@bluefly/openstandardagents 0.1.9 → 0.2.5-RC
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.cursorrules +84 -0
- package/.devfile.yaml +87 -0
- package/.env.example +25 -3
- package/.eslintrc.cjs +43 -0
- package/.github/PULL_REQUEST_TEMPLATE.md +39 -0
- package/.github/dependabot.yml +58 -0
- package/.github/workflows/ci.yml +154 -0
- package/.github/workflows/codeql.yml +41 -0
- package/.github/workflows/dependabot-auto-merge.yml +28 -0
- package/.github/workflows/release.yml +103 -0
- package/.kiro/specs/agent-buildkit-templates/design.md +495 -0
- package/.kiro/specs/agent-buildkit-templates/requirements.md +165 -0
- package/.kiro/specs/kiro-ide-supercharger/README.md +202 -0
- package/.kiro/specs/kiro-ide-supercharger/design.md +1005 -0
- package/.kiro/specs/kiro-ide-supercharger/requirements.md +141 -0
- package/.kiro/specs/kiro-ide-supercharger/tasks.md +507 -0
- package/.kiro/specs/website-design-audit/design.md +679 -0
- package/.kiro/specs/website-design-audit/requirements.md +199 -0
- package/.prettierignore +7 -0
- package/.prettierrc.json +10 -0
- package/.redocly.yaml +8 -62
- package/.releaserc.json +85 -0
- package/.version.json +6 -0
- package/CHANGELOG.md +196 -0
- package/CONTRIBUTING.md +267 -0
- package/LICENSE +190 -0
- package/README.md +253 -454
- package/bin/ossa +29 -0
- package/bin/ossa-validate-all +55 -0
- package/bin/ossa-version +23 -0
- package/bin/validate-ossa-0.2.2.ts +244 -0
- package/bin/validate-ossa-0.2.4.ts +244 -0
- package/bin/validate-ossa-0.2.5-RC.ts +244 -0
- package/bin/validate-ossa.ts +273 -0
- package/dist/di-container.d.ts +1 -1
- package/dist/di-container.d.ts.map +1 -1
- package/dist/di-container.js +0 -3
- package/dist/di-container.js.map +1 -1
- package/dist/index.d.ts +9 -27
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +13 -33
- package/dist/index.js.map +1 -1
- package/dist/repositories/schema.repository.d.ts +16 -1
- package/dist/repositories/schema.repository.d.ts.map +1 -1
- package/dist/repositories/schema.repository.js +94 -17
- package/dist/repositories/schema.repository.js.map +1 -1
- package/dist/services/generation.service.d.ts +7 -5
- package/dist/services/generation.service.d.ts.map +1 -1
- package/dist/services/generation.service.js +93 -45
- package/dist/services/generation.service.js.map +1 -1
- package/dist/services/gitlab-agent.service.d.ts.map +1 -1
- package/dist/services/gitlab-agent.service.js +12 -8
- package/dist/services/gitlab-agent.service.js.map +1 -1
- package/dist/services/migration.service.d.ts +3 -3
- package/dist/services/migration.service.d.ts.map +1 -1
- package/dist/services/migration.service.js +108 -61
- package/dist/services/migration.service.js.map +1 -1
- package/dist/services/release-automation/base-crud.service.d.ts +93 -0
- package/dist/services/release-automation/base-crud.service.d.ts.map +1 -0
- package/dist/services/release-automation/base-crud.service.js +68 -0
- package/dist/services/release-automation/base-crud.service.js.map +1 -0
- package/dist/services/release-automation/index.d.ts +12 -0
- package/dist/services/release-automation/index.d.ts.map +1 -0
- package/dist/services/release-automation/index.js +12 -0
- package/dist/services/release-automation/index.js.map +1 -0
- package/dist/services/release-automation/merge-request.service.d.ts +119 -0
- package/dist/services/release-automation/merge-request.service.d.ts.map +1 -0
- package/dist/services/release-automation/merge-request.service.js +212 -0
- package/dist/services/release-automation/merge-request.service.js.map +1 -0
- package/dist/services/release-automation/milestone.service.d.ts +104 -0
- package/dist/services/release-automation/milestone.service.d.ts.map +1 -0
- package/dist/services/release-automation/milestone.service.js +207 -0
- package/dist/services/release-automation/milestone.service.js.map +1 -0
- package/dist/services/release-automation/release.service.d.ts +118 -0
- package/dist/services/release-automation/release.service.d.ts.map +1 -0
- package/dist/services/release-automation/release.service.js +207 -0
- package/dist/services/release-automation/release.service.js.map +1 -0
- package/dist/services/release-automation/schemas/release.schema.d.ts +299 -0
- package/dist/services/release-automation/schemas/release.schema.d.ts.map +1 -0
- package/dist/services/release-automation/schemas/release.schema.js +269 -0
- package/dist/services/release-automation/schemas/release.schema.js.map +1 -0
- package/dist/services/release-automation/tag.service.d.ts +99 -0
- package/dist/services/release-automation/tag.service.d.ts.map +1 -0
- package/dist/services/release-automation/tag.service.js +180 -0
- package/dist/services/release-automation/tag.service.js.map +1 -0
- package/dist/services/release-automation/webhook.service.d.ts +37 -0
- package/dist/services/release-automation/webhook.service.d.ts.map +1 -0
- package/dist/services/release-automation/webhook.service.js +173 -0
- package/dist/services/release-automation/webhook.service.js.map +1 -0
- package/dist/services/runtime/openai.adapter.d.ts.map +1 -1
- package/dist/services/runtime/openai.adapter.js.map +1 -1
- package/dist/services/validation.service.d.ts.map +1 -1
- package/dist/services/validation.service.js +24 -11
- package/dist/services/validation.service.js.map +1 -1
- package/dist/services/validators/anthropic.validator.d.ts +2 -2
- package/dist/services/validators/anthropic.validator.d.ts.map +1 -1
- package/dist/services/validators/anthropic.validator.js +14 -9
- package/dist/services/validators/anthropic.validator.js.map +1 -1
- package/dist/services/validators/autogen.validator.d.ts +2 -2
- package/dist/services/validators/autogen.validator.d.ts.map +1 -1
- package/dist/services/validators/autogen.validator.js +18 -15
- package/dist/services/validators/autogen.validator.js.map +1 -1
- package/dist/services/validators/crewai.validator.d.ts +2 -2
- package/dist/services/validators/crewai.validator.d.ts.map +1 -1
- package/dist/services/validators/crewai.validator.js +18 -17
- package/dist/services/validators/crewai.validator.js.map +1 -1
- package/dist/services/validators/cursor.validator.d.ts +2 -2
- package/dist/services/validators/cursor.validator.d.ts.map +1 -1
- package/dist/services/validators/cursor.validator.js +15 -11
- package/dist/services/validators/cursor.validator.js.map +1 -1
- package/dist/services/validators/langchain.validator.d.ts +2 -2
- package/dist/services/validators/langchain.validator.d.ts.map +1 -1
- package/dist/services/validators/langchain.validator.js +14 -11
- package/dist/services/validators/langchain.validator.js.map +1 -1
- package/dist/services/validators/langflow.validator.d.ts +2 -2
- package/dist/services/validators/langflow.validator.d.ts.map +1 -1
- package/dist/services/validators/langflow.validator.js +14 -9
- package/dist/services/validators/langflow.validator.js.map +1 -1
- package/dist/services/validators/langgraph.validator.d.ts +2 -2
- package/dist/services/validators/langgraph.validator.d.ts.map +1 -1
- package/dist/services/validators/langgraph.validator.js +23 -18
- package/dist/services/validators/langgraph.validator.js.map +1 -1
- package/dist/services/validators/llamaindex.validator.d.ts +2 -2
- package/dist/services/validators/llamaindex.validator.d.ts.map +1 -1
- package/dist/services/validators/llamaindex.validator.js +19 -16
- package/dist/services/validators/llamaindex.validator.js.map +1 -1
- package/dist/services/validators/openai.validator.d.ts +2 -2
- package/dist/services/validators/openai.validator.d.ts.map +1 -1
- package/dist/services/validators/openai.validator.js +20 -16
- package/dist/services/validators/openai.validator.js.map +1 -1
- package/dist/services/validators/vercel-ai.validator.d.ts +2 -2
- package/dist/services/validators/vercel-ai.validator.d.ts.map +1 -1
- package/dist/services/validators/vercel-ai.validator.js +16 -15
- package/dist/services/validators/vercel-ai.validator.js.map +1 -1
- package/dist/spec/v0.2.3/CHANGELOG.md +176 -0
- package/dist/spec/v0.2.3/README.md +4 -4
- package/dist/spec/v0.2.3/migrations/v0.2.2-to-v0.2.3.md +7 -7
- package/dist/spec/v0.2.4/CHANGELOG.md +403 -0
- package/dist/spec/v0.2.4/migrations/v0.2.3-to-v0.2.4.md +599 -0
- package/dist/spec/v0.2.4/ossa-0.2.4-dev.schema.json +1696 -0
- package/dist/spec/v0.2.4/ossa-0.2.4.schema.json +1819 -0
- package/dist/spec/v0.2.5/CHANGELOG.md +401 -0
- package/dist/spec/v0.2.5/README.md +72 -0
- package/dist/spec/v0.2.5/migrations/v0.2.3-to-v0.2.4.md +599 -0
- package/dist/spec/v0.2.5/ossa-0.2.5.schema.json +1696 -0
- package/dist/spec/v0.2.5/ossa-0.2.5.yaml +581 -0
- package/dist/spec/v0.2.5-RC/CHANGELOG.md +401 -0
- package/dist/spec/v0.2.5-RC/README.md +72 -0
- package/dist/spec/v0.2.5-RC/migrations/v0.2.3-to-v0.2.4.md +599 -0
- package/dist/spec/v0.2.5-RC/ossa-0.2.5-RC.schema.json +1696 -0
- package/dist/spec/v0.2.5-RC/ossa-0.2.5-RC.yaml +581 -0
- package/dist/types/index.d.ts +164 -260
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js +3 -65
- package/dist/types/index.js.map +1 -1
- package/docs/issue-19-completion-summary.md +648 -0
- package/docs/issue-19-validation.md +351 -0
- package/examples/adk-integration/code-review-workflow.yml +136 -0
- package/examples/adk-integration/customer-support.yml +263 -0
- package/examples/adk-integration/data-pipeline.yml +173 -0
- package/examples/advanced/patterns/compliance-context-production.json +53 -0
- package/examples/advanced/patterns/model-router.ts +274 -0
- package/examples/advanced/patterns/smart-model-routing.ts +248 -0
- package/examples/advanced/workflows/hybrid-model-strategy.yaml +232 -0
- package/examples/agent-manifests/critics/critic-agent.yaml +149 -0
- package/examples/agent-manifests/governors/governor-agent.yaml +128 -0
- package/examples/agent-manifests/integrators/integrator-agent.yaml +103 -0
- package/examples/agent-manifests/judges/judge-agent.yaml +153 -0
- package/examples/agent-manifests/monitors/monitor-agent.yaml +122 -0
- package/examples/agent-manifests/orchestrators/orchestrator-agent.yaml +247 -0
- package/examples/agent-manifests/sample-compliant-agent.yaml +147 -0
- package/examples/agent-manifests/workers/worker-agent.yaml +82 -0
- package/examples/anthropic/claude-assistant.ossa.json +45 -0
- package/examples/architecture/model-configuration/ollama-integration.ts +110 -0
- package/examples/autogen/multi-agent.ossa.json +37 -0
- package/examples/bridge-configurations.yaml +346 -0
- package/examples/bridges/Dockerfile.production +87 -0
- package/examples/bridges/__pycache__/aiflow-bridge-enhanced.cpython-313.pyc +0 -0
- package/examples/bridges/__pycache__/aiflow-phoenix-tracing.cpython-313.pyc +0 -0
- package/examples/bridges/__pycache__/test_aiflow_integration.cpython-313.pyc +0 -0
- package/examples/bridges/aiflow-bridge-enhanced.py +462 -0
- package/examples/bridges/aiflow-bridge-example.yml +310 -0
- package/examples/bridges/aiflow-phoenix-tracing.py +310 -0
- package/examples/bridges/aiflow-registration-api.openapi.yml +439 -0
- package/examples/bridges/k8s/configmap.yaml +121 -0
- package/examples/bridges/k8s/deployment-simple.yaml +34 -0
- package/examples/bridges/k8s/deployment.yaml +275 -0
- package/examples/bridges/k8s/hpa.yaml +126 -0
- package/examples/bridges/k8s/ingress.yaml +155 -0
- package/examples/bridges/kagent-bridge-example.yml +94 -0
- package/examples/bridges/load-tests/Dockerfile +28 -0
- package/examples/bridges/load-tests/k6-load-test.js +302 -0
- package/examples/bridges/load-tests/requirements.txt +20 -0
- package/examples/bridges/loadtest/k6-scenarios.js +270 -0
- package/examples/bridges/phase4/SLO-SLA.yaml +249 -0
- package/examples/bridges/phase4/chaos-tests.yaml +226 -0
- package/examples/bridges/requirements.txt +24 -0
- package/examples/bridges/test_aiflow_integration.py +341 -0
- package/examples/common_npm/agent-router.ossa.yaml +182 -0
- package/examples/common_npm/agent-router.v0.2.2.ossa.yaml +60 -0
- package/examples/compliance-agent.yml +155 -0
- package/examples/crewai/research-team.ossa.json +36 -0
- package/examples/cursor/code-review-agent.ossa.json +47 -0
- package/examples/drupal/gitlab-ml-recommender.ossa.yaml +609 -0
- package/examples/drupal/gitlab-ml-recommender.v0.2.2.ossa.yaml +68 -0
- package/examples/enterprise/agent.yml +452 -0
- package/examples/extensions/drupal-v1.yml +266 -0
- package/examples/extensions/kagent-v1.yml +167 -0
- package/examples/getting-started/hello-world-complete.ossa.yaml +266 -0
- package/examples/integration-patterns/agent-to-agent-orchestration.ossa.yaml +376 -0
- package/examples/kagent/README.md +31 -0
- package/examples/kagent/compliance-validator.ossa.yaml +111 -0
- package/examples/kagent/cost-optimizer.ossa.yaml +93 -0
- package/examples/kagent/documentation-agent.ossa.yaml +91 -0
- package/examples/kagent/k8s-troubleshooter-v1.ossa.yaml +269 -0
- package/examples/kagent/k8s-troubleshooter-v1.v0.2.2.ossa.yaml +106 -0
- package/examples/kagent/k8s-troubleshooter.ossa.yaml +257 -0
- package/examples/kagent/security-scanner.ossa.yaml +140 -0
- package/examples/langchain/chain-agent.ossa.json +42 -0
- package/examples/langflow/workflow-agent.ossa.json +39 -0
- package/examples/langgraph/state-machine-agent.ossa.json +59 -0
- package/examples/llamaindex/rag-agent.ossa.json +41 -0
- package/examples/migration-guides/from-langchain-to-ossa.yaml +309 -0
- package/examples/minimal/agent.yml +152 -0
- package/examples/minimal/openapi.yaml +95 -0
- package/examples/openai/basic-agent.ossa.yaml +61 -0
- package/examples/openai/multi-tool-agent.ossa.json +165 -0
- package/examples/openai/swarm-agent.ossa.json +59 -0
- package/examples/openapi-extensions/README.md +87 -0
- package/examples/openapi-extensions/minimal-agent-api.openapi.yml +288 -0
- package/examples/openapi-extensions/orchestrator-agent-api.openapi.yml +633 -0
- package/examples/openapi-extensions/worker-agent-api.openapi.yml +533 -0
- package/examples/production/agent.yml +713 -0
- package/examples/production/document-analyzer-openai.yml +134 -0
