@bluefly/openstandardagents 0.2.9 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (836) hide show
  1. package/CHANGELOG.md +1766 -212
  2. package/README.md +517 -168
  3. package/bin/ossa-generate +9 -16
  4. package/bin/quickstart +514 -0
  5. package/dist/adapters/anthropic/client.d.ts +144 -0
  6. package/dist/adapters/anthropic/client.d.ts.map +1 -0
  7. package/dist/adapters/anthropic/client.js +364 -0
  8. package/dist/adapters/anthropic/client.js.map +1 -0
  9. package/dist/adapters/anthropic/config.d.ts +149 -0
  10. package/dist/adapters/anthropic/config.d.ts.map +1 -0
  11. package/dist/adapters/anthropic/config.js +157 -0
  12. package/dist/adapters/anthropic/config.js.map +1 -0
  13. package/dist/adapters/anthropic/index.d.ts +40 -0
  14. package/dist/adapters/anthropic/index.d.ts.map +1 -0
  15. package/dist/adapters/anthropic/index.js +40 -0
  16. package/dist/adapters/anthropic/index.js.map +1 -0
  17. package/dist/adapters/anthropic/messages.d.ts +93 -0
  18. package/dist/adapters/anthropic/messages.d.ts.map +1 -0
  19. package/dist/adapters/anthropic/messages.js +318 -0
  20. package/dist/adapters/anthropic/messages.js.map +1 -0
  21. package/dist/adapters/anthropic/runtime.d.ts +136 -0
  22. package/dist/adapters/anthropic/runtime.d.ts.map +1 -0
  23. package/dist/adapters/anthropic/runtime.js +287 -0
  24. package/dist/adapters/anthropic/runtime.js.map +1 -0
  25. package/dist/adapters/anthropic/tools.d.ts +126 -0
  26. package/dist/adapters/anthropic/tools.d.ts.map +1 -0
  27. package/dist/adapters/anthropic/tools.js +329 -0
  28. package/dist/adapters/anthropic/tools.js.map +1 -0
  29. package/dist/adapters/crewai-adapter.d.ts +57 -0
  30. package/dist/adapters/crewai-adapter.d.ts.map +1 -0
  31. package/dist/adapters/crewai-adapter.js +164 -0
  32. package/dist/adapters/crewai-adapter.js.map +1 -0
  33. package/dist/adapters/drupal/index.d.ts +109 -0
  34. package/dist/adapters/drupal/index.d.ts.map +1 -0
  35. package/dist/adapters/drupal/index.js +292 -0
  36. package/dist/adapters/drupal/index.js.map +1 -0
  37. package/dist/adapters/langchain-adapter.d.ts +45 -0
  38. package/dist/adapters/langchain-adapter.d.ts.map +1 -0
  39. package/dist/adapters/langchain-adapter.js +133 -0
  40. package/dist/adapters/langchain-adapter.js.map +1 -0
  41. package/dist/adapters/langflow-adapter.d.ts +50 -0
  42. package/dist/adapters/langflow-adapter.d.ts.map +1 -0
  43. package/dist/adapters/langflow-adapter.js +232 -0
  44. package/dist/adapters/langflow-adapter.js.map +1 -0
  45. package/dist/adapters/openapi-adapter.d.ts +93 -0
  46. package/dist/adapters/openapi-adapter.d.ts.map +1 -0
  47. package/dist/adapters/openapi-adapter.js +311 -0
  48. package/dist/adapters/openapi-adapter.js.map +1 -0
  49. package/dist/adapters/symfony/index.d.ts +163 -0
  50. package/dist/adapters/symfony/index.d.ts.map +1 -0
  51. package/dist/adapters/symfony/index.js +271 -0
  52. package/dist/adapters/symfony/index.js.map +1 -0
  53. package/dist/cli/commands/agents-md.command.d.ts +7 -0
  54. package/dist/cli/commands/agents-md.command.d.ts.map +1 -0
  55. package/dist/cli/commands/agents-md.command.js +148 -0
  56. package/dist/cli/commands/agents-md.command.js.map +1 -0
  57. package/dist/cli/commands/contract.command.d.ts +10 -0
  58. package/dist/cli/commands/contract.command.d.ts.map +1 -0
  59. package/dist/cli/commands/contract.command.js +402 -0
  60. package/dist/cli/commands/contract.command.js.map +1 -0
  61. package/dist/cli/commands/dependencies.command.d.ts +10 -0
  62. package/dist/cli/commands/dependencies.command.d.ts.map +1 -0
  63. package/dist/cli/commands/dependencies.command.js +318 -0
  64. package/dist/cli/commands/dependencies.command.js.map +1 -0
  65. package/dist/cli/commands/deploy.command.d.ts +4 -0
  66. package/dist/cli/commands/deploy.command.d.ts.map +1 -0
  67. package/dist/cli/commands/deploy.command.js +172 -0
  68. package/dist/cli/commands/deploy.command.js.map +1 -0
  69. package/dist/cli/commands/deploy.d.ts +22 -0
  70. package/dist/cli/commands/deploy.d.ts.map +1 -0
  71. package/dist/cli/commands/deploy.js +319 -0
  72. package/dist/cli/commands/deploy.js.map +1 -0
  73. package/dist/cli/commands/export.command.d.ts +7 -0
  74. package/dist/cli/commands/export.command.d.ts.map +1 -0
  75. package/dist/cli/commands/export.command.js +56 -0
  76. package/dist/cli/commands/export.command.js.map +1 -0
  77. package/dist/cli/commands/generate.command.d.ts +7 -0
  78. package/dist/cli/commands/generate.command.d.ts.map +1 -0
  79. package/dist/cli/commands/generate.command.js +66 -0
  80. package/dist/cli/commands/generate.command.js.map +1 -0
  81. package/dist/cli/commands/github-sync.command.d.ts +3 -0
  82. package/dist/cli/commands/github-sync.command.d.ts.map +1 -0
  83. package/dist/cli/commands/github-sync.command.js +51 -0
  84. package/dist/cli/commands/github-sync.command.js.map +1 -0
  85. package/dist/cli/commands/gitlab-agent.command.d.ts +8 -0
  86. package/dist/cli/commands/gitlab-agent.command.d.ts.map +1 -0
  87. package/dist/cli/commands/gitlab-agent.command.js +201 -0
  88. package/dist/cli/commands/gitlab-agent.command.js.map +1 -0
  89. package/dist/cli/commands/import.command.d.ts +7 -0
  90. package/dist/cli/commands/import.command.d.ts.map +1 -0
  91. package/dist/cli/commands/import.command.js +36 -0
  92. package/dist/cli/commands/import.command.js.map +1 -0
  93. package/dist/cli/commands/info.command.d.ts +3 -0
  94. package/dist/cli/commands/info.command.d.ts.map +1 -0
  95. package/dist/cli/commands/info.command.js +45 -0
  96. package/dist/cli/commands/info.command.js.map +1 -0
  97. package/dist/cli/commands/init.command.d.ts +7 -0
  98. package/dist/cli/commands/init.command.d.ts.map +1 -0
  99. package/dist/cli/commands/init.command.js +139 -0
  100. package/dist/cli/commands/init.command.js.map +1 -0
  101. package/dist/cli/commands/install.command.d.ts +3 -0
  102. package/dist/cli/commands/install.command.d.ts.map +1 -0
  103. package/dist/cli/commands/install.command.js +44 -0
  104. package/dist/cli/commands/install.command.js.map +1 -0
  105. package/dist/cli/commands/migrate.command.d.ts +22 -0
  106. package/dist/cli/commands/migrate.command.d.ts.map +1 -0
  107. package/dist/cli/commands/migrate.command.js +157 -0
  108. package/dist/cli/commands/migrate.command.js.map +1 -0
  109. package/dist/cli/commands/publish.command.d.ts +3 -0
  110. package/dist/cli/commands/publish.command.d.ts.map +1 -0
  111. package/dist/cli/commands/publish.command.js +76 -0
  112. package/dist/cli/commands/publish.command.js.map +1 -0
  113. package/dist/cli/commands/quickstart.command.d.ts +10 -0
  114. package/dist/cli/commands/quickstart.command.d.ts.map +1 -0
  115. package/dist/cli/commands/quickstart.command.js +257 -0
  116. package/dist/cli/commands/quickstart.command.js.map +1 -0
  117. package/dist/cli/commands/release.command.d.ts +8 -0
  118. package/dist/cli/commands/release.command.d.ts.map +1 -0
  119. package/dist/cli/commands/release.command.js +641 -0
  120. package/dist/cli/commands/release.command.js.map +1 -0
  121. package/dist/cli/commands/run.command.d.ts +7 -0
  122. package/dist/cli/commands/run.command.d.ts.map +1 -0
  123. package/dist/cli/commands/run.command.js +125 -0
  124. package/dist/cli/commands/run.command.js.map +1 -0
  125. package/dist/cli/commands/schema.command.d.ts +7 -0
  126. package/dist/cli/commands/schema.command.d.ts.map +1 -0
  127. package/dist/cli/commands/schema.command.js +76 -0
  128. package/dist/cli/commands/schema.command.js.map +1 -0
  129. package/dist/cli/commands/search.command.d.ts +3 -0
  130. package/dist/cli/commands/search.command.d.ts.map +1 -0
  131. package/dist/cli/commands/search.command.js +45 -0
  132. package/dist/cli/commands/search.command.js.map +1 -0
  133. package/dist/cli/commands/setup.command.d.ts +11 -0
  134. package/dist/cli/commands/setup.command.d.ts.map +1 -0
  135. package/dist/cli/commands/setup.command.js +350 -0
  136. package/dist/cli/commands/setup.command.js.map +1 -0
  137. package/dist/cli/commands/sync.command.d.ts +3 -0
  138. package/dist/cli/commands/sync.command.d.ts.map +1 -0
  139. package/dist/cli/commands/sync.command.js +51 -0
  140. package/dist/cli/commands/sync.command.js.map +1 -0
  141. package/dist/cli/commands/test.command.d.ts +3 -0
  142. package/dist/cli/commands/test.command.d.ts.map +1 -0
  143. package/dist/cli/commands/test.command.js +91 -0
  144. package/dist/cli/commands/test.command.js.map +1 -0
  145. package/dist/cli/commands/validate.command.d.ts +7 -0
  146. package/dist/cli/commands/validate.command.d.ts.map +1 -0
  147. package/dist/cli/commands/validate.command.js +143 -0
