@openwop/openwop-conformance 1.6.1 → 1.11.0

package/schemas/agent-eval-suite.schema.json

@@ -0,0 +1,140 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/agent-eval-suite.schema.json",
+  "title": "AgentEvalSuite",
+  "description": "RFC 0081 §A. A portable, host-agnostic evaluation suite for a manifest agent (RFC 0003/0070): the tasks, the expected outputs or rubrics, the deterministic tool/memory fixtures, the allowed model classes, and the pass/fail thresholds that answer \"is this agent good enough to deploy?\". Distributed inside a pack tarball and referenced by URI exactly like `systemPromptRef` / `handoff.*SchemaRef` (RFC 0003 §C/§D) — NOT embedded in `AgentManifest`. A host advertising `capabilities.agents.evalSuite.supported: true` executes a suite as an eval run (a `mode: \"eval\"` projection over `POST /v1/runs`, RFC 0081 §B) and terminates with an `eval-summary.schema.json` scorecard. The suite carries NO secret material and NO host-internal identifiers (it is authored offline and shipped in a signed pack).",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["suiteId", "version", "modes", "tasks"],
+  "properties": {
+    "suiteId": {
+      "type": "string",
+      "pattern": "^[a-z0-9.-]+\\.evals\\.[a-z0-9-]+$",
+      "description": "Globally unique suite identifier in the `<scope>.<org>.evals.<name>` convention (e.g. `core.openwop.evals.support-resolver`), mirroring the pack `<scope>.<author>.<pack>` namespace (RFC 0003). The `.evals.` infix distinguishes a suite from an agent/pack id."
+    },
+    "version": {
+      "type": "string",
+      "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$",
+      "description": "SemVer of the suite. A suite version is pinned on an eval run (carried on `eval.started.suiteVersion` and `eval-summary.suiteVersion`) so a regression comparison (§D `regression` mode) is between like versions."
+    },
+    "targetAgentId": {
+      "type": "string",
+      "minLength": 1,
+      "description": "MAY. The `AgentManifest.id` this suite is authored for. Absent ⇒ the suite is agent-agnostic and MAY be pointed at any `agentId` at run time (the run request carries the `agentId`). When present, a host SHOULD reject an eval run whose target `agentId` differs, unless the caller explicitly overrides."
+    },
+    "modes": {
+      "type": "array",
+      "minItems": 1,
+      "uniqueItems": true,
+      "items": { "type": "string", "enum": ["golden", "rubric", "adversarial", "regression", "live-shadow"] },
+      "description": "The eval modes this suite exercises (RFC 0081 §D closed vocabulary). `golden`: exact / contains / json-match against each task's `expected`. `rubric`: a host-chosen judge scores against weighted criteria (nondeterministic — a recorded-fact score). `adversarial`: tasks probe for unsafe / jailbreak behavior; `safetyFindings` is the primary output. `regression`: re-run against a new agent/model/prompt version and diff scores vs a `baselineRunId` (composes RFC 0054 `:diff`). `live-shadow`: run against LIVE tools/memory instead of `fixtures` — the only mode that bypasses fixture injection; explicitly nondeterministic. A run MUST request only modes the suite declares here AND the host advertises (`capabilities.agents.evalSuite.modes`); an unadvertised mode is rejected at run-create with `400 validation_error`."
+    },
+    "allowedModels": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": { "type": "string", "enum": ["reasoning", "writing", "coding", "research", "classification", "general"] },
+      "description": "MAY. The `AgentManifest.modelClass` values (RFC 0002) the suite is valid for. Absent ⇒ valid for any class. A host SHOULD record the `evaluatedModelClass` on the summary so a score is interpreted against the model it was produced with."
+    },
+    "thresholds": {
+      "type": "object",
+      "additionalProperties": false,
+      "description": "MAY. The pass/fail bar for the suite. A task or the aggregate `passed` flag is computed against these. Absent ⇒ the host's default bar (the summary still carries raw scores).",
+      "properties": {
+        "passScore": {
+          "type": "number",
+          "minimum": 0,
+          "maximum": 1,
+          "description": "The minimum aggregate score (0.0–1.0) for `EvalSummary.passed: true`."
+        },
+        "maxCostUsd": {
+          "type": "number",
+          "minimum": 0,
+          "description": "MAY. The maximum total cost (summed from RFC 0026 `provider.usage`) for a passing run. A run that exceeds it MUST NOT report `passed: true` even if `passScore` is met."
+        },
+        "maxP95LatencyMs": {
+          "type": "integer",
+          "minimum": 0,
+          "description": "MAY. The maximum p95 per-task latency for a passing run."
+        }
+      }
+    },
+    "tasks": {
+      "type": "array",