- package/examples/quickstart/support-agent.ossa.yaml +59 -0
- package/examples/service-registry-usage.ts +423 -0
- package/examples/spec-examples/audit-agent.yml +147 -0
- package/examples/spec-examples/chat-agent.yml +189 -0
- package/examples/spec-examples/compliance-agent.yml +204 -0
- package/examples/spec-examples/data-processing-agent.yml +132 -0
- package/examples/spec-examples/development-agent.yml +138 -0
- package/examples/spec-examples/edge-agent.yml +101 -0
- package/examples/spec-examples/integration-agent.yml +129 -0
- package/examples/spec-examples/monitoring-agent.yml +130 -0
- package/examples/spec-examples/serverless-agent.yml +82 -0
- package/examples/spec-examples/workflow-agent.yml +223 -0
- package/examples/templates/ossa-compliance.yaml +56 -0
- package/examples/typescript/advanced/demo-registry.ts +168 -0
- package/examples/typescript/mcpb-agent-example.ts +358 -0
- package/examples/vercel/edge-agent.ossa.json +43 -0
- package/infrastructure/docker-compose.yml +33 -0
- package/infrastructure/gitlab-agent/rbac.yaml +126 -0
- package/infrastructure/gitlab-agent/values.yaml +150 -0
- package/infrastructure/k8s/monitoring/00-namespace.yaml +7 -0
- package/infrastructure/k8s/monitoring/01-prometheus.yaml +142 -0
- package/infrastructure/k8s/monitoring/02-grafana.yaml +63 -0
- package/infrastructure/k8s/monitoring/03-lightweight.yaml +121 -0
- package/infrastructure/k8s/monitoring/README.md +73 -0
- package/infrastructure/k8s/monitoring/deploy.sh +38 -0
- package/openapi/CHANGELOG.md +21 -0
- package/openapi/README.md +46 -0
- package/openapi/core/ossa-core-api.openapi.yaml +1503 -0
- package/openapi/core/ossa-registry-api.openapi.yaml +980 -0
- package/openapi/core/ossa-registry.openapi.yaml +855 -0
- package/openapi/core/unified-agent-gateway.openapi.yaml +833 -0
- package/openapi/reference-implementations/aiflow-bridge-api.openapi.yaml +136 -0
- package/openapi/reference-implementations/compliance-agent-api.openapi.yaml +192 -0
- package/openapi/reference-implementations/crewai-agent-api.openapi.yaml +149 -0
- package/openapi/reference-implementations/critic-agent-api.openapi.yaml +151 -0
- package/openapi/reference-implementations/document-analyzer-api.openapi.yaml +217 -0
- package/openapi/reference-implementations/drupal-agent-api.openapi.yaml +348 -0
- package/openapi/reference-implementations/getting-started-hello-world-api.openapi.yaml +149 -0
- package/openapi/reference-implementations/gitlab-ml-recommender-api.openapi.yaml +151 -0
- package/openapi/reference-implementations/governor-agent-api.openapi.yaml +193 -0
- package/openapi/reference-implementations/helm-generator.openapi.yaml +389 -0
- package/openapi/reference-implementations/integrator-agent-api.openapi.yaml +165 -0
- package/openapi/reference-implementations/judge-agent-api.openapi.yaml +148 -0
- package/openapi/reference-implementations/k8s-troubleshooter-api.openapi.yaml +167 -0
- package/openapi/reference-implementations/langchain-agent-api.openapi.yaml +171 -0
- package/openapi/reference-implementations/monitor-agent-api.openapi.yaml +171 -0
- package/openapi/reference-implementations/orchestrator-agent-api.openapi.yaml +242 -0
- package/openapi/reference-implementations/quickstart-support-agent-api.openapi.yaml +187 -0
- package/openapi/reference-implementations/self-evolving-ecosystem.openapi.yaml +1530 -0
- package/openapi/reference-implementations/worker-agent-api.openapi.yaml +208 -0
- package/openapi/reference-implementations/workflow-orchestrator-api.openapi.yaml +193 -0
- package/package.json +120 -83
- package/release.config.js +79 -0
- package/scripts/bump-version.ts +57 -0
- package/scripts/enhanced-version-manager.ts +257 -0
- package/scripts/gen-types.ts +51 -0
- package/scripts/gen-zod.ts +51 -0
- package/scripts/lib/exec.ts +37 -0
- package/scripts/lib/file-ops.ts +58 -0
- package/scripts/lib/version.ts +83 -0
- package/scripts/process-doc-templates.ts +37 -0
- package/scripts/schemas/package.schema.ts +75 -0
- package/scripts/setup-branch-protection.sh +33 -0
- package/scripts/sync-version.ts +39 -0
- package/scripts/sync-versions.ts +488 -0
- package/scripts/validate-schema.ts +49 -0
- package/spec/v0.1.9/agent-autonomous-extensions.json +234 -0
- package/spec/v0.1.9/ecosystem-compliance.json +235 -0
- package/spec/v0.1.9/ossa-v0.1.9.schema.json +695 -0
- package/spec/v0.1.9/reasoning-compliance.json +654 -0
- package/spec/v0.2.2/kagent-enhancements.json +395 -0
- package/spec/v0.2.2/ossa-0.2.2.schema.json +906 -0
- package/spec/v0.2.2/ossa-0.2.2.yaml +448 -0
- package/spec/v0.2.2/ossa-reasoning-compliance-1.0.schema.json +424 -0
- package/spec/v0.2.3/CHANGELOG.md +176 -0
- package/spec/v0.2.3/README.md +154 -0
- package/spec/v0.2.3/migrations/v0.2.2-to-v0.2.3.md +343 -0
- package/spec/v0.2.3/ossa-0.2.3.schema.json +1397 -0
- package/spec/v0.2.3/ossa-0.2.3.yaml +448 -0
- package/spec/v0.2.4/CHANGELOG.md +403 -0
- package/spec/v0.2.4/migrations/v0.2.3-to-v0.2.4.md +599 -0
- package/spec/v0.2.4/ossa-0.2.4-dev.schema.json +1696 -0
- package/spec/v0.2.4/ossa-0.2.4.schema.json +170 -68
- package/spec/v0.2.5/CHANGELOG.md +401 -0
- package/spec/v0.2.5/README.md +72 -0
- package/spec/v0.2.5/migrations/v0.2.3-to-v0.2.4.md +599 -0
- package/spec/v0.2.5/ossa-0.2.5.schema.json +1696 -0
- package/spec/v0.2.5/ossa-0.2.5.yaml +581 -0
- package/spec/v0.2.5-RC/CHANGELOG.md +401 -0
- package/spec/v0.2.5-RC/README.md +72 -0
- package/spec/v0.2.5-RC/migrations/v0.2.3-to-v0.2.4.md +599 -0
- package/spec/v0.2.5-RC/ossa-0.2.5-RC.schema.json +1696 -0
- package/spec/v0.2.5-RC/ossa-0.2.5-RC.yaml +581 -0
- package/test-results.xml +1 -0
- package/website/.lighthouserc.ts +24 -0
- package/website/.prettierrc +10 -0
- package/website/Dockerfile +30 -0
- package/website/app/about/page.tsx +295 -0
- package/website/app/blog/[slug]/page.tsx +208 -0
- package/website/app/blog/page.tsx +249 -0
- package/website/app/design-guide/page.tsx +511 -0
- package/website/app/docs/[[...slug]]/page.tsx +847 -0
- package/website/app/docs/core-concepts/project-structure/page.tsx +349 -0
- package/website/app/ecosystem/page.tsx +375 -0
- package/website/app/examples/page.tsx +133 -0
- package/website/app/globals.scss +135 -0
- package/website/app/layout.tsx +106 -0
- package/website/app/license/page.tsx +183 -0
- package/website/app/not-found.tsx +18 -0
- package/website/app/page.tsx +474 -0
- package/website/app/playground/page.tsx +487 -0
- package/website/app/robots.ts +19 -0
- package/website/app/rss.xml/route.ts +74 -0
- package/website/app/schema/page.tsx +1001 -0
- package/website/app/sitemap.ts +56 -0
- package/website/app/specification/page.tsx +287 -0
- package/website/components/InstallCommand.tsx +96 -0
- package/website/components/Logo.tsx +97 -0
- package/website/components/StructuredData.tsx +65 -0
- package/website/components/docs/DocsSearch.tsx +104 -0
- package/website/components/docs/DocsSidebar.tsx +155 -0
- package/website/components/docs/MarkdownContent.tsx +401 -0
- package/website/components/docs/VersionSelector.tsx +105 -0
- package/website/components/examples/ExamplesViewer.tsx +293 -0
- package/website/components/layout/Footer.tsx +116 -0
- package/website/components/layout/Header.tsx +168 -0
- package/website/components/schema/SchemaComponentsAccordion.tsx +84 -0
- package/website/components/schema/SchemaExplorer.tsx +213 -0
- package/website/content/blog/OpenAPI-AI-Agents-Standard.md +285 -0
- package/website/content/blog/Why-Formal-Standards-Matter-Now.md +198 -0
- package/website/content/blog/gitlab-kubernetes-agent-ecosystem.md +286 -0
- package/website/content/blog/introducing-ossa-framework.md +328 -0
- package/website/content/blog/ossa-production-results.md +279 -0
- package/website/content/blog/welcome-to-ossa.md +43 -0
- package/website/content/blog/why-ai-agents-need-open-standard.md +98 -0
- package/website/content/docs/00-HOME.md +153 -0
- package/website/content/docs/AIFlow-Framework-Integration-with-OSSA.md +107 -0
- package/website/content/docs/Examples.md +71 -0
- package/website/content/docs/OpenAPI-Extensions.md +934 -0
- package/website/content/docs/adapters/openai-adapter.md +693 -0
- package/website/content/docs/architecture/execution-flow.md +335 -0
- package/website/content/docs/architecture/multi-agent-systems.md +737 -0
- package/website/content/docs/architecture/overview.md +121 -0
- package/website/content/docs/architecture/stack-integration.md +461 -0
- package/website/content/docs/changelog.md +246 -0
- package/website/content/docs/contributing.md +599 -0
- package/website/content/docs/core-concepts/Project-Structure.md +348 -0
- package/website/content/docs/ecosystem/framework-support.md +819 -0
- package/website/content/docs/ecosystem/overview.md +366 -0
- package/website/content/docs/examples/AIFlow-Framework-Integration-with-OSSA.md +107 -0
- package/website/content/docs/examples/Migration-Guides.md +214 -0
- package/website/content/docs/for-audiences/Architects.md +224 -0
- package/website/content/docs/for-audiences/Developers.md +220 -0
- package/website/content/docs/for-audiences/Enterprises.md +256 -0
- package/website/content/docs/for-audiences/Students-Researchers.md +122 -0
- package/website/content/docs/getting-started/5-Minute-Overview.md +85 -0
- package/website/content/docs/getting-started/First-Agent.md +196 -0
- package/website/content/docs/getting-started/Hello-World.md +184 -0
- package/website/content/docs/getting-started/Installation.md +155 -0
- package/website/content/docs/getting-started/index.md +92 -0
- package/website/content/docs/getting-started/running-agents.md +309 -0
- package/website/content/docs/getting-started.md +91 -0
- package/website/content/docs/integrations/aiflow.md +104 -0
- package/website/content/docs/integrations/drupal.md +105 -0
- package/website/content/docs/migration-guides/00-INDEX.md +76 -0
- package/website/content/docs/migration-guides/README.md +133 -0
- package/website/content/docs/migration-guides/agent-schema-comparison.md +232 -0
- package/website/content/docs/migration-guides/anthropic-mcp-to-ossa.md +1750 -0
- package/website/content/docs/migration-guides/crewai-to-ossa.md +274 -0
- package/website/content/docs/migration-guides/drupal-eca-to-ossa.md +2017 -0
- package/website/content/docs/migration-guides/general-agent-schema.yml +247 -0
- package/website/content/docs/migration-guides/index.md +133 -0
- package/website/content/docs/migration-guides/langchain-to-ossa.md +1714 -0
- package/website/content/docs/migration-guides/langflow-to-ossa.md +2075 -0
- package/website/content/docs/migration-guides/migration-manifest.json +64 -0
- package/website/content/docs/migration-guides/openai-to-ossa.md +1202 -0
- package/website/content/docs/openapi-extensions/examples.md +550 -0
- package/website/content/docs/openapi-extensions/index.md +551 -0
- package/website/content/docs/openapi-extensions/operation-extensions.md +457 -0
- package/website/content/docs/openapi-extensions/root-extensions.md +410 -0
- package/website/content/docs/ossa-compliant-badge.md +251 -0
- package/website/content/docs/pre-release/index.md +175 -0
- package/website/content/docs/quick-reference.md +17 -0
- package/website/content/docs/readme.md +35 -0
- package/website/content/docs/schema-reference/agent-spec.md +406 -0
- package/website/content/docs/schema-reference/autonomy.md +568 -0
- package/website/content/docs/schema-reference/constraints.md +543 -0
- package/website/content/docs/schema-reference/index.md +176 -0
- package/website/content/docs/schema-reference/llm-config.md +445 -0
- package/website/content/docs/schema-reference/observability.md +654 -0
- package/website/content/docs/schema-reference/ossa-manifest.md +309 -0
- package/website/content/docs/schema-reference/taxonomy.md +509 -0
- package/website/content/docs/schema-reference/tools.md +628 -0
- package/website/content/docs/templates/blog-post.md +43 -0
- package/website/content/docs/use-cases/00-index.md +395 -0
- package/website/content/docs/use-cases/cicd-code-review.md +1236 -0
- package/website/content/docs/use-cases/customer-support.md +1234 -0
- package/website/content/docs/use-cases/enterprise-compliance.md +1208 -0
- package/website/content/docs/use-cases/research-multi-agent.md +1161 -0
- package/website/content/docs/versioning.md +288 -0
- package/website/lib/version.ts +35 -0
- package/website/lib/versions.json +18 -17
- package/website/next.config.ts +18 -0
- package/website/nginx.conf +32 -0
- package/website/package-lock.json +9679 -0
- package/website/package.json +59 -0
- package/website/postcss.config.mjs +9 -0
- package/website/scripts/fetch-versions.js +166 -0
- package/website/scripts/generate-examples-index.js +163 -0
- package/website/scripts/merge-docs-to-wiki.ts +207 -0
- package/website/scripts/sync-version.js +72 -0
- package/website/scripts/sync-wiki.ts +322 -0
- package/website/scripts/upload-wiki.ts +199 -0
- package/website/styles/_variables.scss +36 -0
- package/website/tailwind.config.ts +136 -0
- package/.buildkit/agent-first-policy.sh +0 -65
- package/.buildkit/branching-workflow.json +0 -41
- package/.buildkit/hooks.yaml +0 -23
- package/.buildkit/install-buildkit-setup.cjs +0 -483
- package/.cursor/plans/ossa-comprehensive-enhancement-issue-audit-plan.plan.md +0 -735
- package/.cursor/plans/ossa-enterprise-transformation-plan-0ccaf09b.plan.md +0 -373
- package/.cursor/plans/ossa-milestone-organization-and-v0-2-4-release-6dafa4ec.plan.md +0 -214
- package/.cursor/rules/problems.json +0 -483
- package/.cursor/settings.json +0 -29
- package/.cursor/worktrees.json +0 -95
- package/.env.local +0 -31
- package/.github/ISSUE_TEMPLATE/README.md +0 -33
- package/.github/ISSUE_TEMPLATE/bug_report.md +0 -61
- package/.github/ISSUE_TEMPLATE/config.yml +0 -12
- package/.github/ISSUE_TEMPLATE/feature_request.md +0 -75
- package/.github/wiki_templates/home.md +0 -39
- package/.gitignore.bak +0 -489
- package/.gitlab-ci-trigger +0 -1
- package/.husky/pre-commit +0 -31
