Summary
Add a generic registry for trusted external capability providers that can register generated tools at runtime.
Background
OpenHuman now has generated tool wrappers, tool-policy middleware, MCP allowlists, approval audit, and diagnostics. The remaining gap is a first-class provider identity/trust layer so external runtimes can be enabled, disabled, diagnosed, and used by policy without coupling OpenHuman to any one runtime implementation.
Acceptance criteria
- Add a generic provider metadata type with id, display name, optional source URI, optional source digest, trust state, and enabled state.
- Add a config-backed registry for trusted external capability providers.
- Provider ids are validated and normalized consistently.
- The registry exposes lookup/list helpers for policy and diagnostics callers.
- Default behavior remains backward-compatible when no providers are configured.
- Add focused Rust tests for valid provider registration, disabled/untrusted providers, duplicate provider ids, and invalid provider ids.
Non-goals
- Do not add any runtime-specific bundle format.
- Do not execute external code.
- Do not add UI in this issue.
Summary
Add a generic registry for trusted external capability providers that can register generated tools at runtime.
Background
OpenHuman now has generated tool wrappers, tool-policy middleware, MCP allowlists, approval audit, and diagnostics. The remaining gap is a first-class provider identity/trust layer so external runtimes can be enabled, disabled, diagnosed, and used by policy without coupling OpenHuman to any one runtime implementation.
Acceptance criteria
Non-goals