From 84f9939e784d89a99c92bfc8a0122f54c4dd11a6 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 10:59:30 -0400 Subject: [PATCH 01/15] Add runtime observability CapabilityLedger schema --- schemas/CapabilityLedger.json | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 schemas/CapabilityLedger.json diff --git a/schemas/CapabilityLedger.json b/schemas/CapabilityLedger.json new file mode 100644 index 0000000..f45f21f --- /dev/null +++ b/schemas/CapabilityLedger.json @@ -0,0 +1,27 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/CapabilityLedger.json", + "title": "CapabilityLedger", + "description": "Effective capability-state record after reconciling config, UI, runtime, server, plugin, policy, schema, and transport claims.", + "type": "object", + "additionalProperties": false, + "required": ["id", "type", "specVersion", "capabilityRef", "declaredBy", "negotiatedBy", "effectiveState", "policyDecisionRef", "evidenceRefs", "capturedAt"], + "properties": { + "id": { "type": "string", "pattern": "^urn:srcos:capability-ledger:" }, + "type": { "const": "CapabilityLedger" }, + "specVersion": { "type": "string" }, + "capabilityRef": { "type": "string", "pattern": "^urn:srcos:capability:" }, + "sessionRef": { "type": ["string", "null"], "pattern": "^urn:srcos:session:" }, + "agentMachineReceiptRef": { "type": ["string", "null"], "pattern": "^urn:srcos:agent-machine-receipt:" }, + "declaredBy": { "type": "array", "minItems": 1, "items": { "type": "string", "enum": ["config", "ui", "runtime", "server", "plugin", "policy", "schema", "transport", "user", "agent", "workspace"] } }, + "negotiatedBy": { "type": "array", "minItems": 1, "items": { "type": "string", "enum": ["config", "ui", "runtime", "server", "plugin", "policy", "schema", "transport", "user", "agent", "workspace"] } }, + "effectiveState": { "type": "string", "enum": ["declared", "requested", "negotiating", "available", "enabled", "degraded", "blocked_by_policy", "unsupported_by_runtime", "unsupported_by_server", "missing_plugin", "missing_schema", "failed"] }, + "stateReason": { "type": ["string", "null"] }, + "ownerRefs": { "type": "array", "items": { "type": "string" } }, + "conflictRefs": { "type": "array", "items": { "type": "string" } }, + "causalRefs": { "type": "array", "items": { "type": "string" } }, + "policyDecisionRef": { "type": "string", "pattern": "^urn:srcos:decision:" }, + "evidenceRefs": { "type": "array", "minItems": 1, "items": { "type": "string" } }, + "capturedAt": { "type": "string", "format": "date-time" } + } +} From c0cb5b2dca57976092aa573e4158632453d1567c Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 11:06:03 -0400 Subject: [PATCH 02/15] Add runtime observability BrowserAutomationReceipt schema --- schemas/BrowserAutomationReceipt.json | 39 +++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 schemas/BrowserAutomationReceipt.json diff --git a/schemas/BrowserAutomationReceipt.json b/schemas/BrowserAutomationReceipt.json new file mode 100644 index 0000000..020fc85 --- /dev/null +++ b/schemas/BrowserAutomationReceipt.json @@ -0,0 +1,39 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/BrowserAutomationReceipt.json", + "title": "BrowserAutomationReceipt", + "description": "Receipt for a user-visible, revocable browser automation session with explicit owner, transport, permission scope, policy decision, and evidence references.", + "type": "object", + "additionalProperties": false, + "required": ["id", "type", "specVersion", "sessionRef", "capabilityLedgerRef", "ownerRef", "transport", "permissionScope", "origin", "userVisible", "revocable", "startedAt", "policyDecisionRef", "evidenceRefs", "capturedAt"], + "properties": { + "id": { "type": "string", "pattern": "^urn:srcos:receipt:browser-automation:" }, + "type": { "const": "BrowserAutomationReceipt" }, + "specVersion": { "type": "string" }, + "sessionRef": { "type": "string", "pattern": "^urn:srcos:session:" }, + "capabilityLedgerRef": { "type": "string", "pattern": "^urn:srcos:capability-ledger:" }, + "ownerRef": { "type": "string" }, + "transport": { "type": "string", "enum": ["native_pipe", "cdp", "webdriver", "extension", "accessibility"] }, + "permissionScope": { "type": "array", "minItems": 1, "items": { "type": "string", "enum": ["read_page", "activate_control", "enter_text", "download_file", "upload_file", "observe_network_metadata", "managed_identity_delegate", "capture_screenshot", "navigate", "clipboard_read", "clipboard_write"] } }, + "origin": { "type": "string", "enum": ["local", "remote", "workspace"] }, + "controlledScope": { + "type": ["object", "null"], + "additionalProperties": false, + "properties": { + "windowRef": { "type": ["string", "null"] }, + "tabRef": { "type": ["string", "null"] }, + "urlOrigin": { "type": ["string", "null"] }, + "workspaceRef": { "type": ["string", "null"], "pattern": "^urn:srcos:workspace:" } + } + }, + "userVisible": { "type": "boolean", "const": true }, + "revocable": { "type": "boolean", "const": true }, + "startedAt": { "type": "string", "format": "date-time" }, + "revokedAt": { "type": ["string", "null"], "format": "date-time" }, + "terminalState": { "type": "string", "enum": ["active", "revoked", "completed", "failed", "denied"] }, + "causalRefs": { "type": "array", "items": { "type": "string" } }, + "policyDecisionRef": { "type": "string", "pattern": "^urn:srcos:decision:" }, + "evidenceRefs": { "type": "array", "minItems": 1, "items": { "type": "string" } }, + "capturedAt": { "type": "string", "format": "date-time" } + } +} From 3167d1b57fe1481a5807e484715870c7bbdd3045 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 11:33:02 -0400 Subject: [PATCH 03/15] Add runtime observability GitWorkspaceState schema --- schemas/GitWorkspaceState.json | 52 ++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 schemas/GitWorkspaceState.json diff --git a/schemas/GitWorkspaceState.json b/schemas/GitWorkspaceState.json new file mode 100644 index 0000000..572e848 --- /dev/null +++ b/schemas/GitWorkspaceState.json @@ -0,0 +1,52 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/GitWorkspaceState.json", + "title": "GitWorkspaceState", + "description": "Typed terminal/workspace Git-state classification emitted before passive Git discovery or user-requested Git operations, with severity discipline, redacted path evidence, session linkage, and capability-ledger linkage.", + "type": "object", + "additionalProperties": false, + "required": ["id", "type", "specVersion", "sessionRef", "capabilityLedgerRef", "workspaceRef", "state", "severity", "operation", "actionability", "pathEvidence", "gitFacts", "policyDecisionRef", "evidenceRefs", "capturedAt"], + "properties": { + "id": { "type": "string", "pattern": "^urn:srcos:git-workspace-state:" }, + "type": { "const": "GitWorkspaceState" }, + "specVersion": { "type": "string" }, + "sessionRef": { "type": "string", "pattern": "^urn:srcos:session:" }, + "capabilityLedgerRef": { "type": "string", "pattern": "^urn:srcos:capability-ledger:" }, + "agentMachineReceiptRef": { "type": ["string", "null"], "pattern": "^urn:srcos:agent-machine-receipt:" }, + "workspaceRef": { "type": "string", "pattern": "^urn:srcos:workspace:" }, + "state": { "type": "string", "enum": ["not_a_repo", "repo_root", "inside_worktree", "inside_git_dir", "bare_repo", "worktree_no_remote", "detached_head", "corrupt_repo", "permission_denied", "operation_superseded"] }, + "severity": { "type": "string", "enum": ["debug", "info", "warning", "error"] }, + "operation": { "type": "string", "enum": ["passive_discovery", "watcher_refresh", "user_requested_command", "agent_requested_command", "ci_validation"] }, + "actionability": { "type": "string", "enum": ["none", "remediation_hint", "blocked", "quarantined"] }, + "pathEvidence": { + "type": "object", + "additionalProperties": false, + "required": ["pathDigest", "redaction", "rawPathStored"], + "properties": { + "pathDigest": { "type": "string", "pattern": "^sha256:[a-fA-F0-9]{64}$" }, + "redactedPathHint": { "type": ["string", "null"] }, + "redaction": { "type": "string", "enum": ["none", "user_home_redacted", "workspace_alias", "digest_only"] }, + "rawPathStored": { "type": "boolean", "const": false } + } + }, + "gitFacts": { + "type": "object", + "additionalProperties": false, + "required": ["branch", "headSha", "remoteState", "worktreeRootDigest", "gitDirDigest"], + "properties": { + "branch": { "type": ["string", "null"] }, + "headSha": { "type": ["string", "null"], "pattern": "^[a-fA-F0-9]{7,40}$" }, + "remoteState": { "type": "string", "enum": ["available", "missing", "not_applicable", "error", "unknown"] }, + "worktreeRootDigest": { "type": ["string", "null"], "pattern": "^sha256:[a-fA-F0-9]{64}$" }, + "gitDirDigest": { "type": ["string", "null"], "pattern": "^sha256:[a-fA-F0-9]{64}$" }, + "failureReason": { "type": ["string", "null"] }, + "commandClass": { "type": ["string", "null"], "enum": ["config", "rev_parse", "symbolic_ref", "for_each_ref", "status", "remote", "watcher", null] } + } + }, + "expectedNegativeState": { "type": "boolean" }, + "causalRefs": { "type": "array", "items": { "type": "string" } }, + "policyDecisionRef": { "type": "string", "pattern": "^urn:srcos:decision:" }, + "evidenceRefs": { "type": "array", "minItems": 1, "items": { "type": "string" } }, + "capturedAt": { "type": "string", "format": "date-time" } + } +} From 5f901bcc287500efb6aa2212cca59e19fb4e652d Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 11:35:41 -0400 Subject: [PATCH 04/15] Add runtime observability OrphanEventReceipt schema --- schemas/OrphanEventReceipt.json | 54 +++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 schemas/OrphanEventReceipt.json diff --git a/schemas/OrphanEventReceipt.json b/schemas/OrphanEventReceipt.json new file mode 100644 index 0000000..bec740b --- /dev/null +++ b/schemas/OrphanEventReceipt.json @@ -0,0 +1,54 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/OrphanEventReceipt.json", + "title": "OrphanEventReceipt", + "description": "Receipt for lifecycle events that could not initially attach to a known session DAG node and were recovered or quarantined with evidence.", + "type": "object", + "additionalProperties": false, + "required": ["id", "type", "specVersion", "eventRef", "eventClass", "observedAt", "sessionResolution", "ttl", "policyDecisionRef", "evidenceRefs", "capturedAt"], + "properties": { + "id": { "type": "string", "pattern": "^urn:srcos:receipt:orphan-event:" }, + "type": { "const": "OrphanEventReceipt" }, + "specVersion": { "type": "string" }, + "eventRef": { "type": "string", "pattern": "^urn:srcos:event:" }, + "eventClass": { "type": "string", "enum": ["agent_lifecycle", "runtime_lifecycle", "browser_automation", "terminal_workspace", "plugin", "transport", "unknown"] }, + "observedAt": { "type": "string", "format": "date-time" }, + "rawEventDigest": { "type": "string", "pattern": "^sha256:[a-fA-F0-9]{64}$" }, + "sessionResolution": { + "type": "object", + "additionalProperties": false, + "required": ["state", "candidateSessionRefs", "recoveredSessionRef", "recoveredDagNodeRef", "reconciledAt", "quarantinedAt"], + "properties": { + "state": { "type": "string", "enum": ["queued", "recovered", "quarantined", "discarded_duplicate"] }, + "candidateSessionRefs": { "type": "array", "items": { "type": "string", "pattern": "^urn:srcos:session:" } }, + "recoveredSessionRef": { "type": ["string", "null"], "pattern": "^urn:srcos