+      "minItems": 1,
+      "description": "The eval tasks. Each is executed as one child agent invocation (the RFC 0077 `agent.invocation.*` bracket + the existing `agent.*` / `provider.usage` events), scored, and reported via a per-task `eval.scored` event + an `EvalSummary` entry.",
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": ["taskId", "input", "expected"],
+        "properties": {
+          "taskId": {
+            "type": "string",
+            "pattern": "^[a-z0-9][a-z0-9-]*$",
+            "description": "Suite-unique task identifier (kebab-case). Carried verbatim on `eval.scored.taskId` and the per-task summary entry."
+          },
+          "input": {
+            "description": "The run input for the task, validated against the agent's input schema by the host. An opaque object/value — content is task-defined."
+          },
+          "expected": {
+            "type": "object",
+            "additionalProperties": false,
+            "required": ["kind"],
+            "description": "How the task is scored. `golden`: deterministic match against `match`. `rubric`: a judge scores against weighted `rubric` criteria.",
+            "properties": {
+              "kind": { "type": "string", "enum": ["golden", "rubric"], "description": "Scoring mode for this task. A suite declaring a non-`golden`/`rubric` `modes` entry (e.g. `adversarial`) still scores each task via one of these two `kind`s." },
+              "match": {
+                "type": "object",
+                "additionalProperties": false,
+                "description": "Present when `kind: \"golden\"`. The deterministic expectation.",
+                "properties": {
+                  "strategy": { "type": "string", "enum": ["exact", "contains", "json-match"], "description": "`exact`: stringified output equals `value`. `contains`: output contains `value`. `json-match`: output JSON-deep-equals `value` (key order / whitespace insensitive)." },
+                  "value": { "description": "The expected value for the strategy. Opaque." }
+                },
+                "required": ["strategy", "value"]
+              },
+              "rubric": {
+                "type": "array",
+                "minItems": 1,
+                "description": "Present when `kind: \"rubric\"`. Weighted criteria a judge scores the output against; the task score is the weighted sum of met criteria, normalized to 0.0–1.0. Judge selection + scoring is host-internal (nondeterministic — the score is a recorded fact).",
+                "items": {
+                  "type": "object",
+                  "additionalProperties": false,
+                  "required": ["criterion", "weight"],
+                  "properties": {
+                    "criterion": { "type": "string", "minLength": 1, "description": "A human-readable scoring criterion (e.g. \"cites the 30-day refund window\")." },
+                    "weight": { "type": "number", "minimum": 0, "maximum": 1, "description": "Relative weight of this criterion (criteria weights SHOULD sum to 1.0 across the task)." }
+                  }
+                }
+              }
+            }
+          },
+          "fixtures": {
+            "type": "object",
+            "additionalProperties": false,
+            "description": "MAY. Deterministic substitutes for live tool/memory I/O so a `golden`/`regression` eval is reproducible. When present, the eval host MUST inject `toolResponses` in place of live tool calls and seed `memorySeed` before the invocation. The `live-shadow` mode is the explicit exception — it ignores `fixtures` and runs against live tools/memory.",
+            "properties": {
+              "toolResponses": {
+                "type": "array",
+                "description": "Canned tool results keyed by tool invocation, injected in place of live tool calls.",
+                "items": {
+                  "type": "object",
+                  "additionalProperties": false,
+                  "required": ["tool"],
+                  "properties": {
+                    "tool": { "type": "string", "minLength": 1, "description": "The `<scope>:<tool-id>` (RFC 0077 `toolAllowlist` / RFC 0078) the response stands in for." },
+                    "response": { "description": "The canned result the host returns for that tool. Opaque." }
+                  }
+                }
+              },
+              "memorySeed": {
+                "type": "array",
+                "description": "Memory entries seeded into the agent's read snapshot before the invocation (RFC 0004 `MemoryAdapter` shape). Tenant-scoped + SR-1-redacted on the host side exactly like any memory write.",
+                "items": { "type": "object" }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/schemas/agent-inventory-response.schema.json

