recipes: add composed-feature recipes mirroring other SDK shapes

Adds the four cross-SDK recipes (email_vendor_leases, multi_agent_budget,
stream_resume, mcp_skill) so ruby-sdk matches typescript-sdk, go-sdk,
rust-sdk, java-sdk, kotlin-sdk, csharp-sdk, fsharp-sdk, php-sdk,
swift-sdk, and python-sdk. Each recipe follows the existing samples
layout (server.rb / client.rb / run.rb) and wires a real provider gem
(anthropic, ruby-openai, GLM-5 via z.ai, MCP over stdio JSON-RPC)
around ARCP features.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: nficano

recipes/README.md

@@ -0,0 +1,66 @@
+# Recipes
+
+Composed ARCP features wired around a real LLM workload. Unlike the
+single-feature [`samples/`](../samples/) — which use toy agents (echo,
+slow timer, fake budget) — each recipe is a complete end-to-end shape
+with an actual provider SDK driving the agent.
+
+Each subdirectory mirrors the samples layout:
+
+| File        | Purpose                                                      |
+| ----------- | ------------------------------------------------------------ |
+| `server.rb` | Agent handler + runtime registration                         |
+| `client.rb` | Submits the job, observes events, returns the terminal state |
+| `run.rb`    | Wires both sides with `MemoryTransport.pair` under `Sync { }` |
+
+## Running
+
+```
+bundle exec ruby recipes/<name>/run.rb
+```
+
+Provider gems (`anthropic`, `ruby-openai`) are not pinned in the
+gemspec because they are not core dependencies — install whichever
+ones the recipe you want to run needs:
+
+```
+gem install anthropic ruby-openai
+```
+
+## [multi_agent_budget/](multi_agent_budget/) — OpenAI
+
+The planner decomposes a question into sub-questions and delegates each
+to a worker carrying a budget slice carved from its own remaining cap.
+After each grant the planner emits a `cost.delegate` metric on itself
+so the runtime's subset check at the next delegate sees an honest
+remaining balance. Workers that overspend trip `BudgetExhausted`;
+sub-questions that no longer fit are skipped before the delegate.
+
+## [email_vendor_leases/](email_vendor_leases/) — Claude
+
+A triage agent runs Claude through a tool-use loop with three tools, but
+the lease grants only the two read-only ones. When the model proposes
+`send_reply` the `LeaseManager#check!` raises `PermissionDenied` and
+the agent feeds the denial back to Claude, which observes the deny and
+returns a drafted-but-unsent reply. Each `inbox_read` also emits an
+`x-vendor.acme.email.parsed` event so dashboards recognising the
+namespace can render parsed metadata specially.
+
+## [stream_resume/](stream_resume/) — GLM-5
+
+The writer pipes GLM-5's streaming deltas into `ctx.stream_result`,
+batching ~200 chars per `result_chunk` envelope. Every envelope lands
+in the runtime's `EventLog` under a monotonic `event_seq`. The client
+drops the transport mid-stream, opens a fresh session with
+`Client.resume`, and the runtime replays every envelope past the
+cutoff so reassembly completes seamlessly across the gap.
+
+## [mcp_skill/](mcp_skill/) — MCP bridge
+
+A minimal MCP server fronts the [multi_agent_budget](multi_agent_budget/)
+planner so any MCP host (Claude Code, Cursor, Desktop) can call it as
+a single `research` tool. The bridge keeps one long-lived ARCP session;
+each MCP tool invocation submits a fresh planner job and returns the
+terminal result as the tool's text response. A Claude Code skill at
+[skills/research/SKILL.md](mcp_skill/skills/research/SKILL.md) tells
+the model when to reach for the tool.

recipes/email_vendor_leases/client.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+# email_vendor_leases client — submit triage with a lease that omits send_reply.
+
+require_relative '../../samples/_harness'
+
+module EmailVendorLeasesRecipe
+  module Client
+    def self.run(client)
+      # the lease grants tool.call only for read-only inbox tools. send_reply
+      # is intentionally absent — when Claude proposes that tool the agent's
+      # lease check raises PermissionDenied and a tool_result error is fed
+      # back. the model recovers and returns a drafted (not-sent) reply.
+      handle = client.submit_job(
+        agent: 'triage',
+        lease_request: Arcp::Lease::LeaseRequest.new(
+          capabilities: ['tool.call:inbox_list', 'tool.call:inbox_read'],
+          budget: nil,
+          model_use: nil,
+          expires_at: nil
+        )
+      )
+      events = handle.subscribe(client: client).to_a
+      result = handle.get_result(client: client)
+      [handle, events, result]
+    end
+  end
+end

