Implement provisioned credentials v1.1

Closes #15

Author: Nick Ficano

ARCP.slnx

@@ -13,4 +13,8 @@
     <Project Path="tests/Arcp.UnitTests/Arcp.UnitTests.fsproj" />
     <Project Path="tests/Arcp.IntegrationTests/Arcp.IntegrationTests.fsproj" />
   </Folder>
+  <Folder Name="/samples/">
+    <Project Path="samples/ProvisionedCredentials/ProvisionedCredentials.fsproj" />
+    <Project Path="samples/LiteLLM/LiteLLM.fsproj" />
+  </Folder>
 </Solution>

CHANGELOG.md

@@ -26,9 +26,16 @@ Initial public release of the F# ARCP SDK against
 
 **Feature coverage**
 
-All nine flag-gated features ship: `heartbeat`, `ack`, `list_jobs`,
+All eleven flag-gated features ship: `heartbeat`, `ack`, `list_jobs`,
 `subscribe`, `lease_expires_at`, `cost.budget`, `progress`,
-`result_chunk`, `agent_versions`.
+`result_chunk`, `agent_versions`, `model.use`, `provisioned_credentials`.
+
+- `model.use` lease capability validates model-tier operations through
+  the existing glob lease path.
+- `provisioned_credentials` adds `Credential` wire types,
+  `ICredentialProvisioner`, per-job credential issue/revoke tracking,
+  accepted-job client exposure, rotation status events, and list-job
+  redaction.
 
 **Conventions**
 

CONFORMANCE.md

@@ -0,0 +1,18 @@
+# ARCP F# SDK Conformance
+
+This SDK targets `spec/docs/draft-arcp-1.1.md`.
+
+## v1.1 Feature Coverage
+
+- `model.use` lease capability: supported through `Capabilities.ModelUse`,
+  `Lease.validateLeaseOp`, and `Lease.isSubset`.
+- `provisioned_credentials` feature flag: negotiated only when a runtime has
+  an `ICredentialProvisioner` configured.
+- Provisioned credential wire shape: `Credential` and
+  `CredentialConstraints` serialize through `Json.Options`.
+- Credential lifecycle: runtime issues credentials before `job.accepted`,
+  exposes them on submitter `JobHandle.Credentials`, emits
+  `credential_rotated` status events, and revokes tracked ids on terminal job
+  states.
+- Credential confidentiality: `JobSummary`, `session.list_jobs`, and
+  `job.subscribed` omit credential values.

README.md

@@ -114,7 +114,9 @@ var result = await handle.Result;
 
 ## Feature support
 
-All nine flag-gated features ship by default:
+All eleven flag-gated features ship by default. The runtime advertises
+`model.use` and `provisioned_credentials` only when an
+`ICredentialProvisioner` and `ICredentialStore` are configured.
 
 - `heartbeat` — `session.ping` / `session.pong`
 - `ack` — `session.ack`; auto-ack scheduler (32 events / 250 ms)
@@ -125,10 +127,27 @@ All nine flag-gated features ship by default:
 - `progress` — `progress` event body
 - `result_chunk` — streamed `result_chunk` events + reassembly
 - `agent_versions` — `name@version`; rich agent inventory in `session.welcome`
+- `model.use` — model-tier lease namespace validated through the same glob path
+- `provisioned_credentials` — lease-bound credentials on `job.accepted`
+
+### Provisioned credentials
+
+```fsharp
+let options =
+    { ArcpServerOptions.defaults with
+        Provisioner = Some myProvisioner
+        CredentialStore = Some (InMemoryCredentialStore() :> ICredentialStore) }
+let server = ArcpServer(options)
+```
+
+Provisioners implement `ICredentialProvisioner` and return wire-shaped
+`Credential` records. `JobHandle.Credentials` exposes the accepted-job
+snapshot to the submitter only; `session.list_jobs` and `job.subscribed`
+do not include credential values.
 