:session:" }, + "recoveredDagNodeRef": { "type": ["string", "null"], "pattern": "^urn:srcos:session-dag-node:" }, + "reconciledAt": { "type": ["string", "null"], "format": "date-time" }, + "quarantinedAt": { "type": ["string", "null"], "format": "date-time" } + } + }, + "ttl": { + "type": "object", + "additionalProperties": false, + "required": ["expiresAt", "expired"], + "properties": { + "expiresAt": { "type": "string", "format": "date-time" }, + "expired": { "type": "boolean" } + } + }, + "correlationKeys": { + "type": "object", + "additionalProperties": false, + "properties": { + "conversationId": { "type": ["string", "null"] }, + "parentId": { "type": ["string", "null"] }, + "workspaceRef": { "type": ["string", "null"], "pattern": "^urn:srcos:workspace:" }, + "taskRef": { "type": ["string", "null"] } + } + }, + "causalRefs": { "type": "array", "items": { "type": "string" } }, + "policyDecisionRef": { "type": "string", "pattern": "^urn:srcos:decision:" }, + "evidenceRefs": { "type": "array", "minItems": 1, "items": { "type": "string" } }, + "capturedAt": { "type": "string", "format": "date-time" } + } +} From 43978707593e91c4c8d33864420df136240b5d81 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 11:37:02 -0400 Subject: [PATCH 05/15] Add runtime observability RuntimeInstallReceipt schema --- schemas/RuntimeInstallReceipt.json | 58 ++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 schemas/RuntimeInstallReceipt.json diff --git a/schemas/RuntimeInstallReceipt.json b/schemas/RuntimeInstallReceipt.json new file mode 100644 index 0000000..0eaec3c --- /dev/null +++ b/schemas/RuntimeInstallReceipt.json @@ -0,0 +1,58 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/RuntimeInstallReceipt.json", + "title": "RuntimeInstallReceipt", + "description": "Receipt for runtime installation, update, rollback, denial, or partial install flows with artifact verification, compact log references, policy decision linkage, and evidence references.", + "type": "object", + "additionalProperties": false, + "required": ["id", "type", "specVersion", "sessionRef", "capabilityLedgerRef", "runtimeRef", "targetRef", "platform", "installState", "manifest", "artifacts", "logMode", "policyDecisionRef", "evidenceRefs", "startedAt", "capturedAt"], + "properties": { + "id": { "type": "string", "pattern": "^urn:srcos:receipt:runtime-install:" }, + "type": { "const": "RuntimeInstallReceipt" }, + "specVersion": { "type": "string" }, + "sessionRef": { "type": "string", "pattern": "^urn:srcos:session:" }, + "capabilityLedgerRef": { "type": "string", "pattern": "^urn:srcos:capability-ledger:" }, + "agentMachineReceiptRef": { "type": ["string", "null"], "pattern": "^urn:srcos:agent-machine-receipt:" }, + "runtimeRef": { "type": "string", "pattern": "^urn:srcos:runtime:" }, + "runtimeName": { "type": ["string", "null"] }, + "runtimeVersion": { "type": ["string", "null"] }, + "targetRef": { "type": "string", "pattern": "^urn:srcos:target:" }, + "platform": { "type": "string", "enum": ["darwin-arm64", "darwin-x64", "linux-x64", "linux-arm64", "win32-x64"] }, + "installState": { "type": "string", "enum": ["requested", "manifest_resolved", "artifact_verified", "installing", "installed", "failed", "rolled_back", "partial", "denied", "deferred"] }, + "manifest": { + "type": "object", + "additionalProperties": false, + "required": ["manifestRef", "manifestDigest", "resolvedAt"], + "properties": { + "manifestRef": { "type": "string" }, + "manifestDigest": { "type": "string", "pattern": "^sha256:[a-fA-F0-9]{64}$" }, + "bundleFormatVersion": { "type": ["string", "integer", "null"] }, + "resolvedAt": { "type": "string", "format": "date-time" } + } + }, + "artifacts": { + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "additionalProperties": false, + "required": ["artifactRef", "digest", "verificationState"], + "properties": { + "artifactRef": { "type": "string" }, + "digest": { "type": "string", "pattern": "^sha256:[a-fA-F0-9]{64}$" }, + "sizeBytes": { "type": ["integer", "null"], "minimum": 0 }, + "verificationState": { "type": "string", "enum": ["not_checked", "verified", "failed", "skipped"] } + } + } + }, + "rollbackRef": { "type": ["string", "null"] }, + "failureReason": { "type": ["string", "null"] }, + "logMode": { "type": "string", "enum": ["compact_receipt_ref", "full_debug_redacted"] }, + "causalRefs": { "type": "array", "items": { "type": "string" } }, + "policyDecisionRef": { "type": "string", "pattern": "^urn:srcos:decision:" }, + "evidenceRefs": { "type": "array", "minItems": 1, "items": { "type": "string" } }, + "startedAt": { "type": "string", "format": "date-time" }, + "finishedAt": { "type": ["string", "null"], "format": "date-time" }, + "capturedAt": { "type": "string", "format": "date-time" } + } +} From d8127e9b55388801d12fbbb6bde86e03bdd23448 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 12:56:51 -0400 Subject: [PATCH 06/15] Add CapabilityLedger runtime observability example --- examples/capabilityledger.json | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 examples/capabilityledger.json diff --git a/examples/capabilityledger.json b/examples/capabilityledger.json new file mode 100644 index 0000000..40ea3f1 --- /dev/null +++ b/examples/capabilityledger.json @@ -0,0 +1,21 @@ +{ + "id": "urn:srcos:capability-ledger:runtime-observability-0001", + "type": "CapabilityLedger", + "specVersion": "0.1.0", + "capabilityRef": "urn:srcos:capability:browser-automation@0.1.0", + "sessionRef": "urn:srcos:session:runtime-observability-demo-0001", + "agentMachineReceiptRef": "urn:srcos:agent-machine-receipt:runtime-probe-0001", + "declaredBy": ["config", "ui"], + "negotiatedBy": ["runtime", "server", "plugin", "policy", "schema", "transport"], + "effectiveState": "enabled", + "stateReason": "All