@@ -0,0 +1,115 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/agent-inventory-response.schema.json",
+  "title": "AgentInventoryResponse",
+  "description": "Response body for `GET /v1/agents` (RFC 0072 §A). A read-only projection of the manifest agents a host has installed into its AgentRegistry (RFC 0003 / RFC 0070). Served only when the host advertises `capabilities.agents.manifestRuntime.supported: true`. Each entry MUST NOT carry the agent's system-prompt body, resolved handoff schemas, or any credential material (SR-1).",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["agents", "total"],
+  "properties": {
+    "agents": {
+      "type": "array",
+      "items": { "$ref": "#/$defs/AgentInventoryEntry" },
+      "description": "Installed manifest agents, in a stable (agentId-sorted) order."
+    },
+    "total": {
+      "type": "integer",
+      "minimum": 0,
+      "description": "Count of installed manifest agents (== agents.length)."
+    }
+  },
+  "$defs": {
+    "AgentInventoryEntry": {
+      "type": "object",
+      "title": "AgentInventoryEntry",
+      "description": "Read projection of an installed `AgentManifest` (agent-manifest.schema.json). Also the body of `GET /v1/agents/{agentId}`.",
+      "additionalProperties": false,
+      "required": ["agentId", "persona", "label", "modelClass", "packName", "packVersion", "toolAllowlist", "hasHandoffSchemas"],
+      "properties": {
+        "agentId": {
+          "type": "string",
+          "description": "The manifest agentId (matches `AgentManifest.agentId` / `AgentRef.agentId`)."
+        },
+        "persona": {
+          "type": "string",
+          "description": "Human-readable agent name from the manifest."
+        },
+        "label": {
+          "type": "string",
+          "description": "Short UI label; falls back to `persona` when the manifest omits `label`."
+        },
+        "description": {
+          "type": "string",
+          "description": "Optional one-line catalog summary from the manifest."
+        },
+        "modelClass": {
+          "type": "string",
+          "description": "The manifest's `modelClass` (see agent-manifest.schema.json)."
+        },
+        "packName": {
+          "type": "string",
+          "description": "The pack this agent was installed from."
+        },
+        "packVersion": {
+          "type": "string",
+          "description": "The installed pack version."
+        },
+        "toolAllowlist": {
+          "type": "array",
+          "items": { "type": "string" },
+          "description": "Tool identifiers the agent MAY invoke (RFC 0002 §A14). The host MUST enforce this at dispatch; an empty array means no tools."
+        },
+        "hasHandoffSchemas": {
+          "type": "boolean",
+          "description": "Whether the manifest declares handoff task/return schemas (the host validates dispatch payloads against them when it advertises `agents.manifestRuntime.handoffValidation`). The schemas themselves are NOT exposed here."
+        },
+        "memoryShape": {
+          "type": "object",
+          "additionalProperties": false,
+          "description": "The manifest's declared memory shape, when present.",
+          "properties": {
+            "scratchpad": { "type": "boolean" },
+            "conversation": { "type": "boolean" },
+            "longTerm": { "type": "boolean" }
+          }
+        },
+        "confidenceThreshold": {
+          "type": "number",
+          "minimum": 0,
+          "maximum": 1,
+          "description": "The manifest's `confidence.defaultThreshold`, when present (RFC 0002 §F)."
+        },
+        "degraded": {
+          "type": "array",
+          "items": { "type": "string" },
+          "description": "Capability keys this agent declared as `peerDependenciesMeta.optional` that this host does NOT satisfy, and which are therefore inert for this installation (RFC 0072 §C). Absent or empty means the agent runs at full declared capability here."
+        },
+        "memoryDegraded": {
+          "type": "boolean",
+          "description": "RFC 0080 §C. `true` when this agent's `memoryShape` declares a memory dimension the host's reconciled memory model (RFC 0080 §A) does NOT satisfy — the agent MAY still dispatch at the RFC 0070 floor, but the degradation MUST be observable here (a silent satisfied-looking entry for an unsatisfiable `memoryShape` is non-conformant). Absent ⇒ memory fully satisfied, or an older host that does not compute the projection (consumers treat absence as not-degraded/unknown and MAY probe)."
+        },
+        "degradedMemoryDimensions": {
+          "type": "array",
+          "items": { "type": "string", "enum": ["read", "write", "search", "long-term-durability", "compaction", "attribution", "replay-snapshot", "retention"] },
+          "uniqueItems": true,
+          "description": "RFC 0080 §C. The RFC 0080 §A dimension names (NOT the `memoryShape` keys) this host cannot satisfy for this agent. Present (non-empty) iff `memoryDegraded: true`; OPTIONAL/absent when `memoryDegraded` is false or absent. The dimension name `long-term-durability` is deliberately distinct from the `agents.memoryBackends` *value* `long-term` (a backend id) to avoid wire ambiguity. The §A→`memoryShape` mapping: `longTerm`⇒`long-term-durability`, `scratchpad`/`conversation`⇒`write`+`read` as applicable."
+        },
+        "roster": {
+          "type": "array",
+          "uniqueItems": true,
+          "description": "RFC 0086 §B. OPTIONAL/additive. The standing roster INSTANCES of this manifest agent visible to the caller (tenant-scoped per RFC 0074), each with its persona + owned workflow portfolio — so a single GET /v1/agents call surfaces responsibilities without a second round-trip. Present only when the host advertises `capabilities.agents.roster.supported: true`; absent ⇒ no roster surface (today's default).",
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "required": ["rosterId", "persona", "workflows"],
+            "properties": {
+              "rosterId": { "type": "string", "minLength": 1, "description": "The roster entry's `host:<id>` instance id (agent-roster-entry.schema.json)." },
+              "persona": { "type": "string", "minLength": 1, "description": "The instance's human display name." },
+              "workflows": { "type": "array", "items": { "type": "string", "minLength": 1 }, "uniqueItems": true, "description": "The workflow ids this instance owns by role (its portfolio)." }
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/schemas/agent-manifest.schema.json

