Surface the job authority descriptor to subscribers (§7.6)
Align this SDK with spec PR agentruntimecontrolprotocol/spec#1 and the
reference implementation agentruntimecontrolprotocol/typescript-sdk#149.
Background
job.subscribed should give an observing principal the non-secret
authority descriptor for a job, so a dashboard/console can render the job's
authority surface (expiry clock, budget gauge) without being the submitter.
Most SDKs currently send only { job_id, current_status, agent, lease, parent_job_id, trace_id, subscribed_from, replayed }.
Required changes
-
Schema — job.subscribed.payload MUST accept (all OPTIONAL):
lease_constraints — currently { "expires_at": "<rfc3339>" } (§9.5)budget — per-currency counters, e.g. { "USD": 3.58 } (§9.6)credentials — array of provisioned credentials (§9.8), submitter-only
-
Runtime / server — when building job.subscribed:
- include
lease_constraints when the job has them;
- include
budget from the job's current per-currency counters (mirror
how job.accepted builds budget, but use the live counters rather than
the initial ones); omit when empty;
- include
credentials only when the subscribing principal IS the job's
original submitter, and redact for every other authorized observer (§14).
-
Client — expose the descriptor on the value subscribe() returns (the
subscription handle): current_status, agent, lease, lease_constraints,
budget, credentials. Some SDKs already parse these into internal state but
never surface them to the caller.
Security (§14)
credentials.value is real spending authority. Subscribers that are not the
submitter MUST NOT receive credentials. Hard requirement, unchanged.
Acceptance criteria
Compatibility
Backward-compatible — additive optional fields only. Ship as a minor release.
References
- Spec §7.6 —
agentruntimecontrolprotocol/spec#1
- Reference impl (TypeScript) —
agentruntimecontrolprotocol/typescript-sdk#149
Surface the job authority descriptor to subscribers (§7.6)
Align this SDK with spec PR
agentruntimecontrolprotocol/spec#1and thereference implementation
agentruntimecontrolprotocol/typescript-sdk#149.Background
job.subscribedshould give an observing principal the non-secretauthority descriptor for a job, so a dashboard/console can render the job's
authority surface (expiry clock, budget gauge) without being the submitter.
Most SDKs currently send only
{ job_id, current_status, agent, lease, parent_job_id, trace_id, subscribed_from, replayed }.Required changes
Schema —
job.subscribed.payloadMUST accept (all OPTIONAL):lease_constraints— currently{ "expires_at": "<rfc3339>" }(§9.5)budget— per-currency counters, e.g.{ "USD": 3.58 }(§9.6)credentials— array of provisioned credentials (§9.8), submitter-onlyRuntime / server — when building
job.subscribed:lease_constraintswhen the job has them;budgetfrom the job's current per-currency counters (mirrorhow
job.acceptedbuildsbudget, but use the live counters rather thanthe initial ones); omit when empty;
credentialsonly when the subscribing principal IS the job'soriginal submitter, and redact for every other authorized observer (§14).
Client — expose the descriptor on the value
subscribe()returns (thesubscription handle):
current_status,agent,lease,lease_constraints,budget,credentials. Some SDKs already parse these into internal state butnever surface them to the caller.
Security (§14)
credentials.valueis real spending authority. Subscribers that are not thesubmitter MUST NOT receive
credentials. Hard requirement, unchanged.Acceptance criteria
job.subscribedschema accepts the three optional fields.budget(current counters) +lease_constraintsfor all authorized subscribers.credentialsonly for the submitter; redacts otherwise.cost.budgetlease +expires_atreceivesbudgetandlease_constraintsbut NOT
credentials. (Reference test intypescript-sdk#149.)Compatibility
Backward-compatible — additive optional fields only. Ship as a minor release.
References
agentruntimecontrolprotocol/spec#1agentruntimecontrolprotocol/typescript-sdk#149