  148. package/dist/cli/commands/validate.command.js.map +1 -0
  149. package/dist/cli/index.d.ts +7 -0
  150. package/dist/cli/index.d.ts.map +1 -0
  151. package/dist/cli/index.js +148 -0
  152. package/dist/cli/index.js.map +1 -0
  153. package/dist/cli/utils/error-formatter.d.ts +19 -0
  154. package/dist/cli/utils/error-formatter.d.ts.map +1 -0
  155. package/dist/cli/utils/error-formatter.js +330 -0
  156. package/dist/cli/utils/error-formatter.js.map +1 -0
  157. package/dist/deploy/base-driver.d.ts +39 -0
  158. package/dist/deploy/base-driver.d.ts.map +1 -0
  159. package/dist/deploy/base-driver.js +63 -0
  160. package/dist/deploy/base-driver.js.map +1 -0
  161. package/dist/deploy/docker-driver.d.ts +32 -0
  162. package/dist/deploy/docker-driver.d.ts.map +1 -0
  163. package/dist/deploy/docker-driver.js +246 -0
  164. package/dist/deploy/docker-driver.js.map +1 -0
  165. package/dist/deploy/index.d.ts +15 -0
  166. package/dist/deploy/index.d.ts.map +1 -0
  167. package/dist/deploy/index.js +28 -0
  168. package/dist/deploy/index.js.map +1 -0
  169. package/dist/deploy/k8s-driver.d.ts +40 -0
  170. package/dist/deploy/k8s-driver.d.ts.map +1 -0
  171. package/dist/deploy/k8s-driver.js +372 -0
  172. package/dist/deploy/k8s-driver.js.map +1 -0
  173. package/dist/deploy/local-driver.d.ts +20 -0
  174. package/dist/deploy/local-driver.d.ts.map +1 -0
  175. package/dist/deploy/local-driver.js +150 -0
  176. package/dist/deploy/local-driver.js.map +1 -0
  177. package/dist/deploy/types.d.ts +103 -0
  178. package/dist/deploy/types.d.ts.map +1 -0
  179. package/dist/deploy/types.js +6 -0
  180. package/dist/deploy/types.js.map +1 -0
  181. package/dist/di-container.d.ts.map +1 -1
  182. package/dist/di-container.js +14 -0
  183. package/dist/di-container.js.map +1 -1
  184. package/dist/index.d.ts +2 -1
  185. package/dist/index.d.ts.map +1 -1
  186. package/dist/index.js +3 -1
  187. package/dist/index.js.map +1 -1
  188. package/dist/mesh/client.d.ts +144 -0
  189. package/dist/mesh/client.d.ts.map +1 -0
  190. package/dist/mesh/client.js +424 -0
  191. package/dist/mesh/client.js.map +1 -0
  192. package/dist/mesh/discovery.d.ts +176 -0
  193. package/dist/mesh/discovery.d.ts.map +1 -0
  194. package/dist/mesh/discovery.js +288 -0
  195. package/dist/mesh/discovery.js.map +1 -0
  196. package/dist/mesh/index.d.ts +89 -0
  197. package/dist/mesh/index.d.ts.map +1 -0
  198. package/dist/mesh/index.js +92 -0
  199. package/dist/mesh/index.js.map +1 -0
  200. package/dist/mesh/routing.d.ts +158 -0
  201. package/dist/mesh/routing.d.ts.map +1 -0
  202. package/dist/mesh/routing.js +360 -0
  203. package/dist/mesh/routing.js.map +1 -0
  204. package/dist/mesh/types.d.ts +439 -0
  205. package/dist/mesh/types.d.ts.map +1 -0
  206. package/dist/mesh/types.js +6 -0
  207. package/dist/mesh/types.js.map +1 -0
  208. package/dist/messaging/broker.d.ts +76 -0
  209. package/dist/messaging/broker.d.ts.map +1 -0
  210. package/dist/messaging/broker.js +145 -0
  211. package/dist/messaging/broker.js.map +1 -0
  212. package/dist/messaging/channels.d.ts +70 -0
  213. package/dist/messaging/channels.d.ts.map +1 -0
  214. package/dist/messaging/channels.js +183 -0
  215. package/dist/messaging/channels.js.map +1 -0
  216. package/dist/messaging/index.d.ts +10 -0
  217. package/dist/messaging/index.d.ts.map +1 -0
  218. package/dist/messaging/index.js +10 -0
  219. package/dist/messaging/index.js.map +1 -0
  220. package/dist/messaging/protocols/memory.d.ts +83 -0
  221. package/dist/messaging/protocols/memory.d.ts.map +1 -0
  222. package/dist/messaging/protocols/memory.js +293 -0
  223. package/dist/messaging/protocols/memory.js.map +1 -0
  224. package/dist/messaging/protocols/redis.d.ts +83 -0
  225. package/dist/messaging/protocols/redis.d.ts.map +1 -0
  226. package/dist/messaging/protocols/redis.js +223 -0
  227. package/dist/messaging/protocols/redis.js.map +1 -0
  228. package/dist/messaging/types.d.ts +180 -0
  229. package/dist/messaging/types.d.ts.map +1 -0
  230. package/dist/messaging/types.js +6 -0
  231. package/dist/messaging/types.js.map +1 -0
  232. package/dist/repositories/manifest.repository.d.ts +1 -1
  233. package/dist/repositories/manifest.repository.d.ts.map +1 -1
  234. package/dist/repositories/manifest.repository.js +7 -6
  235. package/dist/repositories/manifest.repository.js.map +1 -1
  236. package/dist/repositories/schema.repository.d.ts +4 -0
  237. package/dist/repositories/schema.repository.d.ts.map +1 -1
  238. package/dist/repositories/schema.repository.js +10 -3
  239. package/dist/repositories/schema.repository.js.map +1 -1
  240. package/dist/sdk/events/cloudevents-emitter.d.ts +56 -0
  241. package/dist/sdk/events/cloudevents-emitter.d.ts.map +1 -0
  242. package/dist/sdk/events/cloudevents-emitter.js +101 -0
  243. package/dist/sdk/events/cloudevents-emitter.js.map +1 -0
  244. package/dist/sdk/events/index.d.ts +2 -0
  245. package/dist/sdk/events/index.d.ts.map +1 -0
  246. package/dist/sdk/events/index.js +2 -0
  247. package/dist/sdk/events/index.js.map +1 -0
  248. package/dist/sdk/tracing/index.d.ts +2 -0
  249. package/dist/sdk/tracing/index.d.ts.map +1 -0
  250. package/dist/sdk/tracing/index.js +2 -0
  251. package/dist/sdk/tracing/index.js.map +1 -0
  252. package/dist/sdk/tracing/w3c-baggage.d.ts +40 -0
  253. package/dist/sdk/tracing/w3c-baggage.d.ts.map +1 -0
  254. package/dist/sdk/tracing/w3c-baggage.js +148 -0
  255. package/dist/sdk/tracing/w3c-baggage.js.map +1 -0
  256. package/dist/services/agent-services/qdrant.service.d.ts +60 -0
  257. package/dist/services/agent-services/qdrant.service.d.ts.map +1 -0
  258. package/dist/services/agent-services/qdrant.service.js +168 -0
  259. package/dist/services/agent-services/qdrant.service.js.map +1 -0
  260. package/dist/services/agents-md/agents-md.service.d.ts +61 -0
  261. package/dist/services/agents-md/agents-md.service.d.ts.map +1 -0
  262. package/dist/services/agents-md/agents-md.service.js +348 -0
  263. package/dist/services/agents-md/agents-md.service.js.map +1 -0
  264. package/dist/services/deployment/deployment.service.d.ts +19 -0
  265. package/dist/services/deployment/deployment.service.d.ts.map +1 -0
  266. package/dist/services/deployment/deployment.service.js +87 -0
  267. package/dist/services/deployment/deployment.service.js.map +1 -0
  268. package/dist/services/generation.service.d.ts +3 -1
  269. package/dist/services/generation.service.d.ts.map +1 -1
  270. package/dist/services/generation.service.js +34 -68
  271. package/dist/services/generation.service.js.map +1 -1
  272. package/dist/services/github-sync/github-client.js +2 -2
  273. package/dist/services/github-sync/github-client.js.map +1 -1
  274. package/dist/services/github-sync/schemas.d.ts +1 -1
  275. package/dist/services/github-sync/schemas.d.ts.map +1 -1
  276. package/dist/services/github-sync/schemas.js.map +1 -1
  277. package/dist/services/github-sync/sync.service.d.ts.map +1 -1
  278. package/dist/services/github-sync/sync.service.js +4 -2
  279. package/dist/services/github-sync/sync.service.js.map +1 -1
  280. package/dist/services/gitlab-agent.service.d.ts.map +1 -1
  281. package/dist/services/gitlab-agent.service.js +3 -1
  282. package/dist/services/gitlab-agent.service.js.map +1 -1
  283. package/dist/services/messaging/example.d.ts +6 -0
  284. package/dist/services/messaging/example.d.ts.map +1 -0
  285. package/dist/services/messaging/example.js +260 -0
  286. package/dist/services/messaging/example.js.map +1 -0
  287. package/dist/services/messaging/index.d.ts +81 -0
  288. package/dist/services/messaging/index.d.ts.map +1 -0
  289. package/dist/services/messaging/index.js +85 -0
  290. package/dist/services/messaging/index.js.map +1 -0
  291. package/dist/services/messaging/memory-broker.d.ts +103 -0
  292. package/dist/services/messaging/memory-broker.d.ts.map +1 -0
  293. package/dist/services/messaging/memory-broker.js +435 -0
  294. package/dist/services/messaging/memory-broker.js.map +1 -0
  295. package/dist/services/messaging/messaging.service.d.ts +150 -0
  296. package/dist/services/messaging/messaging.service.d.ts.map +1 -0
  297. package/dist/services/messaging/messaging.service.js +456 -0
  298. package/dist/services/messaging/messaging.service.js.map +1 -0
  299. package/dist/services/messaging/messaging.types.d.ts +319 -0
  300. package/dist/services/messaging/messaging.types.d.ts.map +1 -0
  301. package/dist/services/messaging/messaging.types.js +68 -0
  302. package/dist/services/messaging/messaging.types.js.map +1 -0
  303. package/dist/services/migration.service.d.ts +45 -4
  304. package/dist/services/migration.service.d.ts.map +1 -1
  305. package/dist/services/migration.service.js +248 -31
