From e8103477a43b07b2018b2214b5dfd53e52d97fa1 Mon Sep 17 00:00:00 2001
From: Hare <kei.hiracchi.0928@gmail.com>
Date: Sun, 21 Jun 2026 22:26:32 +0900
Subject: [PATCH] ticket: complete plugin websocket host api

---
 .yoi/tickets/00001KVMGAEJN/item.md       |  4 +-
 .yoi/tickets/00001KVMGAEJN/resolution.md | 28 ++++++++
 .yoi/tickets/00001KVMGAEJN/thread.md     | 81 ++++++++++++++++++++++++
 3 files changed, 111 insertions(+), 2 deletions(-)
 create mode 100644 .yoi/tickets/00001KVMGAEJN/resolution.md

diff --git a/.yoi/tickets/00001KVMGAEJN/item.md b/.yoi/tickets/00001KVMGAEJN/item.md
index c5d1b57e..857b1236 100644
--- a/.yoi/tickets/00001KVMGAEJN/item.md
+++ b/.yoi/tickets/00001KVMGAEJN/item.md
@@ -1,8 +1,8 @@
 ---
 title: 'Plugin: URL 権限ベースの WebSocket host API を実装する'
-state: 'inprogress'
+state: 'closed'
 created_at: '2026-06-21T07:11:34Z'
-updated_at: '2026-06-21T13:20:53Z'
+updated_at: '2026-06-21T13:26:27Z'
 assignee: null
 readiness: 'implementation_ready'
 risk_flags: ['plugin', 'host-api', 'websocket', 'service', 'ingress', 'lifecycle', 'permissions', 'security', 'persistence']
diff --git a/.yoi/tickets/00001KVMGAEJN/resolution.md b/.yoi/tickets/00001KVMGAEJN/resolution.md
new file mode 100644
index 00000000..d0275e19
--- /dev/null
+++ b/.yoi/tickets/00001KVMGAEJN/resolution.md
@@ -0,0 +1,28 @@
+URL permission based Plugin WebSocket host API を実装し、Orchestrator worktree の `orchestration` branch に統合した。
+
+主な成果:
+- `host_api.websocket` を `host_api.request` とは別 capability として追加。
+- Manifest `[[websocket]]` target declaration と enablement `grants.websocket` を追加し、request targets/grants とは独立させた。
+- Static inspection / `yoi plugin show` が WebSocket requested/granted/missing/grant-only/broad diagnostics を request diagnostics とは別に表示するようにした。
+- Runtime connect は manifest target と enablement grant の両方が URL を許可する場合のみ network I/O に進む。
+- URL checks cover scheme (`ws`/`wss`), host, port, and path prefix。
+- Local/private/loopback WebSocket targets は ambient ではなく、明示 declaration + grant が必要。
+- Host-owned WebSocket handle API を追加: open, send_text / send-text, recv, close。
+- Text-only / explicit bounded receive とし、binary receive は fail closed / unsupported。
+- Guest arbitrary handshake headers / embedded credentials を reject。
+- Request API は WebSocket/SSE/persistent attempts を引き続き reject。
+- Open path は pre-dial capacity reservation と bounded async `tokio-tungstenite` open under `tokio::time::timeout` により max-open / timeout semantics を network I/O 前から enforce。
+- Reservation cleanup on open failure / failed commit を追加。
+- WIT resource `yoi:host/websocket@1.0.0` と docs を更新。
+- `tungstenite`, `tokio-tungstenite`, `futures-util` dependencies と `Cargo.lock` / `package.nix` cargo hash を更新。
+
+統合・検証:
+- Merge commit: `354f1e10 merge: plugin websocket host api`
+- Implementation commits: `4c1b8c3d`, `ce62d235`, `a766048f`
+- Reviewer final verdict: approve
+- Validation passed: `cargo fmt --check`, `git diff --check HEAD^1..HEAD`, `cargo test -p pod websocket`, `cargo test -p manifest websocket`, `cargo test -p yoi render_show_distinguishes_request_grant_statuses_and_broad_targets`, `cargo test -p manifest request_host_api_manifest_and_grant_parse_with_request_names`, `cargo check -p manifest -p pod -p yoi`, `cargo run -p yoi -- ticket doctor`, and `nix build .#yoi --no-link`。
+
+範囲外:
+- Discord bridge 本体は実装していない。
+- Reconnect/backoff/heartbeat scheduler、hidden context/history injection、Dashboard channel、Ticket mutation、direct model Tool invocation は追加していない。
+- SecretRef-based credential injection は future follow-up。
\ No newline at end of file
diff --git a/.yoi/tickets/00001KVMGAEJN/thread.md b/.yoi/tickets/00001KVMGAEJN/thread.md
index 019180e6..e7aa1d44 100644
--- a/.yoi/tickets/00001KVMGAEJN/thread.md
+++ b/.yoi/tickets/00001KVMGAEJN/thread.md
@@ -511,3 +511,84 @@ Worktree status:
 - Branch diff no longer includes `.yoi/tickets/00001KVMGAEJN/*`。
 