 ## Samples
 
-Twenty-two runnable F# samples under [`samples/`](./samples) — one per
+Twenty-four runnable F# samples under [`samples/`](./samples) — one per
 feature, plus host-integration samples for ASP.NET Core, Giraffe, and
 OpenTelemetry. Each sample is a single `Program.fs` paired with a small
 shared harness.
@@ -138,6 +157,7 @@ dotnet run --project samples/QuickStart
 dotnet run --project samples/SubmitAndStream
 dotnet run --project samples/CostBudget
 dotnet run --project samples/AgentVersions
+dotnet run --project samples/ProvisionedCredentials
 dotnet run --project samples/AspNetCore   # listens on http://127.0.0.1:7878/arcp
 ```
 
@@ -157,10 +177,11 @@ dotnet test ARCP.slnx
 ```
 
 Unit tests (xUnit + FsCheck) cover envelope round-trip, codec dispatch,
-lease/glob/budget arithmetic, chunk assembly, and feature-set property
-laws. Integration tests boot a paired client + runtime over the in-memory
-transport and exercise handshake, job lifecycle, idempotency, subscribe,
-list-jobs, lease expiry, and budget exhaustion.
+lease/glob/budget arithmetic, credential JSON shape, chunk assembly, and
+feature-set property laws. Integration tests boot a paired client + runtime
+over the in-memory transport and exercise handshake, job lifecycle,
+idempotency, subscribe, list-jobs, lease expiry, budget exhaustion,
+provisioned credentials, credential rotation, and revocation.
 
 ## Architecture
 

docs/README.md

@@ -0,0 +1,10 @@
+# ARCP F# SDK Docs
+
+## Start here
+
+- [Leases and provisioned credentials](guides/leases.md)
+
+## Reference
+
+- [Root conformance summary](../CONFORMANCE.md)
+- [Project README](../README.md)

docs/guides/leases.md

@@ -0,0 +1,34 @@
+# Leases And Provisioned Credentials
+
+ARCP leases are immutable grants from capability namespace to glob patterns.
+The F# SDK exposes them as `LeaseGrant` and validates operations with
+`JobContext.ValidateOpAsync`.
+
+```fsharp
+let lease =
+    Lease.empty
+    |> Lease.withCapability Capabilities.ModelUse [ "tier-fast/*" ]
+    |> Lease.withCapability Capabilities.CostBudget [ "USD:1.00" ]
+
+do! ctx.ValidateOpAsync(
+        Capabilities.ModelUse,
+        "tier-fast/gpt-4o-mini",
+        ctx.CancellationToken)
+```
+
+`model.use` is a normal lease namespace, so it follows the same matching and
+subsetting behavior as other glob capabilities. A child lease may keep or
+narrow the parent model set, but may not add a model pattern the parent did
+not grant.
+
+Provisioned credentials are enabled by configuring both
+`ArcpServerOptions.Provisioner` and `ArcpServerOptions.CredentialStore`.
+When a job is accepted, the runtime calls the provisioner after the lease is
+finalized and before `job.accepted` is sent. Returned credentials are attached
+to `job.accepted.payload.credentials` and exposed on `JobHandle.Credentials`
+for the submitting client.
+
+Credential values are secrets. The SDK does not include credentials in
+`JobSummary`, `session.list_jobs`, or `job.subscribed`. On terminal job states
+the runtime asks the provisioner to revoke every tracked credential, with
+bounded retry through the configured `ICredentialStore`.

samples/LiteLLM/LiteLLM.fsproj

@@ -0,0 +1,9 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <ItemGroup>
+    <Compile Include="..\_common\SampleHarness.fs" Link="SampleHarness.fs" />
+    <Compile Include="Program.fs" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Arcp\Arcp.fsproj" />
+  </ItemGroup>
+</Project>