  306. package/dist/services/migration.service.js.map +1 -1
  307. package/dist/services/registry/registry.service.d.ts +39 -0
  308. package/dist/services/registry/registry.service.d.ts.map +1 -0
  309. package/dist/services/registry/registry.service.js +169 -0
  310. package/dist/services/registry/registry.service.js.map +1 -0
  311. package/dist/services/release-automation/base-crud.service.d.ts.map +1 -1
  312. package/dist/services/release-automation/base-crud.service.js.map +1 -1
  313. package/dist/services/release-automation/merge-request.service.d.ts.map +1 -1
  314. package/dist/services/release-automation/merge-request.service.js +4 -4
  315. package/dist/services/release-automation/merge-request.service.js.map +1 -1
  316. package/dist/services/release-automation/milestone.service.d.ts.map +1 -1
  317. package/dist/services/release-automation/milestone.service.js.map +1 -1
  318. package/dist/services/release-automation/release.service.d.ts +4 -4
  319. package/dist/services/release-automation/release.service.d.ts.map +1 -1
  320. package/dist/services/release-automation/release.service.js +1 -3
  321. package/dist/services/release-automation/release.service.js.map +1 -1
  322. package/dist/services/release-automation/schemas/release.schema.d.ts +3 -3
  323. package/dist/services/release-automation/schemas/release.schema.d.ts.map +1 -1
  324. package/dist/services/release-automation/schemas/release.schema.js +11 -23
  325. package/dist/services/release-automation/schemas/release.schema.js.map +1 -1
  326. package/dist/services/release-automation/tag.service.d.ts.map +1 -1
  327. package/dist/services/release-automation/tag.service.js +4 -1
  328. package/dist/services/release-automation/tag.service.js.map +1 -1
  329. package/dist/services/release-automation/webhook.service.d.ts +2 -2
  330. package/dist/services/release-automation/webhook.service.d.ts.map +1 -1
  331. package/dist/services/release-automation/webhook.service.js +27 -14
  332. package/dist/services/release-automation/webhook.service.js.map +1 -1
  333. package/dist/services/runtime/anthropic.adapter.d.ts +145 -0
  334. package/dist/services/runtime/anthropic.adapter.d.ts.map +1 -0
  335. package/dist/services/runtime/anthropic.adapter.js +525 -0
  336. package/dist/services/runtime/anthropic.adapter.js.map +1 -0
  337. package/dist/services/runtime/azure.adapter.d.ts +389 -0
  338. package/dist/services/runtime/azure.adapter.d.ts.map +1 -0
  339. package/dist/services/runtime/azure.adapter.js +515 -0
  340. package/dist/services/runtime/azure.adapter.js.map +1 -0
  341. package/dist/services/runtime/bedrock.adapter.d.ts +170 -0
  342. package/dist/services/runtime/bedrock.adapter.d.ts.map +1 -0
  343. package/dist/services/runtime/bedrock.adapter.js +667 -0
  344. package/dist/services/runtime/bedrock.adapter.js.map +1 -0
  345. package/dist/services/runtime/claude/capability-mapper.d.ts.map +1 -1
  346. package/dist/services/runtime/claude/capability-mapper.js.map +1 -1
  347. package/dist/services/runtime/claude/claude-adapter.d.ts.map +1 -1
  348. package/dist/services/runtime/claude/claude-adapter.js +3 -7
  349. package/dist/services/runtime/claude/claude-adapter.js.map +1 -1
  350. package/dist/services/runtime/claude/manifest-parser.d.ts.map +1 -1
  351. package/dist/services/runtime/claude/manifest-parser.js +2 -2
  352. package/dist/services/runtime/claude/manifest-parser.js.map +1 -1
  353. package/dist/services/runtime/gemini.adapter.d.ts +190 -0
  354. package/dist/services/runtime/gemini.adapter.d.ts.map +1 -0
  355. package/dist/services/runtime/gemini.adapter.js +603 -0
  356. package/dist/services/runtime/gemini.adapter.js.map +1 -0
  357. package/dist/services/runtime/mistral.adapter.d.ts +201 -0
  358. package/dist/services/runtime/mistral.adapter.d.ts.map +1 -0
  359. package/dist/services/runtime/mistral.adapter.js +654 -0
  360. package/dist/services/runtime/mistral.adapter.js.map +1 -0
  361. package/dist/services/runtime/ollama.adapter.d.ts +187 -0
  362. package/dist/services/runtime/ollama.adapter.d.ts.map +1 -0
  363. package/dist/services/runtime/ollama.adapter.js +525 -0
  364. package/dist/services/runtime/ollama.adapter.js.map +1 -0
  365. package/dist/services/runtime/openai.adapter.d.ts.map +1 -1
  366. package/dist/services/runtime/openai.adapter.js.map +1 -1
  367. package/dist/services/test-runner/test-runner.service.d.ts +21 -0
  368. package/dist/services/test-runner/test-runner.service.d.ts.map +1 -0
  369. package/dist/services/test-runner/test-runner.service.js +91 -0
  370. package/dist/services/test-runner/test-runner.service.js.map +1 -0
  371. package/dist/services/validation.service.d.ts.map +1 -1
  372. package/dist/services/validation.service.js +38 -13
  373. package/dist/services/validation.service.js.map +1 -1
  374. package/dist/services/validators/anthropic.validator.d.ts.map +1 -1
  375. package/dist/services/validators/anthropic.validator.js +2 -5
  376. package/dist/services/validators/anthropic.validator.js.map +1 -1
  377. package/dist/services/validators/autogen.validator.d.ts.map +1 -1
  378. package/dist/services/validators/autogen.validator.js +1 -2
  379. package/dist/services/validators/autogen.validator.js.map +1 -1
  380. package/dist/services/validators/contract.validator.d.ts +90 -0
  381. package/dist/services/validators/contract.validator.d.ts.map +1 -0
  382. package/dist/services/validators/contract.validator.js +508 -0
  383. package/dist/services/validators/contract.validator.js.map +1 -0
  384. package/dist/services/validators/crewai.validator.d.ts.map +1 -1
  385. package/dist/services/validators/crewai.validator.js.map +1 -1
  386. package/dist/services/validators/cursor.validator.d.ts.map +1 -1
  387. package/dist/services/validators/cursor.validator.js.map +1 -1
  388. package/dist/services/validators/dependencies.validator.d.ts +104 -0
  389. package/dist/services/validators/dependencies.validator.d.ts.map +1 -0
  390. package/dist/services/validators/dependencies.validator.js +386 -0
  391. package/dist/services/validators/dependencies.validator.js.map +1 -0
  392. package/dist/services/validators/index.d.ts +1 -0
  393. package/dist/services/validators/index.d.ts.map +1 -1
  394. package/dist/services/validators/index.js +1 -0
  395. package/dist/services/validators/index.js.map +1 -1
  396. package/dist/services/validators/langchain.validator.d.ts.map +1 -1
  397. package/dist/services/validators/langchain.validator.js +4 -13
  398. package/dist/services/validators/langchain.validator.js.map +1 -1
  399. package/dist/services/validators/langflow.validator.d.ts.map +1 -1
  400. package/dist/services/validators/langflow.validator.js +1 -2
  401. package/dist/services/validators/langflow.validator.js.map +1 -1
  402. package/dist/services/validators/langgraph.validator.d.ts.map +1 -1
  403. package/dist/services/validators/langgraph.validator.js +1 -2
  404. package/dist/services/validators/langgraph.validator.js.map +1 -1
  405. package/dist/services/validators/llamaindex.validator.d.ts.map +1 -1
  406. package/dist/services/validators/llamaindex.validator.js +4 -13
  407. package/dist/services/validators/llamaindex.validator.js.map +1 -1
  408. package/dist/services/validators/messaging.validator.d.ts +77 -0
  409. package/dist/services/validators/messaging.validator.d.ts.map +1 -0
  410. package/dist/services/validators/messaging.validator.js +296 -0
  411. package/dist/services/validators/messaging.validator.js.map +1 -0
  412. package/dist/services/validators/openai.validator.d.ts.map +1 -1
  413. package/dist/services/validators/openai.validator.js +1 -6
  414. package/dist/services/validators/openai.validator.js.map +1 -1
  415. package/dist/services/validators/vercel-ai.validator.d.ts.map +1 -1
  416. package/dist/services/validators/vercel-ai.validator.js +1 -3
  417. package/dist/services/validators/vercel-ai.validator.js.map +1 -1
  418. package/dist/spec/extensions/a2a-messaging.md +471 -0
  419. package/dist/spec/extensions/manifest-extensions.md +550 -0
  420. package/dist/spec/registry/README.md +472 -0
  421. package/dist/spec/registry/openapi.yaml +1124 -0
  422. package/dist/spec/registry/registry-api.schema.json +731 -0
  423. package/dist/spec/registry/registry-spec.md +2239 -0
  424. package/dist/spec/schema/agent-test.schema.json +117 -0
  425. package/dist/spec/schema/components/activity-stream.schema.json +94 -0
  426. package/dist/spec/schema/components/constraints.schema.json +84 -0
  427. package/dist/spec/schema/components/dependencies.schema.json +147 -0
  428. package/dist/spec/schema/components/encryption.schema.json +115 -0
  429. package/dist/spec/schema/components/identity.schema.json +48 -0
