(
+      crossWs.status === 404 || crossWs.status === 403,
+      driver.describe('agent-workspace.md §E WCT-1', `a cross-workspace get MUST fail closed (404/403, no existence leak), got ${crossWs.status}`),
+    ).toBe(true);
+    const crossWsBody = JSON.stringify(crossWs.json ?? '');
+    expect(
+      !crossWsBody.includes('A-only secret body'),
+      driver.describe('agent-workspace.md §E WCT-1', 'a cross-workspace read MUST NOT surface the other owner\'s content'),
+    ).toBe(true);
+    // A DIFFERENT tenant MUST NOT read it either.
+    const crossTenant = await seam({ tenant: 'wct1-tenant-b', workspace: 'ws-a', op: 'get', path: SEAM_PATH });
+    expect(
+      crossTenant.status === 404 || crossTenant.status === 403,
+      driver.describe('agent-workspace.md §E WCT-1', `a cross-tenant get MUST fail closed, got ${crossTenant.status}`),
+    ).toBe(true);
+    // And list MUST NOT enumerate the other owner's path.
+    const crossList = await seam({ tenant: 'wct1-tenant-a', workspace: 'ws-b', op: 'list' });
+    const listed = JSON.stringify((crossList.json as { files?: unknown })?.files ?? []);
+    expect(
+      !listed.includes(SEAM_PATH),
+      driver.describe('agent-workspace.md §E WCT-1', 'a cross-workspace list MUST NOT enumerate another owner\'s file'),
+    ).toBe(true);
+    // Sanity: the owner itself still reads its file (isolation, not loss).
+    const ownerRead = await seam({ tenant: 'wct1-tenant-a', workspace: 'ws-a', op: 'get', path: SEAM_PATH });
+    expect(
+      (ownerRead.json as { content?: string } | undefined)?.content,
+      driver.describe('agent-workspace.md §C GET', 'the owning workspace MUST still read its own file'),
+    ).toBe('A-only secret body');
+  });
+});

package/src/scenarios/x-openwop-form-pack-manifest.test.ts ADDED Viewed

@@ -0,0 +1,155 @@
+/**
+ * `x-openwop-form` vendor-extension shape validation — `node-packs.md`
+ * §"`x-openwop-form` UX hints" (RFC 0066).
+ *
+ * Server-free, no host-advertisement gate: `x-openwop-form` is a
+ * CONSUMER-SIDE rendering hint that a pack author places on `configSchema`
+ * properties. Hosts do not advertise it; the contract is purely the shape a
+ * pack author targets. This scenario asserts the two shape-level guarantees
+ * the RFC's §Conformance pins:
+ *
+ *   1. A pack `configSchema` carrying `x-openwop-form` annotations remains a
+ *      VALID JSON Schema 2020-12 document — the annotation is an ignored
+ *      vendor keyword, so a schema validator (Ajv2020) compiles it without
+ *      error. This is the load-bearing additive promise: a consumer that
+ *      doesn't understand the keyword still validates config against the
+ *      schema unchanged.
+ *   2. The annotation OBJECT itself matches the §A vocabulary shape: `kind`
+ *      is REQUIRED and a string; the documented sub-fields (`dependsOn`,
+ *      `promptKind`, `provider`, `credentialProvider`) are optional strings.
+ *
+ * Forward-compat (RFC §A + §B, both `MUST`): an UNKNOWN `kind` value is still
+ * a structurally valid annotation — a renderer MUST treat it as if the hint
+ * were absent rather than reject it. So the shape schema accepts any string
+ * `kind`, NOT a closed enum; the four reserved kinds
+ * (`prompt-picker`/`provider-picker`/`model-picker`/`credential-picker`) are
+ * a renderer-routing vocabulary, not a validation constraint.
+ *
+ * NOTE: the renderer behavior matrix (which picker each `kind` produces, the
+ * `dependsOn` sibling-resolution + graceful fallback) is a reference-FRONTEND
+ * concern unit-tested in the workflow-engine sample, NOT a protocol wire
+ * shape — it is intentionally out of scope for this server-free scenario.