@@ -41,6 +41,11 @@
       "description": "URI-reference to a prompt file inside the pack tarball (e.g., `prompts/supervisor.md`). Mutually exclusive with `systemPrompt`. Useful when the prompt body is large enough that inlining would bloat the manifest.",
       "minLength": 1
     },
+    "evalSuiteRef": {
+      "type": "string",
+      "description": "RFC 0081 §A. MAY. URI-reference to an `agent-eval-suite.schema.json` file inside the pack tarball (e.g., `evals/support-resolver.json`), resolved at install exactly like `systemPromptRef` / `handoff.*SchemaRef`. Declares the agent's portable evaluation suite (golden/rubric/adversarial/regression/live-shadow tasks + thresholds) so a host advertising `capabilities.agents.evalSuite.supported: true` can run it as a `mode: \"eval\"` run. Absent ⇒ the agent ships no suite (a suite MAY still be authored independently and pointed at this `agentId` at run time). Does NOT embed the suite in the manifest — the suite evolves on its own cadence and is often authored by a different role.",
+      "minLength": 1
+    },
     "toolAllowlist": {
       "type": "array",
       "items": { "type": "string", "minLength": 1 },

package/schemas/agent-org-chart.schema.json

@@ -0,0 +1,82 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/agent-org-chart.schema.json",
+  "title": "AgentOrgChart",
+  "description": "RFC 0087 §A. A tenant-scoped, DESCRIPTIVE grouping of RFC 0086 standing roster members (agent-roster-entry.schema.json) into departments + roles with acyclic `reportsTo` edges. The load-bearing constraint (§B `org-position-no-authority-escalation`): an org edge confers NO authority — there is NO `permissions`/`scopes`/`canDispatch`/`authority` field anywhere in this schema BY DESIGN, and every object is `additionalProperties:false` so a host cannot smuggle one in. Authority stays in `toolAllowlist` (RFC 0002 §A14), RBAC (RFC 0049, the sole authority source, fail-closed), and approval gates (RFC 0051); org position MUST NOT be consulted as an authorization input. Position describes; it never authorizes. Tenant-scoped (RFC 0074): a chart is served only to its `owner` triple. The record is host-internal; this is the canonical wire shape behind GET /v1/agents/org-chart (the endpoint lands at Active → Accepted per RFC 0087 §Conformance). The `Department`/`Role`/`Member` subschemas are published as named `$defs` so dependent schemas (e.g. org-chart-responsibility-view.schema.json) reference a stable anchor rather than a positional `properties/.../items` pointer.",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["owner", "departments", "members"],
+  "properties": {
+    "owner": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["tenantId"],
+      "description": "RFC 0048 owner triple the chart is scoped by (RFC 0074). A chart is served only to a principal within this triple; a member/department/edge outside it is never disclosed (CTI-1 carry-forward).",
+      "properties": {
+        "tenantId": { "type": "string", "minLength": 1, "maxLength": 256, "description": "Owning tenant." },
+        "workspaceId": { "type": "string", "minLength": 1, "maxLength": 256, "description": "MAY. Owning workspace within the tenant." }
+      }
+    },
+    "departments": {
+      "type": "array",
+      "description": "The departments, forming a tree via `parentDepartmentId`.",
+      "items": { "$ref": "#/$defs/Department" }
+    },
+    "members": {
+      "type": "array",
+      "description": "The members — each is an RFC 0086 roster instance placed in a department + role, with an optional reporting edge. Every field is descriptive; there is NO authority-bearing field (§B).",
+      "items": { "$ref": "#/$defs/Member" }
+    }
+  },
+  "$defs": {
+    "Department": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["departmentId", "name", "roles"],
+      "properties": {
+        "departmentId": { "type": "string", "minLength": 1, "maxLength": 128, "description": "Stable department id, unique within the chart." },
+        "name": { "type": "string", "minLength": 1, "maxLength": 200, "description": "Human department name (e.g. \"Marketing\")." },
+        "parentDepartmentId": {
+          "type": ["string", "null"],
+          "maxLength": 128,
+          "description": "MAY. The parent department id (department nesting); `null` for a top-level department. A host advertising `agents.orgChart.departmentNesting: false` MUST reject a non-null value."
+        },
+        "roles": {
+          "type": "array",
+          "description": "The roles defined in this department.",
+          "items": { "$ref": "#/$defs/Role" }
+        }
+      }
+    },
+    "Role": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["roleId", "name"],
+      "properties": {
+        "roleId": { "type": "string", "minLength": 1, "maxLength": 128, "description": "Stable role id, unique within the chart." },
+        "name": { "type": "string", "minLength": 1, "maxLength": 200, "description": "Human role name (e.g. \"Campaign Manager\"). DESCRIPTIVE — a role grants no authority (§B)." }
+      }
+    },
+    "Member": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["rosterId", "departmentId", "roleId", "reportsTo"],
+      "properties": {
+        "rosterId": {
+          "type": "string",
+          "pattern": "^host:[a-z0-9][a-z0-9._-]*$",
+          "minLength": 6,
+          "maxLength": 128,
+          "description": "An RFC 0086 roster entry id (`agent-roster-entry.schema.json` `rosterId`). MUST reference a roster entry in the same `owner` tenant (no cross-tenant membership — §C)."
+        },
+        "departmentId": { "type": "string", "minLength": 1, "maxLength": 128, "description": "The department this member belongs to (MUST exist in `departments[]`)." },
+        "roleId": { "type": "string", "minLength": 1, "maxLength": 128, "description": "The member's role (MUST exist in the chart's roles)." },
+        "reportsTo": {
+          "type": ["string", "null"],
+          "maxLength": 128,
+          "description": "Another member's `rosterId` (the manager), or `null` for the root. The edge set MUST be acyclic (a cycle is a `validation_error`, §A). A `reportsTo` edge is METADATA ONLY — it confers no authority over the report (§B `org-position-no-authority-escalation`)."
+        }
+      }
+    }
+  }
+}

