Conformance test suite for the Workstation Capability Protocol (WCP)
Project description
wcp-conformance
A standalone conformance test suite for the Workstation Capability
Protocol (WCP). It certifies any WCP endpoint — the wcpd reference
server or a third-party implementation — against the published contract:
the manifest schema (schemas/manifest.schema.json), the per-operation
schemas (schemas/ops/<op.id>.json), and the MCP binding described in the
WCP spec. This package depends only on that published standard; it never
imports or relies on wcpd internals.
The suite checks two things:
- Core conformance — the mandatory baseline every WCP server must
meet: a valid manifest and the required
wcp.systemoperations (e.g.describe). - Per-family conformance — for each capability family the server
advertises (
wcp.fs,wcp.exec,wcp.window, ...), whether its operations round-trip against their schemas and enforce scopes, sandboxing, and error codes correctly. A server that only implements a subset of families (e.g. a headless container with justfs+exec) can still be certified for exactly what it implements.
Results are structured as a list of CheckResults rolled up into a
ConformanceReport (see src/wcp_conformance/results.py), which can be
rendered as human-readable text (report.summary()) or serialized to
JSON (report.as_dict()).
Install
This package has its own virtualenv, independent of reference/wcpd.
cd conformance
python3 -m venv .venv
.venv/bin/pip install -e ".[dev]"
Test
cd conformance
.venv/bin/python -m pytest -q
Usage
wcp-conformance --help
The CLI needs a bearer token to call the target server. Exactly one of two token modes must be supplied:
-
Pre-minted tokens (works against any WCP server, including third-party implementations). The operator mints tokens out of band and passes them in:
wcp-conformance \ --endpoint https://workstation.example.com/mcp \ --token-admin "$ADMIN_TOKEN" \ --token-none "$ZERO_SCOPE_TOKEN" \ --token-star "$STAR_SCOPE_TOKEN" \ --json report.json
--token-admin: a full-scope token, used to exercise normal operation of every advertised family.--token-none: a zero-scope token, used to verify the server correctly denies unauthorized calls.--token-star: a token scoped to the wildcard*(but not the restrictedwcp:input:synthesizescope), used to verify wildcard scopes don't implicitly grant input synthesis.
-
Local HS256 minting (convenient against reference/HS256-based servers such as
wcpd). The suite mints its own tokens withpyjwt, given the server's shared secret:wcp-conformance \ --endpoint http://localhost:8977/mcp \ --jwt-secret "$WCP_JWT_SECRET" \ --workstation-id dev-ws \ --json report.json
By default the suite only ever invokes operations the target's manifest
marks read_only; it never performs a mutating action expected to
succeed. --include-mutating and --sandbox-path PATH (default .)
are available for exercising more of the surface — see
docs/certifying.md for details, including a
worked example with --include-mutating --sandbox-path /tmp/wcp-probe.
The CLI prints report.summary() to stdout (unless --quiet),
optionally writes a machine-readable report to the path given by
--json, and exits 0 if report.ok is true, 1 if a required check
failed, or 2 on a usage error (e.g. no token source supplied).
For the full certifying guide — both token modes, what "read-only by
default" means, and how to read core_conformant/family_verdicts in
the report — see docs/certifying.md.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file wcp_conformance-0.1.0.tar.gz.
File metadata
- Download URL: wcp_conformance-0.1.0.tar.gz
- Upload date:
- Size: 24.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
49b59be35382776af2d2c37b56dfdd54de2c27ec54cff098801e590fdf917764
|
|
| MD5 |
eb9f81254371e4d1816f2975f2a7a6e6
|
|
| BLAKE2b-256 |
1f4bdf58612abfe28eb06312d3ac17f614eac2979577197372279d034c217241
|
Provenance
The following attestation bundles were made for wcp_conformance-0.1.0.tar.gz:
Publisher:
release.yml on kchemorion/WorkstationCapabilityProtocol
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
wcp_conformance-0.1.0.tar.gz -
Subject digest:
49b59be35382776af2d2c37b56dfdd54de2c27ec54cff098801e590fdf917764 - Sigstore transparency entry: 2052977389
- Sigstore integration time:
-
Permalink:
kchemorion/WorkstationCapabilityProtocol@33d878ed3503c1211c0601347feaee8676b2ed02 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/kchemorion
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@33d878ed3503c1211c0601347feaee8676b2ed02 -
Trigger Event:
push
-
Statement type:
File details
Details for the file wcp_conformance-0.1.0-py3-none-any.whl.
File metadata
- Download URL: wcp_conformance-0.1.0-py3-none-any.whl
- Upload date:
- Size: 24.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b7a34af98fc4355a254da6e05fc85ba52de668b596bb9be48a81dafce3360436
|
|
| MD5 |
30215f9c750f275a9625fad51cb20cfb
|
|
| BLAKE2b-256 |
ca497153d948cf8c7d281a0eb27460c601565e7fb983fc4d9c937882ea64db19
|
Provenance
The following attestation bundles were made for wcp_conformance-0.1.0-py3-none-any.whl:
Publisher:
release.yml on kchemorion/WorkstationCapabilityProtocol
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
wcp_conformance-0.1.0-py3-none-any.whl -
Subject digest:
b7a34af98fc4355a254da6e05fc85ba52de668b596bb9be48a81dafce3360436 - Sigstore transparency entry: 2052977895
- Sigstore integration time:
-
Permalink:
kchemorion/WorkstationCapabilityProtocol@33d878ed3503c1211c0601347feaee8676b2ed02 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/kchemorion
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@33d878ed3503c1211c0601347feaee8676b2ed02 -
Trigger Event:
push
-
Statement type: