PDPP

Capability specs

Durable capability specifications under openspec/specs/.

agent-consent-bundling Specification

Define reference-implementation semantics for agent consent ceremonies that bundle owner approval across multiple configured data connections without turning that bundle into a cross-source PDPP grant. ## Requirements ### Requirement: Hosted MCP broad approval SHALL issue source-bounded child grants

agent-consent-bundlingno active changes
hybrid-retrieval Specification

TBD - created by archiving change define-hybrid-retrieval. Update Purpose after archive. ## Requirements ### Requirement: Hybrid retrieval is optional, experimental, and separately advertised

hybrid-retrievalno active changes
lexical-retrieval Specification

Define PDPP's optional lexical retrieval extension: a discoverable, grant-safe, text-query search surface at GET /v1/search with stream-declared searchable fields and portable result-shape guarantees. ## Requirements ### Requirement: Lexical retrieval is an optional, advertised, named extension

lexical-retrievalno active changes
local-agent-collector-completeness Specification

TBD - created by archiving change complete-local-agent-collectors. Update Purpose after archive. ## Requirements ### Requirement: Local agent completeness is inventory-based The reference implementation SHALL define complete local Claude Code and Codex collection as coverage of every known store under the configured source home. Each known store SHALL be collected, collected with redaction, inventoried without payload, excluded, deferred, missing, or unsupported with a machine-readable reason.

local-agent-collector-completenessno active changes
local-collector-durable-work Specification

TBD - created by archiving change add-local-collector-durable-work-substrate. Update Purpose after archive. ## Requirements ### Requirement: Local collector work is stored in a durable outbox

local-collector-durable-workno active changes
local-device-exporter-collection Specification

TBD - created by archiving change design-local-device-exporter-collection. Update Purpose after archive. ## Requirements ### Requirement: Local device exporter collection SHALL preserve source-instance identity

local-device-exporter-collectionactive in: add-browser-collector-enrollment-primitive
mcp-adapter Specification

TBD - created by archiving change add-mcp-stdio-adapter. Update Purpose after archive. ## Requirements ### Requirement: Stdio MCP Adapter Uses Scoped PDPP Tokens The MCP adapter SHALL run as a local stdio MCP server that calls the existing PDPP resource-server API using an already-issued scoped client access token from the local PDPP credential cache. The adapter SHALL NOT issue grants, request new authorization, run connectors, or access reference owner-control endpoints.

mcp-adapteractive in: add-aggregate-other-rollup, add-grant-scoped-mcp-device-authorization, define-mcp-agent-entrypoint-surface, harden-multipath-stream-discovery, make-mcp-result-ids-self-contained, publish-mcp-server-package, reduce-mcp-tool-surface-footprint
polyfill-runtime Specification

TBD - created by archiving change add-connector-refresh-policy-controls. Update Purpose after archive. ## Requirements ### Requirement: Polyfill manifests MAY declare refresh policy hints

polyfill-runtimeactive in: add-google-maps-data-portability-connector, add-google-maps-timeline-import, add-provider-budget-run-control, define-collection-acquisition-coverage, generalize-adaptive-collection-governor, ship-adaptive-collection-rate-controller
reference-agent-access-workflow Specification

TBD - created by archiving change add-agent-scoped-pdpp-access. Update Purpose after archive. ## Requirements ### Requirement: Agent assistants SHALL use scoped client grants instead of owner tokens

reference-agent-access-workflowactive in: add-grant-scoped-mcp-device-authorization, define-mcp-agent-entrypoint-surface
reference-connection-health Specification

TBD - created by archiving change define-connection-health-evidence-model. Update Purpose after archive. ## Requirements ### Requirement: Connection Health SHALL Preserve Evidence Before Projection

reference-connection-healthactive in: define-collection-acquisition-coverage
reference-connector-instances Specification

TBD - created by archiving change define-connector-instances. Update Purpose after archive. ## Requirements ### Requirement: Connector instances SHALL be the durable configured-binding identity

reference-connector-instancesactive in: add-browser-collector-enrollment-primitive, add-google-maps-data-portability-connector, complete-self-service-connection-onboarding, define-collection-acquisition-coverage, fix-scheduled-run-store-credential-injection, harden-multipath-stream-discovery
reference-dashboard-notifications Specification

TBD - created by archiving change add-dashboard-web-push-notifications. Update Purpose after archive. ## Requirements ### Requirement: Dashboard Web Push SHALL be VAPID-configured and optional

reference-dashboard-notificationsno active changes
reference-demo-instance Specification

TBD - created by archiving change add-mock-reference-demo-instance. Update Purpose after archive. ## Requirements ### Requirement: Public sandbox SHALL provide a mock-owner reference demo instance

reference-demo-instanceno active changes
reference-implementation-architecture Specification