- package/.lintstagedrc.json +0 -16
- package/.vscode/extensions.json +0 -6
- package/.vscode/settings.json +0 -3
- package/AUDIT_FIXES.md +0 -139
- package/AUDIT_REPORT.md +0 -308
- package/BUILDKIT_INTEGRATION.md +0 -146
- package/Dockerfile +0 -35
- package/dist/adk/adapters/index.d.ts +0 -64
- package/dist/adk/adapters/index.d.ts.map +0 -1
- package/dist/adk/adapters/index.js +0 -257
- package/dist/adk/adapters/index.js.map +0 -1
- package/dist/adk/agents/custom-agent.d.ts +0 -55
- package/dist/adk/agents/custom-agent.d.ts.map +0 -1
- package/dist/adk/agents/custom-agent.js +0 -167
- package/dist/adk/agents/custom-agent.js.map +0 -1
- package/dist/adk/agents/index.d.ts +0 -64
- package/dist/adk/agents/index.d.ts.map +0 -1
- package/dist/adk/agents/index.js +0 -125
- package/dist/adk/agents/index.js.map +0 -1
- package/dist/adk/agents/llm-agent.d.ts +0 -27
- package/dist/adk/agents/llm-agent.d.ts.map +0 -1
- package/dist/adk/agents/llm-agent.js +0 -63
- package/dist/adk/agents/llm-agent.js.map +0 -1
- package/dist/adk/agents/workflow-agent.d.ts +0 -42
- package/dist/adk/agents/workflow-agent.d.ts.map +0 -1
- package/dist/adk/agents/workflow-agent.js +0 -144
- package/dist/adk/agents/workflow-agent.js.map +0 -1
- package/dist/adk/index.d.ts +0 -10
- package/dist/adk/index.d.ts.map +0 -1
- package/dist/adk/index.js +0 -10
- package/dist/adk/index.js.map +0 -1
- package/dist/adk/orchestration/index.d.ts +0 -63
- package/dist/adk/orchestration/index.d.ts.map +0 -1
- package/dist/adk/orchestration/index.js +0 -264
- package/dist/adk/orchestration/index.js.map +0 -1
- package/dist/adk/state/index.d.ts +0 -73
- package/dist/adk/state/index.d.ts.map +0 -1
- package/dist/adk/state/index.js +0 -177
- package/dist/adk/state/index.js.map +0 -1
- package/dist/adk/tools/index.d.ts +0 -65
- package/dist/adk/tools/index.d.ts.map +0 -1
- package/dist/adk/tools/index.js +0 -252
- package/dist/adk/tools/index.js.map +0 -1
- package/dist/cli/agent-deployment.d.ts +0 -34
- package/dist/cli/agent-deployment.d.ts.map +0 -1
- package/dist/cli/agent-deployment.js +0 -396
- package/dist/cli/agent-deployment.js.map +0 -1
- package/dist/cli/commands/discover.command.d.ts +0 -7
- package/dist/cli/commands/discover.command.d.ts.map +0 -1
- package/dist/cli/commands/discover.command.js +0 -80
- package/dist/cli/commands/discover.command.js.map +0 -1
- package/dist/cli/commands/export.command.d.ts +0 -7
- package/dist/cli/commands/export.command.d.ts.map +0 -1
- package/dist/cli/commands/export.command.js +0 -56
- package/dist/cli/commands/export.command.js.map +0 -1
- package/dist/cli/commands/generate.command.d.ts +0 -7
- package/dist/cli/commands/generate.command.d.ts.map +0 -1
- package/dist/cli/commands/generate.command.js +0 -66
- package/dist/cli/commands/generate.command.js.map +0 -1
- package/dist/cli/commands/gitlab-agent.command.d.ts +0 -8
- package/dist/cli/commands/gitlab-agent.command.d.ts.map +0 -1
- package/dist/cli/commands/gitlab-agent.command.js +0 -201
- package/dist/cli/commands/gitlab-agent.command.js.map +0 -1
- package/dist/cli/commands/import.command.d.ts +0 -7
- package/dist/cli/commands/import.command.d.ts.map +0 -1
- package/dist/cli/commands/import.command.js +0 -36
- package/dist/cli/commands/import.command.js.map +0 -1
- package/dist/cli/commands/init.command.d.ts +0 -7
- package/dist/cli/commands/init.command.d.ts.map +0 -1
- package/dist/cli/commands/init.command.js +0 -146
- package/dist/cli/commands/init.command.js.map +0 -1
- package/dist/cli/commands/migrate.command.d.ts +0 -7
- package/dist/cli/commands/migrate.command.d.ts.map +0 -1
- package/dist/cli/commands/migrate.command.js +0 -110
- package/dist/cli/commands/migrate.command.js.map +0 -1
- package/dist/cli/commands/ossa.d.ts +0 -9
- package/dist/cli/commands/ossa.d.ts.map +0 -1
- package/dist/cli/commands/ossa.js +0 -234
- package/dist/cli/commands/ossa.js.map +0 -1
- package/dist/cli/commands/run.command.d.ts +0 -7
- package/dist/cli/commands/run.command.d.ts.map +0 -1
- package/dist/cli/commands/run.command.js +0 -114
- package/dist/cli/commands/run.command.js.map +0 -1
- package/dist/cli/commands/schema.command.d.ts +0 -7
- package/dist/cli/commands/schema.command.d.ts.map +0 -1
- package/dist/cli/commands/schema.command.js +0 -72
- package/dist/cli/commands/schema.command.js.map +0 -1
- package/dist/cli/commands/validate.command.d.ts +0 -7
- package/dist/cli/commands/validate.command.d.ts.map +0 -1
- package/dist/cli/commands/validate.command.js +0 -125
- package/dist/cli/commands/validate.command.js.map +0 -1
- package/dist/cli/commands/worktree.d.ts +0 -7
- package/dist/cli/commands/worktree.d.ts.map +0 -1
- package/dist/cli/commands/worktree.js +0 -509
- package/dist/cli/commands/worktree.js.map +0 -1
- package/dist/cli/index.d.ts +0 -7
- package/dist/cli/index.d.ts.map +0 -1
- package/dist/cli/index.js +0 -50
- package/dist/cli/index.js.map +0 -1
- package/dist/cli/ossa-cli.d.ts +0 -52
- package/dist/cli/ossa-cli.d.ts.map +0 -1
- package/dist/cli/ossa-cli.js +0 -1061
- package/dist/cli/ossa-cli.js.map +0 -1
- package/dist/core/index.d.ts +0 -31
- package/dist/core/index.d.ts.map +0 -1
- package/dist/core/index.js +0 -37
- package/dist/core/index.js.map +0 -1
- package/dist/core/mcp-server-implementation.d.ts +0 -39
- package/dist/core/mcp-server-implementation.d.ts.map +0 -1
- package/dist/core/mcp-server-implementation.js +0 -1262
- package/dist/core/mcp-server-implementation.js.map +0 -1
- package/dist/core/orchestrator/index.d.ts +0 -156
- package/dist/core/orchestrator/index.d.ts.map +0 -1
- package/dist/core/orchestrator/index.js +0 -446
- package/dist/core/orchestrator/index.js.map +0 -1
- package/dist/core/orchestrator/ossa-orchestrator.d.ts +0 -106
- package/dist/core/orchestrator/ossa-orchestrator.d.ts.map +0 -1
- package/dist/core/orchestrator/ossa-orchestrator.js +0 -396
- package/dist/core/orchestrator/ossa-orchestrator.js.map +0 -1
- package/dist/protocols/acap.d.ts +0 -61
- package/dist/protocols/acap.d.ts.map +0 -1
- package/dist/protocols/acap.js +0 -92
- package/dist/protocols/acap.js.map +0 -1
- package/dist/protocols/index.d.ts +0 -8
- package/dist/protocols/index.d.ts.map +0 -1
- package/dist/protocols/index.js +0 -8
- package/dist/protocols/index.js.map +0 -1
- package/dist/protocols/rasp.d.ts +0 -58
- package/dist/protocols/rasp.d.ts.map +0 -1
- package/dist/protocols/rasp.js +0 -212
- package/dist/protocols/rasp.js.map +0 -1
- package/dist/server/simple-app.d.ts +0 -18
- package/dist/server/simple-app.d.ts.map +0 -1
- package/dist/server/simple-app.js +0 -155
- package/dist/server/simple-app.js.map +0 -1
- package/dist/server/types/agent.d.ts +0 -498
- package/dist/server/types/agent.d.ts.map +0 -1
- package/dist/server/types/agent.js +0 -37
- package/dist/server/types/agent.js.map +0 -1
- package/dist/server/types/server.d.ts +0 -370
- package/dist/server/types/server.d.ts.map +0 -1
- package/dist/server/types/server.js +0 -68
- package/dist/server/types/server.js.map +0 -1
- package/dist/services/discovery.service.d.ts +0 -78
- package/dist/services/discovery.service.d.ts.map +0 -1
- package/dist/services/discovery.service.js +0 -212
- package/dist/services/discovery.service.js.map +0 -1
- package/dist/services/orchestration/worktree-orchestrator.d.ts +0 -146
- package/dist/services/orchestration/worktree-orchestrator.d.ts.map +0 -1
- package/dist/services/orchestration/worktree-orchestrator.js +0 -591
- package/dist/services/orchestration/worktree-orchestrator.js.map +0 -1
- package/dist/services/worktree/branching-strategy.d.ts +0 -17
- package/dist/services/worktree/branching-strategy.d.ts.map +0 -1
- package/dist/services/worktree/branching-strategy.js +0 -66
- package/dist/services/worktree/branching-strategy.js.map +0 -1
- package/dist/services/worktree/git-worktree-manager.d.ts +0 -32
- package/dist/services/worktree/git-worktree-manager.d.ts.map +0 -1
- package/dist/services/worktree/git-worktree-manager.js +0 -61
- package/dist/services/worktree/git-worktree-manager.js.map +0 -1
- package/dist/spec/v0.2.4-dev/README.md +0 -61
- package/dist/spec/v0.2.4-dev/RELEASE-PROCESS.md +0 -130
- package/dist/spec/v0.2.4-dev/migrations/v0.2.3-to-v0.2.4.md +0 -599
- package/dist/spec/v0.2.4-dev/openapi/CHANGELOG-0.2.4.md +0 -177
- package/dist/spec/v0.2.4-dev/openapi/README-0.2.4.md +0 -51
- package/dist/spec/v0.2.4-dev/openapi/VERIFICATION-0.2.4.md +0 -147
- package/dist/spec/v0.2.4-dev/ossa-0.2.4-dev.schema.json +0 -1717
- package/dist/spec/v0.2.5-dev/migrations/v0.2.4-to-v0.2.5.md +0 -317
- package/dist/spec/v0.2.5-dev/ossa-0.2.5-dev.schema.json +0 -1732
- package/dist/spec/v0.2.5-dev/ossa-0.2.5-dev.yaml +0 -409
- package/dist/specification/validator.d.ts +0 -82
- package/dist/specification/validator.d.ts.map +0 -1
- package/dist/specification/validator.js +0 -562
- package/dist/specification/validator.js.map +0 -1
- package/dist/types/acdl-api.d.ts +0 -335
- package/dist/types/acdl-api.d.ts.map +0 -1
- package/dist/types/acdl-api.js +0 -6
- package/dist/types/acdl-api.js.map +0 -1
- package/dist/types/agents/index.d.ts +0 -53
- package/dist/types/agents/index.d.ts.map +0 -1
- package/dist/types/agents/index.js +0 -5
- package/dist/types/agents/index.js.map +0 -1
- package/dist/types/api.d.ts +0 -225
- package/dist/types/api.d.ts.map +0 -1
- package/dist/types/api.js +0 -6
- package/dist/types/api.js.map +0 -1
- package/dist/types/architecture/index.d.ts +0 -530
- package/dist/types/architecture/index.d.ts.map +0 -1
- package/dist/types/architecture/index.js +0 -258
- package/dist/types/architecture/index.js.map +0 -1
- package/dist/types/policies/index.d.ts +0 -35
- package/dist/types/policies/index.d.ts.map +0 -1
- package/dist/types/policies/index.js +0 -5
- package/dist/types/policies/index.js.map +0 -1
- package/dist/types/workflows/index.d.ts +0 -40
- package/dist/types/workflows/index.d.ts.map +0 -1
- package/dist/types/workflows/index.js +0 -5
- package/dist/types/workflows/index.js.map +0 -1
- package/dist/utils/version-resolver.d.ts +0 -28
- package/dist/utils/version-resolver.d.ts.map +0 -1
- package/dist/utils/version-resolver.js +0 -110
- package/dist/utils/version-resolver.js.map +0 -1
- package/docker-compose.yml +0 -160
- package/public/api-docs.html +0 -206
- package/public/assets/favicon.svg +0 -8
- package/public/assets/script.js +0 -279
- package/public/assets/style.css +0 -632
- package/public/index.html +0 -307
- package/public/redocly-config.yaml +0 -80
- package/public/src/api/acdl-specification.yml +0 -531
- package/public/src/api/clean-architecture.openapi.yml +0 -1435
- package/public/src/api/context7-mcp.openapi.yml +0 -313
- package/public/src/api/magic-mcp.openapi.yml +0 -647
- package/public/src/api/mcp-infrastructure.openapi.yml +0 -904
- package/public/src/api/orchestration.openapi.yml +0 -444
- package/public/src/api/ossa-complete.openapi.yml +0 -2250
- package/public/src/api/project-discovery.openapi.yml +0 -1293
- package/public/src/api/rebuild-audit.openapi.yml +0 -800
- package/public/src/api/specification.openapi.yml +0 -498
- package/public/src/api/voice-agent-specification.yml +0 -640
- package/public/src/api/web-eval-mcp.openapi.yml +0 -426
- package/pyrightconfig.json +0 -13
- package/redocly.yaml +0 -56
- package/specs/README.md +0 -31
- package/specs/acdl-specification.yml +0 -531
- package/specs/clean-architecture.openapi.yml +0 -1435
- package/specs/context7-mcp.openapi.yml +0 -313
- package/specs/magic-mcp.openapi.yml +0 -647
- package/specs/mcp-infrastructure.openapi.yml +0 -904
- package/specs/orchestration.openapi.yml +0 -444
- package/specs/ossa-complete.openapi.yml +0 -2250
- package/specs/project-discovery.openapi.yml +0 -1293
- package/specs/rebuild-audit.openapi.yml +0 -800
- package/specs/specification.openapi.yml +0 -498
- package/specs/test-api.openapi.yml +0 -20
- package/specs/voice-agent-specification.yml +0 -640
- package/specs/web-eval-mcp.openapi.yml +0 -426
- package/src/adk/adapters/index.ts +0 -310
- package/src/adk/agents/custom-agent.ts +0 -206
- package/src/adk/agents/index.ts +0 -158
- package/src/adk/agents/llm-agent.ts +0 -76
- package/src/adk/agents/workflow-agent.ts +0 -191
- package/src/adk/index.ts +0 -10
- package/src/adk/orchestration/index.ts +0 -352
- package/src/adk/state/index.ts +0 -217
- package/src/adk/tools/index.ts +0 -291
- package/src/api/acdl-specification.yml +0 -531
- package/src/api/agent-manifest.schema.json +0 -859
- package/src/api/agent-worktree-schema.json +0 -320
- package/src/api/clean-architecture.openapi.yml +0 -1435
- package/src/api/context7-mcp.openapi.yml +0 -313
- package/src/api/magic-mcp.openapi.yml +0 -647
- package/src/api/mcp-infrastructure.openapi.yml +0 -904
- package/src/api/openapi.redoc.config.json +0 -6
- package/src/api/orchestration.openapi.yml +0 -444
- package/src/api/ossa-complete.openapi.yml +0 -2250
- package/src/api/project-discovery.openapi.yml +0 -1293
- package/src/api/rebuild-audit.openapi.yml +0 -800
- package/src/api/specification.openapi.yml +0 -498
- package/src/api/test-api.openapi.yml +0 -20
- package/src/api/voice-agent-specification.yml +0 -640
- package/src/api/web-eval-mcp.openapi.yml +0 -426
- package/src/api/workflow.schema.json +0 -524
- package/src/cli/agent-deployment.ts +0 -452
- package/src/cli/commands/ossa.ts +0 -272
- package/src/cli/commands/worktree.ts +0 -603
- package/src/cli/ossa-cli.ts +0 -1176
- package/src/core/index.ts +0 -42
- package/src/core/mcp-server-implementation.ts +0 -1409
- package/src/core/orchestrator/index.ts +0 -611
- package/src/core/orchestrator/ossa-orchestrator.ts +0 -504
- package/src/mcp/simple-server.ts +0 -322
- package/src/protocols/acap.ts +0 -146
- package/src/protocols/index.ts +0 -8
- package/src/protocols/rasp.ts +0 -263
- package/src/server/app.ts +0 -472
- package/src/server/middleware/agentAccess.ts +0 -10
- package/src/server/middleware/asyncHandler.ts +0 -10
- package/src/server/middleware/auth.ts +0 -10
- package/src/server/middleware/errorHandler.ts +0 -9
