Publish bridge adapter reference journeys

Author: durable-workflow-ops

app/Support/BridgeAdapterOutcomeContract.php

@@ -128,6 +128,85 @@ public static function manifest(): array
                     'target' => ['task_queue', 'handler'],
                 ],
             ],
+            'reference_journeys' => [
+                'incident_webhook_signals_workflow' => [
+                    'pattern' => 'webhook_receiver',
+                    'operator_story' => 'An incident tool posts one provider event that signals an existing remediation workflow exactly once.',
+                    'request' => [
+                        'method' => 'POST',
+                        'path_template' => '/api/bridge-adapters/webhook/{adapter}',
+                        'adapter_example' => 'pagerduty',
+                        'action' => 'signal_workflow',
+                        'idempotency_key_source' => 'provider_event_id',
+                        'target' => [
+                            'workflow_id' => 'required existing workflow id',
+                            'signal_name' => 'required signal name',
+                        ],
+                        'input' => 'optional JSON array or object carried through the configured payload envelope',
+                    ],
+                    'expected_outcomes' => [
+                        'first_delivery' => [
+                            'http_status' => 202,
+                            'outcome' => 'accepted',
+                            'reason' => null,
+                        ],
+                        'redelivery' => [
+                            'http_status' => 200,
+                            'outcome' => 'duplicate',
+                            'control_plane_outcome' => 'deduped_existing_command',
+                        ],
+                        'missing_workflow' => [
+                            'http_status' => 422,
+                            'outcome' => 'rejected',
+                            'reason' => 'unknown_target',
+                        ],
+                    ],
+                    'visibility' => [
+                        'redacted_target_fields' => ['workflow_id', 'signal_name'],
+                        'command_context_metadata' => ['adapter', 'action', 'idempotency_key', 'request_id', 'signal_name'],
+                    ],
+                ],
+                'commerce_event_starts_workflow' => [
+                    'pattern' => 'webhook_receiver',
+                    'operator_story' => 'A commerce integration receives an order event and starts one durable workflow keyed by the provider event.',
+                    'request' => [
+                        'method' => 'POST',
+                        'path_template' => '/api/bridge-adapters/webhook/{adapter}',
+                        'adapter_example' => 'stripe',
+                        'action' => 'start_workflow',
+                        'idempotency_key_source' => 'provider_event_id',
+                        'target' => [
+                            'workflow_type' => 'required configured workflow type',
+                            'workflow_id' => 'optional explicit workflow id',
+                            'task_queue' => 'optional task queue override',
+                            'business_key' => 'optional user-visible dedupe or lookup key',
+                            'duplicate_policy' => ['reject_duplicate', 'use_existing'],
+                        ],
+                    ],
+                    'expected_outcomes' => [
+                        'first_delivery' => [
+                            'http_status' => 202,
+                            'outcome' => 'accepted',
+                            'control_plane_outcome' => 'started_new',
+                        ],
+                        'redelivery' => [
+                            'http_status' => 200,
+                            'outcome' => 'duplicate',
+                            'reason' => 'duplicate_start',
+                            'control_plane_outcome' => 'returned_existing_active',
+                        ],
+                        'unconfigured_workflow_type' => [
+                            'http_status' => 422,
+                            'outcome' => 'rejected',
+                            'reason' => 'unknown_target',
+                        ],
+                    ],
+                    'visibility' => [
+                        'redacted_target_fields' => ['workflow_id', 'workflow_type', 'task_queue', 'business_key'],
+                        'command_context_metadata' => ['adapter', 'action', 'idempotency_key'],
+                    ],
+                ],
+            ],
         ];
     }
 }

