Implement ARCP v1.1 PHP features

Add model.use leases, provisioned credential APIs and lifecycle wiring, feature negotiation, redaction, docs, samples, and coverage for the v1.1 PHP SDK issue set.

Author: nficano

CHANGELOG.md

@@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - ARCP v1.1 feature coverage for `session.list_jobs` / `session.jobs`,
   versioned `name@version` tool resolution, `job.result_chunk`, and
-  `cost.budget` enforcement.
+  `cost.budget`, `model.use`, and provisioned credential enforcement.
 - `Arcp\Errors\BudgetExhaustedException` and
   `Arcp\Errors\AgentVersionNotAvailableException` mapped to their v1.1
   canonical wire codes.

README.md

@@ -1,10 +1,10 @@
 # `arcp/arcp` — ARCP PHP SDK
 
 PHP 8.4 reference implementation of the [Agent Runtime Control Protocol
-(ARCP) v1.0](https://github.com/agentruntimecontrolprotocol/spec/blob/main/docs/draft-arcp-1.1.md).
+(ARCP) v1.1](https://github.com/agentruntimecontrolprotocol/spec/blob/main/docs/draft-arcp-1.1.md).
 
-> **Status:** v0.1 complete. The conformance matrix is in
-> [CONFORMANCE.md](CONFORMANCE.md).
+> **Status:** v1.1 feature coverage. The conformance matrix is in
+> [docs/conformance.md](docs/conformance.md).
 
 ## Quick start
 
@@ -158,9 +158,9 @@ PHP 8.4 and newer. Older minors are not supported.
 See [CHANGELOG.md](CHANGELOG.md). Major-version migration notes live
 in [UPGRADE.md](UPGRADE.md).
 
-## What's not implemented in v0.1
+## Conformance
 
-See [CONFORMANCE.md](CONFORMANCE.md) for the full list. Calls into
+See [docs/conformance.md](docs/conformance.md) for the full list. Calls into
 out-of-scope surfaces throw `UnimplementedException` with the relevant
 RFC section.
 

composer.json

@@ -1,6 +1,6 @@
 {
     "name": "arcp/arcp",
-    "description": "PHP reference implementation of the Agent Runtime Control Protocol (ARCP) v1.0",
+    "description": "PHP reference implementation of the Agent Runtime Control Protocol (ARCP) v1.1",
     "type": "library",
     "license": "Apache-2.0",
     "keywords": ["arcp", "agent", "runtime", "protocol", "websocket", "stdio"],

docs/conformance.md

@@ -15,6 +15,9 @@ The PHP SDK targets ARCP v1.1.
 | Progress, streams, and `job.result_chunk` | implemented |
 | Permissions and leases | implemented |
 | `cost.budget` counters | implemented |
+| `model.use` leases | implemented |
+| Provisioned credentials | implemented |
+| `LEASE_SUBSET_VIOLATION` | implemented |
 | Artifacts | implemented |
 | Subscriptions and backfill | implemented |
 | Vendor extensions | implemented |
@@ -25,6 +28,8 @@ The v1.1 PHP-specific additions are covered by unit and integration
 tests in:
 
 - `tests/Unit/Runtime/V11FeaturesTest.php`
+- `tests/Unit/Runtime/ModelUseTest.php`
+- `tests/Integration/CredentialLifecycleTest.php`
 - `tests/Integration/JobLifecycleTest.php`
 - `tests/Unit/MessageCatalogRoundTripTest.php`
 - `tests/Unit/ErrorsTest.php`

docs/guides/errors.md

@@ -10,6 +10,7 @@ Canonical codes live in `Arcp\Errors\ErrorCode`. v1.1 additions include:
 | Code | Exception |
 | --- | --- |
 | `LEASE_EXPIRED` | `LeaseExpiredException` |
+| `LEASE_SUBSET_VIOLATION` | `LeaseSubsetViolationException` |
 | `BUDGET_EXHAUSTED` | `BudgetExhaustedException` |
 | `AGENT_VERSION_NOT_AVAILABLE` | `AgentVersionNotAvailableException` |
 
@@ -60,6 +61,10 @@ Direct tool failures are surfaced as typed exceptions by `ErrorMapper`.
 
 Permission and lease failures inside a tool become terminal tool errors.
 