- package/src/server/middleware/logging.ts +0 -10
- package/src/server/middleware/metrics.ts +0 -10
- package/src/server/middleware/validation.ts +0 -10
- package/src/server/routes/agents.ts +0 -632
- package/src/server/routes/monitoring.ts +0 -13
- package/src/server/routes/orchestration.ts +0 -13
- package/src/server/routes/specifications.ts +0 -13
- package/src/server/services/AgentService.ts +0 -46
- package/src/server/services/ExecutionService.ts +0 -51
- package/src/server/services/SpecificationService.ts +0 -22
- package/src/server/services/WebhookService.ts +0 -24
- package/src/server/simple-app.ts +0 -174
- package/src/server/types/agent.ts +0 -612
- package/src/server/types/server.ts +0 -465
- package/src/services/orchestration/worktree-orchestrator.ts +0 -779
- package/src/services/worktree/branching-strategy.ts +0 -76
- package/src/services/worktree/git-worktree-manager.ts +0 -86
- package/website/.next/BUILD_ID +0 -1
- package/website/.next/app-build-manifest.json +0 -151
- package/website/.next/app-path-routes-manifest.json +0 -19
- package/website/.next/build-manifest.json +0 -33
- package/website/.next/cache/.previewinfo +0 -1
- package/website/.next/cache/.rscinfo +0 -1
- package/website/.next/cache/.tsbuildinfo +0 -1
- package/website/.next/cache/fetch-cache/920aec34c288eefa97c5efba3baf95a846a0beb0c48a5064980a2c24b83e941c +0 -1
- package/website/.next/cache/fetch-cache/c2ad7a72b43463a0daaa85ca926a8af38defd17ecb64f1fdd2dd4fe2293e8b26 +0 -1
- package/website/.next/cache/fetch-cache/d10eb963d5980c8a50ee9ed24472339ee6da054ead33e00676e61e8b8e62cc83 +0 -1
- package/website/.next/cache/fetch-cache/f243d84640477f3205b74a85013018acd63b692144675630a74d1af8a3e9eab5 +0 -1
- package/website/.next/cache/webpack/client-production/0.pack +0 -0
- package/website/.next/cache/webpack/client-production/1.pack +0 -0
- package/website/.next/cache/webpack/client-production/10.pack +0 -0
- package/website/.next/cache/webpack/client-production/11.pack +0 -0
- package/website/.next/cache/webpack/client-production/12.pack +0 -0
- package/website/.next/cache/webpack/client-production/13.pack +0 -0
- package/website/.next/cache/webpack/client-production/14.pack +0 -0
- package/website/.next/cache/webpack/client-production/15.pack +0 -0
- package/website/.next/cache/webpack/client-production/16.pack +0 -0
- package/website/.next/cache/webpack/client-production/17.pack +0 -0
- package/website/.next/cache/webpack/client-production/18.pack +0 -0
- package/website/.next/cache/webpack/client-production/2.pack +0 -0
- package/website/.next/cache/webpack/client-production/3.pack +0 -0
- package/website/.next/cache/webpack/client-production/4.pack +0 -0
- package/website/.next/cache/webpack/client-production/5.pack +0 -0
- package/website/.next/cache/webpack/client-production/6.pack +0 -0
- package/website/.next/cache/webpack/client-production/7.pack +0 -0
- package/website/.next/cache/webpack/client-production/8.pack +0 -0
- package/website/.next/cache/webpack/client-production/9.pack +0 -0
- package/website/.next/cache/webpack/client-production/index.pack +0 -0
- package/website/.next/cache/webpack/client-production/index.pack.old +0 -0
- package/website/.next/cache/webpack/edge-server-production/0.pack +0 -0
- package/website/.next/cache/webpack/edge-server-production/index.pack +0 -0
- package/website/.next/cache/webpack/server-production/0.pack +0 -0
- package/website/.next/cache/webpack/server-production/1.pack +0 -0
- package/website/.next/cache/webpack/server-production/10.pack +0 -0
- package/website/.next/cache/webpack/server-production/11.pack +0 -0
- package/website/.next/cache/webpack/server-production/12.pack +0 -0
- package/website/.next/cache/webpack/server-production/2.pack +0 -0
- package/website/.next/cache/webpack/server-production/3.pack +0 -0
- package/website/.next/cache/webpack/server-production/4.pack +0 -0
- package/website/.next/cache/webpack/server-production/5.pack +0 -0
- package/website/.next/cache/webpack/server-production/6.pack +0 -0
- package/website/.next/cache/webpack/server-production/7.pack +0 -0
- package/website/.next/cache/webpack/server-production/8.pack +0 -0
- package/website/.next/cache/webpack/server-production/9.pack +0 -0
- package/website/.next/cache/webpack/server-production/index.pack +0 -0
- package/website/.next/cache/webpack/server-production/index.pack.old +0 -0
- package/website/.next/diagnostics/build-diagnostics.json +0 -6
- package/website/.next/diagnostics/framework.json +0 -1
- package/website/.next/export-detail.json +0 -5
- package/website/.next/export-marker.json +0 -6
- package/website/.next/images-manifest.json +0 -57
- package/website/.next/next-minimal-server.js.nft.json +0 -1
- package/website/.next/next-server.js.nft.json +0 -1
- package/website/.next/package.json +0 -1
- package/website/.next/prerender-manifest.json +0 -2143
- package/website/.next/react-loadable-manifest.json +0 -1898
- package/website/.next/required-server-files.json +0 -320
- package/website/.next/routes-manifest.json +0 -161
- package/website/.next/server/app/_not-found/page.js +0 -2
- package/website/.next/server/app/_not-found/page.js.nft.json +0 -1
- package/website/.next/server/app/_not-found/page_client-reference-manifest.js +0 -1
- package/website/.next/server/app/_not-found.html +0 -1
- package/website/.next/server/app/_not-found.meta +0 -8
- package/website/.next/server/app/_not-found.rsc +0 -23
- package/website/.next/server/app/about/page.js +0 -2
- package/website/.next/server/app/about/page.js.nft.json +0 -1
- package/website/.next/server/app/about/page_client-reference-manifest.js +0 -1
- package/website/.next/server/app/about.html +0 -1
- package/website/.next/server/app/about.meta +0 -7
- package/website/.next/server/app/about.rsc +0 -40
- package/website/.next/server/app/blog/OpenAPI-AI-Agents-Standard.html +0 -217
- package/website/.next/server/app/blog/OpenAPI-AI-Agents-Standard.meta +0 -7
- package/website/.next/server/app/blog/OpenAPI-AI-Agents-Standard.rsc +0 -308
- package/website/.next/server/app/blog/Why-Formal-Standards-Matter-Now.html +0 -180
- package/website/.next/server/app/blog/Why-Formal-Standards-Matter-Now.meta +0 -7
- package/website/.next/server/app/blog/Why-Formal-Standards-Matter-Now.rsc +0 -232
- package/website/.next/server/app/blog/[slug]/page.js +0 -2
- package/website/.next/server/app/blog/[slug]/page.js.nft.json +0 -1
- package/website/.next/server/app/blog/[slug]/page_client-reference-manifest.js +0 -1
- package/website/.next/server/app/blog/introducing-ossa-framework.html +0 -263
- package/website/.next/server/app/blog/introducing-ossa-framework.meta +0 -7
- package/website/.next/server/app/blog/introducing-ossa-framework.rsc +0 -351
- package/website/.next/server/app/blog/ossa-production-results.html +0 -198
- package/website/.next/server/app/blog/ossa-production-results.meta +0 -7
- package/website/.next/server/app/blog/ossa-production-results.rsc +0 -302
- package/website/.next/server/app/blog/page.js +0 -2
- package/website/.next/server/app/blog/page.js.nft.json +0 -1
- package/website/.next/server/app/blog/page_client-reference-manifest.js +0 -1
- package/website/.next/server/app/blog/welcome-to-ossa.html +0 -22
- package/website/.next/server/app/blog/welcome-to-ossa.meta +0 -7
- package/website/.next/server/app/blog/welcome-to-ossa.rsc +0 -31
- package/website/.next/server/app/blog/why-ai-agents-need-open-standard.html +0 -63
- package/website/.next/server/app/blog/why-ai-agents-need-open-standard.meta +0 -7
- package/website/.next/server/app/blog/why-ai-agents-need-open-standard.rsc +0 -121
- package/website/.next/server/app/blog.html +0 -1
- package/website/.next/server/app/blog.meta +0 -7
- package/website/.next/server/app/blog.rsc +0 -35
- package/website/.next/server/app/design-guide/page.js +0 -12
- package/website/.next/server/app/design-guide/page.js.nft.json +0 -1
- package/website/.next/server/app/design-guide/page_client-reference-manifest.js +0 -1
- package/website/.next/server/app/design-guide.html +0 -11
- package/website/.next/server/app/design-guide.meta +0 -7
- package/website/.next/server/app/design-guide.rsc +0 -41
- package/website/.next/server/app/docs.html +0 -1
- package/website/.next/server/app/docs.meta +0 -7
- package/website/.next/server/app/docs.rsc +0 -42
- package/website/.next/server/app/ecosystem/page.js +0 -2
- package/website/.next/server/app/ecosystem/page.js.nft.json +0 -1
- package/website/.next/server/app/ecosystem/page_client-reference-manifest.js +0 -1
- package/website/.next/server/app/ecosystem.html +0 -1
- package/website/.next/server/app/ecosystem.meta +0 -7
- package/website/.next/server/app/ecosystem.rsc +0 -40
- package/website/.next/server/app/examples.html +0 -1
- package/website/.next/server/app/examples.meta +0 -7
- package/website/.next/server/app/examples.rsc +0 -14559
- package/website/.next/server/app/index.html +0 -3
- package/website/.next/server/app/index.meta +0 -7
- package/website/.next/server/app/index.rsc +0 -40
- package/website/.next/server/app/license/page.js +0 -2
- package/website/.next/server/app/license/page.js.nft.json +0 -1
- package/website/.next/server/app/license/page_client-reference-manifest.js +0 -1
- package/website/.next/server/app/license.html +0 -191
- package/website/.next/server/app/license.meta +0 -7
- package/website/.next/server/app/license.rsc +0 -222
- package/website/.next/server/app/page.js +0 -4
- package/website/.next/server/app/page.js.nft.json +0 -1
- package/website/.next/server/app/page_client-reference-manifest.js +0 -1
- package/website/.next/server/app/playground/page.js +0 -111
- package/website/.next/server/app/playground/page.js.nft.json +0 -1
- package/website/.next/server/app/playground/page_client-reference-manifest.js +0 -1
- package/website/.next/server/app/playground.html +0 -1
- package/website/.next/server/app/playground.meta +0 -7
- package/website/.next/server/app/playground.rsc +0 -30
- package/website/.next/server/app/robots.txt/route.js +0 -1
- package/website/.next/server/app/robots.txt/route.js.nft.json +0 -1
- package/website/.next/server/app/robots.txt/route_client-reference-manifest.js +0 -1
- package/website/.next/server/app/robots.txt.body +0 -6
- package/website/.next/server/app/robots.txt.meta +0 -1
- package/website/.next/server/app/rss.xml/route.js +0 -18
- package/website/.next/server/app/rss.xml/route.js.nft.json +0 -1
- package/website/.next/server/app/rss.xml/route_client-reference-manifest.js +0 -1
- package/website/.next/server/app/rss.xml.body +0 -11
- package/website/.next/server/app/rss.xml.meta +0 -1
- package/website/.next/server/app/schema/page.js +0 -76
- package/website/.next/server/app/schema/page.js.nft.json +0 -1
- package/website/.next/server/app/schema/page_client-reference-manifest.js +0 -1
- package/website/.next/server/app/schema.html +0 -1
- package/website/.next/server/app/schema.meta +0 -7
- package/website/.next/server/app/schema.rsc +0 -26
- package/website/.next/server/app/sitemap.xml/route.js +0 -1
- package/website/.next/server/app/sitemap.xml/route.js.nft.json +0 -1
- package/website/.next/server/app/sitemap.xml/route_client-reference-manifest.js +0 -1
- package/website/.next/server/app/sitemap.xml.body +0 -39
- package/website/.next/server/app/sitemap.xml.meta +0 -1
- package/website/.next/server/app/specification/page.js +0 -10
- package/website/.next/server/app/specification/page.js.nft.json +0 -1
- package/website/.next/server/app/specification/page_client-reference-manifest.js +0 -1
- package/website/.next/server/app/specification.html +0 -9
- package/website/.next/server/app/specification.meta +0 -7
- package/website/.next/server/app/specification.rsc +0 -32
- package/website/.next/server/app-paths-manifest.json +0 -19
- package/website/.next/server/chunks/18.js +0 -1
- package/website/.next/server/chunks/227.js +0 -9
- package/website/.next/server/chunks/339.js +0 -25
- package/website/.next/server/chunks/49.js +0 -1
- package/website/.next/server/chunks/51.js +0 -1
- package/website/.next/server/chunks/57.js +0 -1
- package/website/.next/server/chunks/579.js +0 -16
- package/website/.next/server/chunks/611.js +0 -6
- package/website/.next/server/chunks/873.js +0 -22
- package/website/.next/server/chunks/900.js +0 -1
- package/website/.next/server/chunks/97.js +0 -1
- package/website/.next/server/functions-config-manifest.json +0 -4
- package/website/.next/server/interception-route-rewrite-manifest.js +0 -1
- package/website/.next/server/middleware-build-manifest.js +0 -1
- package/website/.next/server/middleware-manifest.json +0 -6
- package/website/.next/server/middleware-react-loadable-manifest.js +0 -1
- package/website/.next/server/next-font-manifest.js +0 -1
- package/website/.next/server/next-font-manifest.json +0 -1
- package/website/.next/server/pages/404.html +0 -1
- package/website/.next/server/pages/500.html +0 -1
- package/website/.next/server/pages/_app.js +0 -1
- package/website/.next/server/pages/_app.js.nft.json +0 -1
- package/website/.next/server/pages/_document.js +0 -1
- package/website/.next/server/pages/_document.js.nft.json +0 -1
- package/website/.next/server/pages/_error.js +0 -19
- package/website/.next/server/pages/_error.js.nft.json +0 -1
- package/website/.next/server/pages-manifest.json +0 -6
- package/website/.next/server/server-reference-manifest.js +0 -1
- package/website/.next/server/server-reference-manifest.json +0 -1
- package/website/.next/server/webpack-runtime.js +0 -1
- package/website/.next/static/IDhDQiozPwOaA3PpMqvTE/_buildManifest.js +0 -1
- package/website/.next/static/IDhDQiozPwOaA3PpMqvTE/_ssgManifest.js +0 -1
- package/website/.next/static/chunks/119.05f66060d7798fc9.js +0 -25
- package/website/.next/static/chunks/255-bf407b21685f2318.js +0 -1
- package/website/.next/static/chunks/451-235273497e501ae9.js +0 -1
- package/website/.next/static/chunks/4bd1b696-409494caf8c83275.js +0 -1
- package/website/.next/static/chunks/619-f072ac750404f9da.js +0 -1