recipes/email_vendor_leases/run.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require_relative 'server'
+require_relative 'client'
+
+code = Harness.run_or_exit('email_vendor_leases') do |emit|
+  server_t, client_t = Harness.pair_memory
+  runtime = EmailVendorLeasesRecipe.runtime
+  client, task = Harness.open_client(server_t, client_t, runtime, client_name: 'email-vendor-leases')
+
+  handle, events, result = EmailVendorLeasesRecipe::Client.run(client)
+  denied = events.select { |e| e.kind == Arcp::Job::EventKind::TOOL_RESULT && e.body.error }
+  parsed = events.select { |e| e.kind.to_s.start_with?('x-vendor.acme.email.parsed') }
+
+  emit.call(
+    'job_id' => handle.job_id,
+    'final_status' => result.final_status,
+    'denied_tool_calls' => denied.map { |e| e.body.error['code'] },
+    'parsed_emails' => parsed.size,
+    'drafted_reply_present' => !result.result.dig('drafted_reply').to_s.empty?,
+    'sent' => result.result.dig('sent')
+  )
+  client.close
+  task.stop
+end
+exit code

recipes/email_vendor_leases/server.rb

@@ -0,0 +1,147 @@
+# frozen_string_literal: true
+
+# email_vendor_leases — Claude tool-use loop with a lease that denies send_reply.
+#
+# A triage agent receives an "inbox check" task with a lease that grants
+# read-only tools but NOT send_reply. Claude reads each message, emits a
+# vendor-extension event per parsed message so dashboards can render
+# them specially, and eventually decides one needs a reply. When it
+# tries to call send_reply the lease check denies it; Claude observes
+# the PERMISSION_DENIED tool_result and degrades to drafting the reply
+# for human review.
+#
+# Highlights: §13.4 lease violation as a *recoverable* tool_result error
+# (not session-fatal), §15 / §8.2 x-vendor.* event-kind namespace, and
+# a realistic Claude tool-use loop that handles a deny without crashing.
+
+require 'anthropic'
+require_relative '../../samples/_harness'
+
+module EmailVendorLeasesRecipe
+  TOOLS = [
+    {
+      'name' => 'inbox_list',
+      'description' => 'List recent unread messages.',
+      'input_schema' => { 'type' => 'object', 'properties' => {} }
+    },
+    {
+      'name' => 'inbox_read',
+      'description' => 'Read one message by id.',
+      'input_schema' => {
+        'type' => 'object',
+        'properties' => { 'id' => { 'type' => 'string' } },
+        'required' => ['id']
+      }
+    },
+    {
+      'name' => 'send_reply',
+      'description' => 'Send a reply to a message.',
+      'input_schema' => {
+        'type' => 'object',
+        'properties' => { 'id' => { 'type' => 'string' }, 'body' => { 'type' => 'string' } },
+        'required' => %w[id body]
+      }
+    }
+  ].freeze
+
+  # stand-in inbox so the recipe is self-contained — swap for IMAP/Gmail in real use
+  INBOX = {
+    'm1' => { 'id' => 'm1', 'from' => 'ops@acme.dev', 'subject' => 'Status',
+              'body' => 'All quiet.', 'urgency' => 'low' },
+    'm2' => { 'id' => 'm2', 'from' => 'ceo@acme.dev', 'subject' => 'Outage!',
+              'body' => 'Site is down — fix asap.', 'urgency' => 'high' }
+  }.freeze
+
+  def self.run_tool(name, args)
+    case name
+    when 'inbox_list'
+      INBOX.values.map { |m| m.slice('id', 'subject', 'from') }
+    when 'inbox_read'
+      INBOX.fetch(args['id'])
+    else
+      raise "tool #{name} should have been denied before reaching run_tool"
+    end
+  end
+
+  HANDLER = lambda do |ctx|
+    lease_manager = $arcp_runtime.lease_manager
+    anthropic = Anthropic::Client.new
+
+    messages = [{
+      role: 'user',
+      content: 'Triage my inbox. Read each unread message and reply to anything urgent.'
+    }]
+
+    # tool-use loop: Claude proposes a tool call, we authorize against the
+    # lease, run it (or surface a denial), feed the result back, repeat.
+    loop do
+      turn = anthropic.messages(
+        parameters: {
+          model: 'claude-sonnet-4-6',
+          max_tokens: 1024,
+          tools: TOOLS,
+          messages: messages
+        }
+      )
+
+      if turn['stop_reason'] == 'end_turn'
+        text = turn['content'].find { |b| b['type'] == 'text' }&.dig('text').to_s
+        ctx.finish(result: { 'drafted_reply' => text, 'sent' => false })
+        return
+      end
+
+      # append the assistant turn so the next call has full context
+      messages << { role: 'assistant', content: turn['content'] }
+      tool_results = []
+
+      turn['content'].each do |block|
+        next unless block['type'] == 'tool_use'
+
+        ctx.tool_call(call_id: block['id'], tool: block['name'], args: block['input'])
+
+        begin
+          # the lease grants tool.call only for the read-only tools; the
+          # send_reply pattern is absent so this raises PermissionDenied
+          lease_manager.check!(ctx.job_id, capability: "tool.call:#{block['name']}")
+        rescue Arcp::Errors::PermissionDenied => e
+          # surface the denial on the ARCP stream as a recoverable error...
+          ctx.tool_result(call_id: block['id'], error: e.to_payload)
+          # ...and hand it to Claude as the tool result so the model can
+          # recover gracefully — lease violations are not session-fatal
+          tool_results << {
+            type: 'tool_result',
+            tool_use_id: block['id'],
+            content: "denied: #{e.message}",
+            is_error: true
+          }
+          next
+        end
+
+        result = run_tool(block['name'], block['input'])
+        if block['name'] == 'inbox_read'
+          # vendor-extension event — dashboards that recognise the
+          # x-vendor.acme.* namespace render parsed metadata specially
+          ctx.emit(
+            kind: 'x-vendor.acme.email.parsed',
+            body: {
+              'message_id' => result['id'],
+              'from' => result['from'],
+              'subject' => result['subject'],
+              'urgency' => result['urgency']
+            }
+          )
+        end
+        ctx.tool_result(call_id: block['id'], result: result)
+        tool_results << { type: 'tool_result', tool_use_id: block['id'], content: result.to_json }
+      end
+
+      messages << { role: 'user', content: tool_results }
+    end
+  end
+
+  def self.runtime
+    r = Harness.runtime(agents: { 'triage' => HANDLER })
+    $arcp_runtime = r
+    r
+  end
+end