  430. package/dist/spec/schema/components/index.json +37 -0
  431. package/dist/spec/schema/components/llm-config.schema.json +67 -0
  432. package/dist/spec/schema/components/metadata.schema.json +37 -0
  433. package/dist/spec/schema/components/tool.schema.json +64 -0
  434. package/dist/spec/schema/extensions/a2a.extension.schema.json +127 -0
  435. package/dist/spec/v0.2.8/ossa-0.2.8.schema.json +95 -1
  436. package/dist/spec/v0.3.0/UNIFIED-SCHEMA.md +120 -0
  437. package/dist/spec/v0.3.0/adapters/drupal.md +541 -0
  438. package/dist/spec/v0.3.0/adapters/symfony.md +659 -0
  439. package/dist/spec/v0.3.0/agent-test.schema.json +75 -0
  440. package/dist/spec/v0.3.0/examples/drupal-content-writer.ossa.yaml +110 -0
  441. package/dist/spec/v0.3.0/examples/drupal-moderation-assistant.ossa.yaml +96 -0
  442. package/dist/spec/v0.3.0/examples/quick-wins/complete-agent-with-quick-wins.ossa.yaml +144 -0
  443. package/dist/spec/v0.3.0/extensions/drupal.md +417 -0
  444. package/dist/spec/v0.3.0/ossa-0.3.0.schema.json +2787 -0
  445. package/dist/spec/v0.3.0/protocols/sse.md +494 -0
  446. package/dist/spec/v0.3.0/protocols/webrtc.md +600 -0
  447. package/dist/spec/v0.3.0/protocols/websocket.md +362 -0
  448. package/dist/spec/v0.3.0/schemas/agent-unified.yaml +165 -0
  449. package/dist/spec/v0.3.0/schemas/capabilities.yaml +102 -0
  450. package/dist/spec/v0.3.0/schemas/functions.yaml +75 -0
  451. package/dist/spec/v0.3.0/schemas/messaging/channel.schema.json +245 -0
  452. package/dist/spec/v0.3.0/schemas/messaging/delivery-receipt.schema.json +192 -0
  453. package/dist/spec/v0.3.0/schemas/messaging/message.schema.json +205 -0
  454. package/dist/spec/v0.3.0/schemas/messaging/subscription.schema.json +214 -0
  455. package/dist/spec/v0.3.0/schemas/runtime.yaml +102 -0
  456. package/dist/spec/v0.3.0/schemas/taxonomy.yaml +533 -0
  457. package/dist/spec/v0.3.0/schemas/unified-llm.yaml +91 -0
  458. package/dist/spec/v0.3.0/taxonomy.yaml +256 -0
  459. package/dist/testing/fixtures.d.ts +61 -0
  460. package/dist/testing/fixtures.d.ts.map +1 -0
  461. package/dist/testing/fixtures.js +291 -0
  462. package/dist/testing/fixtures.js.map +1 -0
  463. package/dist/testing/index.d.ts +10 -0
  464. package/dist/testing/index.d.ts.map +1 -0
  465. package/dist/testing/index.js +10 -0
  466. package/dist/testing/index.js.map +1 -0
  467. package/dist/testing/reporters/base.d.ts +24 -0
  468. package/dist/testing/reporters/base.d.ts.map +1 -0
  469. package/dist/testing/reporters/base.js +5 -0
  470. package/dist/testing/reporters/base.js.map +1 -0
  471. package/dist/testing/reporters/console.d.ts +18 -0
  472. package/dist/testing/reporters/console.d.ts.map +1 -0
  473. package/dist/testing/reporters/console.js +76 -0
  474. package/dist/testing/reporters/console.js.map +1 -0
  475. package/dist/testing/reporters/json.d.ts +29 -0
  476. package/dist/testing/reporters/json.d.ts.map +1 -0
  477. package/dist/testing/reporters/json.js +40 -0
  478. package/dist/testing/reporters/json.js.map +1 -0
  479. package/dist/testing/runner.d.ts +96 -0
  480. package/dist/testing/runner.d.ts.map +1 -0
  481. package/dist/testing/runner.js +401 -0
  482. package/dist/testing/runner.js.map +1 -0
  483. package/dist/transports/index.d.ts +8 -0
  484. package/dist/transports/index.d.ts.map +1 -0
  485. package/dist/transports/index.js +11 -0
  486. package/dist/transports/index.js.map +1 -0
  487. package/dist/transports/sse.d.ts +166 -0
  488. package/dist/transports/sse.d.ts.map +1 -0
  489. package/dist/transports/sse.js +309 -0
  490. package/dist/transports/sse.js.map +1 -0
  491. package/dist/transports/webrtc.d.ts +183 -0
  492. package/dist/transports/webrtc.d.ts.map +1 -0
  493. package/dist/transports/webrtc.js +478 -0
  494. package/dist/transports/webrtc.js.map +1 -0
  495. package/dist/transports/websocket.d.ts +204 -0
  496. package/dist/transports/websocket.d.ts.map +1 -0
  497. package/dist/transports/websocket.js +397 -0
  498. package/dist/transports/websocket.js.map +1 -0
  499. package/dist/types/generated/ossa-0.3.0.types.d.ts +316 -0
  500. package/dist/types/generated/ossa-0.3.0.types.d.ts.map +1 -0
  501. package/dist/types/generated/ossa-0.3.0.types.js +8 -0
  502. package/dist/types/generated/ossa-0.3.0.types.js.map +1 -0
  503. package/dist/types/generated/ossa-0.3.0.zod.d.ts +17 -0
  504. package/dist/types/generated/ossa-0.3.0.zod.d.ts.map +1 -0
  505. package/dist/types/generated/ossa-0.3.0.zod.js +3 -0
  506. package/dist/types/generated/ossa-0.3.0.zod.js.map +1 -0
  507. package/dist/types/index.d.ts +124 -2
  508. package/dist/types/index.d.ts.map +1 -1
  509. package/dist/types/index.js +8 -1
  510. package/dist/types/index.js.map +1 -1
  511. package/dist/types/messaging.d.ts +116 -0
  512. package/dist/types/messaging.d.ts.map +1 -0
  513. package/dist/types/messaging.js +6 -0
  514. package/dist/types/messaging.js.map +1 -0
  515. package/dist/types/policy.d.ts.map +1 -1
  516. package/dist/types/policy.js.map +1 -1
  517. package/dist/types/task.d.ts +222 -0
  518. package/dist/types/task.d.ts.map +1 -0
  519. package/dist/types/task.js +40 -0
  520. package/dist/types/task.js.map +1 -0
  521. package/dist/types/workflow.d.ts +283 -0
  522. package/dist/types/workflow.d.ts.map +1 -0
  523. package/dist/types/workflow.js +51 -0
  524. package/dist/types/workflow.js.map +1 -0
  525. package/dist/utils/path-validator.d.ts +24 -0
  526. package/dist/utils/path-validator.d.ts.map +1 -0
  527. package/dist/utils/path-validator.js +70 -0
  528. package/dist/utils/path-validator.js.map +1 -0
  529. package/dist/utils/version.d.ts +17 -8
  530. package/dist/utils/version.d.ts.map +1 -1
  531. package/dist/utils/version.js +84 -30
  532. package/dist/utils/version.js.map +1 -1
  533. package/dist/utils/yaml-parser.d.ts +23 -0
  534. package/dist/utils/yaml-parser.d.ts.map +1 -0
  535. package/dist/utils/yaml-parser.js +34 -0
  536. package/dist/utils/yaml-parser.js.map +1 -0
  537. package/examples/adapters/drupal-eca-mapping.yaml +153 -0
  538. package/examples/adapters/drupal-eca-task.yaml +48 -0
  539. package/examples/adapters/drupal-flowdrop-mapping.yaml +463 -0
  540. package/examples/adapters/drupal-maestro-mapping.yaml +369 -0
  541. package/examples/adapters/mistral-README.md +367 -0
  542. package/examples/adapters/mistral-agent.yaml +147 -0
  543. package/examples/adapters/symfony-messenger-task.yaml +135 -0
  544. package/examples/adapters/symfony-messenger-workflow.yaml +352 -0
  545. package/examples/adk-integration/code-review-workflow.yml +1 -1
  546. package/examples/adk-integration/customer-support.yml +1 -1
  547. package/examples/adk-integration/data-pipeline.yml +1 -1
  548. package/examples/advanced/reasoning-agent.yaml +1 -1
  549. package/examples/advanced/workflows/hybrid-model-strategy.yaml +1 -18
  550. package/examples/agent-manifests/critics/critic-agent.yaml +1 -1
  551. package/examples/agent-manifests/governors/governor-agent.yaml +1 -1
  552. package/examples/agent-manifests/integrators/integrator-agent.yaml +1 -1
  553. package/examples/agent-manifests/judges/judge-agent.yaml +1 -1
  554. package/examples/agent-manifests/monitors/monitor-agent.yaml +1 -1
  555. package/examples/agent-manifests/orchestrators/orchestrator-agent.yaml +1 -1
  556. package/examples/agent-manifests/sample-compliant-agent.yaml +1 -1
  557. package/examples/agent-manifests/workers/worker-agent.yaml +1 -1
  558. package/examples/agent-mesh/README.ts +311 -0
  559. package/examples/agent-mesh/basic-usage.ts +461 -0
  560. package/examples/agents/architecture-healer-enterprise.yaml +143 -0
  561. package/examples/agents/dependency-healer-npm.yaml +81 -0
  562. package/examples/agents/spec-healer-openapi.yaml +59 -0
  563. package/examples/agents/wiki-healer-production.yaml +131 -0
  564. package/examples/agents-md/code-agent.ossa.json +1 -1
  565. package/examples/agents-md/monorepo-agent.ossa.yaml +1 -1
  566. package/examples/anthropic/claude-assistant.ossa.json +1 -1
  567. package/examples/anthropic-adapter-example.ts +374 -0
  568. package/examples/anthropic-simple.ts +70 -0
  569. package/examples/autogen/multi-agent.ossa.json +1 -1
  570. package/examples/autonomous-evolution/self-evolving-agent.ossa.yaml +37 -0
  571. package/examples/bridges/.gitlab-ci.yml +293 -0
  572. package/examples/bridges/k8s/deployment.yaml +14 -14
  573. package/examples/ci/multi-project-release-example.yml +401 -0
  574. package/examples/claude-code/code-reviewer.ossa.yaml +1 -1
  575. package/examples/claude-code/ossa-validator.ossa.yaml +1 -1
  576. package/examples/common_npm/agent-router.ossa.yaml +1 -1
  577. package/examples/common_npm/agent-router.v0.2.2.ossa.yaml +1 -1