- package/website/.next/static/chunks/651-5cd3c87d43b7eb46.js +0 -1
- package/website/.next/static/chunks/778.278ac2aadb2a1105.js +0 -1
- package/website/.next/static/chunks/890-ab915e0570e1961b.js +0 -1
- package/website/.next/static/chunks/app/_not-found/page-ccdaf9d90b537c5d.js +0 -1
- package/website/.next/static/chunks/app/about/page-bd4cb2219b41f933.js +0 -1
- package/website/.next/static/chunks/app/blog/[slug]/page-8fd43000c4969233.js +0 -1
- package/website/.next/static/chunks/app/blog/page-bd4cb2219b41f933.js +0 -1
- package/website/.next/static/chunks/app/design-guide/page-bd4cb2219b41f933.js +0 -1
- package/website/.next/static/chunks/app/ecosystem/page-bd4cb2219b41f933.js +0 -1
- package/website/.next/static/chunks/app/layout-ccacbd90656baa78.js +0 -1
- package/website/.next/static/chunks/app/license/page-bd4cb2219b41f933.js +0 -1
- package/website/.next/static/chunks/app/page-31241dc7465f9590.js +0 -1
- package/website/.next/static/chunks/app/playground/page-c2af00885374900f.js +0 -1
- package/website/.next/static/chunks/app/robots.txt/route-032c05054032342f.js +0 -1
- package/website/.next/static/chunks/app/rss.xml/route-032c05054032342f.js +0 -1
- package/website/.next/static/chunks/app/schema/page-f7c224b281771083.js +0 -1
- package/website/.next/static/chunks/app/sitemap.xml/route-032c05054032342f.js +0 -1
- package/website/.next/static/chunks/app/specification/page-bd4cb2219b41f933.js +0 -1
- package/website/.next/static/chunks/framework-1ce91eb6f9ecda85.js +0 -1
- package/website/.next/static/chunks/main-3099e141650ec47a.js +0 -1
- package/website/.next/static/chunks/main-app-a2fc6ac9305e3090.js +0 -1
- package/website/.next/static/chunks/pages/_app-5addca2b3b969fde.js +0 -1
- package/website/.next/static/chunks/pages/_error-022e4ac7bbb9914f.js +0 -1
- package/website/.next/static/chunks/polyfills-42372ed130431b0a.js +0 -1
- package/website/.next/static/chunks/webpack-6ecb09e5c6e34cb4.js +0 -1
- package/website/.next/static/css/23135390005d4468.css +0 -3
- package/website/.next/static/media/19cfc7226ec3afaa-s.woff2 +0 -0
- package/website/.next/static/media/21350d82a1f187e9-s.woff2 +0 -0
- package/website/.next/static/media/8e9860b6e62d6359-s.woff2 +0 -0
- package/website/.next/static/media/ba9851c3c22cd980-s.woff2 +0 -0
- package/website/.next/static/media/c5fe6dc8356a8c31-s.woff2 +0 -0
- package/website/.next/static/media/df0a9ae256c0569c-s.woff2 +0 -0
- package/website/.next/static/media/e4af272ccee01ff0-s.p.woff2 +0 -0
- package/website/.next/trace +0 -3
- package/website/.next/types/app/about/page.ts +0 -84
- package/website/.next/types/app/blog/[slug]/page.ts +0 -84
- package/website/.next/types/app/blog/page.ts +0 -84
- package/website/.next/types/app/design-guide/page.ts +0 -84
- package/website/.next/types/app/ecosystem/page.ts +0 -84
- package/website/.next/types/app/license/page.ts +0 -84
- package/website/.next/types/app/page.ts +0 -84
- package/website/.next/types/app/playground/page.ts +0 -84
- package/website/.next/types/app/rss.xml/route.ts +0 -347
- package/website/.next/types/app/schema/page.ts +0 -84
- package/website/.next/types/app/specification/page.ts +0 -84
- package/website/.next/types/cache-life.d.ts +0 -141
- package/website/.next/types/package.json +0 -1
- package/website/.next/types/routes.d.ts +0 -85
- package/website/.next/types/validator.ts +0 -187
- package/website/.wiki-export/Agent-Folder-Structure.md +0 -215
- package/website/.wiki-export/CI-STATUS.md +0 -66
- package/website/.wiki-export/COMPLETE-IMPLEMENTATION-CHECKLIST.md +0 -74
- package/website/.wiki-export/DRUPAL-MODULE-INTEGRATION.md +0 -103
- package/website/.wiki-export/FINAL-STATUS.md +0 -63
- package/website/.wiki-export/Getting-Started.md +0 -87
- package/website/.wiki-export/INSTRUCTIONS.md +0 -46
- package/website/.wiki-export/INTEGRATION-ANALYSIS.md +0 -216
- package/website/.wiki-export/MANIFEST.json +0 -62
- package/website/.wiki-export/OSSA-COMPLIANT-BADGE.md +0 -247
- package/website/.wiki-export/Openapi-Extensions.md +0 -930
- package/website/.wiki-export/README.md +0 -31
- package/website/.wiki-export/RELEASE-READINESS.md +0 -95
- package/website/.wiki-export/VERSIONING.md +0 -284
- package/website/next-env.d.ts +0 -6
- package/website/out/app-build-manifest.json +0 -3
- package/website/out/build-manifest.json +0 -17
- package/website/out/cache/.rscinfo +0 -1
- package/website/out/cache/next-devtools-config.json +0 -1
- package/website/out/cache/webpack/client-development/0.pack.gz +0 -0
- package/website/out/cache/webpack/client-development/1.pack.gz +0 -0
- package/website/out/cache/webpack/client-development/2.pack.gz +0 -0
- package/website/out/cache/webpack/client-development/3.pack.gz +0 -0
- package/website/out/cache/webpack/client-development/index.pack.gz +0 -0
- package/website/out/cache/webpack/client-development/index.pack.gz.old +0 -0
- package/website/out/cache/webpack/client-development-fallback/0.pack.gz +0 -0
- package/website/out/cache/webpack/client-development-fallback/index.pack.gz +0 -0
- package/website/out/cache/webpack/server-development/0.pack.gz +0 -0
- package/website/out/cache/webpack/server-development/1.pack.gz +0 -0
- package/website/out/cache/webpack/server-development/2.pack.gz +0 -0
- package/website/out/cache/webpack/server-development/3.pack.gz +0 -0
- package/website/out/cache/webpack/server-development/index.pack.gz +0 -0
- package/website/out/cache/webpack/server-development/index.pack.gz.old +0 -0
- package/website/out/package.json +0 -1
- package/website/out/prerender-manifest.json +0 -11
- package/website/out/react-loadable-manifest.json +0 -1
- package/website/out/routes-manifest.json +0 -1
- package/website/out/server/app-paths-manifest.json +0 -1
- package/website/out/server/interception-route-rewrite-manifest.js +0 -1
- package/website/out/server/middleware-build-manifest.js +0 -19
- package/website/out/server/middleware-manifest.json +0 -6
- package/website/out/server/middleware-react-loadable-manifest.js +0 -1
- package/website/out/server/next-font-manifest.js +0 -1
- package/website/out/server/next-font-manifest.json +0 -1
- package/website/out/server/pages-manifest.json +0 -1
- package/website/out/server/server-reference-manifest.js +0 -1
- package/website/out/server/server-reference-manifest.json +0 -5
- package/website/out/static/chunks/polyfills.js +0 -1
- package/website/out/static/development/_buildManifest.js +0 -1
- package/website/out/static/development/_ssgManifest.js +0 -1
- package/website/out/trace +0 -2
- package/website/out/types/cache-life.d.ts +0 -141
- package/website/out/types/package.json +0 -1
- package/website/out/types/routes.d.ts +0 -85
- package/website/out/types/validator.ts +0 -187
- package/website/public/examples.json +0 -476
- package/website/public/schemas/openapi-extensions.schema.json +0 -486
- package/website/tsconfig.tsbuildinfo +0 -1
- /package/dist/spec/{v0.2.4-dev → v0.2.4}/ossa-0.2.4-dev.yaml +0 -0
- /package/spec/v0.2.4/{ossa-0.2.4.yaml → ossa-0.2.4-dev.yaml} +0 -0
|
@@ -0,0 +1,1208 @@
|
|
|
1
|
+
# Enterprise Financial Compliance Agent
|
|
2
|
+
|
|
3
|
+
## Problem Statement
|
|
4
|
+
|
|
5
|
+
Financial institutions must maintain continuous compliance with regulations like SOC2, PCI-DSS, and GDPR. Manual compliance audits are:
|
|
6
|
+
- **Slow**: Quarterly audits take weeks of manual review
|
|
7
|
+
- **Expensive**: Compliance teams spend 40% of time on repetitive checks
|
|
8
|
+
- **Error-prone**: Human reviewers miss edge cases in complex systems
|
|
9
|
+
- **Reactive**: Issues discovered after violations occur
|
|
10
|
+
|
|
11
|
+
**Solution**: An automated OSSA compliance agent that continuously monitors infrastructure, validates controls, generates audit trails, and enforces cost limits while maintaining strict security constraints.
|
|
12
|
+
|
|
13
|
+
## Architecture Overview
|
|
14
|
+
|
|
15
|
+
```mermaid
|
|
16
|
+
graph TB
|
|
17
|
+
subgraph "Compliance Agent"
|
|
18
|
+
Agent[OSSA Compliance Agent]
|
|
19
|
+
Scanner[Infrastructure Scanner]
|
|
20
|
+
Validator[Policy Validator]
|
|
21
|
+
Reporter[Audit Reporter]
|
|
22
|
+
Remediation[Auto-Remediation]
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
subgraph "Infrastructure"
|
|
26
|
+
K8s[Kubernetes Clusters]
|
|
27
|
+
DB[(Databases)]
|
|
28
|
+
S3[Object Storage]
|
|
29
|
+
Logs[Audit Logs]
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
subgraph "Compliance Framework"
|
|
33
|
+
PCI[PCI-DSS Controls]
|
|
34
|
+
SOC2[SOC2 Requirements]
|
|
35
|
+
GDPR[GDPR Articles]
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
subgraph "Outputs"
|
|
39
|
+
Dashboard[Compliance Dashboard]
|
|
40
|
+
Alerts[Security Alerts]
|
|
41
|
+
Reports[Audit Reports]
|
|
42
|
+
Evidence[Evidence Collection]
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
Agent --> Scanner
|
|
46
|
+
Scanner --> K8s
|
|
47
|
+
Scanner --> DB
|
|
48
|
+
Scanner --> S3
|
|
49
|
+
Scanner --> Logs
|
|
50
|
+
|
|
51
|
+
Validator --> PCI
|
|
52
|
+
Validator --> SOC2
|
|
53
|
+
Validator --> GDPR
|
|
54
|
+
|
|
55
|
+
Agent --> Reporter
|
|
56
|
+
Reporter --> Dashboard
|
|
57
|
+
Reporter --> Reports
|
|
58
|
+
Reporter --> Evidence
|
|
59
|
+
|
|
60
|
+
Agent --> Remediation
|
|
61
|
+
Remediation -.->|Auto-fix| K8s
|
|
62
|
+
|
|
63
|
+
Validator -.->|Violations| Alerts
|
|
64
|
+
|
|
65
|
+
style Agent fill:#e1f5ff
|
|
66
|
+
style Alerts fill:#ffe1e1
|
|
67
|
+
style Reports fill:#e1ffe1
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
## OSSA Manifest
|
|
71
|
+
|
|
72
|
+
```yaml
|
|
73
|
+
apiVersion: ossa/v0.2.x
|
|
74
|
+
kind: Agent
|
|
75
|
+
metadata:
|
|
76
|
+
name: financial-compliance-agent
|
|
77
|
+
namespace: compliance
|
|
78
|
+
labels:
|
|
79
|
+
app: compliance
|
|
80
|
+
tier: security
|
|
81
|
+
criticality: high
|
|
82
|
+
annotations:
|
|
83
|
+
compliance.ossa.io/frameworks: "pci-dss,soc2,gdpr"
|
|
84
|
+
compliance.ossa.io/audit-retention: "2555d" # 7 years
|
|
85
|
+
cost.ossa.io/budget-daily: "50.00"
|
|
86
|
+
cost.ossa.io/alert-threshold: "0.80"
|
|
87
|
+
|
|
88
|
+
spec:
|
|
89
|
+
type: worker
|
|
90
|
+
description: |
|
|
91
|
+
Automated financial compliance agent for continuous infrastructure
|
|
92
|
+
monitoring, policy validation, and regulatory audit reporting.
|
|
93
|
+
|
|
94
|
+
Supports PCI-DSS v4.0, SOC2 Type II, and GDPR compliance frameworks.
|
|
95
|
+
|
|
96
|
+
runtime:
|
|
97
|
+
type: kubernetes
|
|
98
|
+
image: registry.example.com/agents/compliance:2.1.0
|
|
99
|
+
command: ["/app/compliance-agent"]
|
|
100
|
+
args:
|
|
101
|
+
- "--mode=continuous"
|
|
102
|
+
- "--scan-interval=3600"
|
|
103
|
+
- "--auto-remediate=false"
|
|
104
|
+
resources:
|
|
105
|
+
limits:
|
|
106
|
+
cpu: "2000m"
|
|
107
|
+
memory: "4Gi"
|
|
108
|
+
ephemeral-storage: "10Gi"
|
|
109
|
+
requests:
|
|
110
|
+
cpu: "500m"
|
|
111
|
+
memory: "1Gi"
|
|
112
|
+
env:
|
|
113
|
+
- name: LOG_LEVEL
|
|
114
|
+
value: "info"
|
|
115
|
+
- name: COMPLIANCE_FRAMEWORKS
|
|
116
|
+
value: "pci-dss,soc2,gdpr"
|
|
117
|
+
- name: AUDIT_LOG_RETENTION_DAYS
|
|
118
|
+
value: "2555"
|
|
119
|
+
- name: ENABLE_AUTO_REMEDIATION
|
|
120
|
+
value: "false"
|
|
121
|
+
- name: COST_LIMIT_DAILY_USD
|
|
122
|
+
value: "50.00"
|
|
123
|
+
|
|
124
|
+
capabilities:
|
|
125
|
+
- name: scan_infrastructure
|
|
126
|
+
description: |
|
|
127
|
+
Scan Kubernetes infrastructure, databases, and storage for
|
|
128
|
+
compliance violations across all configured frameworks.
|
|
129
|
+
input_schema:
|
|
130
|
+
type: object
|
|
131
|
+
required: [namespace, frameworks]
|
|
132
|
+
properties:
|
|
133
|
+
namespace:
|
|
134
|
+
type: string
|
|
135
|
+
description: Kubernetes namespace to scan
|
|
136
|
+
frameworks:
|
|
137
|
+
type: array
|
|
138
|
+
items:
|
|
139
|
+
type: string
|
|
140
|
+
enum: [pci-dss, soc2, gdpr, hipaa]
|
|
141
|
+
description: Compliance frameworks to validate against
|
|
142
|
+
controls:
|
|
143
|
+
type: array
|
|
144
|
+
items:
|
|
145
|
+
type: string
|
|
146
|
+
description: Specific control IDs to check (optional)
|
|
147
|
+
depth:
|
|
148
|
+
type: string
|
|
149
|
+
enum: [shallow, deep, comprehensive]
|
|
150
|
+
default: deep
|
|
151
|
+
description: Scan depth level
|
|
152
|
+
output_schema:
|
|
153
|
+
type: object
|
|
154
|
+
required: [scan_id, compliant, violations, timestamp]
|
|
155
|
+
properties:
|
|
156
|
+
scan_id:
|
|
157
|
+
type: string
|
|
158
|
+
format: uuid
|
|
159
|
+
compliant:
|
|
160
|
+
type: boolean
|
|
161
|
+
compliance_score:
|
|
162
|
+
type: number
|
|
163
|
+
minimum: 0
|
|
164
|
+
maximum: 100
|
|
165
|
+
violations:
|
|
166
|
+
type: array
|
|
167
|
+
items:
|
|
168
|
+
type: object
|
|
169
|
+
required: [control_id, severity, resource, description]
|
|
170
|
+
properties:
|
|
171
|
+
control_id:
|
|
172
|
+
type: string
|
|
173
|
+
description: "e.g., PCI-DSS 3.4, SOC2 CC6.1"
|
|
174
|
+
framework:
|
|
175
|
+
type: string
|
|
176
|
+
severity:
|
|
177
|
+
type: string
|
|
178
|
+
enum: [critical, high, medium, low, info]
|
|
179
|
+
resource:
|
|
180
|
+
type: object
|
|
181
|
+
properties:
|
|
182
|
+
type: {type: string}
|
|
183
|
+
namespace: {type: string}
|
|
184
|
+
name: {type: string}
|
|
185
|
+
description:
|
|
186
|
+
type: string
|
|
187
|
+
remediation:
|
|
188
|
+
type: string
|
|
189
|
+
evidence:
|
|
190
|
+
type: array
|
|
191
|
+
items: {type: string}
|
|
192
|
+
summary:
|
|
193
|
+
type: object
|
|
194
|
+
properties:
|
|
195
|
+
total_resources_scanned: {type: integer}
|
|
196
|
+
violations_by_severity:
|
|
197
|
+
type: object
|
|
198
|
+
properties:
|
|
199
|
+
critical: {type: integer}
|
|
200
|
+
high: {type: integer}
|
|
201
|
+
medium: {type: integer}
|
|
202
|
+
low: {type: integer}
|
|
203
|
+
timestamp:
|
|
204
|
+
type: string
|
|
205
|
+
format: date-time
|
|
206
|
+
|
|
207
|
+
- name: validate_policy
|
|
208
|
+
description: |
|
|
209
|
+
Validate a specific resource against compliance policies
|
|
210
|
+
and return detailed pass/fail results with evidence.