recipes/mcp_skill/client.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+# mcp_skill client — simulates an MCP host issuing a `tools/call` for `research`.
+#
+# A real MCP host (Claude Code, Cursor, Desktop) speaks JSON-RPC over
+# stdio to the bridge process. Here we wire the bridge in-process and
+# call `handle_request` directly to keep the recipe self-contained.
+
+require 'json'
+require_relative '../../samples/_harness'
+require_relative 'server'
+
+module McpSkillRecipe
+  module Client
+    def self.run(arcp_client)
+      # `tools/list` — what the MCP host would advertise to the model.
+      tools = McpSkillRecipe.handle_request(
+        { 'jsonrpc' => '2.0', 'id' => 1, 'method' => 'tools/list' },
+        arcp_client: arcp_client
+      )
+
+      # `tools/call` — the model has decided to invoke `research`.
+      call = McpSkillRecipe.handle_request(
+        {
+          'jsonrpc' => '2.0', 'id' => 2, 'method' => 'tools/call',
+          'params' => {
+            'name' => 'research',
+            'arguments' => { 'question' => 'What causes urban heat islands?', 'budget_usd' => 0.5 }
+          }
+        },
+        arcp_client: arcp_client
+      )
+
+      [tools, call]
+    end
+  end
+end

recipes/mcp_skill/run.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require_relative 'server'
+require_relative 'client'
+
+code = Harness.run_or_exit('mcp_skill') do |emit|
+  server_t, client_t = Harness.pair_memory
+  runtime = McpSkillRecipe.runtime
+  arcp_client, task = Harness.open_client(server_t, client_t, runtime, client_name: 'mcp-bridge')
+
+  tools, call = McpSkillRecipe::Client.run(arcp_client)
+  tool_names = tools.dig('result', 'tools')&.map { |t| t['name'] } || []
+  content = call.dig('result', 'content') || []
+
+  emit.call(
+    'tools_advertised' => tool_names,
+    'call_returned_blocks' => content.size,
+    'first_block_type' => content.first&.dig('type')
+  )
+  arcp_client.close
+  task.stop
+end
+exit code