planes agreed on the requested browser automation capability under policy.", + "ownerRefs": ["urn:srcos:agent:bearbrowser-demo-agent"], + "conflictRefs": [], + "causalRefs": ["urn:srcos:event:runtime-capability-negotiation-0001"], + "policyDecisionRef": "urn:srcos:decision:runtime-observability-policy-0001", + "evidenceRefs": [ + "urn:srcos:evidence:runtime-observability-capability-handshake-0001", + "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + ], + "capturedAt": "2026-05-06T04:30:00Z" +} From 519da78596af8daaf39e9caf492d29910937f8c5 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 13:00:13 -0400 Subject: [PATCH 07/15] Add BrowserAutomationReceipt runtime observability example --- examples/browserautomationreceipt.json | 32 ++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 examples/browserautomationreceipt.json diff --git a/examples/browserautomationreceipt.json b/examples/browserautomationreceipt.json new file mode 100644 index 0000000..9209777 --- /dev/null +++ b/examples/browserautomationreceipt.json @@ -0,0 +1,32 @@ +{ + "id": "urn:srcos:receipt:browser-automation:runtime-observability-0001", + "type": "BrowserAutomationReceipt", + "specVersion": "0.1.0", + "sessionRef": "urn:srcos:session:runtime-observability-demo-0001", + "capabilityLedgerRef": "urn:srcos:capability-ledger:runtime-observability-0001", + "ownerRef": "urn:srcos:agent:bearbrowser-demo-agent", + "transport": "native_pipe", + "permissionScope": ["read_page", "activate_control", "enter_text", "navigate"], + "origin": "workspace", + "controlledScope": { + "windowRef": "urn:srcos:browser-window:demo-0001", + "tabRef": "urn:srcos:browser-tab:demo-0001", + "urlOrigin": "https://example.invalid", + "workspaceRef": "urn:srcos:workspace:runtime-observability-demo" + }, + "userVisible": true, + "revocable": true, + "startedAt": "2026-05-06T04:31:00Z", + "revokedAt": null, + "terminalState": "active", + "causalRefs": [ + "urn:srcos:capability-ledger:runtime-observability-0001", + "urn:srcos:event:browser-automation-started-0001" + ], + "policyDecisionRef": "urn:srcos:decision:runtime-observability-policy-0001", + "evidenceRefs": [ + "urn:srcos:evidence:browser-automation-session-visible-0001", + "sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" + ], + "capturedAt": "2026-05-06T04:31:05Z" +} From 8ecd57449e307203a8dc9788269c7291486d6b89 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 13:03:00 -0400 Subject: [PATCH 08/15] Add GitWorkspaceState runtime observability example --- examples/gitworkspacestate.json | 39 +++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 examples/gitworkspacestate.json diff --git a/examples/gitworkspacestate.json b/examples/gitworkspacestate.json new file mode 100644 index 0000000..37450e6 --- /dev/null +++ b/examples/gitworkspacestate.json @@ -0,0 +1,39 @@ +{ + "id": "urn:srcos:git-workspace-state:runtime-observability-0001", + "type": "GitWorkspaceState", + "specVersion": "0.1.0", + "sessionRef": "urn:srcos:session:runtime-observability-demo-0001", + "capabilityLedgerRef": "urn:srcos:capability-ledger:runtime-observability-0001", + "agentMachineReceiptRef": "urn:srcos:agent-machine-receipt:runtime-probe-0001", + "workspaceRef": "urn:srcos:workspace:runtime-observability-demo", + "state": "not_a_repo", + "severity": "info", + "operation": "passive_discovery", + "actionability": "none", + "pathEvidence": { + "pathDigest": "sha256:cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc", + "redactedPathHint": "~/Documents/New project", + "redaction": "user_home_redacted", + "rawPathStored": false + }, + "gitFacts": { + "branch": null, + "headSha": null, + "remoteState": "not_applicable", + "worktreeRootDigest": null, + "gitDirDigest": null, + "failureReason": "Passive discovery classified the directory as not_a_repo; no warning is required.", + "commandClass": "rev_parse" + }, + "expectedNegativeState": true, + "causalRefs": [ + "urn:srcos:event:git-passive-discovery-0001", + "urn:srcos:capability-ledger:runtime-observability-0001" + ], + "policyDecisionRef": "urn:srcos:decision:runtime-observability-policy-0001", + "evidenceRefs": [ + "urn:srcos:evidence:git-workspace-passive-discovery-0001", + "sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd" + ], + "capturedAt": "2026-05-06T04:32:00Z" +} From b6572ae07d3578661861ff1c605b596e861fc564 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 13:04:28 -0400 Subject: [PATCH 09/15] Add OrphanEventReceipt runtime observability example --- examples/orphaneventreceipt.json | 39 ++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 examples/orphaneventreceipt.json diff --git a/examples/orphaneventreceipt.json b/examples/orphaneventreceipt.json new file mode 100644 index 0000000..51c6ec8 --- /dev/null +++ b/examples/orphaneventreceipt.json @@ -0,0 +1,39 @@ +{ + "id": "urn:srcos:receipt:orphan-event:runtime-observability-0001", + "type": "OrphanEventReceipt", + "specVersion": "0.1.0", + "eventRef": "urn:srcos:event:turn-started-before-session-registry-0001", + "eventClass": "agent_lifecycle", + "observedAt": "2026-05-06T04:33:00Z", + "rawEventDigest": "sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee", + "sessionResolution": { + "state": "recovered", + "candidateSessionRefs": [ + "urn:srcos:session:runtime-observability-demo-0001" + ], + "recoveredSessionRef": "urn:srcos:session:runtime-observability-demo-0001", + "recoveredDagNodeRef": "urn:srcos:session-dag-node:runtime-observability-demo-turn-started-0001", + "reconciledAt": "2026-05-06T04:33:10Z", + "quarantinedAt": null + }, + "ttl": { + "expiresAt": "2026-05-06T04:38:00Z", + "expired": false + }, + "correlationKeys": { + "conversationId": "runtime-observability-demo-conversation", + "parentId": null, + "workspaceRef": "urn:srcos:workspace:runtime-observability-demo", + "taskRef": "urn:srcos:task:runtime-observability-demo-0001" + }, + "causalRefs": [ + "urn:srcos:event:runtime-session-bootstrap-0001", + "urn:srcos:capability-ledger:runtime-observability-0001" + ], + "policyDecisionRef": "urn:srcos:decision:runtime-observability-policy-0001", + "evidenceRefs": [ + "urn:srcos:evidence:orphan-event-reconciliation-0001", + "sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + ], + "capturedAt": "2026-05-06T04:33:15Z" +} From 00949da104e4048fcc83b79d1253ca962df9f139 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 13:22:47 -0400 Subject: [PATCH 10/15] Add RuntimeInstallReceipt runtime observability example --- examples/runtimeinstallreceipt.json | 43 +++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 examples/runtimeinstallreceipt.json diff --git a/examples/runtimeinstallreceipt.json b/examples/runtimeinstallreceipt.json new file mode 100644 index 0000000..3a078c0 --- /dev/null +++ b/examples/runtimeinstallreceipt.json @@ -0,0 +1,43 @@ +{ + "id": "urn:srcos:receipt:runtime-install:runtime-observability-0001", + "type": "RuntimeInstallReceipt", + "specVersion": "0.1.0", + "sessionRef": "urn:srcos:session:runtime-observability-demo-0001", + "capabilityLedgerRef": "urn:srcos:capability-ledger:runtime-observability-0001", + "agentMachineReceiptRef": "urn:srcos:agent-machine-receipt:runtime-probe-0001", + "runtimeRef": "urn:srcos:runtime:sourceos-agent-runtime@0.1.0", + "runtimeName": "sourceos-agent-runtime", + "runtimeVersion": "0.1.0", + "targetRef": "urn:srcos:target:developer-workstation-demo-0001", + "platform": "linux-x64", + "installState": "installed", + "manifest": { + "manifestRef": "urn:srcos:artifact:runtime-manifest-sourceos-agent-runtime-0.1.0", + "manifestDigest": "sha256:1111111111111111111111111111111111111111111111111111111111111111", + "bundleFormatVersion": "1", + "resolvedAt": "2026-05-06T04:34:00Z" + }, + "artifacts": [ + { + "artifactRef": "urn:srcos:artifact:sourceos-agent-runtime-linux-x64-0.1.0.tar.xz", + "digest": "sha256:2222222222222222222222222222222222222222222222222222222222222222", + "sizeBytes": 1048576, + "verificationState": "verified" + } + ], + "rollbackRef": null, + "failureReason": null, + "logMode": "compact_receipt_ref", + "causalRefs": [ + "urn:srcos:event:runtime-install-requested-0001", + "urn:srcos:capability-ledger:runtime-observability-0001" + ], + "policyDecisionRef": "urn:srcos:decision:runtime-observability-policy-0001", + "evidenceRefs": [ + "urn:srcos:evidence:runtime-install-verified-0001", + "sha256:3333333333333333333333333333333333333333333333333333333333333333" + ], + "startedAt": "2026-05-06T04:34:00Z", + "finishedAt": "2026-05-06T04:35:00Z", + "capturedAt": "2026-05-06T04:35:05Z" +} From 2a1303236a0312c93b9599085b31d641e0d4cc8d Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 13:25:53 -0400 Subject: [PATCH 11/15] Add runtime observability example validator --- ...validate_runtime_observability_examples.py | 174 ++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 tools/validate_runtime_observability_examples.py diff --git a/tools/validate_runtime_observability_examples.py b/tools/validate_runtime_observability_examples.py new file mode 100644 index 0000000..33576d4 --- /dev/null +++ b/tools/validate_runtime_observability_examples.py @@ -0,0 +1,174 @@ +#!/usr/bin/env python3 +"""Validate runtime observability and capability governance examples. + +This validator intentionally goes beyond simple JSON Schema validation. It also +checks the properties that matter for evidence discipline: unique IDs, required +cross-reference shapes, non-empty evidence references, timestamp parseability, +and no raw workspace path storage for GitWorkspaceState examples. +""" + +from __future__ import annotations + +import json +from datetime import datetime +from pathlib import Path +from typing import Any + +import jsonschema + +ROOT = Path(__file__).resolve().parents[1] + +PAIRS = [ + ("schemas/CapabilityLedger.json", "examples/capabilityledger.json"), + ("schemas/BrowserAutomationReceipt.json", "examples/browserautomationreceipt.json"), + ("schemas/GitWorkspaceState.json", "examples/gitworkspacestate.json"), + ("schemas/OrphanEventReceipt.json", "examples/orphaneventreceipt.json"), + ("schemas/RuntimeInstallReceipt.json", "examples/runtimeinstallreceipt.json"), +] + +EXPECTED_IDS = { + "CapabilityLedger": "urn:srcos:capability-ledger:", + "BrowserAutomationReceipt": "urn:srcos:receipt:browser-automation:", + "GitWorkspaceState": "urn:srcos:git-workspace-state:", + "OrphanEventReceipt": "urn:srcos:receipt:orphan-event:", + "RuntimeInstallReceipt": "urn:srcos:receipt:runtime-install:", +} + +TIMESTAMP_KEYS = { + "capturedAt", + "startedAt", + "finishedAt", + "revokedAt", + "observedAt", + "reconciledAt", + "quarantinedAt", + "expiresAt", + "resolvedAt", +} + + +def load_json(relative: str) -> dict[str, Any]: + path = ROOT / relative + with path.open("r", encoding="utf-8") as fh: + return json.load(fh) + + +def walk(value: Any): + if isinstance(value, dict): + yield value + for item in value.values(): + yield from walk(item) + elif isinstance(value, list): + for item in value: + yield from walk(item) + + +def parse_timestamp(value: str, *, where: str) -> None: + try: + datetime.fromisoformat(value.replace("Z", "+00:00")) + except ValueError as exc: + raise AssertionError(f"Invalid timestamp at {where}: {value}") from exc + + +def validate_timestamps(doc: dict[str, Any], example_path: str) -> None: + def visit(value: Any, path: str = "$") -> None: + if isinstance(value, dict): + for key, child in value.items(): + child_path = f"{path}.