|
|
211
|
+
input_schema:
|
|
212
|
+
type: object
|
|
213
|
+
required: [resource_type, resource_spec, policies]
|
|
214
|
+
properties:
|
|
215
|
+
resource_type:
|
|
216
|
+
type: string
|
|
217
|
+
enum: [deployment, service, secret, configmap, pvc, database]
|
|
218
|
+
resource_spec:
|
|
219
|
+
type: object
|
|
220
|
+
description: Full resource specification (YAML/JSON)
|
|
221
|
+
policies:
|
|
222
|
+
type: array
|
|
223
|
+
items:
|
|
224
|
+
type: string
|
|
225
|
+
description: Policy IDs to validate against
|
|
226
|
+
output_schema:
|
|
227
|
+
type: object
|
|
228
|
+
properties:
|
|
229
|
+
valid:
|
|
230
|
+
type: boolean
|
|
231
|
+
policy_results:
|
|
232
|
+
type: array
|
|
233
|
+
items:
|
|
234
|
+
type: object
|
|
235
|
+
properties:
|
|
236
|
+
policy_id: {type: string}
|
|
237
|
+
passed: {type: boolean}
|
|
238
|
+
message: {type: string}
|
|
239
|
+
evidence: {type: array, items: {type: string}}
|
|
240
|
+
|
|
241
|
+
- name: generate_audit_report
|
|
242
|
+
description: |
|
|
243
|
+
Generate comprehensive audit report for specified time period
|
|
244
|
+
with evidence collection and compliance attestation.
|
|
245
|
+
input_schema:
|
|
246
|
+
type: object
|
|
247
|
+
required: [start_date, end_date, format]
|
|
248
|
+
properties:
|
|
249
|
+
start_date:
|
|
250
|
+
type: string
|
|
251
|
+
format: date
|
|
252
|
+
end_date:
|
|
253
|
+
type: string
|
|
254
|
+
format: date
|
|
255
|
+
format:
|
|
256
|
+
type: string
|
|
257
|
+
enum: [pdf, html, json, csv]
|
|
258
|
+
frameworks:
|
|
259
|
+
type: array
|
|
260
|
+
items:
|
|
261
|
+
type: string
|
|
262
|
+
description: Filter by frameworks
|
|
263
|
+
include_evidence:
|
|
264
|
+
type: boolean
|
|
265
|
+
default: true
|
|
266
|
+
output_schema:
|
|
267
|
+
type: object
|
|
268
|
+
required: [report_id, report_url, generated_at]
|
|
269
|
+
properties:
|
|
270
|
+
report_id:
|
|
271
|
+
type: string
|
|
272
|
+
format: uuid
|
|
273
|
+
report_url:
|
|
274
|
+
type: string
|
|
275
|
+
format: uri
|
|
276
|
+
summary:
|
|
277
|
+
type: object
|
|
278
|
+
properties:
|
|
279
|
+
period: {type: string}
|
|
280
|
+
total_scans: {type: integer}
|
|
281
|
+
compliance_score_avg: {type: number}
|
|
282
|
+
critical_violations: {type: integer}
|
|
283
|
+
remediated_violations: {type: integer}
|
|
284
|
+
generated_at:
|
|
285
|
+
type: string
|
|
286
|
+
format: date-time
|
|
287
|
+
expires_at:
|
|
288
|
+
type: string
|
|
289
|
+
format: date-time
|
|
290
|
+
|
|
291
|
+
- name: auto_remediate
|
|
292
|
+
description: |
|
|
293
|
+
Automatically remediate approved compliance violations.
|
|
294
|
+
Requires explicit approval for critical/high severity issues.
|
|
295
|
+
input_schema:
|
|
296
|
+
type: object
|
|
297
|
+
required: [violation_id, action]
|
|
298
|
+
properties:
|
|
299
|
+
violation_id:
|
|
300
|
+
type: string
|
|
301
|
+
action:
|
|
302
|
+
type: string
|
|
303
|
+
enum: [apply, simulate, rollback]
|
|
304
|
+
approval_token:
|
|
305
|
+
type: string
|
|
306
|
+
description: Required for critical/high severity
|
|
307
|
+
output_schema:
|
|
308
|
+
type: object
|
|
309
|
+
properties:
|
|
310
|
+
remediated:
|
|
311
|
+
type: boolean
|
|
312
|
+
actions_taken:
|
|
313
|
+
type: array
|
|
314
|
+
items:
|
|
315
|
+
type: string
|
|
316
|
+
rollback_available:
|
|
317
|
+
type: boolean
|
|
318
|
+
rollback_id:
|
|
319
|
+
type: string
|
|
320
|
+
|
|
321
|
+
policies:
|
|
322
|
+
security:
|
|
323
|
+
encryption_at_rest: required
|
|
324
|
+
encryption_in_transit: required
|
|
325
|
+
secrets_management: vault
|
|
326
|
+
network_policies: required
|
|
327
|
+
pod_security_standards: restricted
|
|
328
|
+
|
|
329
|
+
compliance:
|
|
330
|
+
frameworks:
|
|
331
|
+
- pci-dss-v4.0
|
|
332
|
+
- soc2-type2
|
|
333
|
+
- gdpr
|
|
334
|
+
data_residency: [US, EU]
|
|
335
|
+
audit_logging: comprehensive
|
|
336
|
+
retention_days: 2555 # 7 years for financial records
|
|
337
|
+
|
|
338
|
+
cost_management:
|
|
339
|
+
budget:
|
|
340
|
+
daily_limit_usd: 50.00
|
|
341
|
+
monthly_limit_usd: 1500.00
|
|
342
|
+
alert_threshold: 0.80
|
|
343
|
+
actions_on_limit:
|
|
344
|
+
- notify_admin
|
|
345
|
+
- reduce_scan_frequency
|
|
346
|
+
- disable_non_critical_scans
|
|
347
|
+
optimization:
|
|
348
|
+
scan_scheduling: off_peak_hours
|
|
349
|
+
resource_pooling: enabled
|
|
350
|
+
cache_results: 3600 # 1 hour
|
|
351
|
+
|
|
352
|
+
monitoring:
|
|
353
|
+
health_checks:
|
|
354
|
+
enabled: true
|
|
355
|
+
interval_seconds: 30
|
|
356
|
+
metrics:
|
|
357
|
+
prometheus: true
|
|
358
|
+
custom_metrics:
|
|
359
|
+
- compliance_score
|
|
360
|
+
- violations_by_severity
|
|
361
|
+
- scan_duration_seconds
|
|
362
|
+
- cost_per_scan_usd
|
|
363
|
+
alerts:
|
|
364
|
+
critical_violations: immediate
|
|
365
|
+
high_violations: 15_minutes
|
|
366
|
+
cost_threshold_exceeded: immediate
|
|
367
|
+
agent_unhealthy: immediate
|
|
368
|
+
|
|
369
|
+
integration:
|
|
370
|
+
protocol: grpc
|
|
371
|
+
api_version: v1
|
|
372
|
+
endpoints:
|
|
373
|
+
scan:
|
|
374
|
+
path: /v1/compliance/scan
|
|
375
|
+
method: POST
|
|
376
|
+
rate_limit: 100/hour
|
|
377
|
+
validate:
|
|
378
|
+
path: /v1/compliance/validate
|
|
379
|
+
method: POST
|
|
380
|
+
rate_limit: 1000/hour
|
|
381
|
+
report:
|
|
382
|
+
path: /v1/compliance/reports
|
|
383
|
+
method: GET
|
|
384
|
+
rate_limit: 50/hour
|
|
385
|
+
remediate:
|
|
386
|
+
path: /v1/compliance/remediate
|
|
387
|
+
method: POST
|
|
388
|
+
rate_limit: 10/hour
|
|
389
|
+
|
|
390
|
+
authentication:
|
|
391
|
+
type: mutual-tls
|
|
392
|
+
config:
|
|
393
|
+
ca_cert_path: /etc/certs/ca.crt
|
|
394
|
+
server_cert_path: /etc/certs/server.crt
|
|
395
|
+
server_key_path: /etc/certs/server.key
|
|
396
|
+
client_verification: required
|
|
397
|
+
|
|
398
|
+
authorization:
|
|
399
|
+
rbac:
|
|
400
|
+
enabled: true
|
|
401
|
+
roles:
|
|
402
|
+
- name: compliance_admin
|
|
403
|
+
permissions: [scan, validate, report, remediate]
|
|
404
|
+
- name: compliance_viewer
|
|
405
|
+
permissions: [report]
|
|
406
|
+
- name: compliance_auditor
|
|
407
|
+
permissions: [scan, report]
|
|
408
|
+
|
|
409
|
+
monitoring:
|
|
410
|
+
health_check:
|
|
411
|
+
endpoint: http://localhost:8080/health
|
|
412
|
+
interval_seconds: 30
|
|
413
|
+
timeout_seconds: 5
|
|
414
|
+
failure_threshold: 3
|
|
415
|
+
|
|
416
|
+
readiness_check:
|
|
417
|
+
endpoint: http://localhost:8080/ready
|
|
418
|
+
interval_seconds: 10
|
|
419
|
+
|
|
420
|
+
traces:
|
|
421
|
+
enabled: true
|
|
422
|
+
exporter: jaeger
|
|
423
|
+
endpoint: http://jaeger-collector:14268/api/traces
|
|
424
|
+
sample_rate: 0.1
|
|
425
|
+
|
|
426
|
+
metrics:
|
|
427
|
+
enabled: true
|
|
428
|
+
exporter: prometheus
|
|
429
|
+
port: 9090
|
|
430
|
+
path: /metrics
|
|
431
|
+
|
|
432
|
+
logs:
|
|
433
|
+
level: info
|
|
434
|
+
format: json
|
|
435
|
+
output: stdout
|
|
436
|
+
audit_log_path: /var/log/audit/compliance.log
|
|
437
|
+
|
|
438
|
+
metadata:
|
|
439
|
+
version: 2.1.0
|
|
440
|
+
author:
|
|
441
|
+
name: Security Team
|
|
442
|
+
email: security@example.com
|
|
443
|
+
organization: Example Corp
|
|
444
|
+
license: Proprietary
|
|
445
|
+
tags:
|
|
446
|
+
- compliance
|
|
447
|
+
- security
|
|
448
|
+
- audit
|
|
449
|
+
- pci-dss
|
|
450
|
+
- soc2
|
|
451
|
+
- gdpr
|
|
452
|
+
keywords:
|
|
453
|
+
- automated compliance
|
|
454
|
+
- continuous monitoring
|
|
455
|
+
- audit automation
|
|
456
|
+
- policy validation
|
|
457
|
+
documentation_url: https://docs.example.com/agents/compliance
|
|
458
|
+
source_repository: https://github.com/example/compliance-agent
|
|
459
|
+
issue_tracker: https://github.com/example/compliance-agent/issues
|
|
460
|
+
```
|
|
461
|
+
|
|
462
|
+
## Implementation (TypeScript)
|
|
463
|
+
|
|
464
|
+
```typescript
|
|
465
|
+
/**
|
|
466
|
+
* Enterprise Financial Compliance Agent
|
|
467
|
+
*
|
|
468
|
+
* Production-ready OSSA agent for continuous compliance monitoring
|
|
469
|
+
* with cost controls and security constraints.