docs/contracts/bridge-adapters.md

@@ -0,0 +1,149 @@
+# Bridge Adapter Outcome Contract
+
+Bridge adapters are bounded ingress or handoff surfaces. They translate one
+authenticated integration event into a workflow start, signal, update, or
+bounded external-task handoff. They do not replay workflows, interpret event
+history, or own workflow state transitions.
+
+The authoritative machine-readable contract is published from
+`GET /api/cluster/info` at `bridge_adapter_outcome_contract`:
+
+- `schema: durable-workflow.v2.bridge-adapter-outcome.contract`
+- `version: 1`
+- `boundary`
+- `patterns`
+- `idempotency`
+- `visibility`
+- `outcomes`
+- `rejection_reasons`
+- `reference_journeys`
+
+## Webhook Receiver
+
+The first runtime bridge endpoint is:
+
+```text
+POST /api/bridge-adapters/webhook/{adapter}
+```
+
+The route is protected by the same control-plane version, auth, and namespace
+middleware as other API routes. `{adapter}` is an operator-visible adapter key
+made of letters, numbers, `.`, `_`, `:`, or `-`.
+
+Every request must include:
+
+```json
+{
+  "action": "start_workflow | signal_workflow | update_workflow",
+  "idempotency_key": "provider-event-id",
+  "target": {},
+  "input": {},
+  "correlation": {}
+}
+```
+
+`input` and `correlation` are optional. The response never echoes raw provider
+payloads, authorization material, signatures, tokens, or secrets.
+
+## Reference Journey: Incident Event Signals A Workflow
+
+Use this journey when an incident, alerting, or ticketing system needs to wake
+an existing remediation workflow.
+
+```json
+{
+  "action": "signal_workflow",
+  "idempotency_key": "pagerduty-event-3003",
+  "target": {
+    "workflow_id": "wf-remediation-42",
+    "signal_name": "incident_escalated"
+  },
+  "input": {
+    "severity": "critical",
+    "service": "checkout"
+  },
+  "correlation": {
+    "provider": "pagerduty",
+    "event_type": "incident.triggered"
+  }
+}
+```
+
+Expected outcomes:
+
+- first delivery: HTTP 202, `outcome: accepted`
+- redelivery with the same adapter, idempotency key, workflow id, and signal
+  name: HTTP 200, `outcome: duplicate`,
+  `control_plane_outcome: deduped_existing_command`
+- missing workflow: HTTP 422, `outcome: rejected`, `reason: unknown_target`
+- malformed target: HTTP 422, `outcome: rejected`, `reason: malformed_payload`
+
+The accepted command context records `adapter`, `action`, `idempotency_key`,
+`request_id`, and `signal_name`.
+
+## Reference Journey: Commerce Event Starts A Workflow
+
+Use this journey when a commerce or SaaS integration receives a provider event
+that should start one durable workflow.
+
+```json
+{
+  "action": "start_workflow",
+  "idempotency_key": "stripe-event-1001",
+  "target": {
+    "workflow_type": "orders.fulfillment",
+    "task_queue": "external-workflows",
+    "business_key": "order-1001",
+    "duplicate_policy": "use_existing"
+  },
+  "input": {
+    "order_id": "order-1001"
+  },
+  "correlation": {
+    "provider": "stripe",
+    "event_type": "checkout.session.completed"
+  }
+}
+```
+
+Expected outcomes:
+
+- first delivery: HTTP 202, `outcome: accepted`,
+  `control_plane_outcome: started_new`
+- redelivery while the workflow is still active: HTTP 200,
+  `outcome: duplicate`, `reason: duplicate_start`,
+  `control_plane_outcome: returned_existing_active`
+- unconfigured workflow type: HTTP 422, `outcome: rejected`,
+  `reason: unknown_target`
+- unsupported action: HTTP 422, `outcome: rejected`,
+  `reason: unsupported_action`
+
+When no explicit `workflow_id` is supplied, the server derives a stable
+`bridge-{adapter}-{hash}` workflow id from the adapter and idempotency key.
+
+## Outcome Shape
+
+All bridge responses include the contract identity:
+
+```json
+{
+  "schema": "durable-workflow.v2.bridge-adapter-outcome.contract",
+  "version": 1,
+  "adapter": "stripe",
+  "action": "start_workflow",
+  "accepted": true,
+  "outcome": "accepted",
+  "idempotency_key": "stripe-event-1001",
+  "target": {
+    "workflow_type": "orders.fulfillment",
+    "task_queue": "external-workflows",
+    "business_key": "order-1001"
+  },
+  "workflow_id": "bridge-stripe-...",
+  "run_id": "..."
+}
+```
+
+`target` is a redacted, operator-safe target summary. It may include workflow
+id, workflow type, signal name, update name, task queue, and business key. It
+must not include raw provider payloads or credential material.

docs/contracts/external-execution-surface.md

@@ -57,5 +57,6 @@ TLS, profile, and environment inputs deterministically.
 