  578. package/examples/contracts/data-consumer.ossa.yaml +171 -0
  579. package/examples/contracts/data-producer-v2.ossa.yaml +227 -0
  580. package/examples/contracts/data-producer.ossa.yaml +217 -0
  581. package/examples/coordinator-agent/README.md +180 -0
  582. package/examples/coordinator-agent/index.ts +440 -0
  583. package/examples/coordinator-agent/manifest.yaml +41 -0
  584. package/examples/crewai/research-team.ossa.json +1 -1
  585. package/examples/cursor/code-review-agent.ossa.json +1 -1
  586. package/examples/drupal/ai_agents_ossa-module/.agents/example-agent/agent.ossa.yaml +37 -0
  587. package/examples/drupal/gitlab-ml-recommender.ossa.yaml +1 -1
  588. package/examples/drupal/gitlab-ml-recommender.v0.2.2.ossa.yaml +1 -1
  589. package/examples/extensions/agents-md-advanced.yml +177 -0
  590. package/examples/extensions/agents-md-basic.yml +74 -0
  591. package/examples/extensions/agents-md-sync.yml +96 -0
  592. package/examples/extensions/agents-md-v1.yml +1 -1
  593. package/examples/extensions/drupal-v1.yml +1 -1
  594. package/examples/extensions/encryption-multi-provider.yaml +120 -0
  595. package/examples/extensions/kagent-v1.yml +2 -2
  596. package/examples/extensions/knowledge-sources.yaml +59 -0
  597. package/examples/extensions/mcp-full-featured.yaml +150 -0
  598. package/examples/getting-started/01-minimal-agent.ossa.yaml +376 -0
  599. package/examples/getting-started/02-agent-with-tools.ossa.yaml +866 -0
  600. package/examples/getting-started/03-agent-with-safety.ossa.yaml +868 -0
  601. package/examples/getting-started/04-agent-with-messaging.ossa.yaml +829 -0
  602. package/examples/getting-started/05-workflow-composition.ossa.yaml +209 -0
  603. package/examples/getting-started/README.md +69 -0
  604. package/examples/getting-started/hello-world-complete.ossa.yaml +1 -1
  605. package/examples/integration-patterns/agent-to-agent-orchestration.ossa.yaml +4 -4
  606. package/examples/kagent/compliance-validator.ossa.yaml +1 -1
  607. package/examples/kagent/cost-optimizer.ossa.yaml +1 -1
  608. package/examples/kagent/documentation-agent.ossa.yaml +1 -1
  609. package/examples/kagent/k8s-troubleshooter-v1.ossa.yaml +1 -1
  610. package/examples/kagent/k8s-troubleshooter-v1.v0.2.2.ossa.yaml +1 -1
  611. package/examples/kagent/k8s-troubleshooter.ossa.yaml +1 -1
  612. package/examples/kagent/security-scanner.ossa.yaml +1 -1
  613. package/examples/langchain/chain-agent.ossa.json +1 -1
  614. package/examples/langflow/workflow-agent.ossa.json +1 -1
  615. package/examples/langgraph/state-machine-agent.ossa.json +1 -1
  616. package/examples/llamaindex/rag-agent.ossa.json +1 -1
  617. package/examples/messaging/dependency-healer.ossa.yaml +354 -0
  618. package/examples/messaging/incident-responder.ossa.yaml +477 -0
  619. package/examples/messaging/routing-rules.ossa.yaml +307 -0
  620. package/examples/messaging/security-scanner.ossa.yaml +328 -0
  621. package/examples/migration-guides/from-langchain-to-ossa.yaml +4 -4
  622. package/examples/mistral-adapter-example.ts +435 -0
  623. package/examples/mistral-simple.ts +56 -0
  624. package/examples/multi-agent/conditional-router.ossa.yaml +1 -1
  625. package/examples/multi-agent/parallel-execution.ossa.yaml +1 -1
  626. package/examples/multi-agent/sequential-pipeline.ossa.yaml +1 -1
  627. package/examples/observability/activity-stream-full.yaml +133 -0
  628. package/examples/observability/gitlab-ci-template.yml +304 -0
  629. package/examples/openai/basic-agent.ossa.yaml +1 -1
  630. package/examples/openai/multi-tool-agent.ossa.json +1 -1
  631. package/examples/openai/swarm-agent.ossa.json +1 -1
  632. package/examples/production/document-analyzer-openai.yml +1 -1
  633. package/examples/quickstart/support-agent.ossa.yaml +1 -1
  634. package/examples/rag-agent/README.md +136 -0
  635. package/examples/rag-agent/index.ts +272 -0
  636. package/examples/rag-agent/manifest.yaml +45 -0
  637. package/examples/real-world/gitlab-cicd-optimizer.ossa.yaml +163 -0
  638. package/examples/real-world/rag-documentation-assistant.ossa.yaml +235 -0
  639. package/examples/reference-implementations/README.md +321 -0
  640. package/examples/reference-implementations/curl-scripts/01-search-agents.sh +72 -0
  641. package/examples/reference-implementations/curl-scripts/02-get-agent-details.sh +74 -0
  642. package/examples/reference-implementations/curl-scripts/03-publish-agent.sh +136 -0
  643. package/examples/reference-implementations/curl-scripts/04-a2a-messaging.sh +178 -0
  644. package/examples/reference-implementations/curl-scripts/05-discovery.sh +98 -0
  645. package/examples/reference-implementations/curl-scripts/README.md +277 -0
  646. package/examples/reference-implementations/python-client/README.md +282 -0
  647. package/examples/reference-implementations/python-client/examples/basic_usage.py +84 -0
  648. package/examples/reference-implementations/python-client/examples/publish_agent.py +137 -0
  649. package/examples/reference-implementations/python-client/ossa_client/__init__.py +80 -0
  650. package/examples/reference-implementations/python-client/ossa_client/agents.py +240 -0
  651. package/examples/reference-implementations/python-client/ossa_client/client.py +164 -0
  652. package/examples/reference-implementations/python-client/ossa_client/discovery.py +153 -0
  653. package/examples/reference-implementations/python-client/ossa_client/messaging.py +227 -0
  654. package/examples/reference-implementations/python-client/requirements.txt +2 -0
  655. package/examples/reference-implementations/python-client/setup.py +40 -0
  656. package/examples/reference-implementations/typescript-client/README.md +227 -0
  657. package/examples/reference-implementations/typescript-client/examples/basic-usage.ts +86 -0
  658. package/examples/reference-implementations/typescript-client/examples/messaging.ts +185 -0
  659. package/examples/reference-implementations/typescript-client/examples/publish-agent.ts +138 -0
  660. package/examples/reference-implementations/typescript-client/package.json +40 -0
  661. package/examples/reference-implementations/typescript-client/src/agents.ts +285 -0
  662. package/examples/reference-implementations/typescript-client/src/client.ts +161 -0
  663. package/examples/reference-implementations/typescript-client/src/discovery.ts +244 -0
  664. package/examples/reference-implementations/typescript-client/src/index.ts +67 -0
  665. package/examples/reference-implementations/typescript-client/src/messaging.ts +385 -0
  666. package/examples/reference-implementations/typescript-client/tsconfig.json +25 -0
  667. package/examples/runtime-adapters/bedrock-claude-example.ossa.yaml +465 -0
  668. package/examples/schema/reusable-components.yaml +95 -0
  669. package/examples/tasks/batch-email-sender.yaml +105 -0
  670. package/examples/tasks/data-transform.yaml +82 -0
  671. package/examples/tasks/publish-content.yaml +86 -0
  672. package/examples/templates/ossa-compliance.yaml +1 -1
  673. package/examples/unified/security-scanner.ossa.yaml +311 -0
  674. package/examples/vercel/edge-agent.ossa.json +1 -1
  675. package/examples/workflow-agent/README.md +175 -0
  676. package/examples/workflow-agent/index.ts +408 -0
  677. package/examples/workflow-agent/manifest.yaml +41 -0
  678. package/examples/workflows/batch-email-campaign.yaml +140 -0
  679. package/examples/workflows/content-review-publish.yaml +156 -0
  680. package/examples/workflows/simple-etl.yaml +151 -0
  681. package/openapi/agent-communication.yaml +1113 -0
  682. package/openapi/agent-crud.yaml +1124 -0
  683. package/openapi/agent-discovery.yaml +677 -0
  684. package/openapi/agent-identity.yaml +620 -0
  685. package/openapi/protocols/sse-streams.yaml +479 -0
  686. package/openapi/protocols/websocket-events.yaml +427 -0
  687. package/openapi/schemas/discovery.json +488 -0
  688. package/package.json +91 -33
  689. package/schemas/agent.json +523 -0
  690. package/schemas/communication.json +897 -0
  691. package/schemas/identity.json +482 -0
  692. package/spec/extensions/a2a-messaging.md +471 -0
  693. package/spec/extensions/manifest-extensions.md +550 -0
  694. package/spec/registry/README.md +472 -0
  695. package/spec/registry/openapi.yaml +1124 -0
  696. package/spec/registry/registry-api.schema.json +731 -0
  697. package/spec/registry/registry-spec.md +2239 -0
  698. package/spec/schema/agent-test.schema.json +117 -0
  699. package/spec/schema/components/activity-stream.schema.json +94 -0
  700. package/spec/schema/components/constraints.schema.json +84 -0
  701. package/spec/schema/components/dependencies.schema.json +147 -0
  702. package/spec/schema/components/encryption.schema.json +115 -0