samples/LiteLLM/Program.fs

@@ -0,0 +1,144 @@
+module ArcpSamples.LiteLLM
+
+open System
+open System.Linq
+open System.Net.Http
+open System.Net.Http.Headers
+open System.Text
+open System.Text.Json
+open System.Threading
+open System.Threading.Tasks
+open ARCP.Core
+open ARCP.Runtime
+open ArcpSamples.SampleHarness
+
+type LiteLLMProvisioner(baseUrl: Uri, adminKey: string, http: HttpClient) =
+    let modelPatterns (lease: LeaseGrant) =
+        Map.tryFind Capabilities.ModelUse lease.Capabilities
+        |> Option.defaultValue []
+
+    let maxBudget (lease: LeaseGrant) =
+        Map.tryFind Capabilities.CostBudget lease.Capabilities
+        |> Option.bind (
+            List.tryPick (fun amount ->
+                match Lease.parseBudgetAmount amount with
+                | Ok (_, value) -> Some value
+                | Error _ -> None))
+
+    let postJsonAsync (path: string) (body: obj) (ct: CancellationToken) =
+        task {
+            use request = new HttpRequestMessage(HttpMethod.Post, Uri(baseUrl, path))
+            request.Headers.Authorization <- AuthenticationHeaderValue("Bearer", adminKey)
+            request.Content <-
+                new StringContent(
+                    JsonSerializer.Serialize body,
+                    Encoding.UTF8,
+                    "application/json")
+            let! response = http.SendAsync(request, ct)
+            response.EnsureSuccessStatusCode() |> ignore
+            return! response.Content.ReadAsStringAsync ct
+        }
+
+    interface ICredentialProvisioner with
+        member _.IssueAsync(ctx, ct) =
+            task {
+                let body =
+                    {| key_alias = ctx.JobId.Value
+                       duration =
+                           ctx.LeaseConstraints
+                           |> Option.map (fun c -> c.ExpiresAt - DateTimeOffset.UtcNow)
+                           |> Option.map (fun span -> max 1 (int span.TotalSeconds))
+                           |> Option.defaultValue 300
+                       models = modelPatterns ctx.Lease |> List.toArray
+                       max_budget = maxBudget ctx.Lease |> Option.toNullable |}
+                    :> obj
+                let! raw = postJsonAsync "/key/generate" body ct
+                use doc = JsonDocument.Parse raw
+                let root = doc.RootElement
+                let value =
+                    match root.TryGetProperty("key") with
+                    | true, p -> p.GetString()
+                    | _ ->
+                        match root.TryGetProperty("token") with
+                        | true, p -> p.GetString()
+                        | _ -> null
+                if String.IsNullOrWhiteSpace value then
+                    return raise (InvalidOperationException "LiteLLM response did not include key or token")
+                else
+                    let credential: Credential = {
+                        Id = CredentialId.newId ()
+                        Scheme = "bearer"
+                        Value = value
+                        Endpoint = baseUrl.ToString().TrimEnd('/')
+                        Profile = Some "litellm"
+                        Constraints =
+                            Some {
+                                CostBudget = Map.tryFind Capabilities.CostBudget ctx.Lease.Capabilities
+                                ModelUse = Map.tryFind Capabilities.ModelUse ctx.Lease.Capabilities
+                                ExpiresAt = ctx.LeaseConstraints |> Option.map (fun c -> c.ExpiresAt)
+                            }
+                    }
+                    return [ credential ]
+            }
+
+        member _.RevokeAsync(credentialId, ct) =
+            task {
+                let body = {| key = credentialId |} :> obj
+                let! _ = postJsonAsync "/key/delete" body ct
+                return true
+            }
+
+[<EntryPoint>]
+let main _argv =
+    runAsync (fun () ->
+        task {
+            let baseUrl = Environment.GetEnvironmentVariable "LITELLM_BASE_URL"
+            let adminKey = Environment.GetEnvironmentVariable "LITELLM_ADMIN_KEY"
+            if String.IsNullOrWhiteSpace baseUrl || String.IsNullOrWhiteSpace adminKey then
+                writeLine "Set LITELLM_BASE_URL and LITELLM_ADMIN_KEY to run this sample."
+                return 0
+            else
+                use http = new HttpClient()
+                let provisioner =
+                    LiteLLMProvisioner(Uri(baseUrl), adminKey, http) :> ICredentialProvisioner
+                let withLiteLLM (options: ArcpServerOptions) =
+                    { options with
+                        Provisioner = Some provisioner
+                        CredentialStore = Some (InMemoryCredentialStore() :> ICredentialStore) }
+                let features =
+                    Set.ofList [
+                        Features.ProvisionedCredentials
+                        Features.ModelUse
+                        Features.LeaseExpiresAt
+                    ]
+                let! p =
+                    connectWithOptions
+                        withLiteLLM
+                        (fun s ->
+                            s.RegisterAgent("llm", fun ctx ->
+                                task {
+                                    do! ctx.ValidateOpAsync(
+                                            Capabilities.ModelUse,
+                                            "gpt-4o-mini",
+                                            ctx.CancellationToken)
+                                    return jsonString "LiteLLM credential issued"
+                                }))
+                        features
+                let lease =
+                    Lease.empty
+                    |> Lease.withCapability Capabilities.ModelUse [ "gpt-4o-mini" ]
+                    |> Lease.withCapability Capabilities.CostBudget [ "USD:1.00" ]
+                let! handle =
+                    p.Client.SubmitAsync(
+                        { Agent = "llm"
+                          Input = jsonInt 0
+                          LeaseRequest = Some lease
+                          LeaseConstraints = Some { ExpiresAt = DateTimeOffset.UtcNow.AddMinutes 10.0 }
+                          IdempotencyKey = None
+                          MaxRuntimeSec = None },
+                        CancellationToken.None)
+                writeLine (sprintf "issued %d LiteLLM credential(s)" handle.Credentials.Length)
+                let! _ = handle.Result
+                do! teardown p
+                return 0
+        })