Define the durable architecture and boundary rules for the PDPP reference implementation in this repository without competing with the normative PDPP protocol specs. ## Requirements ### Requirement: The reference implementation remains a forkable substrate

reference-implementation-architectureactive in: add-aggregate-other-rollup, add-console-connection-revoke-delete-controls, add-docker-core-deploy-target, add-google-maps-data-portability-connector, add-grant-scoped-mcp-device-authorization, add-statement-content-fingerprint, complete-self-service-connection-onboarding, gate-hosted-owner-exposure, migrate-postgres-semantic-index-to-pgvector, owner-connection-id-records-parity, publish-reference-browser-image, render-three-class-consent-authorship, republish-remote-surface-as-opendatalabs
reference-implementation-governance Specification

Define how this repository uses OpenSpec relative to the normative PDPP protocol specs, executable reference code, and temporary planning artifacts. ## Requirements ### Requirement: Authority order stays explicit This repository SHALL treat the root PDPP spec files as normative for protocol behavior, code and tests as authoritative for current reference implementation behavior, and OpenSpec as the project layer for reference architecture and change planning.

reference-implementation-governanceactive in: adopt-single-release-channel, prove-single-use-grant-consumption
reference-implementation-identity Specification

Define the repository identity of the forkable PDPP reference implementation so active code, package metadata, and implementation-facing documentation no longer present it as an end-to-end test harness. ## Requirements ### Requirement: The forkable implementation substrate has a reference-implementation identity The repo MUST present the forkable implementation substrate as the reference implementation in active code, package metadata, OpenSpec artifacts, and active implementation-facing docs.

reference-implementation-identityno active changes
reference-implementation-runtime Specification

TBD - created by archiving change add-reference-runtime-spec. Update Purpose after archive. ## Requirements ### Requirement: Runtime SHALL construct a bounded START envelope The reference runtime SHALL send each connector a START envelope containing a concrete runid, collectionmode, normalized scope, validated stream-keyed state when state persistence is enabled, and the runtime bindings available to that run.

reference-implementation-runtimeactive in: surface-run-handle-resolvability
reference-native-provider-boundary Specification

Define how the reference implementation keeps native-provider public contracts provider-first while preserving connector-shaped details only where they are implementation internals or polyfill-specific operational surfaces. ## Requirements ### Requirement: Native provider requests stay provider-first The reference implementation SHALL treat native-provider requests as provider/source-bound requests, not as connector requests with hidden branding. Native-provider public artifacts SHALL identify the source with a single discriminated source object of shape { kind: 'providernative', id: <native provider id> } rather than with a top-level providerid scalar.

reference-native-provider-boundaryno active changes
reference-owner-agent-control-surface Specification

TBD - created by archiving change add-owner-connection-delete-contract. Update Purpose after archive. ## Requirements ### Requirement: Owner-agent connection delete SHALL be a typed, connection-scoped, audited control action

reference-owner-agent-control-surfaceactive in: complete-self-service-connection-onboarding
reference-run-assistance Specification

TBD - created by archiving change define-run-assistance-state-contract. Update Purpose after archive. ## Requirements ### Requirement: Run assistance separates progress, action, and response obligation The reference runtime SHALL represent owner assistance with structured fields that distinguish progress posture, owner action, response obligation, attachments, and sensitivity. The reference runtime SHALL NOT collapse all owner involvement into a single generic human-help state.

reference-run-assistanceno active changes
reference-surface-topology Specification

TBD - created by archiving change define-reference-surface-topology. Update Purpose after archive. ## Requirements ### Requirement: Public website surfaces SHALL distinguish artifact categories

reference-surface-topologyactive in: add-console-connection-revoke-delete-controls, adopt-single-release-channel
reference-web-bridge-contract Specification

Define how website bridge routes consume the current reference AS/RS contract without teaching legacy helper routes, demo-only assumptions, or connector-only client access as durable PDPP behavior. ## Requirements ### Requirement: Web bridge routes reflect the current reference contract Website bridge routes that call the reference implementation SHALL consume the current primary AS/RS surfaces and SHALL not require removed helper routes or connector-only request assumptions when the reference supports a source-aware contract.

reference-web-bridge-contractno active changes
semantic-retrieval Specification

Define PDPP's experimental optional semantic retrieval extension: a discoverable, grant-safe, text-query meaning-match surface at GET /v1/search/semantic with explicit instability, server-declared model metadata, and no portable vector or reranking controls. ## Requirements ### Requirement: Semantic retrieval is an experimental, optional, advertised, named extension

semantic-retrievalno active changes