  703. package/spec/schema/components/identity.schema.json +48 -0
  704. package/spec/schema/components/index.json +37 -0
  705. package/spec/schema/components/llm-config.schema.json +67 -0
  706. package/spec/schema/components/metadata.schema.json +37 -0
  707. package/spec/schema/components/tool.schema.json +64 -0
  708. package/spec/schema/extensions/a2a.extension.schema.json +127 -0
  709. package/spec/v0.2.8/ossa-0.2.8.schema.json +95 -1
  710. package/spec/v0.3.0/UNIFIED-SCHEMA.md +120 -0
  711. package/spec/v0.3.0/adapters/drupal.md +541 -0
  712. package/spec/v0.3.0/adapters/symfony.md +659 -0
  713. package/spec/v0.3.0/agent-test.schema.json +75 -0
  714. package/spec/v0.3.0/examples/drupal-content-writer.ossa.yaml +110 -0
  715. package/spec/v0.3.0/examples/drupal-moderation-assistant.ossa.yaml +96 -0
  716. package/spec/v0.3.0/examples/quick-wins/complete-agent-with-quick-wins.ossa.yaml +144 -0
  717. package/spec/v0.3.0/extensions/drupal.md +417 -0
  718. package/spec/v0.3.0/ossa-0.3.0.schema.json +2787 -0
  719. package/spec/v0.3.0/protocols/sse.md +494 -0
  720. package/spec/v0.3.0/protocols/webrtc.md +600 -0
  721. package/spec/v0.3.0/protocols/websocket.md +362 -0
  722. package/spec/v0.3.0/schemas/agent-unified.yaml +165 -0
  723. package/spec/v0.3.0/schemas/capabilities.yaml +102 -0
  724. package/spec/v0.3.0/schemas/functions.yaml +75 -0
  725. package/spec/v0.3.0/schemas/messaging/channel.schema.json +245 -0
  726. package/spec/v0.3.0/schemas/messaging/delivery-receipt.schema.json +192 -0
  727. package/spec/v0.3.0/schemas/messaging/message.schema.json +205 -0
  728. package/spec/v0.3.0/schemas/messaging/subscription.schema.json +214 -0
  729. package/spec/v0.3.0/schemas/runtime.yaml +102 -0
  730. package/spec/v0.3.0/schemas/taxonomy.yaml +533 -0
  731. package/spec/v0.3.0/schemas/unified-llm.yaml +91 -0
  732. package/spec/v0.3.0/taxonomy.yaml +256 -0
  733. package/.cursorrules +0 -84
  734. package/.devfile.yaml +0 -87
  735. package/.env.example +0 -63
  736. package/.eslintrc.cjs +0 -43
  737. package/.github/AGENTS.md +0 -245
  738. package/.github/ISSUE_TEMPLATE/bug_report.yml +0 -63
  739. package/.github/ISSUE_TEMPLATE/feature_request.yml +0 -40
  740. package/.github/PULL_REQUEST_TEMPLATE.md +0 -39
  741. package/.github/agents/github-issue-triage.ossa.yaml +0 -99
  742. package/.github/agents/github-pr-triage.ossa.yaml +0 -137
  743. package/.github/dependabot.yml +0 -58
  744. package/.github/workflows/ci.yml +0 -154
  745. package/.github/workflows/codeql.yml +0 -41
  746. package/.github/workflows/dependabot-auto-merge.yml +0 -28
  747. package/.github/workflows/dependabot-comment.yml +0 -34
  748. package/.github/workflows/issue-sync-to-gitlab.yml +0 -138
  749. package/.github/workflows/pr-triage-to-gitlab.yml +0 -164
  750. package/.github/workflows/release.yml +0 -103
  751. package/.husky/pre-commit +0 -5
  752. package/.kiro/config.json +0 -21
  753. package/.kiro/settings/mcp.json +0 -61
  754. package/.kiro/specs/scripts-migration-api-first/design.md +0 -883
  755. package/.kiro/specs/scripts-migration-api-first/requirements.md +0 -165
  756. package/.kiro/specs/scripts-migration-api-first/tasks.md +0 -539
  757. package/.kiro/specs/website-brand-identity/design.md +0 -1060
  758. package/.kiro/specs/website-brand-identity/requirements.md +0 -287
  759. package/.kiro/specs/website-brand-identity/tasks.md +0 -981
  760. package/.prettierignore +0 -7
  761. package/.prettierrc.json +0 -10
  762. package/.redocly.yaml +0 -9
  763. package/.releaserc.json +0 -85
  764. package/.version.json +0 -6
  765. package/.wiki-config.json +0 -24
  766. package/CODEOWNERS +0 -75
  767. package/CONTRIBUTING.md +0 -366
  768. package/bin/validate-ossa-0.2.2.ts +0 -244
  769. package/bin/validate-ossa-0.2.4.ts +0 -244
  770. package/docs/brand-guide/01-brand-overview.md +0 -37
  771. package/docs/brand-guide/02-logo-usage.md +0 -43
  772. package/docs/brand-guide/03-color-palette.md +0 -70
  773. package/docs/brand-guide/04-typography.md +0 -82
  774. package/docs/brand-guide/05-voice-and-tone.md +0 -108
  775. package/docs/brand-guide/06-visual-elements.md +0 -137
  776. package/docs/brand-guide/07-application-examples.md +0 -153
  777. package/docs/brand-guide/OssaLogo/OssA_Logo.svg +0 -21
  778. package/docs/brand-guide/OssaLogo/brand.af +0 -0
  779. package/docs/brand-guide/README.md +0 -107
  780. package/docs/comparison.md +0 -315
  781. package/docs/operations/automation-roadmap.md +0 -245
  782. package/docs/operations/github-sync-strategy.md +0 -357
  783. package/docs/specs/policy-dsl.md +0 -925
  784. package/eslint-report.json +0 -1
  785. package/gl-code-quality-report.json +0 -62
  786. package/infrastructure/docker-compose.yml +0 -33
  787. package/infrastructure/gitlab-agent/rbac.yaml +0 -126
  788. package/infrastructure/gitlab-agent/values.yaml +0 -150
  789. package/infrastructure/k8s/monitoring/00-namespace.yaml +0 -7
  790. package/infrastructure/k8s/monitoring/01-prometheus.yaml +0 -142
  791. package/infrastructure/k8s/monitoring/02-grafana.yaml +0 -63
  792. package/infrastructure/k8s/monitoring/03-lightweight.yaml +0 -121
  793. package/infrastructure/k8s/monitoring/README.md +0 -73
  794. package/infrastructure/k8s/monitoring/deploy.sh +0 -38
  795. package/junit.xml +0 -1
  796. package/llms-ctx-full.txt +0 -39
  797. package/llms-ctx.txt +0 -39
  798. package/llms.txt +0 -47
  799. package/release.config.js +0 -79
  800. package/scripts/README.md +0 -128
  801. package/scripts/auto-rebase-mrs.ts +0 -106
  802. package/scripts/batch-dependabot.sh +0 -57
  803. package/scripts/bump-version.ts +0 -57
  804. package/scripts/compliance-audit.ts +0 -796
  805. package/scripts/configure-gitlab-branch-protection.ts +0 -95
  806. package/scripts/create-issue-helper.ts +0 -238
  807. package/scripts/create-milestone-issue.ts +0 -73
  808. package/scripts/enhanced-version-manager.ts +0 -257
  809. package/scripts/eslint-to-codequality.cjs +0 -34
  810. package/scripts/fix-schema-formats.js +0 -82
  811. package/scripts/gen-types.ts +0 -51
  812. package/scripts/gen-zod.ts +0 -51
  813. package/scripts/generate-agents-catalog.ts +0 -78
  814. package/scripts/generate-api-docs.ts +0 -219
  815. package/scripts/generate-cli-docs.ts +0 -410
  816. package/scripts/generate-config-docs.ts +0 -109
  817. package/scripts/generate-errors-docs.ts +0 -76
  818. package/scripts/generate-examples-docs.ts +0 -100
  819. package/scripts/generate-llms-ctx.sh +0 -17
  820. package/scripts/generate-schema-docs.ts +0 -317
  821. package/scripts/generate-types-docs.ts +0 -48
  822. package/scripts/lowercase-docs.ts +0 -43
  823. package/scripts/manage-milestone-mrs.ts +0 -279
  824. package/scripts/process-doc-templates.ts +0 -37
  825. package/scripts/rebase-all-mrs.sh +0 -75
  826. package/scripts/schemas/package.schema.ts +0 -75
  827. package/scripts/setup-branch-protection.sh +0 -33
  828. package/scripts/sync-github-pr.sh +0 -48
  829. package/scripts/sync-version.js +0 -32
  830. package/scripts/sync-version.ts +0 -39
  831. package/scripts/sync-versions.ts +0 -488
  832. package/scripts/sync-wiki.sh +0 -50
  833. package/scripts/validate-all.js +0 -127
  834. package/scripts/validate-schema.ts +0 -50
  835. package/test-results/junit.xml +0 -337
  836. package/test-results.xml +0 -1
package/spec/registry/registry-spec.md ADDED
@@ -0,0 +1,2239 @@
1
+ # OSSA Agent Registry Specification
2
+
3
+ **Version**: 0.3.0
4
+ **Status**: Draft
5
+ **Last Updated**: 2025-12-12
6
+
7
+ This document defines the OSSA Agent Registry - a centralized discovery and distribution system for OSSA-compliant agents. The registry makes OSSA the "OpenAPI of Agents" by providing standardized publishing, discovery, and installation workflows.
8
+
9
+ ---
10
+
11
+ ## Table of Contents
12
+
13
+ 1. [Overview](#overview)
14
+ 2. [Architecture](#architecture)
15
+ 3. [Registry API](#registry-api)
16
+ 4. [Agent Metadata](#agent-metadata)
17
+ 5. [Search & Discovery](#search--discovery)
18
+ 6. [Publishing Workflow](#publishing-workflow)
19
+ 7. [Installation Workflow](#installation-workflow)
20
+ 8. [Namespaces & Organizations](#namespaces--organizations)
21
+ 9. [Verification & Trust](#verification--trust)
22
+ 10. [Registry Implementation](#registry-implementation)
23
+ 11. [Security Model](#security-model)
24
+ 12. [Rate Limiting & Quotas](#rate-limiting--quotas)
25
+ 13. [Versioning Strategy](#versioning-strategy)
26
+ 14. [CLI Reference](#cli-reference)
27
+ 15. [SDK Integration](#sdk-integration)
28
+ 16. [Best Practices](#best-practices)
29
+ 17. [Examples](#examples)
30
+
31
+ ---
32
+
33
+ ## Overview
34
+
35
+ ### What is the OSSA Registry?
