feat(leases): add cost.budget capability + BUDGET_EXHAUSTED enforcement per ARCP v1.1 §9.6

Adds runtime-enforced cost budgeting on `tool.invoke` jobs. A new
`cost_budget` field on `ToolInvokePayload` carries a `CostBudget` lease
capability — a list of `currency:amount` strings on the wire, parsed
into typed `CostBudgetAmount` entries. The runtime threads a per-job
`BudgetTracker` through `ToolContext` so tool handlers can report cost
via `ctx.charge(name, value, currency)`, which:

- decrements the matching currency counter (rejects negative amounts),
- emits a `metric` event with `name=cost.*`, `unit=currency` per §9.6,
- emits a follow-up `cost.budget.remaining` metric so clients can render
  budget gauges without re-summing,
- surfaces `ARCPError::BudgetExhausted` once the counter falls to or
  below zero — the runtime then emits a terminal `job.failed` with
  `code: BUDGET_EXHAUSTED` and `retryable: false`, matching §9.6 and
  §13.5's enforcement flow.

Subset enforcement (§9.4) is provided by `CostBudget::subset_violation`,
which takes a per-currency remaining-budget snapshot and returns the
first child currency that exceeds the parent's envelope. This is the
hook delegated-lease code will plug into when delegation grows a
typed-lease path; the rust-sdk does not yet emit lease envelopes on
`tool.invoke`, so the runtime carries the budget on the invoke payload
itself rather than via a separate `lease_request`. This is a pragmatic
deviation from the wire shape sketched in spec §13.5 — the in-process
semantics match §9.6 exactly.

The `ToolInvokePayload` change is additive; a new
`ToolInvokePayload::new(tool, arguments)` constructor preserves the
v1.0 ergonomics for callers that don't need budgeting.

Adds tests covering: budget enforcement, BUDGET_EXHAUSTED → job.failed
flow, cost.budget.remaining metric emission, unbudgeted-job pass-through,
and the §9.4 subset check.

Closes #36

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: nficano

Cargo.toml

@@ -146,6 +146,10 @@ path = "examples/job_subscribe/main.rs"
 name = "result_chunk"
 path = "examples/result_chunk/main.rs"
 
+[[example]]
+name = "cost_budget"
+path = "examples/cost_budget/main.rs"
+
 [lints.rust]
 unsafe_code = "deny"
 missing_docs = "deny"

examples/agent_versions/main.rs

@@ -93,10 +93,10 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     // 1. Pin to an existing version → should complete.
     {
-        let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload {
-            tool: "echo@1.0.0".into(),
-            arguments: serde_json::json!({"msg": "hello"}),
-        }));
+        let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload::new(
+            "echo@1.0.0",
+            serde_json::json!({"msg": "hello"}),
+        )));
         invoke.session_id = Some(session_id.clone());
         client_t.send(invoke).await?;
         loop {
@@ -118,10 +118,10 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     // 2. Pin to a missing version → should surface AGENT_VERSION_NOT_AVAILABLE.
     {
-        let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload {
-            tool: "echo@9.9.9".into(),
-            arguments: serde_json::json!({"msg": "hello"}),
-        }));
+        let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload::new(
+            "echo@9.9.9",
+            serde_json::json!({"msg": "hello"}),
+        )));
         invoke.session_id = Some(session_id);
         client_t.send(invoke).await?;
         loop {