 ---
+
+<!-- event: implementation_report author: yoi-orchestrator at: 2026-06-21T13:26:05Z -->
+
+## Implementation report
+
+Reviewer r2 approvalを受けて、実装ブランチを Orchestrator worktree の `orchestration` branch に統合した。
+
+統合:
+- Merge commit: `354f1e10 merge: plugin websocket host api`
+- Merged branch: `impl/00001KVMGAEJN-plugin-websocket-host-api`
+- Implementation commits:
+  - `4c1b8c3d feat: add plugin websocket host api`
+  - `ce62d235 chore: keep plugin websocket branch code-only`
+  - `a766048f fix: bound plugin websocket open`
+
+Orchestrator worktree validation:
+- `cargo fmt --check`: passed
+- `git diff --check HEAD^1..HEAD`: passed
+- `cargo test -p pod websocket`: passed
+- `cargo test -p manifest websocket`: passed
+- `cargo test -p yoi render_show_distinguishes_request_grant_statuses_and_broad_targets`: passed
+- `cargo test -p manifest request_host_api_manifest_and_grant_parse_with_request_names`: passed
+- `cargo check -p manifest -p pod -p yoi`: passed
+- `cargo run -p yoi -- ticket doctor`: passed (`doctor: ok`)
+- `nix build .#yoi --no-link`: passed
+
+Final Orchestrator worktree status after validation: clean on `orchestration` at `354f1e10`。
+
+---
+
+<!-- event: state_changed author: yoi-orchestrator at: 2026-06-21T13:26:12Z from: inprogress to: done reason: implementation_merged_and_validated field: state -->
+
+## State changed
+
+Reviewer approval、Orchestrator worktree への統合、focused manifest/pod/yoi plugin tests、cargo check、Ticket doctor、Nix build が完了したため `done` に遷移する。
+
+---
+
+<!-- event: state_changed author: hare at: 2026-06-21T13:26:27Z from: done to: closed reason: closed field: state -->
+
+## State changed
+
+Ticket を closed にしました。
+
+
+---
+
+<!-- event: close author: hare at: 2026-06-21T13:26:27Z status: closed -->
+
+## 完了
+
+URL permission based Plugin WebSocket host API を実装し、Orchestrator worktree の `orchestration` branch に統合した。
+
+主な成果:
+- `host_api.websocket` を `host_api.request` とは別 capability として追加。
+- Manifest `[[websocket]]` target declaration と enablement `grants.websocket` を追加し、request targets/grants とは独立させた。
+- Static inspection / `yoi plugin show` が WebSocket requested/granted/missing/grant-only/broad diagnostics を request diagnostics とは別に表示するようにした。
+- Runtime connect は manifest target と enablement grant の両方が URL を許可する場合のみ network I/O に進む。
+- URL checks cover scheme (`ws`/`wss`), host, port, and path prefix。
+- Local/private/loopback WebSocket targets は ambient ではなく、明示 declaration + grant が必要。
+- Host-owned WebSocket handle API を追加: open, send_text / send-text, recv, close。
+- Text-only / explicit bounded receive とし、binary receive は fail closed / unsupported。
+- Guest arbitrary handshake headers / embedded credentials を reject。
+- Request API は WebSocket/SSE/persistent attempts を引き続き reject。
+- Open path は pre-dial capacity reservation と bounded async `tokio-tungstenite` open under `tokio::time::timeout` により max-open / timeout semantics を network I/O 前から enforce。
+- Reservation cleanup on open failure / failed commit を追加。
+- WIT resource `yoi:host/websocket@1.0.0` と docs を更新。
+- `tungstenite`, `tokio-tungstenite`, `futures-util` dependencies と `Cargo.lock` / `package.nix` cargo hash を更新。
+
+統合・検証:
+- Merge commit: `354f1e10 merge: plugin websocket host api`
+- Implementation commits: `4c1b8c3d`, `ce62d235`, `a766048f`
+- Reviewer final verdict: approve
+- Validation passed: `cargo fmt --check`, `git diff --check HEAD^1..HEAD`, `cargo test -p pod websocket`, `cargo test -p manifest websocket`, `cargo test -p yoi render_show_distinguishes_request_grant_statuses_and_broad_targets`, `cargo test -p manifest request_host_api_manifest_and_grant_parse_with_request_names`, `cargo check -p manifest -p pod -p yoi`, `cargo run -p yoi -- ticket doctor`, and `nix build .#yoi --no-link`。
+
+範囲外:
+- Discord bridge 本体は実装していない。
+- Reconnect/backoff/heartbeat scheduler、hidden context/history injection、Dashboard channel、Ticket mutation、direct model Tool invocation は追加していない。
+- SecretRef-based credential injection は future follow-up。
+
+---