36
+
37
+ The OSSA Agent Registry is a centralized repository for discovering, publishing, and distributing OSSA-compliant agents. It provides:
38
+
39
+ - **Discovery**: Search agents by name, tags, capabilities, compliance requirements
40
+ - **Publishing**: Publish agents with versioning, metadata, and documentation
41
+ - **Installation**: One-command installation with dependency resolution
42
+ - **Verification**: Automated schema validation, security scanning, publisher verification
43
+ - **Distribution**: Multi-region CDN for fast agent downloads
44
+ - **Analytics**: Download statistics, usage metrics, community feedback
45
+
46
+ ### Design Goals
47
+
48
+ 1. **Developer Experience**: As simple as `npm` or `pip`
49
+ 2. **Discoverability**: Find the right agent for any task in seconds
50
+ 3. **Trust**: Verified publishers, security scanning, community ratings
51
+ 4. **Performance**: Sub-second searches, global CDN distribution
52
+ 5. **Interoperability**: Works with all OSSA-compliant runtimes
53
+ 6. **Compliance**: Support for FedRAMP, HIPAA, SOC2, GDPR requirements
54
+
55
+ ### Comparison to Existing Registries
56
+
57
+ | Feature | OSSA Registry | npm | Docker Hub | OpenAI GPT Store |
58
+ |---------|---------------|-----|------------|------------------|
59
+ | Semantic versioning | ✅ | ✅ | ✅ | ❌ |
60
+ | Dependency resolution | ✅ | ✅ | ❌ | ❌ |
61
+ | Capability-based search | ✅ | ❌ | 🟡 (tags) | 🟡 (categories) |
62
+ | Compliance profiles | ✅ | ❌ | ❌ | ❌ |
63
+ | Multi-framework support | ✅ | ❌ | ✅ | ❌ |
64
+ | Automated security scans | ✅ | 🟡 | 🟡 | ❌ |
65
+ | Private registries | ✅ | ✅ | ✅ | ❌ |
66
+ | Cost transparency | ✅ | ❌ | ❌ | ❌ |
67
+
68
+ ---
69
+
70
+ ## Architecture
71
+
72
+ ### System Components
73
+
74
+ ```
75
+ ┌─────────────────────────────────────────────────────────────────┐
76
+ │ OSSA REGISTRY ARCHITECTURE │
77
+ ├─────────────────────────────────────────────────────────────────┤
78
+ │ │
79
+ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
80
+ │ │ CLI/SDK │──▶│ API Gateway │──▶│ Metadata DB │ │
81
+ │ │ (Publisher) │ │ (REST/gRPC) │ │ (Postgres) │ │
82
+ │ └──────────────┘ └──────────────┘ └──────────────┘ │
83
+ │ │ │ │
84
+ │ ▼ ▼ │
85
+ │ ┌──────────────┐ ┌──────────────┐ │
86
+ │ │ Verification │ │ Search Index │ │
87
+ │ │ Service │ │ (OpenSearch) │ │
88
+ │ └──────────────┘ └──────────────┘ │
89
+ │ │ │ │
90
+ │ ▼ │ │
91
+ │ ┌──────────────┐ │ │
92
+ │ │ CDN Storage │◀───────────┘ │
93
+ │ │ (S3/R2) │ │
94
+ │ └──────────────┘ │
95
+ │ │ │
96
+ │ ▼ │
97
+ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
98
+ │ │ CLI/SDK │◀──│ Registry │◀──│ CDN Edge │ │
99
+ │ │ (Consumer) │ │ Website │ │ (CloudFlare)│ │
100
+ │ └──────────────┘ └──────────────┘ └──────────────┘ │
101
+ │ │
102
+ └─────────────────────────────────────────────────────────────────┘
103
+ ```
104
+
105
+ ### Data Flow
106
+
107
+ #### Publishing Flow
108
+
109
+ ```
110
+ 1. Developer creates agent manifest (agent.ossa.yaml)
111
+ 2. Developer runs: `ossa publish`
112
+ 3. CLI validates manifest against JSON schema
113
+ 4. CLI packages agent + dependencies
114
+ 5. API Gateway authenticates publisher
115
+ 6. Verification Service runs security scans
116
+ 7. Metadata stored in database
117
+ 8. Agent package uploaded to CDN
118
+ 9. Search index updated
119
+ 10. Publisher receives confirmation
120
+ ```
121
+
122
+ #### Installation Flow
123
+
124
+ ```
125
+ 1. User runs: `ossa install security-scanner`
126
+ 2. CLI queries registry API
127
+ 3. API returns agent metadata + CDN URL
128
+ 4. CLI downloads agent package from CDN
129
+ 5. CLI validates package signature
130
+ 6. CLI resolves dependencies
131
+ 7. CLI installs agent + dependencies
132
+ 8. CLI updates local registry cache
133
+ ```
134
+
135
+ ---
136
+
137
+ ## Registry API
138
+
139
+ ### Base URL
140
+
141
+ ```
142
+ Production: https://registry.openstandardagents.org/api/v1
143
+ Staging: https://staging-registry.openstandardagents.org/api/v1
144
+ ```
145
+
146
+ ### Authentication
147
+
148
+ All write operations require authentication via Bearer token:
149
+
150
+ ```http
151
+ Authorization: Bearer ossa_tok_1234567890abcdef
152
+ ```
153
+
154
+ Obtain token via:
155
+
156
+ ```bash
157
+ ossa login
158
+ # Opens browser for OAuth flow
159
+ # Token saved to ~/.ossa/token
160
+ ```
161
+
162
+ ---
163
+
164
+ ### API Endpoints
165
+
166
+ #### 1. Publish Agent
167
+
168
+ **POST** `/agents`
169
+
170
+ Publish a new agent or new version of existing agent.
171
+
172
+ **Request Headers**:
173
+ ```http
174
+ Authorization: Bearer ossa_tok_xxx
175
+ Content-Type: application/json
176
+ ```
177
+
178
+ **Request Body**:
179
+ ```json
180
+ {
181
+ "manifest": {
182
+ "apiVersion": "ossa/v0.3.0",
183
+ "kind": "Agent",
184
+ "metadata": {
185
+ "name": "security-scanner",
186
+ "version": "1.2.0",
187
+ "description": "Enterprise security vulnerability scanner",
188
+ "labels": {
189
+ "domain": "security",
190
+ "compliance": "fedramp"
191
+ }
192
+ },
193
+ "spec": {
194
+ "role": "Security expert specializing in vulnerability scanning",
195
+ "taxonomy": {
196
+ "domain": "security",
197
+ "subdomain": "scanning",
198
+ "capability": "vulnerability-detection"
199
+ },
200
+ "llm": {
201
+ "provider": "anthropic",
202
+ "model": "claude-3-sonnet-20240229"
203
+ }
204
+ }
205
+ },
206
+ "package": {
207
+ "tarball_url": "https://publisher-cdn.example.com/packages/security-scanner-1.2.0.tar.gz",
208
+ "shasum": "abc123def456...",
209
+ "size_bytes": 1048576
210
+ },
211
+ "documentation": {
212
+ "readme": "https://github.com/org/security-scanner/blob/main/README.md",
213
+ "changelog": "https://github.com/org/security-scanner/blob/main/CHANGELOG.md",
214
+ "repository": "https://github.com/org/security-scanner"
215
+ },
216
+ "license": "Apache-2.0",
217
+ "keywords": ["security", "vulnerability", "scanning", "compliance"],
218
+ "dependencies": {
219
+ "@ossa/runtime": "^0.3.0",
220
+ "vuln-scanner-lib": "^2.1.0"
221
+ }
222
+ }
223
+ ```
224
+
225
+ **Response** (201 Created):
226
+ ```json
227
+ {
228
+ "status": "published",
229
+ "agent": {
230
+ "name": "security-scanner",
231
+ "version": "1.2.0",
232
+ "publisher": "blueflyio",
233
+ "published_at": "2025-12-12T10:00:00.000Z",
234
+ "registry_url": "https://registry.openstandardagents.org/agents/blueflyio/security-scanner",
235
+ "package_url": "https://cdn.openstandardagents.org/packages/blueflyio/security-scanner/1.2.0.tar.gz"
236
+ },
237
+ "verification": {
238
+ "schema_valid": true,
239
+ "security_scan": "passed",
240
+ "verified_publisher": true
241
+ }
242
+ }
243
+ ```
244
+
245
+ **Error Responses**:
246
+ - `400 Bad Request`: Invalid manifest or package
247
+ - `401 Unauthorized`: Missing or invalid token
248
+ - `409 Conflict`: Version already exists
249
+ - `422 Unprocessable Entity`: Validation failed
250
+
251
+ ---
252
+
253
+ #### 2. List/Search Agents
254
+
255
+ **GET** `/agents`
256
+
257
+ Search and list available agents with filtering, sorting, and pagination.
258
+
259
+ **Query Parameters**:
260
+
261
+ | Parameter | Type | Description | Example |
262
+ |-----------|------|-------------|---------|
263
+ | `q` | string | Full-text search query | `security scanner` |
264
+ | `tag` | string | Filter by tag | `security` |
265
+ | `capability` | string | Filter by capability | `vulnerability-detection` |
266
+ | `domain` | string | Filter by domain | `security` |
267
+ | `publisher` | string | Filter by publisher | `blueflyio` |
268
+ | `license` | string | Filter by license | `Apache-2.0` |
269
+ | `compliance` | string | Filter by compliance profile | `fedramp` |
270
+ | `verified` | boolean | Only verified publishers | `true` |
271
+ | `min_rating` | float | Minimum rating (1-5) | `4.0` |
272
+ | `sort` | enum | Sort order | `downloads`, `rating`, `updated`, `created` |
273
+ | `limit` | integer | Results per page (max 100) | `20` |
274
+ | `offset` | integer | Pagination offset | `40` |
275
+
276
+ **Request Examples**:
277
+
278
+ ```bash
279
+ # Search for security agents
280
+ GET /agents?q=security&sort=downloads&limit=10
281
+
282
+ # Find FedRAMP-compliant agents
283
+ GET /agents?compliance=fedramp&verified=true
284
+
285
+ # Get agents by capability
286
+ GET /agents?capability=vulnerability-detection&min_rating=4.0
287
+
288
+ # Explore by domain
289
+ GET /agents?domain=security&tag=scanning&sort=rating
290
+ ```
291
+
292
+ **Response** (200 OK):
293
+ ```json
294
+ {
295
+ "total": 147,
296
+ "limit": 20,
297
+ "offset": 0,
298
+ "agents": [
299
+ {
300
+ "name": "security-scanner",
301
+ "version": "1.2.0",
302
+ "publisher": "blueflyio",
303
+ "description": "Enterprise security vulnerability scanner",
304
+ "license": "Apache-2.0",
305
+ "downloads": 12450,
306
+ "rating": 4.7,
307
+ "verified": true,
308
+ "tags": ["security", "scanning", "compliance", "fedramp"],
309
+ "capabilities": ["vulnerability-detection", "compliance-check"],
310
+ "created_at": "2024-06-15T10:00:00.000Z",
311
+ "updated_at": "2025-12-10T14:30:00.000Z",
312
+ "registry_url": "https://registry.openstandardagents.org/agents/blueflyio/security-scanner"
313
+ },
314
+ {
315
+ "name": "code-security-analyzer",
316
+ "version": "2.0.1",
317
+ "publisher": "acmecorp",
318
+ "description": "AI-powered code security analysis",
319
+ "license": "MIT",
320
+ "downloads": 8921,
321
+ "rating": 4.5,
322
+ "verified": true,
323
+ "tags": ["security", "code-analysis", "sast"],
324
+ "capabilities": ["code-analysis", "security-scanning"],
325
+ "created_at": "2024-08-20T12:00:00.000Z",
326
+ "updated_at": "2025-12-08T09:15:00.000Z",
327
+ "registry_url": "https://registry.openstandardagents.org/agents/acmecorp/code-security-analyzer"
328
+ }
329
+ ]
330
+ }
331
+ ```
332
+
333
+ ---
334
+
335
+ #### 3. Get Agent Details
336
+
337
+ **GET** `/agents/{publisher}/{name}`
338
+
339
+ Retrieve detailed information about a specific agent (latest version).