+`LEASE_SUBSET_VIOLATION` is raised when a delegated or child lease
+expands `model.use` or `cost.budget` beyond its parent. Its details are
+`parent_lease_id`, `child_lease_id`, and `field`.
+
 ## Retry guidance
 
 Retry only when `ARCPExceptionInterface::isRetryable()` is true, and use

docs/guides/leases.md

@@ -46,6 +46,47 @@ Expired leases raise `LeaseExpiredException`.
 `CostBudget` parses `currency:decimal` strings and decrements counters
 from `cost.*` metrics.
 
+## Model-use leases (v1.1, §9.7)
+
+`ModelUse` carries allow-list patterns such as `openai/gpt-4o`,
+`anthropic/*`, or `*`. Tool code can enforce the active job lease before
+calling an upstream model:
+
+```php
+$ctx->assertModelAllowed('anthropic/claude-3-5-sonnet');
+```
+
+Child leases must stay within the parent model set. `LeaseManager`
+raises `LeaseSubsetViolationException` when a child expands either
+`model.use` or `cost.budget`.
+
+## Provisioned credentials (v1.1, §9.8)
+
+Configure `ARCPRuntime` with a `CredentialProvisioner` to mint
+short-lived upstream credentials after the job lease is finalized:
+
+```php
+$runtime = new ARCPRuntime(
+    authRouter: $auth,
+    credentialProvisioner: $provisioner,
+);
+```
+
+Clients opt in during the handshake with:
+
+```php
+new Capabilities(
+    anonymous: true,
+    features: ['provisioned_credentials', 'model.use'],
+);
+```
+
+When the tool invocation carries `lease.model.use` or
+`lease.cost.budget`, the runtime includes a `credentials` array in the
+direct `job.accepted` payload. Credential values are redacted in the
+event log and subscription delivery, and the runtime revokes outstanding
+credentials on success, failure, or cancellation.
+
 ## Hand-written validation
 
 Use typed exceptions from `Arcp\Errors` so clients can branch on
@@ -54,4 +95,4 @@ canonical error codes.
 ## Runnable examples
 
 See `samples/leases/`, `samples/lease_revocation/`, and
-`samples/cost_budget/`.
+`samples/cost_budget/`, and `samples/provisioned_credentials/`.

samples/README.md

@@ -1,6 +1,6 @@
 # ARCP PHP samples
 
-Eighteen single-purpose sample programs, each named for the protocol
+Nineteen single-purpose sample programs, each named for the protocol
 primitive it demonstrates. Mirrors the Python tree at
 `python-sdk/examples/` and the cross-language brief in
 `python-sdk/examples/SUBWORKER_BRIEF.md`.
@@ -12,7 +12,7 @@ primitive it demonstrates. Mirrors the Python tree at
 > stub modules (`agents.php`, `steps.php`, `cheap.php`, …) so the
 > protocol code in `main.php` is what you read.
 
-## The eighteen
+## The nineteen
 
 | Directory | Demonstrates | Spec |
 |---|---|---|
@@ -34,6 +34,7 @@ primitive it demonstrates. Mirrors the Python tree at
 | [`agent_versions/`](./agent_versions) | `name@version` resolution and missing-version errors. | §7.5, §12 |
 | [`result_chunk/`](./result_chunk) | Chunked terminal results assembled by the client. | §8.4 |
 | [`cost_budget/`](./cost_budget) | `cost.budget` counters decremented by `cost.*` metrics. | §9.6, §12 |
+| [`provisioned_credentials/`](./provisioned_credentials) | Lease-bound upstream credentials for model and budget enforcement. | §9.7–§9.8 |
 
 ## Conventions
 

samples/provisioned_credentials/LiteLLMProvisioner.php

@@ -0,0 +1,47 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Arcp\Samples\ProvisionedCredentials;
+
+use Arcp\Messages\Permissions\LeaseGranted;
+use Arcp\Runtime\Credentials\Credential;
+use Arcp\Runtime\Credentials\CredentialProvisioner;
+use Arcp\Runtime\JobContext;
+
+/**
+ * Reference plug-in sketch for LiteLLM proxy virtual keys.
+ *
+ * A production implementation would POST to `/key/generate` with
+ * max_budget, allowed_models, and expires, then POST `/key/delete` in
+ * revoke(). This sample keeps the HTTP client out of core.
+ */
+final readonly class LiteLLMProvisioner implements CredentialProvisioner
+{
+    public function __construct(
+        private string $endpoint,
+        private string $adminToken,
+    ) {
+    }
+
+    #[\Override]
+    public function issue(LeaseGranted $lease, JobContext $ctx): array
+    {
+        $id = 'litellm_' . substr(hash('sha256', (string) $ctx->jobId), 0, 12);
+        return [
+            Credential::withLeaseConstraints(
+                $id,
+                'replace-with-virtual-key-from-' . $this->adminToken,
+                rtrim($this->endpoint, '/') . '/v1',
+                $lease,
+                profile: 'litellm',
+            ),
+        ];
+    }
+
+    #[\Override]
+    public function revoke(string $credentialId): void
+    {
+        // POST /key/delete with the virtual key id.
+    }
+}