package/schemas/agent-ref.schema.json

@@ -41,7 +41,13 @@
     "version": {
       "type": "string",
       "maxLength": 64,
-      "description": "Optional version pin for the agent definition (matches `AgentManifest.version`). Lets audit consumers trace which version of an agent definition was active for a given run. Pinning is encouraged for replay determinism; absent values mean 'host's current resolution of the agent'."
+      "description": "Optional EXACT version pin for the agent definition (matches `AgentManifest.version`). Lets audit consumers trace which version of an agent definition was active for a given run. Pinning is encouraged for replay determinism; absent values mean 'host's current resolution of the agent'. Mutually exclusive with `channel` (RFC 0082 §A) — set at most one."
+    },
+    "channel": {
+      "type": "string",
+      "minLength": 1,
+      "maxLength": 64,
+      "description": "RFC 0082 §A. Optional NAMED deployment-channel binding (e.g. `stable`, `canary`, or the reserved `latest` = highest active semver), as an alternative to the exact `version` pin. A host advertising `capabilities.agents.deployment.supported: true` resolves the channel to a concrete version and pins it per-(run, agentId, channel) at first resolution (RFC 0082 §B) — the resolved version is a recorded fact carried on `agent.invocation.started.resolvedAgentVersion`, re-read on replay and NEVER re-resolved against a moved channel. Mutually exclusive with `version` (the `not` clause below). A channel that resolves to no `active` version fails the run with `no_active_deployment`. Hosts that omit `agents.deployment` MUST reject a `channel`-bearing ref with `validation_error` (the channel has nowhere to resolve)."
     },
     "sourceManifestId": {
       "type": "string",
@@ -49,5 +55,9 @@
       "description": "Optional provenance pointer back to the `AgentManifest.agentId` this AgentRef was projected from. Lets pack-aware hosts trace runtime AgentRefs back to their distribution origin. Absent for host-internal `host:<id>` agents (which have no manifest)."
     }
   },
-  "additionalProperties": false
+  "additionalProperties": false,
+  "not": {
+    "required": ["version", "channel"],
+    "$comment": "RFC 0082 §A. `version` (exact pin) and `channel` (named deployment channel) are mutually exclusive — a ref MAY set at most one. Setting both is a validation_error. Setting neither is valid (host-default resolution). Additive-safe: no pre-RFC-0082 ref can carry `channel`, so this clause never invalidates an existing AgentRef."
+  }
 }

package/schemas/agent-roster-entry.schema.json

@@ -0,0 +1,81 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/agent-roster-entry.schema.json",
+  "title": "AgentRosterEntry",
+  "description": "RFC 0086 §A. A standing agent INSTANCE — a named, tenant-scoped, mutable agent (the 'digital-twin employee', e.g. \"Sally\") that REFERENCES a manifest/deployment (RFC 0070/0082) and OWNS a workflow portfolio (the workflows it is responsible for by role). Distinct from the immutable AgentManifest (the pack-distribution class) and from the RFC 0082 deployment record (the per-version channel). `rosterId` IS a dispatchable `host:<id>` AgentRef agentId — the runtime-synthesis namespace RFC 0002 reserves for host-internal agents that don't ship as packs (NOT a parallel id space): dispatching it resolves the bound `agentRef` and projects `persona`. Content-free of any system-prompt body or credential material (SR-1). The record is host-internal + mutable; this schema is the canonical wire shape a host exposes via GET /v1/agents/roster (the endpoint lands at Active → Accepted per RFC 0086 §Conformance).",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["rosterId", "persona", "agentRef", "owner"],