examples/cost_budget/main.rs

@@ -0,0 +1,141 @@
+//! ARCP v1.1 §9.6 — `cost.budget` capability + `BUDGET_EXHAUSTED`.
+//!
+//! Hosts a `web-research` agent that charges $0.30 per iteration. The
+//! client submits with a `cost.budget: ["USD:1.00"]` lease, so the
+//! fourth iteration's pre-call charge fails with `BUDGET_EXHAUSTED`
+//! and the runtime emits a terminal `job.failed`. Along the way the
+//! runtime emits `cost.search` (the agent's cost report) and
+//! `cost.budget.remaining` (the running counter) metric events.
+//!
+//! Run with:
+//!     `cargo run --example cost_budget`
+
+#![allow(clippy::similar_names, clippy::expect_used, clippy::print_stdout)]
+
+use std::sync::Arc;
+use std::time::Duration;
+
+use arcp::auth::BearerAuthenticator;
+use arcp::envelope::Envelope;
+use arcp::error::ARCPError;
+use arcp::messages::{
+    AuthScheme, Capabilities, ClientIdentity, CostBudget, CostBudgetAmount, Credentials,
+    MessageType, SessionOpenPayload, ToolInvokePayload,
+};
+use arcp::runtime::context::ToolContext;
+use arcp::runtime::tools::{ToolHandler, ToolRegistryBuilder};
+use arcp::runtime::ARCPRuntime;
+use arcp::transport::{paired, Transport};
+use async_trait::async_trait;
+
+struct WebResearchTool;
+
+#[async_trait]
+impl ToolHandler for WebResearchTool {
+    fn name(&self) -> &'static str {
+        "web-research"
+    }
+
+    async fn invoke(
+        &self,
+        arguments: serde_json::Value,
+        ctx: ToolContext,
+    ) -> Result<serde_json::Value, ARCPError> {
+        let iterations = arguments
+            .get("iterations")
+            .and_then(serde_json::Value::as_u64)
+            .unwrap_or(8);
+        let per = arguments
+            .get("perCallUSD")
+            .and_then(serde_json::Value::as_f64)
+            .unwrap_or(0.3);
+        for i in 1..=iterations {
+            println!(
+                "[agent] iteration {i}: charging {per:.2} USD (remaining={})",
+                ctx.budget().remaining("USD").unwrap_or(f64::INFINITY)
+            );
+            ctx.charge("cost.search", per, "USD").await?;
+        }
+        Ok(serde_json::json!({"iterations": iterations}))
+    }
+}
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    let runtime = ARCPRuntime::builder()
+        .with_authenticator(Box::new(
+            BearerAuthenticator::new().with_token("demo-token", "demo"),
+        ))
+        .with_tools(
+            ToolRegistryBuilder::new()
+                .with(Arc::new(WebResearchTool))
+                .build(),
+        )
+        .build()
+        .await?;
+
+    let (server_t, client_t) = paired();
+    let _h = runtime.serve_connection(server_t);
+
+    let mut open = Envelope::new(MessageType::SessionOpen(SessionOpenPayload {
+        auth: Credentials {
+            scheme: AuthScheme::Bearer,
+            token: Some("demo-token".into()),
+        },
+        client: ClientIdentity {
+            kind: "cost-budget-demo".into(),
+            version: env!("CARGO_PKG_VERSION").into(),
+            fingerprint: None,
+            principal: None,
+        },
+        capabilities: Capabilities::default(),
+    }));
+    open.id = arcp::ids::MessageId::new();
+    client_t.send(open).await?;
+    let accepted = client_t.recv().await?.ok_or("no session.accepted")?;
+    let MessageType::SessionAccepted(payload) = accepted.payload else {
+        return Err("expected session.accepted".into());
+    };
+    let session_id = payload.session_id;
+    println!("connected; session_id={session_id}");
+
+    let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload {
+        tool: "web-research".into(),
+        arguments: serde_json::json!({"iterations": 8, "perCallUSD": 0.3}),
+        cost_budget: Some(CostBudget {
+            amounts: vec![CostBudgetAmount {
+                currency: "USD".into(),
+                amount: 1.0,
+            }],
+        }),
+    }));
+    invoke.session_id = Some(session_id);
+    client_t.send(invoke).await?;
+
+    let deadline = std::time::Instant::now() + Duration::from_secs(5);
+    while std::time::Instant::now() < deadline {
+        let env = tokio::time::timeout(Duration::from_millis(500), client_t.recv())
+            .await??
+            .ok_or("transport closed")?;
+        match env.payload {
+            MessageType::JobAccepted(p) => println!("job_id={}", p.job_id),
+            MessageType::Metric(m) => {
+                println!("metric[{}]={:.2} {}", m.name, m.value, m.unit);
+            }
+            MessageType::JobFailed(p) => {
+                println!(
+                    "job.failed code={} retryable={:?} message={:?}",
+                    p.code, p.retryable, p.message
+                );
+                break;
+            }
+            MessageType::JobCompleted(p) => {
+                println!("job.completed value={:?}", p.value);
+                break;
+            }
+            _ => {}
+        }
+    }
+
+    Ok(())
+}

examples/job_subscribe/main.rs

@@ -92,10 +92,10 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
     println!("[A] connected as submitter");
 
     // Submitter invokes a slow job.
-    let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload {
-        tool: "timer".into(),
-        arguments: serde_json::json!({}),
-    }));
+    let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload::new(
+        "timer",
+        serde_json::json!({}),
+    )));
     invoke.session_id = Some(a_session.clone());
     a.send(invoke).await?;
     let accepted_env = a.recv().await?.ok_or("no job.accepted")?;

examples/result_chunk/main.rs

@@ -104,10 +104,10 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
     let session_id = payload.session_id;
     println!("connected; session_id={session_id}");
 