{key}" + if key in TIMESTAMP_KEYS and child is not None: + if not isinstance(child, str): + raise AssertionError(f"Timestamp field is not string at {example_path}:{child_path}") + parse_timestamp(child, where=f"{example_path}:{child_path}") + visit(child, child_path) + elif isinstance(value, list): + for index, child in enumerate(value): + visit(child, f"{path}[{index}]") + + visit(doc) + + +def validate_common(doc: dict[str, Any], example_path: str, seen_ids: set[str]) -> None: + doc_type = doc.get("type") + doc_id = doc.get("id") + if doc_type not in EXPECTED_IDS: + raise AssertionError(f"Unexpected type in {example_path}: {doc_type}") + if not isinstance(doc_id, str) or not doc_id.startswith(EXPECTED_IDS[doc_type]): + raise AssertionError(f"Invalid id prefix in {example_path}: {doc_id}") + if doc_id in seen_ids: + raise AssertionError(f"Duplicate id in examples: {doc_id}") + seen_ids.add(doc_id) + + evidence = doc.get("evidenceRefs") + if not isinstance(evidence, list) or not evidence: + raise AssertionError(f"Missing non-empty evidenceRefs in {example_path}") + + policy = doc.get("policyDecisionRef") + if not isinstance(policy, str) or not policy.startswith("urn:srcos:decision:"): + raise AssertionError(f"Invalid policyDecisionRef in {example_path}: {policy}") + + validate_timestamps(doc, example_path) + + +def validate_specific(doc: dict[str, Any], example_path: str) -> None: + doc_type = doc["type"] + + if doc_type in {"BrowserAutomationReceipt", "GitWorkspaceState", "RuntimeInstallReceipt"}: + session_ref = doc.get("sessionRef") + if not isinstance(session_ref, str) or not session_ref.startswith("urn:srcos:session:"): + raise AssertionError(f"Invalid sessionRef in {example_path}: {session_ref}") + ledger_ref = doc.get("capabilityLedgerRef") + if not isinstance(ledger_ref, str) or not ledger_ref.startswith("urn:srcos:capability-ledger:"): + raise AssertionError(f"Invalid capabilityLedgerRef in {example_path}: {ledger_ref}") + + if doc_type == "GitWorkspaceState": + path_evidence = doc.get("pathEvidence", {}) + if path_evidence.get("rawPathStored") is not False: + raise AssertionError("GitWorkspaceState must not store raw paths") + + if doc_type == "BrowserAutomationReceipt": + started_at = doc.get("startedAt") + captured_at = doc.get("capturedAt") + revoked_at = doc.get("revokedAt") + if started_at and captured_at: + start = datetime.fromisoformat(started_at.replace("Z", "+00:00")) + captured = datetime.fromisoformat(captured_at.replace("Z", "+00:00")) + if captured < start: + raise AssertionError("BrowserAutomationReceipt capturedAt precedes startedAt") + if revoked_at: + revoked = datetime.fromisoformat(revoked_at.replace("Z", "+00:00")) + start = datetime.fromisoformat(started_at.replace("Z", "+00:00")) + if revoked < start: + raise AssertionError("BrowserAutomationReceipt revokedAt precedes startedAt") + + if doc_type == "OrphanEventReceipt": + resolution = doc.get("sessionResolution", {}) + state = resolution.get("state") + if state == "recovered" and not resolution.get("recoveredSessionRef"): + raise AssertionError("Recovered orphan event requires recoveredSessionRef") + if state == "quarantined" and not resolution.get("quarantinedAt"): + raise AssertionError("Quarantined orphan event requires quarantinedAt") + + if doc_type == "RuntimeInstallReceipt": + artifacts = doc.get("artifacts") + if not isinstance(artifacts, list) or not artifacts: + raise AssertionError("RuntimeInstallReceipt requires at least one artifact") + if doc.get("logMode") != "compact_receipt_ref": + raise AssertionError("RuntimeInstallReceipt canonical example must use compact_receipt_ref") + + +def main() -> None: + seen_ids: set[str] = set() + for schema_path, example_path in PAIRS: + schema = load_json(schema_path) + example = load_json(example_path) + jsonschema.Draft202012Validator.check_schema(schema) + jsonschema.validate(instance=example, schema=schema) + validate_common(example, example_path, seen_ids) + validate_specific(example, example_path) + print(f"OK: {example_path} -> {schema_path}") + + print("OK: runtime observability examples") + + +if __name__ == "__main__": + main() From f73ceb0714da6c9abd3ffc7de05f1718d18fa551 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 13:33:39 -0400 Subject: [PATCH 12/15] Wire runtime observability examples into validation --- Makefile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index fd1ea2b..0f9ee82 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ -.PHONY: validate validate-control-plane-examples validate-nlboot-examples validate-lattice-data-governai-examples validate-ops-history-examples +.PHONY: validate validate-control-plane-examples validate-nlboot-examples validate-lattice-data-governai-examples validate-ops-history-examples validate-runtime-observability-examples -validate: validate-control-plane-examples validate-nlboot-examples validate-lattice-data-governai-examples validate-ops-history-examples +validate: validate-control-plane-examples validate-nlboot-examples validate-lattice-data-governai-examples validate-ops-history-examples validate-runtime-observability-examples @echo "OK: validate" validate-control-plane-examples: @@ -18,3 +18,7 @@ validate-lattice-data-governai-examples: validate-ops-history-examples: python3 -m pip install --user jsonschema >/dev/null python3 tools/validate_ops_history_examples.py + +validate-runtime-observability-examples: + python3 -m pip install --user jsonschema >/dev/null + python3 tools/validate_runtime_observability_examples.py From 92a4617b27fb55a587dace4f24dd271962536a54 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 13:35:30 -0400 Subject: [PATCH 13/15] Add runtime observability contract catalog --- docs/runtime-observability-contracts.md | 87 +++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 docs/runtime-observability-contracts.md diff --git a/docs/runtime-observability-contracts.md b/docs/runtime-observability-contracts.md new file mode 100644 index 0000000..6337bd8 --- /dev/null +++ b/docs/runtime-observability-contracts.md @@ -0,0 +1,87 @@ +# Runtime observability and capability governance contracts + +## Purpose + +This contract family adds typed runtime evidence records for SourceOS desktop, browser, terminal, session, and runtime-install flows. The goal is to make effective capability state, assisted browser sessions, workspace classification, session-event recovery, and runtime installation provenance explicit and reviewable. + +The family is additive. It does not replace `SessionReceipt`, `AgentMachineReceipt`, `PolicyDecision`, `TelemetryEvent`, or release records. It adds focused evidence surfaces that downstream implementations can emit and validators can check. + +## Contract family + +| Schema | Type | URN prefix | Primary owner | +|---|---|---|---| +| `schemas/CapabilityLedger.json` | `CapabilityLedger` | `urn:srcos:capability-ledger:` | `SourceOS-Linux/sourceos-shell` | +| `schemas/BrowserAutomationReceipt.json` | `BrowserAutomationReceipt` | `urn:srcos:receipt:browser-automation:` | `SourceOS-Linux/BearBrowser` | +| `schemas/GitWorkspaceState.json` | `GitWorkspaceState` | `urn:srcos:git-workspace-state:` | `SourceOS-Linux/agent-term` | +| `schemas/OrphanEventReceipt.json` | `OrphanEventReceipt` | `urn:srcos:receipt:orphan-event:` | `SocioProphet/sociosphere` | +| `schemas/RuntimeInstallReceipt.json` | `RuntimeInstallReceipt` | `urn:srcos:receipt:runtime-install:` | Agent Machine / runtime installer lane | + +## Canonical examples + +| Example | Schema | Scenario | +|---|---|---| +| `examples/capabilityledger.json` | `CapabilityLedger` | Browser assistance capability resolves to `enabled` after cross-plane reconciliation. | +| `examples/browserautomationreceipt.json` | `BrowserAutomationReceipt` | User-visible, revocable browser assistance session with policy decision and evidence references. | +| `examples/gitworkspacestate.json` | `GitWorkspaceState` | Passive Git discovery classifies a non-repo directory as an expected negative state. | +| `examples/orphaneventreceipt.json` | `OrphanEventReceipt` | Lifecycle event initially missing session attachment is recovered and linked to a session DAG node before TTL expiry. | +| `examples/runtimeinstallreceipt.json` | `RuntimeInstallReceipt` | Runtime install resolves a manifest, verifies an artifact, emits compact receipt references, and records install success. | + +## Trace story + +```text +AgentSession + -> CapabilityLedger + records effective capability truth after cross-plane reconciliation + -> BrowserAutomationReceipt + records owned, visible, scoped, policy-governed browser assistance + -> GitWorkspaceState + classifies workspace state before passive or requested Git operations + -> OrphanEventReceipt + records recovery or quarantine for lifecycle events without immediate session attachment + -> RuntimeInstallReceipt + records runtime manifest resolution, artifact verification, install state, and compact log mode +``` + +## Design requirements + +1. A feature becomes effective only after the capability ledger records a reconciled state. +2. Browser assistance sessions must be visible, owned, scoped, policy-governed, evidence-backed, and revocable. +3. Git discovery must classify workspace state before issuing user-facing remediation. +4. Lifecycle events without immediate session attachment must enter recovery or quarantine. +5. Runtime install logs should emit compact receipt references by default; full manifests belong in evidence bundles. +6. Examples must include non-empty `evidenceRefs`, `policyDecisionRef`, parseable timestamps, and stable URN prefixes. + +## Validation + +The `validate-runtime-observability-examples` make target runs `tools/validate_runtime_observability_examples.py`. It validates schema conformance plus evidence-discipline invariants: + +- unique example IDs +- required URN prefixes +- non-empty `evidenceRefs` +- required `policyDecisionRef` +- parseable timestamps +- no raw path storage in `GitWorkspaceState` +- browser session timestamp ordering +- orphan-event recovery/quarantine consistency +- compact runtime-install log mode in the canonical example + +```bash +make validate-runtime-observability-examples +``` + +## Downstream rollout order + +1. Merge the schema/example/validation tranche in `SourceOS-Linux/sourceos-spec`. +2. Implement `BrowserAutomationReceipt` emission and visible session controls in `SourceOS-Linux/BearBrowser`. +3. Implement `GitWorkspaceState` classifier and severity discipline in `SourceOS-Linux/agent-term`. +4. Implement `CapabilityLedger` reconciliation and surface display in `SourceOS-Linux/sourceos-shell`. +5. Implement `OrphanEventReceipt` queue/recovery/quarantine in `SocioProphet/sociosphere`. +6. Implement `RuntimeInstallReceipt` emission in the Agent Machine / runtime installer lane. + +## Related issues + +- Parent spec: `SourceOS-Linux/sourceos-spec#99` +- Browser implementation: `SourceOS-Linux/BearBrowser#25` +- Terminal implementation: `SourceOS-Linux/agent-term#39` +- Shell implementation: `SourceOS-Linux/sourceos-shell#12` +- Sociosphere implementation: `SocioProphet/sociosphere#283` From a9310b1699cef91c9eef486ae6b2b5a03c0d5fea Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 13:45:40 -0400 Subject: [PATCH 14/15] Add ADR for runtime observability contracts --- ...ime-observability-capability-governance.md | 83 +++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 docs/adr/0012-runtime-observability-capability-governance.md diff --git a/docs/adr/0012-runtime-observability-capability-governance.md b/docs/adr/0012-runtime-observability-capability-governance.md new file mode 100644 index 0000000..75b5839 --- /dev/null +++ b/docs/adr/0012-runtime-observability-capability-governance.md @@ -0,0 +1,83 @@ +# ADR-0012: Runtime observability and capability governance contracts + +## Status + +Accepted for review. + +## Context + +SourceOS needs a shared contract layer for runtime capability state, browser assistance sessions, terminal workspace classification, session-event recovery, and runtime installation provenance. + +The motivating design issue is cross-plane drift: configuration, UI, runtime, server, plugin, policy, schema, and transport planes can disagree about whether a capability is available or effective. Without typed evidence records, downstream components can only infer state from logs. + +## Decision + +Add an additive runtime observability contract family: + +| Schema | Purpose | +|---|---| +| `CapabilityLedger` | Records effective capability state after cross-plane reconciliation. | +| `BrowserAutomationReceipt` | Records visible, owned, scoped, policy-governed browser assistance sessions. | +| `GitWorkspaceState` | Records typed Git/workspace classification before passive or requested Git operations. | +| `OrphanEventReceipt` | Records recovery or quarantine for lifecycle events without immediate session attachment. | +| `RuntimeInstallReceipt` | Records runtime manifest resolution, artifact verification, install lifecycle state, and compact log mode. | + +These contracts complement existing `SessionReceipt`, `AgentMachineReceipt`, `PolicyDecision`, `TelemetryEvent`, release, and provenance records. + +## Design constraints + +1. Effective capability state must be reconciled, not locally asserted. +2. Browser assistance sessions must have visible ownership and revocation state. +3. Terminal Git discovery must classify expected negative states without misleading warning noise. +4. Lifecycle events without immediate session attachment must enter a typed recovery or quarantine path. +5. Runtime installation must record manifest and artifact evidence while keeping ordinary logs compact. +6. Examples must carry evidence references, policy-decision references, stable URN prefixes, and parseable timestamps. + +## Validation + +The repository adds `tools/validate_runtime_observability_examples.py` and wires it into `make validate` through `validate-runtime-observability-examples`. + +The validator checks schema conformance plus evidence-discipline invariants: + +- unique example IDs +- required URN prefixes +- non-empty `evidenceRefs` +- required `policyDecisionRef` +- timestamp parseability +- no raw path storage in `GitWorkspaceState` +- browser-session timestamp ordering +- orphan-event recovery/quarantine consistency +- compact runtime-install log mode in the canonical example + +## Downstream ownership + +| Downstream repo | Contract responsibility | +|---|---| +| `SourceOS-Linux/sourceos-shell` | Emit and surface `CapabilityLedger` entries. | +| `SourceOS-Linux/BearBrowser` | Emit `BrowserAutomationReceipt` entries and expose visible session controls. | +| `SourceOS-Linux/agent-term` | Emit `GitWorkspaceState` entries and enforce severity discipline. | +| `SocioProphet/sociosphere` | Emit `OrphanEventReceipt` entries and implement event recovery/quarantine. | +| Agent Machine / runtime installer lane | Emit `RuntimeInstallReceipt` entries. | + +## Consequences + +Positive: + +- Makes capability drift detectable and reviewable. +- Gives downstream repos concrete schema targets. +- Improves log quality by using compact receipt references. +- Provides a path for cross-repo validation before downstream runtime implementation. + +Costs: + +- Adds five new schemas and examples. +- Requires downstream emitters and validators to adopt the contract family. +- Requires future schema evolution discipline as implementations mature. + +## Related issues + +- Parent spec: `SourceOS-Linux/sourceos-spec#99` +- Browser implementation: `SourceOS-Linux/BearBrowser#25` +- Terminal implementation: `SourceOS-Linux/agent-term#39` +- Shell implementation: `SourceOS-Linux/sourceos-shell#12` +- Sociosphere implementation: `SocioProphet/sociosphere#283` From 57ec9ddedd7a9d87853369af1ed9fa1ddb21c1b0 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 6 May 2026 13:59:17 -0400 Subject: [PATCH 15/15] Update changelog for runtime observability contracts --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 827d28c..fc21663 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). Thi ## [Unreleased] ### Added +- Runtime observability and capability governance contracts: `CapabilityLedger`, `BrowserAutomationReceipt`, `GitWorkspaceState`, `OrphanEventReceipt`, and `RuntimeInstallReceipt` with canonical examples, validation wiring (`tools/validate_runtime_observability_examples.py`), a contract catalog, and ADR-0012. - Reasoning run contracts: `ReasoningRun`, `ReasoningEvent`, `ReasoningReceipt`, `ReasoningReplayPlan`, and `ReasoningBenchmark` with canonical examples and a contract-additions note for the Superconscious reference loop. - Agent Machine / Model Carry schemas: `SourceOSModelCarryRef`, `InferenceProvider`, `ModelResidency`, `PlacementFact`, and `AgentMachineReceipt` with canonical examples and a contract-additions placement note. - NLBoot object schemas: `NLBootPlan`, `ArtifactCacheRecord`, `BootProofRecord`, `AppleSiliconAdapterEvidence` with canonical examples and validation (`tools/validate_nlboot_examples.py`)