+ *
+ * @see spec/v1/node-packs.md §"`x-openwop-form` UX hints"
+ * @see RFCS/0066-x-openwop-form-vendor-extension.md
+ */
+import { describe, it, expect } from 'vitest';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+import type { ErrorObject } from 'ajv';
+/** The §A `x-openwop-form` annotation shape. `kind` is the only required
+ *  field; it is an OPEN string (unknown kinds are valid per the forward-compat
+ *  MUST), with the documented sub-fields typed as optional strings. */
+const X_OPENWOP_FORM_SHAPE = {
+  $schema: 'https://json-schema.org/draft/2020-12/schema',
+  type: 'object',
+  required: ['kind'],
+  properties: {
+    kind: { type: 'string' },
+    dependsOn: { type: 'string' },
+    promptKind: { type: 'string' },
+    provider: { type: 'string' },
+    credentialProvider: { type: 'string' },
+  },
+  additionalProperties: false,
+} as const;
+/** A pack `configSchema` annotated for picker UX — the RFC §A positive
+ *  example (`core.ai.chatCompletion`-style): provider/model/credential/prompt
+ *  pickers with a `dependsOn` cascade. */
+function annotatedConfigSchema() {
+  return {
+    $schema: 'https://json-schema.org/draft/2020-12/schema',
+    type: 'object',
+    properties: {
+      provider: {
+        type: 'string',
+        'x-openwop-form': { kind: 'provider-picker' },
+      },
+      model: {
+        type: 'string',
+        'x-openwop-form': { kind: 'model-picker', dependsOn: 'provider' },
+      },
+      credential: {
+        type: 'string',
+        'x-openwop-form': { kind: 'credential-picker', dependsOn: 'provider' },
+      },
+      systemPrompt: {
+        type: 'string',
+        'x-openwop-form': { kind: 'prompt-picker', promptKind: 'system' },
+      },
+      temperature: { type: 'number', minimum: 0, maximum: 2 },
+    },
+    additionalProperties: false,
+  };
+}
+describe('category: x-openwop-form pack-manifest shape (RFC 0066)', () => {
+  const ajv = new Ajv2020({ allErrors: true, strict: false });
+  addFormats(ajv);
+  const validateShape = ajv.compile<Record<string, unknown>>(X_OPENWOP_FORM_SHAPE);
+  const shapeFailsWith = (annotation: unknown, keyword: string): ErrorObject[] => {
+    const ok = validateShape(annotation);
+    expect(ok).toBe(false);
+    return (validateShape.errors ?? []).filter((e) => e.keyword === keyword);
+  };
+  it('positive: a configSchema carrying x-openwop-form remains a valid JSON Schema 2020-12 document', () => {
+    // The annotation is an ignored vendor keyword — compiling MUST NOT throw,
+    // and the schema MUST still validate/reject instance config normally.
+    let validateConfig: ReturnType<typeof ajv.compile> | undefined;
+    expect(() => {
+      validateConfig = ajv.compile(annotatedConfigSchema());
+    }, 'node-packs.md §x-openwop-form: an annotated configSchema MUST remain a valid 2020-12 schema').not.toThrow();
+    // The annotations do not alter schema semantics: valid config passes…
+    expect(
+      validateConfig!({ provider: 'anthropic', model: 'claude', temperature: 1 }),
+      'x-openwop-form is advisory — it MUST NOT change what the schema accepts',
+    ).toBe(true);
+    // …and a type violation on an annotated field still rejects.
+    expect(validateConfig!({ provider: 123 })).toBe(false);
+  });
+  it('positive: each documented x-openwop-form annotation matches the §A shape', () => {
+    const cfg = annotatedConfigSchema();
+    for (const [name, prop] of Object.entries(cfg.properties)) {
+      const ann = (prop as Record<string, unknown>)['x-openwop-form'];
+      if (ann === undefined) continue;
+      expect(
+        validateShape(ann),
+        `node-packs.md §x-openwop-form: the annotation on "${name}" MUST match the §A shape. Errors: ${JSON.stringify(validateShape.errors)}`,
+      ).toBe(true);
+    }
+  });
+  it('forward-compat: an unknown kind is a structurally valid annotation (renderer falls back per the §A MUST)', () => {
+    expect(
+      validateShape({ kind: 'unknown-future-picker' }),
+      'node-packs.md §x-openwop-form: an unknown kind MUST validate (kind is an open string, not a closed enum) so future vocabulary is forward-compatible',
+    ).toBe(true);
+  });
+  it('negative: an annotation missing kind is rejected', () => {
+    expect(
+      shapeFailsWith({ dependsOn: 'provider' }, 'required').length,
+      'node-packs.md §x-openwop-form: kind is the one REQUIRED sub-field',
+    ).toBeGreaterThan(0);
+  });
+  it('negative: a non-string kind is rejected', () => {
+    expect(
+      shapeFailsWith({ kind: 42 }, 'type').length,
+      'node-packs.md §x-openwop-form: kind MUST be a string',
+    ).toBeGreaterThan(0);
+  });
+  it('negative: a non-string dependsOn is rejected', () => {
+    expect(
+      shapeFailsWith({ kind: 'model-picker', dependsOn: ['provider'] }, 'type').length,
+      'node-packs.md §x-openwop-form: dependsOn names a sibling property — it MUST be a string',
+    ).toBeGreaterThan(0);
+  });
+});