Skip to main content

Conformance test suite for the Workstation Capability Protocol (WCP)

Project description

wcp-conformance

A standalone conformance test suite for the Workstation Capability Protocol (WCP). It certifies any WCP endpoint — the wcpd reference server or a third-party implementation — against the published contract: the manifest schema (schemas/manifest.schema.json), the per-operation schemas (schemas/ops/<op.id>.json), and the MCP binding described in the WCP spec. This package depends only on that published standard; it never imports or relies on wcpd internals.

The suite checks two things:

  • Core conformance — the mandatory baseline every WCP server must meet: a valid manifest and the required wcp.system operations (e.g. describe).
  • Per-family conformance — for each capability family the server advertises (wcp.fs, wcp.exec, wcp.window, ...), whether its operations round-trip against their schemas and enforce scopes, sandboxing, and error codes correctly. A server that only implements a subset of families (e.g. a headless container with just fs + exec) can still be certified for exactly what it implements.

Results are structured as a list of CheckResults rolled up into a ConformanceReport (see src/wcp_conformance/results.py), which can be rendered as human-readable text (report.summary()) or serialized to JSON (report.as_dict()).

Install

This package has its own virtualenv, independent of reference/wcpd.

cd conformance
python3 -m venv .venv
.venv/bin/pip install -e ".[dev]"

Test

cd conformance
.venv/bin/python -m pytest -q

Usage

wcp-conformance --help

The CLI needs a bearer token to call the target server. Exactly one of two token modes must be supplied:

  1. Pre-minted tokens (works against any WCP server, including third-party implementations). The operator mints tokens out of band and passes them in:

    wcp-conformance \
      --endpoint https://workstation.example.com/mcp \
      --token-admin "$ADMIN_TOKEN" \
      --token-none "$ZERO_SCOPE_TOKEN" \
      --token-star "$STAR_SCOPE_TOKEN" \
      --json report.json
    
    • --token-admin: a full-scope token, used to exercise normal operation of every advertised family.
    • --token-none: a zero-scope token, used to verify the server correctly denies unauthorized calls.
    • --token-star: a token scoped to the wildcard * (but not the restricted wcp:input:synthesize scope), used to verify wildcard scopes don't implicitly grant input synthesis.
  2. Local HS256 minting (convenient against reference/HS256-based servers such as wcpd). The suite mints its own tokens with pyjwt, given the server's shared secret:

    wcp-conformance \
      --endpoint http://localhost:8977/mcp \
      --jwt-secret "$WCP_JWT_SECRET" \
      --workstation-id dev-ws \
      --json report.json
    

By default the suite only ever invokes operations the target's manifest marks read_only; it never performs a mutating action expected to succeed. --include-mutating and --sandbox-path PATH (default .) are available for exercising more of the surface — see docs/certifying.md for details, including a worked example with --include-mutating --sandbox-path /tmp/wcp-probe.

The CLI prints report.summary() to stdout (unless --quiet), optionally writes a machine-readable report to the path given by --json, and exits 0 if report.ok is true, 1 if a required check failed, or 2 on a usage error (e.g. no token source supplied).

For the full certifying guide — both token modes, what "read-only by default" means, and how to read core_conformant/family_verdicts in the report — see docs/certifying.md.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wcp_conformance-0.1.0.tar.gz (24.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

wcp_conformance-0.1.0-py3-none-any.whl (24.7 kB view details)

Uploaded Python 3

File details

Details for the file wcp_conformance-0.1.0.tar.gz.

File metadata

  • Download URL: wcp_conformance-0.1.0.tar.gz
  • Upload date:
  • Size: 24.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for wcp_conformance-0.1.0.tar.gz
Algorithm Hash digest
SHA256 49b59be35382776af2d2c37b56dfdd54de2c27ec54cff098801e590fdf917764
MD5 eb9f81254371e4d1816f2975f2a7a6e6
BLAKE2b-256 1f4bdf58612abfe28eb06312d3ac17f614eac2979577197372279d034c217241

See more details on using hashes here.

Provenance

The following attestation bundles were made for wcp_conformance-0.1.0.tar.gz:

Publisher: release.yml on kchemorion/WorkstationCapabilityProtocol

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file wcp_conformance-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for wcp_conformance-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b7a34af98fc4355a254da6e05fc85ba52de668b596bb9be48a81dafce3360436
MD5 30215f9c750f275a9625fad51cb20cfb
BLAKE2b-256 ca497153d948cf8c7d281a0eb27460c601565e7fb983fc4d9c937882ea64db19

See more details on using hashes here.

Provenance

The following attestation bundles were made for wcp_conformance-0.1.0-py3-none-any.whl:

Publisher: release.yml on kchemorion/WorkstationCapabilityProtocol

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page