|
|
470
|
+
*/
|
|
471
|
+
|
|
472
|
+
import { Agent, OSSARuntime } from '@ossa/runtime';
|
|
473
|
+
import { PrometheusMetrics } from '@ossa/monitoring';
|
|
474
|
+
import { VaultSecretManager } from '@ossa/security';
|
|
475
|
+
import { ComplianceFramework } from './frameworks';
|
|
476
|
+
import { CostLimiter } from './cost-management';
|
|
477
|
+
import { AuditLogger } from './audit';
|
|
478
|
+
|
|
479
|
+
interface ComplianceConfig {
|
|
480
|
+
frameworks: string[];
|
|
481
|
+
scanInterval: number;
|
|
482
|
+
autoRemediate: boolean;
|
|
483
|
+
costLimitDaily: number;
|
|
484
|
+
auditRetentionDays: number;
|
|
485
|
+
}
|
|
486
|
+
|
|
487
|
+
interface ScanResult {
|
|
488
|
+
scanId: string;
|
|
489
|
+
compliant: boolean;
|
|
490
|
+
complianceScore: number;
|
|
491
|
+
violations: Violation[];
|
|
492
|
+
summary: ScanSummary;
|
|
493
|
+
timestamp: Date;
|
|
494
|
+
}
|
|
495
|
+
|
|
496
|
+
interface Violation {
|
|
497
|
+
controlId: string;
|
|
498
|
+
framework: string;
|
|
499
|
+
severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
|
|
500
|
+
resource: {
|
|
501
|
+
type: string;
|
|
502
|
+
namespace: string;
|
|
503
|
+
name: string;
|
|
504
|
+
};
|
|
505
|
+
description: string;
|
|
506
|
+
remediation: string;
|
|
507
|
+
evidence: string[];
|
|
508
|
+
}
|
|
509
|
+
|
|
510
|
+
interface ScanSummary {
|
|
511
|
+
totalResourcesScanned: number;
|
|
512
|
+
violationsBySeverity: {
|
|
513
|
+
critical: number;
|
|
514
|
+
high: number;
|
|
515
|
+
medium: number;
|
|
516
|
+
low: number;
|
|
517
|
+
};
|
|
518
|
+
}
|
|
519
|
+
|
|
520
|
+
export class ComplianceAgent extends Agent {
|
|
521
|
+
private config: ComplianceConfig;
|
|
522
|
+
private frameworks: Map<string, ComplianceFramework>;
|
|
523
|
+
private costLimiter: CostLimiter;
|
|
524
|
+
private auditLogger: AuditLogger;
|
|
525
|
+
private metrics: PrometheusMetrics;
|
|
526
|
+
private secretManager: VaultSecretManager;
|
|
527
|
+
|
|
528
|
+
constructor(runtime: OSSARuntime) {
|
|
529
|
+
super(runtime);
|
|
530
|
+
|
|
531
|
+
this.config = this.loadConfig();
|
|
532
|
+
this.frameworks = this.initializeFrameworks();
|
|
533
|
+
this.costLimiter = new CostLimiter({
|
|
534
|
+
dailyLimit: this.config.costLimitDaily,
|
|
535
|
+
alertThreshold: 0.80,
|
|
536
|
+
});
|
|
537
|
+
this.auditLogger = new AuditLogger({
|
|
538
|
+
retentionDays: this.config.auditRetentionDays,
|
|
539
|
+
encryptionEnabled: true,
|
|
540
|
+
});
|
|
541
|
+
this.metrics = new PrometheusMetrics();
|
|
542
|
+
this.secretManager = new VaultSecretManager();
|
|
543
|
+
}
|
|
544
|
+
|
|
545
|
+
private loadConfig(): ComplianceConfig {
|
|
546
|
+
return {
|
|
547
|
+
frameworks: process.env.COMPLIANCE_FRAMEWORKS?.split(',') || ['pci-dss', 'soc2'],
|
|
548
|
+
scanInterval: parseInt(process.env.SCAN_INTERVAL || '3600', 10),
|
|
549
|
+
autoRemediate: process.env.ENABLE_AUTO_REMEDIATION === 'true',
|
|
550
|
+
costLimitDaily: parseFloat(process.env.COST_LIMIT_DAILY_USD || '50.00'),
|
|
551
|
+
auditRetentionDays: parseInt(process.env.AUDIT_LOG_RETENTION_DAYS || '2555', 10),
|
|
552
|
+
};
|
|
553
|
+
}
|
|
554
|
+
|
|
555
|
+
private initializeFrameworks(): Map<string, ComplianceFramework> {
|
|
556
|
+
const frameworks = new Map();
|
|
557
|
+
|
|
558
|
+
for (const frameworkId of this.config.frameworks) {
|
|
559
|
+
const framework = ComplianceFramework.load(frameworkId);
|
|
560
|
+
frameworks.set(frameworkId, framework);
|
|
561
|
+
}
|
|
562
|
+
|
|
563
|
+
return frameworks;
|
|
564
|
+
}
|
|
565
|
+
|
|
566
|
+
/**
|
|
567
|
+
* Scan infrastructure for compliance violations
|
|
568
|
+
*/
|
|
569
|
+
async scanInfrastructure(params: {
|
|
570
|
+
namespace: string;
|
|
571
|
+
frameworks: string[];
|
|
572
|
+
controls?: string[];
|
|
573
|
+
depth?: 'shallow' | 'deep' | 'comprehensive';
|
|
574
|
+
}): Promise<ScanResult> {
|
|
575
|
+
const scanId = this.generateScanId();
|
|
576
|
+
const startTime = Date.now();
|
|
577
|
+
|
|
578
|
+
// Check cost limits before proceeding
|
|
579
|
+
const estimatedCost = this.estimateScanCost(params.depth || 'deep');
|
|
580
|
+
if (!await this.costLimiter.checkAndReserve(estimatedCost)) {
|
|
581
|
+
throw new Error('Daily cost limit exceeded. Scan blocked.');
|
|
582
|
+
}
|
|
583
|
+
|
|
584
|
+
try {
|
|
585
|
+
this.auditLogger.log({
|
|
586
|
+
action: 'scan_started',
|
|
587
|
+
scanId,
|
|
588
|
+
params,
|
|
589
|
+
timestamp: new Date(),
|
|
590
|
+
});
|
|
591
|
+
|
|
592
|
+
// Discover resources in namespace
|
|
593
|
+
const resources = await this.discoverResources(params.namespace);
|
|
594
|
+
this.metrics.recordGauge('resources_discovered', resources.length);
|
|
595
|
+
|
|
596
|
+
// Run compliance checks across all frameworks
|
|
597
|
+
const violations: Violation[] = [];
|
|
598
|
+
|
|
599
|
+
for (const frameworkId of params.frameworks) {
|
|
600
|
+
const framework = this.frameworks.get(frameworkId);
|
|
601
|
+
if (!framework) {
|
|
602
|
+
throw new Error(`Unknown framework: ${frameworkId}`);
|
|
603
|
+
}
|
|
604
|
+
|
|
605
|
+
const frameworkViolations = await framework.scan({
|
|
606
|
+
resources,
|
|
607
|
+
controls: params.controls,
|
|
608
|
+
depth: params.depth || 'deep',
|
|
609
|
+
});
|
|
610
|
+
|
|
611
|
+
violations.push(...frameworkViolations);
|
|
612
|
+
}
|
|
613
|
+
|
|
614
|
+
// Calculate compliance score
|
|
615
|
+
const complianceScore = this.calculateComplianceScore(violations, resources.length);
|
|
616
|
+
|
|
617
|
+
// Generate summary
|
|
618
|
+
const summary = this.generateSummary(violations, resources.length);
|
|
619
|
+
|
|
620
|
+
const result: ScanResult = {
|
|
621
|
+
scanId,
|
|
622
|
+
compliant: violations.filter(v => v.severity === 'critical' || v.severity === 'high').length === 0,
|
|
623
|
+
complianceScore,
|
|
624
|
+
violations,
|
|
625
|
+
summary,
|
|
626
|
+
timestamp: new Date(),
|
|
627
|
+
};
|
|
628
|
+
|
|
629
|
+
// Record metrics
|
|
630
|
+
const duration = Date.now() - startTime;
|
|
631
|
+
this.metrics.recordHistogram('scan_duration_seconds', duration / 1000);
|
|
632
|
+
this.metrics.recordCounter('scans_total', 1, { status: 'success' });
|
|
633
|
+
this.metrics.recordGauge('compliance_score', complianceScore);
|
|
634
|
+
this.metrics.recordGauge('violations_critical', summary.violationsBySeverity.critical);
|
|
635
|
+
this.metrics.recordGauge('violations_high', summary.violationsBySeverity.high);
|
|
636
|
+
|
|
637
|
+
// Log audit trail
|
|
638
|
+
this.auditLogger.log({
|
|
639
|
+
action: 'scan_completed',
|
|
640
|
+
scanId,
|
|
641
|
+
result: {
|
|
642
|
+
compliant: result.compliant,
|
|
643
|
+
score: complianceScore,
|
|
644
|
+
violationCount: violations.length,
|
|
645
|
+
},
|
|
646
|
+
timestamp: new Date(),
|
|
647
|
+
});
|
|
648
|
+
|
|
649
|
+
// Send alerts for critical violations
|
|
650
|
+
if (summary.violationsBySeverity.critical > 0) {
|
|
651
|
+
await this.sendCriticalAlert(result);
|
|
652
|
+
}
|
|
653
|
+
|
|
654
|
+
// Record actual cost
|
|
655
|
+
const actualCost = this.calculateActualCost(duration, resources.length);
|
|
656
|
+
await this.costLimiter.recordActual(actualCost);
|
|
657
|
+
this.metrics.recordHistogram('cost_per_scan_usd', actualCost);
|
|
658
|
+
|
|
659
|
+
return result;
|
|
660
|
+
|
|
661
|
+
} catch (error) {
|
|
662
|
+
this.metrics.recordCounter('scans_total', 1, { status: 'error' });
|
|
663
|
+
this.auditLogger.log({
|
|
664
|
+
action: 'scan_failed',
|
|
665
|
+
scanId,
|
|
666
|
+
error: error.message,
|
|
667
|
+
timestamp: new Date(),
|
|
668
|
+
});
|
|
669
|
+
throw error;
|
|
670
|
+
}
|
|
671
|
+
}
|
|
672
|
+
|
|
673
|
+
/**
|
|
674
|
+
* Validate a specific resource against policies
|
|
675
|
+
*/
|
|
676
|
+
async validatePolicy(params: {
|
|
677
|
+
resourceType: string;
|
|
678
|
+
resourceSpec: any;
|
|
679
|
+
policies: string[];
|
|
680
|
+
}): Promise<{ valid: boolean; policyResults: any[] }> {
|
|
681
|
+
this.auditLogger.log({
|
|
682
|
+
action: 'policy_validation_started',
|
|
683
|
+
resourceType: params.resourceType,
|
|
684
|
+
policies: params.policies,
|
|
685
|
+
timestamp: new Date(),
|
|
686
|
+
});
|
|
687
|
+
|
|
688
|
+
const results = [];
|
|
689
|
+
|
|
690
|
+
for (const policyId of params.policies) {
|
|
691
|
+
const policy = await this.loadPolicy(policyId);
|
|
692
|
+
const result = await policy.validate(params.resourceSpec);
|
|
693
|
+
results.push({
|
|
694
|
+
policyId,
|
|
695
|
+
passed: result.passed,
|
|
696
|
+
message: result.message,
|
|
697
|
+
evidence: result.evidence,
|
|
698
|
+
});
|
|
699
|
+
}
|
|
700
|
+
|
|
701
|
+
const valid = results.every(r => r.passed);
|
|
702
|
+
|
|
703
|
+
this.auditLogger.log({
|
|
704
|
+
action: 'policy_validation_completed',
|
|
705
|
+
valid,
|
|
706
|
+
timestamp: new Date(),
|
|
707
|
+
});
|
|
708
|
+
|
|
709
|
+
return { valid, policyResults: results };
|
|
710
|
+
}
|
|
711
|
+
|
|
712
|
+
/**
|
|
713
|
+
* Generate audit report
|
|
714
|
+
*/
|
|
715
|
+
async generateAuditReport(params: {
|
|
716
|
+
startDate: string;
|
|
717
|
+
endDate: string;
|
|
718
|
+
format: 'pdf' | 'html' | 'json' | 'csv';
|
|
719
|
+
frameworks?: string[];
|
|
720
|
+
includeEvidence?: boolean;
|
|
721
|
+
}): Promise<any> {
|
|
722
|
+
const reportId = this.generateReportId();
|
|
723
|
+
|
|
724
|
+
this.auditLogger.log({
|
|
725
|
+
action: 'report_generation_started',
|
|
726
|
+
reportId,
|
|
727
|
+
params,
|
|
728
|
+
timestamp: new Date(),
|
|
729
|
+
});
|
|
730
|
+
|
|
731
|
+
// Retrieve scan history
|
|
732
|
+
const scans = await this.auditLogger.queryScanHistory({
|
|
733
|
+
startDate: new Date(params.startDate),
|
|
734
|
+
endDate: new Date(params.endDate),
|
|
735
|
+
frameworks: params.frameworks,
|
|
736
|
+
});
|
|
737
|
+
|
|
738
|
+
// Calculate aggregates
|
|
739
|
+
const summary = {
|
|
740
|
+
period: `${params.startDate} to ${params.endDate}`,
|
|
741
|
+
totalScans: scans.length,
|
|
742
|
+
complianceScoreAvg: this.calculateAverage(scans.map(s => s.complianceScore)),
|
|
743
|
+
criticalViolations: scans.reduce((sum, s) => sum + s.violations.filter(v => v.severity === 'critical').length, 0),
|
|
744
|
+
remediatedViolations: await this.countRemediatedViolations(params.startDate, params.endDate),
|
|
745
|
+
};
|
|
746
|
+
|
|
747
|
+
// Generate report in requested format
|
|
748
|
+
const reportUrl = await this.formatAndStoreReport({
|
|
749
|
+
reportId,
|
|
750
|
+
format: params.format,
|
|
751
|
+
scans,
|
|
752
|
+
summary,
|
|
753
|
+
includeEvidence: params.includeEvidence ?? true,
|
|
754
|
+
});
|
|
755
|
+
|
|
756
|
+
this.auditLogger.log({
|
|
757
|
+
action: 'report_generation_completed',
|
|
758
|
+
reportId,
|
|
759
|
+
timestamp: new Date(),
|
|
760
|
+
});
|
|
761
|
+
|
|
762
|
+
return {
|
|
763
|
+
reportId,
|
|
764
|
+
reportUrl,
|
|
765
|
+
summary,
|
|
766
|
+
generatedAt: new Date().toISOString(),
|
|
767
|
+
expiresAt: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString(), // 30 days
|
|
768
|
+
};
|
|
769
|
+
}
|
|
770
|
+
|
|
771
|
+
/**
|
|
772
|
+
* Auto-remediate violations
|
|
773
|
+
*/
|
|
774
|
+
async autoRemediate(params: {
|
|
775
|
+
violationId: string;
|
|
776
|
+
action: 'apply' | 'simulate' | 'rollback';
|
|
777
|
+
approvalToken?: string;
|
|
778
|
+
}): Promise<any> {
|
|
779
|
+
const violation = await this.loadViolation(params.violationId);
|
|
780
|
+
|
|
781
|
+
// Check if auto-remediation is enabled
|
|
782
|
+
if (!this.config.autoRemediate && params.action === 'apply') {
|
|
783
|
+
throw new Error('Auto-remediation is disabled in configuration');
|
|
784
|
+
}
|
|
785
|
+
|
|
786
|
+
// Require approval for critical/high severity
|
|
787
|
+
if ((violation.severity === 'critical' || violation.severity === 'high') && !params.approvalToken) {
|
|
788
|
+
throw new Error('Approval token required for critical/high severity violations');
|
|
789
|
+
}
|
|
790
|
+
|
|
791
|
+
if (params.approvalToken) {
|
|
792
|
+
await this.validateApprovalToken(params.approvalToken, violation);
|
|
793
|
+
}
|
|
794
|
+
|
|
795
|
+
this.auditLogger.log({
|
|
796
|
+
action: 'remediation_started',
|
|
797
|
+
violationId: params.violationId,
|
|
798
|
+
action: params.action,
|
|
799
|
+
timestamp: new Date(),
|
|
800
|
+
});
|
|
801
|
+
|
|
802
|
+
const remediation = await this.loadRemediationPlan(violation);
|
|
803
|
+
const actions: string[] = [];
|
|
804
|
+
let rollbackId: string | null = null;
|
|
805
|
+
|
|
806
|
+
if (params.action === 'simulate') {
|
|
807
|
+
// Dry run
|
|
808
|
+
for (const step of remediation.steps) {
|
|
809
|
+
actions.push(`[SIMULATED] ${step.description}`);
|
|
810
|
+
}
|
|
811
|
+
} else if (params.action === 'apply') {
|
|
812
|
+
// Create rollback point
|
|
813
|
+
rollbackId = await this.createRollbackPoint(violation.resource);
|
|
814
|
+
|
|
815
|
+
// Apply remediation
|
|
816
|
+
for (const step of remediation.steps) {
|
|
817
|
+
await step.execute();
|
|
818
|
+
actions.push(step.description);
|
|
819
|
+
}
|
|
820
|
+
} else if (params.action === 'rollback') {
|
|
821
|
+
// Rollback previous remediation
|
|
822
|
+
await this.executeRollback(params.violationId);
|
|
823
|
+
actions.push('Rollback completed');
|
|
824
|
+
}
|
|
825
|
+
|
|
826
|
+
this.auditLogger.log({
|
|
827
|
+
action: 'remediation_completed',
|
|
828
|
+
violationId: params.violationId,
|
|
829
|
+
actions,
|
|
830
|
+
timestamp: new Date(),
|
|
831
|
+
});
|
|
832
|
+
|
|
833
|
+
return {
|
|
834
|
+
remediated: params.action === 'apply',
|
|
835
|
+
actionsTaken: actions,
|
|
836
|
+
rollbackAvailable: rollbackId !== null,
|
|
837
|
+
rollbackId,
|
|
838
|
+
};
|
|
839
|
+
}
|
|
840
|
+
|
|
841
|
+
// Helper methods
|
|
842
|
+
private generateScanId(): string {
|
|
843
|
+
return `scan-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
|
|
844
|
+
}
|
|
845
|
+
|
|
846
|
+
private generateReportId(): string {
|
|
847
|
+
return `report-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
|
|
848
|
+
}
|
|
849
|
+
|
|
850
|
+
private estimateScanCost(depth: string): number {
|
|
851
|
+
const baseCost = 0.10; // $0.10 per scan
|
|
852
|
+
const depthMultiplier = { shallow: 0.5, deep: 1.0, comprehensive: 2.0 };
|
|
853
|
+
return baseCost * (depthMultiplier[depth] || 1.0);
|
|
854
|
+
}
|
|
855
|
+
|
|
856
|
+
private calculateActualCost(duration: number, resourceCount: number): number {
|
|
857
|
+
const baseCost = 0.10;
|
|
858
|
+
const durationCost = (duration / 1000 / 60) * 0.01; // $0.01 per minute
|
|
859
|
+
const resourceCost = (resourceCount / 100) * 0.05; // $0.05 per 100 resources
|
|
860
|
+
return baseCost + durationCost + resourceCost;
|
|
861
|
+
}
|
|
862
|
+
|
|
863
|
+
private calculateComplianceScore(violations: Violation[], totalResources: number): number {
|
|
864
|
+
const weights = { critical: 10, high: 5, medium: 2, low: 1, info: 0 };
|
|
865
|
+
const totalWeight = violations.reduce((sum, v) => sum + weights[v.severity], 0);
|
|
866
|
+
const maxPossibleWeight = totalResources * weights.critical;
|
|
867
|
+
return Math.max(0, 100 - (totalWeight / maxPossibleWeight) * 100);
|
|
868
|
+
}
|
|
869
|
+
|
|
870
|
+
private generateSummary(violations: Violation[], totalResources: number): ScanSummary {
|
|
871
|
+
return {
|
|
872
|
+
totalResourcesScanned: totalResources,
|
|
873
|
+
violationsBySeverity: {
|
|
874
|
+
critical: violations.filter(v => v.severity === 'critical').length,
|
|
875
|
+
high: violations.filter(v => v.severity === 'high').length,
|
|
876
|
+
medium: violations.filter(v => v.severity === 'medium').length,
|
|
877
|
+
low: violations.filter(v => v.severity === 'low').length,
|
|
878
|
+
},
|
|
879
|
+
};
|
|
880
|
+
}
|
|
881
|
+
|
|
882
|
+
private async sendCriticalAlert(result: ScanResult): Promise<void> {
|
|
883
|
+
// Send alerts via configured channels (email, Slack, PagerDuty, etc.)