 Stable adjacent contract docs live in:
 
+- `docs/contracts/bridge-adapters.md`
 - `docs/contracts/external-task-input.md`
 - `docs/contracts/external-task-result.md`

tests/Feature/ClusterInfoTest.php

@@ -406,6 +406,18 @@ public function test_it_publishes_bridge_adapter_outcome_contract_manifest(): vo
             ->assertJsonPath('bridge_adapter_outcome_contract.idempotency.required', true)
             ->assertJsonPath('bridge_adapter_outcome_contract.outcomes.accepted.http_status', 202)
             ->assertJsonPath('bridge_adapter_outcome_contract.rejection_reasons.0', 'unknown_target')
+            ->assertJsonPath(
+                'bridge_adapter_outcome_contract.reference_journeys.incident_webhook_signals_workflow.request.action',
+                'signal_workflow',
+            )
+            ->assertJsonPath(
+                'bridge_adapter_outcome_contract.reference_journeys.incident_webhook_signals_workflow.expected_outcomes.redelivery.control_plane_outcome',
+                'deduped_existing_command',
+            )
+            ->assertJsonPath(
+                'bridge_adapter_outcome_contract.reference_journeys.commerce_event_starts_workflow.expected_outcomes.redelivery.reason',
+                'duplicate_start',
+            )
             ->assertJsonPath('capabilities.bridge_adapter_outcome_contract', true);
     }
 

tests/Unit/BridgeAdapterOutcomeContractTest.php

@@ -25,6 +25,8 @@ public function test_manifest_defines_bounded_bridge_patterns_and_named_outcomes
         $this->assertArrayHasKey('duplicate', $manifest['outcomes']);
         $this->assertContains('unknown_target', $manifest['rejection_reasons']);
         $this->assertContains('unsupported_routing', $manifest['rejection_reasons']);
+        $this->assertArrayHasKey('incident_webhook_signals_workflow', $manifest['reference_journeys']);
+        $this->assertArrayHasKey('commerce_event_starts_workflow', $manifest['reference_journeys']);
     }
 
     public function test_manifest_requires_redacted_visibility_fields(): void
@@ -38,4 +40,28 @@ public function test_manifest_requires_redacted_visibility_fields(): void
         $this->assertContains('raw_payload', $manifest['visibility']['redaction']['never_echo']);
         $this->assertContains('credential_ref', $manifest['visibility']['redaction']['safe_references']);
     }
+
+    public function test_reference_journeys_pin_request_and_outcome_shapes(): void
+    {
+        $manifest = BridgeAdapterOutcomeContract::manifest();
+
+        $incident = $manifest['reference_journeys']['incident_webhook_signals_workflow'];
+
+        $this->assertSame('webhook_receiver', $incident['pattern']);
+        $this->assertSame('/api/bridge-adapters/webhook/{adapter}', $incident['request']['path_template']);
+        $this->assertSame('signal_workflow', $incident['request']['action']);
+        $this->assertSame('provider_event_id', $incident['request']['idempotency_key_source']);
+        $this->assertSame(202, $incident['expected_outcomes']['first_delivery']['http_status']);
+        $this->assertSame('deduped_existing_command', $incident['expected_outcomes']['redelivery']['control_plane_outcome']);
+        $this->assertSame('unknown_target', $incident['expected_outcomes']['missing_workflow']['reason']);
+        $this->assertContains('request_id', $incident['visibility']['command_context_metadata']);
+
+        $commerce = $manifest['reference_journeys']['commerce_event_starts_workflow'];
+
+        $this->assertSame('start_workflow', $commerce['request']['action']);
+        $this->assertContains('use_existing', $commerce['request']['target']['duplicate_policy']);
+        $this->assertSame('started_new', $commerce['expected_outcomes']['first_delivery']['control_plane_outcome']);
+        $this->assertSame('duplicate_start', $commerce['expected_outcomes']['redelivery']['reason']);
+        $this->assertContains('business_key', $commerce['visibility']['redacted_target_fields']);
+    }
 }