+  "properties": {
+    "rosterId": {
+      "type": "string",
+      "pattern": "^host:[a-z0-9][a-z0-9._-]*$",
+      "minLength": 6,
+      "maxLength": 128,
+      "description": "Host-issued stable instance id in the reserved `host:<id>` AgentRef form (RFC 0002 / RFC 0086 §A). The dispatch handle for 'run as this agent': a `WorkflowNode.agent: { agentId: rosterId }` resolves to this entry's `agentRef` + stamps `persona`."
+    },
+    "persona": {
+      "type": "string",
+      "minLength": 1,
+      "maxLength": 200,
+      "description": "Human display name (e.g. \"Sally\"). Reuses `AgentRef.persona` semantics (RFC 0002) — projected onto the dispatch AgentRef. Free-form; MAY collide within a tenant (`rosterId` is the uniqueness key)."
+    },
+    "agentRef": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["agentId"],
+      "description": "The manifest/deployment this instance instantiates (a trimmed AgentRef — RFC 0002). `version` (exact) XOR `channel` (RFC 0082) — never both; absent ⇒ host-default resolution (RFC 0070).",
+      "properties": {
+        "agentId": {
+          "type": "string",
+          "minLength": 3,
+          "maxLength": 256,
+          "description": "The manifest agentId this instance runs (matches `AgentManifest.agentId`). MUST be resolvable by the host (RFC 0070)."
+        },
+        "version": {
+          "type": "string",
+          "maxLength": 64,
+          "description": "Exact agent-definition version pin (RFC 0002). Mutually exclusive with `channel`."
+        },
+        "channel": {
+          "type": "string",
+          "minLength": 1,
+          "maxLength": 64,
+          "description": "Named deployment channel (RFC 0082 §A), e.g. `stable`. Resolved + pinned per run at first resolution. Mutually exclusive with `version`."
+        }
+      },
+      "not": { "required": ["version", "channel"] }
+    },
+    "workflows": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": { "type": "string", "minLength": 1, "maxLength": 128 },
+      "description": "The standing portfolio: workflow ids this agent owns by role (RFC 0086 §A/§B). Each MUST be resolvable by the host and within the entry's `owner` tenant scope (the WCT/CTI carry-forward). Absent ⇒ empty portfolio."
+    },
+    "owner": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["tenantId"],
+      "description": "RFC 0048 owner triple the entry is scoped by. On a `'tenant'`-install host (RFC 0074), GET /v1/agents/roster returns only entries within the caller's owner triple; a cross-tenant entry 404s.",
+      "properties": {
+        "tenantId": { "type": "string", "minLength": 1, "maxLength": 256, "description": "Owning tenant." },
+        "workspaceId": { "type": "string", "minLength": 1, "maxLength": 256, "description": "MAY. Owning workspace within the tenant." }
+      }
+    },
+    "enabled": {
+      "type": "boolean",
+      "description": "When `false`, the entry's portfolio triggers are inert (no run fires) — the member is paused but still discoverable (RFC 0086 §A). Absent ⇒ `true`."
+    },
+    "label": {
+      "type": "string",
+      "minLength": 1,
+      "maxLength": 100,
+      "description": "MAY. Short UI label; falls back to `persona`."
+    },
+    "description": {
+      "type": "string",
+      "maxLength": 500,
+      "description": "MAY. One-line summary for catalog / console surfaces."
+    }
+  }
+}