-    let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload {
-        tool: "report-builder".into(),
-        arguments: serde_json::json!({"chunks": 5}),
-    }));
+    let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload::new(
+        "report-builder",
+        serde_json::json!({"chunks": 5}),
+    )));
     invoke.session_id = Some(session_id);
     client_t.send(invoke).await?;
 

examples/session_ack/main.rs

@@ -80,10 +80,10 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     // Submit one echo job. The runtime will try to emit
     // job.accepted -> job.started -> job.completed, all countable.
-    let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload {
-        tool: "echo".into(),
-        arguments: serde_json::json!({"hello": "world"}),
-    }));
+    let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload::new(
+        "echo",
+        serde_json::json!({"hello": "world"}),
+    )));
     invoke.session_id = Some(session_id.clone());
     client_t.send(invoke).await?;
 

examples/session_list_jobs/main.rs

@@ -80,10 +80,10 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     // Submit two sleep jobs.
     for _ in 0..2 {
-        let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload {
-            tool: "sleep".into(),
-            arguments: serde_json::json!({}),
-        }));
+        let mut invoke = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload::new(
+            "sleep",
+            serde_json::json!({}),
+        )));
         invoke.session_id = Some(session_id.clone());
         client_t.send(invoke).await?;
         // Drain job.accepted so the listing observes a running job

src/client/api.rs

@@ -354,10 +354,9 @@ impl<T: Transport + 'static> Session<Authenticated, T> {
         arguments: serde_json::Value,
     ) -> Result<JobHandle, ARCPError> {
         let session_id = self.id().await?;
-        let mut env = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload {
-            tool: tool.into(),
-            arguments,
-        }));
+        let mut env = Envelope::new(MessageType::ToolInvoke(ToolInvokePayload::new(
+            tool, arguments,
+        )));
         env.session_id = Some(session_id);
         let correlation_id = env.id.clone();
 

src/messages/execution.rs

@@ -193,12 +193,30 @@ mod agent_ref_tests {
 }
 
 /// Payload for `tool.invoke`.
-#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+#[derive(Debug, Clone, Default, PartialEq, Serialize, Deserialize)]
 pub struct ToolInvokePayload {
     /// Tool identifier.
     pub tool: String,
     /// Tool-specific arguments.
     pub arguments: serde_json::Value,
+    /// `cost.budget` lease capability for this job (ARCP v1.1 §9.6).
+    /// When present, the runtime tracks per-currency counters and
+    /// surfaces `BUDGET_EXHAUSTED` to the agent once any counter
+    /// reaches zero.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub cost_budget: Option<crate::messages::permissions::CostBudget>,
+}
+
+impl ToolInvokePayload {
+    /// New `tool.invoke` payload with no budget.
+    #[must_use]
+    pub fn new(tool: impl Into<String>, arguments: serde_json::Value) -> Self {
+        Self {
+            tool: tool.into(),
+            arguments,
+            cost_budget: None,
+        }
+    }
 }
 
 /// Payload for `tool.result`.

src/messages/mod.rs

@@ -46,8 +46,9 @@ pub use human::{
     HumanInputCancelledPayload, HumanInputRequestPayload, HumanInputResponsePayload,
 };
 pub use permissions::{
-    LeaseExtendedPayload, LeaseGrantedPayload, LeaseRefreshPayload, LeaseRevokedPayload,
-    PermissionDenyPayload, PermissionGrantPayload, PermissionRequestPayload, TrustLevel,
+    CostBudget, CostBudgetAmount, CostBudgetParseError, LeaseExtendedPayload, LeaseGrantedPayload,
+    LeaseRefreshPayload, LeaseRevokedPayload, PermissionDenyPayload, PermissionGrantPayload,
+    PermissionRequestPayload, TrustLevel,
 };
 pub use session::{
     AuthScheme, ClientIdentity, Credentials, JobListEntry, RuntimeIdentity, SessionAcceptedPayload,
@@ -1142,10 +1143,7 @@ mod tests {
                 "backpressure",
             ),
             (
-                MessageType::ToolInvoke(ToolInvokePayload {
-                    tool: "x".into(),
-                    arguments: serde_json::json!({}),
-                }),
+                MessageType::ToolInvoke(ToolInvokePayload::new("x", serde_json::json!({}))),
                 "tool.invoke",
             ),
             (