|
|
884
|
+
console.error(`CRITICAL COMPLIANCE VIOLATION DETECTED: ${result.scanId}`);
|
|
885
|
+
}
|
|
886
|
+
|
|
887
|
+
// Placeholder methods (implement based on your infrastructure)
|
|
888
|
+
private async discoverResources(namespace: string): Promise<any[]> {
|
|
889
|
+
// Implement Kubernetes resource discovery
|
|
890
|
+
return [];
|
|
891
|
+
}
|
|
892
|
+
|
|
893
|
+
private async loadPolicy(policyId: string): Promise<any> {
|
|
894
|
+
// Load policy from policy store
|
|
895
|
+
return {};
|
|
896
|
+
}
|
|
897
|
+
|
|
898
|
+
private async loadViolation(violationId: string): Promise<Violation> {
|
|
899
|
+
// Load violation from database
|
|
900
|
+
return {} as Violation;
|
|
901
|
+
}
|
|
902
|
+
|
|
903
|
+
private async loadRemediationPlan(violation: Violation): Promise<any> {
|
|
904
|
+
// Load remediation plan for violation type
|
|
905
|
+
return {};
|
|
906
|
+
}
|
|
907
|
+
|
|
908
|
+
private async createRollbackPoint(resource: any): Promise<string> {
|
|
909
|
+
// Create backup/snapshot for rollback
|
|
910
|
+
return 'rollback-id';
|
|
911
|
+
}
|
|
912
|
+
|
|
913
|
+
private async executeRollback(violationId: string): Promise<void> {
|
|
914
|
+
// Execute rollback
|
|
915
|
+
}
|
|
916
|
+
|
|
917
|
+
private async validateApprovalToken(token: string, violation: Violation): Promise<void> {
|
|
918
|
+
// Validate approval token
|
|
919
|
+
}
|
|
920
|
+
|
|
921
|
+
private async countRemediatedViolations(startDate: string, endDate: string): Promise<number> {
|
|
922
|
+
// Count remediated violations in period
|
|
923
|
+
return 0;
|
|
924
|
+
}
|
|
925
|
+
|
|
926
|
+
private calculateAverage(numbers: number[]): number {
|
|
927
|
+
return numbers.reduce((sum, n) => sum + n, 0) / numbers.length;
|
|
928
|
+
}
|
|
929
|
+
|
|
930
|
+
private async formatAndStoreReport(params: any): Promise<string> {
|
|
931
|
+
// Format and store report, return URL
|
|
932
|
+
return 'https://reports.example.com/report-id';
|
|
933
|
+
}
|
|
934
|
+
}
|
|
935
|
+
|
|
936
|
+
// Entry point
|
|
937
|
+
async function main() {
|
|
938
|
+
const runtime = new OSSARuntime({
|
|
939
|
+
manifestPath: '/etc/ossa/manifest.yaml',
|
|
940
|
+
});
|
|
941
|
+
|
|
942
|
+
const agent = new ComplianceAgent(runtime);
|
|
943
|
+
await agent.start();
|
|
944
|
+
}
|
|
945
|
+
|
|
946
|
+
main().catch(console.error);
|
|
947
|
+
```
|
|
948
|
+
|
|
949
|
+
## Deployment Instructions
|
|
950
|
+
|
|
951
|
+
### Prerequisites
|
|
952
|
+
|
|
953
|
+
```bash
|
|
954
|
+
# Kubernetes cluster (v1.24+)
|
|
955
|
+
# Vault for secrets management
|
|
956
|
+
# Prometheus for monitoring
|
|
957
|
+
# Jaeger for distributed tracing
|
|
958
|
+
```
|
|
959
|
+
|
|
960
|
+
### Step 1: Deploy Supporting Infrastructure
|
|
961
|
+
|
|
962
|
+
```yaml
|
|
963
|
+
# prometheus-deployment.yaml
|
|
964
|
+
apiVersion: v1
|
|
965
|
+
kind: Namespace
|
|
966
|
+
metadata:
|
|
967
|
+
name: monitoring
|
|
968
|
+
|
|
969
|
+
---
|
|
970
|
+
apiVersion: apps/v1
|
|
971
|
+
kind: Deployment
|
|
972
|
+
metadata:
|
|
973
|
+
name: prometheus
|
|
974
|
+
namespace: monitoring
|
|
975
|
+
spec:
|
|
976
|
+
replicas: 1
|
|
977
|
+
selector:
|
|
978
|
+
matchLabels:
|
|
979
|
+
app: prometheus
|
|
980
|
+
template:
|
|
981
|
+
metadata:
|
|
982
|
+
labels:
|
|
983
|
+
app: prometheus
|
|
984
|
+
spec:
|
|
985
|
+
containers:
|
|
986
|
+
- name: prometheus
|
|
987
|
+
image: prom/prometheus:latest
|
|
988
|
+
ports:
|
|
989
|
+
- containerPort: 9090
|
|
990
|
+
```
|
|
991
|
+
|
|
992
|
+
### Step 2: Deploy Compliance Agent
|
|
993
|
+
|
|
994
|
+
```bash
|
|
995
|
+
# Create namespace
|
|
996
|
+
kubectl create namespace compliance
|
|
997
|
+
|
|
998
|
+
# Create secrets
|
|
999
|
+
kubectl create secret generic compliance-certs \
|
|
1000
|
+
--from-file=ca.crt=/path/to/ca.crt \
|
|
1001
|
+
--from-file=server.crt=/path/to/server.crt \
|
|
1002
|
+
--from-file=server.key=/path/to/server.key \
|
|
1003
|
+
-n compliance
|
|
1004
|
+
|
|
1005
|
+
# Deploy agent
|
|
1006
|
+
kubectl apply -f - <<EOF
|
|
1007
|
+
apiVersion: apps/v1
|
|
1008
|
+
kind: Deployment
|
|
1009
|
+
metadata:
|
|
1010
|
+
name: compliance-agent
|
|
1011
|
+
namespace: compliance
|
|
1012
|
+
labels:
|
|
1013
|
+
app: compliance
|
|
1014
|
+
spec:
|
|
1015
|
+
replicas: 2
|
|
1016
|
+
selector:
|
|
1017
|
+
matchLabels:
|
|
1018
|
+
app: compliance
|
|
1019
|
+
template:
|
|
1020
|
+
metadata:
|
|
1021
|
+
labels:
|
|
1022
|
+
app: compliance
|
|
1023
|
+
annotations:
|
|
1024
|
+
prometheus.io/scrape: "true"
|
|
1025
|
+
prometheus.io/port: "9090"
|
|
1026
|
+
spec:
|
|
1027
|
+
serviceAccountName: compliance-agent
|
|
1028
|
+
containers:
|
|
1029
|
+
- name: agent
|
|
1030
|
+
image: registry.example.com/agents/compliance:2.1.0
|
|
1031
|
+
env:
|
|
1032
|
+
- name: COMPLIANCE_FRAMEWORKS
|
|
1033
|
+
value: "pci-dss,soc2,gdpr"
|
|
1034
|
+
- name: COST_LIMIT_DAILY_USD
|
|
1035
|
+
value: "50.00"
|
|
1036
|
+
- name: AUDIT_LOG_RETENTION_DAYS
|
|
1037
|
+
value: "2555"
|
|
1038
|
+
resources:
|
|
1039
|
+
requests:
|
|
1040
|
+
cpu: 500m
|
|
1041
|
+
memory: 1Gi
|
|
1042
|
+
limits:
|
|
1043
|
+
cpu: 2000m
|
|
1044
|
+
memory: 4Gi
|
|
1045
|
+
volumeMounts:
|
|
1046
|
+
- name: certs
|
|
1047
|
+
mountPath: /etc/certs
|
|
1048
|
+
readOnly: true
|
|
1049
|
+
ports:
|
|
1050
|
+
- containerPort: 8080
|
|
1051
|
+
name: http
|
|
1052
|
+
- containerPort: 9090
|
|
1053
|
+
name: metrics
|
|
1054
|
+
livenessProbe:
|
|
1055
|
+
httpGet:
|
|
1056
|
+
path: /health
|
|
1057
|
+
port: 8080
|
|
1058
|
+
initialDelaySeconds: 30
|
|
1059
|
+
periodSeconds: 30
|
|
1060
|
+
readinessProbe:
|
|
1061
|
+
httpGet:
|
|
1062
|
+
path: /ready
|
|
1063
|
+
port: 8080
|
|
1064
|
+
initialDelaySeconds: 10
|
|
1065
|
+
periodSeconds: 10
|
|
1066
|
+
volumes:
|
|
1067
|
+
- name: certs
|
|
1068
|
+
secret:
|
|
1069
|
+
secretName: compliance-certs
|
|
1070
|
+
---
|
|
1071
|
+
apiVersion: v1
|
|
1072
|
+
kind: Service
|
|
1073
|
+
metadata:
|
|
1074
|
+
name: compliance-agent
|
|
1075
|
+
namespace: compliance
|
|
1076
|
+
spec:
|
|
1077
|
+
selector:
|
|
1078
|
+
app: compliance
|
|
1079
|
+
ports:
|
|
1080
|
+
- port: 8080
|
|
1081
|
+
name: http
|
|
1082
|
+
- port: 9090
|
|
1083
|
+
name: metrics
|
|
1084
|
+
EOF
|
|
1085
|
+
```
|
|
1086
|
+
|
|
1087
|
+
### Step 3: Configure RBAC
|
|
1088
|
+
|
|
1089
|
+
```yaml
|
|
1090
|
+
apiVersion: v1
|
|
1091
|
+
kind: ServiceAccount
|
|
1092
|
+
metadata:
|
|
1093
|
+
name: compliance-agent
|
|
1094
|
+
namespace: compliance
|
|
1095
|
+
---
|
|
1096
|
+
apiVersion: rbac.authorization.k8s.io/v1
|
|
1097
|
+
kind: ClusterRole
|
|
1098
|
+
metadata:
|
|
1099
|
+
name: compliance-agent
|
|
1100
|
+
rules:
|
|
1101
|
+
- apiGroups: [""]
|
|
1102
|
+
resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims"]
|
|
1103
|
+
verbs: ["get", "list", "watch"]
|
|
1104
|
+
- apiGroups: ["apps"]
|
|
1105
|
+
resources: ["deployments", "statefulsets", "daemonsets"]
|
|
1106
|
+
verbs: ["get", "list", "watch"]
|
|
1107
|
+
- apiGroups: ["networking.k8s.io"]
|
|
1108
|
+
resources: ["networkpolicies"]
|
|
1109
|
+
verbs: ["get", "list", "watch"]
|
|
1110
|
+
---
|
|
1111
|
+
apiVersion: rbac.authorization.k8s.io/v1
|
|
1112
|
+
kind: ClusterRoleBinding
|
|
1113
|
+
metadata:
|
|
1114
|
+
name: compliance-agent
|
|
1115
|
+
roleRef:
|
|
1116
|
+
apiGroup: rbac.authorization.k8s.io
|
|
1117
|
+
kind: ClusterRole
|
|
1118
|
+
name: compliance-agent
|
|
1119
|
+
subjects:
|
|
1120
|
+
- kind: ServiceAccount
|
|
1121
|
+
name: compliance-agent
|
|
1122
|
+
namespace: compliance
|
|
1123
|
+
```
|
|
1124
|
+
|
|
1125
|
+
### Step 4: Verify Deployment
|
|
1126
|
+
|
|
1127
|
+
```bash
|
|
1128
|
+
# Check agent status
|
|
1129
|
+
kubectl get pods -n compliance
|
|
1130
|
+
|
|
1131
|
+
# View logs
|
|
1132
|
+
kubectl logs -n compliance deployment/compliance-agent -f
|
|
1133
|
+
|
|
1134
|
+
# Check metrics
|
|
1135
|
+
curl http://compliance-agent.compliance.svc.cluster.local:9090/metrics
|
|
1136
|
+
|
|
1137
|
+
# Run test scan
|
|
1138
|
+
kubectl exec -n compliance deployment/compliance-agent -- \
|
|
1139
|
+
curl -X POST http://localhost:8080/v1/compliance/scan \
|
|
1140
|
+
-H "Content-Type: application/json" \
|
|
1141
|
+
-d '{"namespace": "default", "frameworks": ["pci-dss"]}'
|
|
1142
|
+
```
|
|
1143
|
+
|
|
1144
|
+
### Step 5: Configure Monitoring
|
|
1145
|
+
|
|
1146
|
+
```bash
|
|
1147
|
+
# Add Prometheus scrape config
|
|
1148
|
+
kubectl apply -f - <<EOF
|
|
1149
|
+
apiVersion: v1
|
|
1150
|
+
kind: ConfigMap
|
|
1151
|
+
metadata:
|
|
1152
|
+
name: prometheus-config
|
|
1153
|
+
namespace: monitoring
|
|
1154
|
+
data:
|
|
1155
|
+
prometheus.yml: |
|
|
1156
|
+
global:
|
|
1157
|
+
scrape_interval: 15s
|
|
1158
|
+
scrape_configs:
|
|
1159
|
+
- job_name: 'compliance-agent'
|
|
1160
|
+
kubernetes_sd_configs:
|
|
1161
|
+
- role: pod
|
|
1162
|
+
namespaces:
|
|
1163
|
+
names:
|
|
1164
|
+
- compliance
|
|
1165
|
+
relabel_configs:
|
|
1166
|
+
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
|
|
1167
|
+
action: keep
|
|
1168
|
+
regex: true
|
|
1169
|
+
EOF
|
|
1170
|
+
```
|
|
1171
|
+
|
|
1172
|
+
## Production Checklist
|
|
1173
|
+
|
|
1174
|
+
- [ ] Secrets stored in Vault, not ConfigMaps
|
|
1175
|
+
- [ ] Mutual TLS configured for all endpoints
|
|
1176
|
+
- [ ] RBAC policies restricted to minimum required permissions
|
|
1177
|
+
- [ ] Cost alerts configured in monitoring system
|
|
1178
|
+
- [ ] Audit logs encrypted at rest
|
|
1179
|
+
- [ ] Backup/disaster recovery plan tested
|
|
1180
|
+
- [ ] High availability: Multiple replicas across zones
|
|
1181
|
+
- [ ] Resource quotas configured
|
|
1182
|
+
- [ ] Network policies enforced
|
|
1183
|
+
- [ ] Compliance reports automatically archived to long-term storage
|
|
1184
|
+
|
|
1185
|
+
## Cost Management
|
|
1186
|
+
|
|
1187
|
+
The agent enforces daily cost limits:
|
|
1188
|
+
- **Daily budget**: $50 (configurable)
|
|
1189
|
+
- **Alert threshold**: 80% of budget
|
|
1190
|
+
- **Actions on limit**: Reduce scan frequency, disable non-critical scans, notify admin
|
|
1191
|
+
- **Actual costs logged**: Every scan records actual cost for billing
|
|
1192
|
+
|
|
1193
|
+
## Security Considerations
|
|
1194
|
+
|
|
1195
|
+
- All secrets managed via HashiCorp Vault
|
|
1196
|
+
- Mutual TLS for all network communication
|
|
1197
|
+
- Pod Security Standards: `restricted` profile enforced
|
|
1198
|
+
- Network policies deny all traffic except allowed
|
|
1199
|
+
- Audit logs encrypted with 7-year retention
|
|
1200
|
+
- No auto-remediation without explicit approval for critical/high severity
|
|
1201
|
+
- RBAC strictly enforced
|
|
1202
|
+
|
|
1203
|
+
## Further Reading
|
|
1204
|
+
|
|
1205
|
+
- [PCI-DSS v4.0 Requirements](https://www.pcisecuritystandards.org/)
|
|
1206
|
+
- [SOC2 Trust Service Criteria](https://www.aicpa.org/soc)
|
|
1207
|
+
- [GDPR Compliance Guide](https://gdpr.eu/)
|
|
1208
|
+
- [OSSA Runtime Documentation](https://openstandardagents.org/docs/runtime)
|