package/schemas/agent-roster-response.schema.json

@@ -0,0 +1,21 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/agent-roster-response.schema.json",
+  "title": "AgentRosterResponse",
+  "description": "RFC 0086 §B. Response body for `GET /v1/agents/roster` — the standing agent roster (named instances + their workflow portfolios) visible to the authenticated principal. Tenant-scoped per RFC 0074 on an `installScope: 'tenant'` host: only the caller's owner-triple entries are returned. Each entry is the canonical `agent-roster-entry.schema.json` shape; content-free of any system-prompt body or credential material (SR-1).",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["roster", "total"],
+  "properties": {
+    "roster": {
+      "type": "array",
+      "items": { "$ref": "./agent-roster-entry.schema.json" },
+      "description": "The standing roster entries, in a stable (rosterId-sorted) order."
+    },
+    "total": {
+      "type": "integer",
+      "minimum": 0,
+      "description": "Count of entries returned (== roster.length)."
+    }
+  }
+}

package/schemas/ai-envelope.schema.json

@@ -75,6 +75,34 @@
           "type": "string",
           "maxLength": 256,
           "description": "Optional human-readable label for ops dashboards (e.g., `\"Draft PRD #2\"`). Never used for routing; never persisted into event payloads in a security-relevant way. (in-flight)"
+        },
+        "rendering": {
+          "type": "object",
+          "description": "RFC 0055. Optional hint for how a consumer SHOULD render this envelope's payload. Non-normative w.r.t. payload validation; a consumer that doesn't recognize the hint (or a `display` value) MUST fall back to its default rendering (text / raw JSON). Carries no secret material (SR-1 applies as for the rest of `meta`).",
+          "properties": {
+            "display": {
+              "type": "string",
+              "enum": ["markdown", "code", "card", "image", "audio", "file"],
+              "description": "Renderer family the producer suggests."
+            },
+            "mimeType": {
+              "type": "string",
+              "description": "IANA media type when `display` is `image`/`audio`/`file`."
+            },
+            "lang": {
+              "type": "string",
+              "description": "Language tag when `display` is `code` (e.g. `ts`, `python`)."
+            },
+            "alt": {
+              "type": "string",
+              "description": "Text alternative for accessibility when `display` is `image`/`audio`/`file`. SHOULD be present for those families."
+            },
+            "title": {
+              "type": "string",
+              "description": "Optional caption / card header."
+            }
+          },
+          "additionalProperties": false
         }
       },
       "additionalProperties": false,