The runtime tracks granted leases through LeaseManager.
LeaseGranted carries lease_id, permission, resource, operation, and
expiry.
$leaseId = $ctx->requestPermission('repo.write', 'repo:arcp', 'apply_patch');Host applications define permission/resource naming. LeaseManager
checks exact scope equality through LeaseScope.
Canonicalize resources before requesting or checking leases so equivalent paths do not produce different scopes.
Treat submitted lease constraints and budget counters as immutable job inputs.
Enforce before side effects and when emitting cost metrics.
CostBudget::containsSubset() checks child budget <= parent remaining
for the v1.1 budget capability.
Expired leases raise LeaseExpiredException.
CostBudget parses currency:decimal strings and decrements counters
from cost.* metrics.
ModelUse carries allow-list patterns such as openai/gpt-4o,
anthropic/*, or *. Tool code can enforce the active job lease before
calling an upstream model:
$ctx->assertModelAllowed('anthropic/claude-3-5-sonnet');Child leases must stay within the parent model set. LeaseManager
raises LeaseSubsetViolationException when a child expands either
model.use or cost.budget.
Configure ARCPRuntime with a CredentialProvisioner to mint
short-lived upstream credentials after the job lease is finalized:
$runtime = new ARCPRuntime(
authRouter: $auth,
credentialProvisioner: $provisioner,
);Clients opt in during the handshake with:
new Capabilities(
anonymous: true,
features: ['provisioned_credentials', 'model.use'],
);When the tool invocation carries lease.model.use or
lease.cost.budget, the runtime includes a credentials array in the
direct job.accepted payload. Credential values are redacted in the
event log and subscription delivery, and the runtime revokes outstanding
credentials on success, failure, or cancellation.
Use typed exceptions from Arcp\Errors so clients can branch on
canonical error codes.
See samples/leases/, samples/lease-revocation/, and
samples/cost-budget/, and samples/provisioned-credentials/.