samples/provisioned_credentials/README.md

@@ -0,0 +1,18 @@
+# Provisioned Credentials
+
+Demonstrates ARCP v1.1 `model.use` and `provisioned_credentials`.
+
+The runtime is configured with `InMemoryCredentialProvisioner`. The
+client requests both feature flags during the handshake, invokes a tool
+with a lease carrying `model.use` and `cost.budget`, receives the
+credential in `job.accepted`, and the runtime revokes it when the job
+completes.
+
+Run:
+
+```sh
+php samples/provisioned_credentials/main.php
+```
+
+`LiteLLMProvisioner.php` shows the shape of a plug-in provisioner without
+coupling core SDK code to LiteLLM.

samples/provisioned_credentials/main.php

@@ -0,0 +1,97 @@
+<?php
+
+declare(strict_types=1);
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+use Amp\Cancellation;
+use Arcp\Auth\AuthRouter;
+use Arcp\Auth\NoneAuth;
+use Arcp\Client\ARCPClient;
+use Arcp\Envelope\Envelope;
+use Arcp\Messages\Execution\JobAccepted;
+use Arcp\Messages\Session\Auth;
+use Arcp\Messages\Session\Capabilities;
+use Arcp\Messages\Session\PeerInfo;
+use Arcp\Runtime\ARCPRuntime;
+use Arcp\Runtime\Credentials\InMemoryCredentialProvisioner;
+use Arcp\Runtime\JobContext;
+use Arcp\Runtime\ToolHandler;
+use Arcp\Transport\MemoryTransport;
+use Arcp\Transport\Transport;
+
+$provisioner = new InMemoryCredentialProvisioner();
+$runtime = new ARCPRuntime(
+    authRouter: new AuthRouter([new NoneAuth()]),
+    credentialProvisioner: $provisioner,
+);
+$runtime->registerTool('planner', new class () implements ToolHandler {
+    #[\Override]
+    public function invoke(array $arguments, JobContext $ctx, ?Cancellation $cancellation = null): mixed
+    {
+        $ctx->assertModelAllowed('anthropic/claude-3-5-sonnet');
+        return ['planned' => true];
+    }
+});
+
+[$serverT, $clientT] = MemoryTransport::pair();
+$recording = new class ($clientT) implements Transport {
+    /** @var list<Envelope> */
+    public array $received = [];
+
+    public function __construct(private readonly Transport $inner)
+    {
+    }
+
+    #[\Override]
+    public function send(Envelope $env, ?Cancellation $cancellation = null): void
+    {
+        $this->inner->send($env, $cancellation);
+    }
+
+    #[\Override]
+    public function receive(?Cancellation $cancellation = null): ?Envelope
+    {
+        $env = $this->inner->receive($cancellation);
+        if ($env instanceof Envelope) {
+            $this->received[] = $env;
+        }
+        return $env;
+    }
+
+    #[\Override]
+    public function close(): void
+    {
+        $this->inner->close();
+    }
+
+    #[\Override]
+    public function isClosed(): bool
+    {
+        return $this->inner->isClosed();
+    }
+};
+$serverFuture = $runtime->serveAsync($serverT);
+$client = new ARCPClient($recording);
+$client->open(Auth::none(), new PeerInfo('provisioned-demo', '0.1'), new Capabilities(
+    anonymous: true,
+    features: ['provisioned_credentials', 'model.use'],
+));
+$result = $client->invokeTool('planner', [
+    'lease' => [
+        'model.use' => ['anthropic/*'],
+        'cost.budget' => ['USD:1.00'],
+    ],
+]);
+
+foreach ($recording->received as $env) {
+    if ($env->payload instanceof JobAccepted) {
+        print_r($env->payload->credentials);
+        break;
+    }
+}
+print_r($result->value);
+print_r(['revoked' => $provisioner->revoked]);
+
+$client->close();
+$serverFuture->await();