340
+
341
+ **Request**:
342
+ ```bash
343
+ GET /agents/blueflyio/security-scanner
344
+ ```
345
+
346
+ **Response** (200 OK):
347
+ ```json
348
+ {
349
+ "name": "security-scanner",
350
+ "version": "1.2.0",
351
+ "publisher": {
352
+ "id": "blueflyio",
353
+ "name": "Bluefly.io",
354
+ "verified": true,
355
+ "website": "https://bluefly.io",
356
+ "email": "support@bluefly.io"
357
+ },
358
+ "description": "Enterprise security vulnerability scanner for cloud infrastructure",
359
+ "long_description": "Comprehensive security scanner that identifies vulnerabilities...",
360
+ "license": "Apache-2.0",
361
+ "repository": "https://github.com/blueflyio/security-scanner",
362
+ "homepage": "https://bluefly.io/agents/security-scanner",
363
+ "documentation": "https://docs.bluefly.io/agents/security-scanner",
364
+ "tags": ["security", "scanning", "compliance", "fedramp", "kubernetes"],
365
+ "capabilities": [
366
+ "vulnerability-detection",
367
+ "compliance-check",
368
+ "risk-assessment"
369
+ ],
370
+ "taxonomy": {
371
+ "domain": "security",
372
+ "subdomain": "scanning",
373
+ "capability": "vulnerability-detection"
374
+ },
375
+ "compliance_profiles": ["fedramp-moderate", "soc2", "hipaa"],
376
+ "downloads": {
377
+ "total": 12450,
378
+ "last_month": 3421,
379
+ "last_week": 892
380
+ },
381
+ "rating": {
382
+ "average": 4.7,
383
+ "count": 234
384
+ },
385
+ "versions": [
386
+ {
387
+ "version": "1.2.0",
388
+ "published_at": "2025-12-10T14:30:00.000Z",
389
+ "changelog": "Added HIPAA compliance checks, fixed CVE detection"
390
+ },
391
+ {
392
+ "version": "1.1.5",
393
+ "published_at": "2025-11-22T10:15:00.000Z",
394
+ "changelog": "Performance improvements, updated CVE database"
395
+ }
396
+ ],
397
+ "dependencies": {
398
+ "@ossa/runtime": "^0.3.0",
399
+ "vuln-scanner-lib": "^2.1.0"
400
+ },
401
+ "llm_requirements": {
402
+ "provider": "anthropic",
403
+ "model": "claude-3-sonnet-20240229",
404
+ "estimated_cost_per_run": "$0.15"
405
+ },
406
+ "manifest_url": "https://cdn.openstandardagents.org/manifests/blueflyio/security-scanner/1.2.0/manifest.yaml",
407
+ "package_url": "https://cdn.openstandardagents.org/packages/blueflyio/security-scanner/1.2.0.tar.gz",
408
+ "created_at": "2024-06-15T10:00:00.000Z",
409
+ "updated_at": "2025-12-10T14:30:00.000Z"
410
+ }
411
+ ```
412
+
413
+ **Error Responses**:
414
+ - `404 Not Found`: Agent does not exist
415
+
416
+ ---
417
+
418
+ #### 4. Get Agent Version History
419
+
420
+ **GET** `/agents/{publisher}/{name}/versions`
421
+
422
+ List all published versions of an agent.
423
+
424
+ **Request**:
425
+ ```bash
426
+ GET /agents/blueflyio/security-scanner/versions
427
+ ```
428
+
429
+ **Response** (200 OK):
430
+ ```json
431
+ {
432
+ "agent": "blueflyio/security-scanner",
433
+ "versions": [
434
+ {
435
+ "version": "1.2.0",
436
+ "published_at": "2025-12-10T14:30:00.000Z",
437
+ "downloads": 512,
438
+ "changelog_url": "https://github.com/blueflyio/security-scanner/releases/tag/v1.2.0",
439
+ "manifest_url": "https://cdn.openstandardagents.org/manifests/blueflyio/security-scanner/1.2.0/manifest.yaml",
440
+ "package_url": "https://cdn.openstandardagents.org/packages/blueflyio/security-scanner/1.2.0.tar.gz",
441
+ "deprecated": false
442
+ },
443
+ {
444
+ "version": "1.1.5",
445
+ "published_at": "2025-11-22T10:15:00.000Z",
446
+ "downloads": 3421,
447
+ "changelog_url": "https://github.com/blueflyio/security-scanner/releases/tag/v1.1.5",
448
+ "manifest_url": "https://cdn.openstandardagents.org/manifests/blueflyio/security-scanner/1.1.5/manifest.yaml",
449
+ "package_url": "https://cdn.openstandardagents.org/packages/blueflyio/security-scanner/1.1.5.tar.gz",
450
+ "deprecated": false
451
+ },
452
+ {
453
+ "version": "1.0.0",
454
+ "published_at": "2024-06-15T10:00:00.000Z",
455
+ "downloads": 8517,
456
+ "changelog_url": "https://github.com/blueflyio/security-scanner/releases/tag/v1.0.0",
457
+ "manifest_url": "https://cdn.openstandardagents.org/manifests/blueflyio/security-scanner/1.0.0/manifest.yaml",
458
+ "package_url": "https://cdn.openstandardagents.org/packages/blueflyio/security-scanner/1.0.0.tar.gz",
459
+ "deprecated": true,
460
+ "deprecation_reason": "Security vulnerability CVE-2024-12345 fixed in 1.1.0"
461
+ }
462
+ ]
463
+ }
464
+ ```
465
+
466
+ ---
467
+
468
+ #### 5. Get Specific Version
469
+
470
+ **GET** `/agents/{publisher}/{name}/{version}`
471
+
472
+ Retrieve details for a specific version of an agent.
473
+
474
+ **Request**:
475
+ ```bash
476
+ GET /agents/blueflyio/security-scanner/1.1.5
477
+ ```
478
+
479
+ **Response**: Same structure as "Get Agent Details" but for specified version.
480
+
481
+ ---
482
+
483
+ #### 6. Unpublish Agent
484
+
485
+ **DELETE** `/agents/{publisher}/{name}/{version}`
486
+
487
+ Remove a specific version from the registry. Requires ownership.
488
+
489
+ **Request Headers**:
490
+ ```http
491
+ Authorization: Bearer ossa_tok_xxx
492
+ ```
493
+
494
+ **Request**:
495
+ ```bash
496
+ DELETE /agents/blueflyio/security-scanner/1.0.0
497
+ ```
498
+
499
+ **Request Body** (optional):
500
+ ```json
501
+ {
502
+ "reason": "Critical security vulnerability - use 1.1.0 or later"
503
+ }
504
+ ```
505
+
506
+ **Response** (200 OK):
507
+ ```json
508
+ {
509
+ "status": "unpublished",
510
+ "agent": "blueflyio/security-scanner",
511
+ "version": "1.0.0",
512
+ "unpublished_at": "2025-12-12T10:30:00.000Z"
513
+ }
514
+ ```
515
+
516
+ **Error Responses**:
517
+ - `401 Unauthorized`: Missing or invalid token
518
+ - `403 Forbidden`: Not agent owner
519
+ - `404 Not Found`: Version does not exist
520
+
521
+ ---
522
+
523
+ #### 7. Deprecate Version
524
+
525
+ **POST** `/agents/{publisher}/{name}/{version}/deprecate`
526
+
527
+ Mark a version as deprecated (still available but discouraged).
528
+
529
+ **Request Headers**:
530
+ ```http
531
+ Authorization: Bearer ossa_tok_xxx
532
+ Content-Type: application/json
533
+ ```
534
+
535
+ **Request Body**:
536
+ ```json
537
+ {
538
+ "reason": "Replaced by version 2.0.0 with improved performance",
539
+ "replacement_version": "2.0.0"
540
+ }
541
+ ```
542
+
543
+ **Response** (200 OK):
544
+ ```json
545
+ {
546
+ "status": "deprecated",
547
+ "agent": "blueflyio/security-scanner",
548
+ "version": "1.0.0",
549
+ "deprecated_at": "2025-12-12T10:30:00.000Z",
550
+ "replacement_version": "2.0.0"
551
+ }
552
+ ```
553
+
554
+ ---
555
+
556
+ #### 8. Get Download Stats
557
+
558
+ **GET** `/agents/{publisher}/{name}/stats`
559
+
560
+ Retrieve download and usage statistics.
561
+
562
+ **Query Parameters**:
563
+ - `period`: `day`, `week`, `month`, `year`, `all` (default: `all`)
564
+
565
+ **Response** (200 OK):
566
+ ```json
567
+ {
568
+ "agent": "blueflyio/security-scanner",
569
+ "period": "month",
570
+ "downloads": {
571
+ "total": 3421,
572
+ "by_version": {
573
+ "1.2.0": 512,
574
+ "1.1.5": 2909
575
+ },
576
+ "by_date": [
577
+ {"date": "2025-12-11", "count": 142},
578
+ {"date": "2025-12-10", "count": 156},
579
+ {"date": "2025-12-09", "count": 138}
580
+ ]
581
+ },
582
+ "installs": {
583
+ "total_unique": 1892,
584
+ "by_region": {
585
+ "us-east": 892,
586
+ "eu-west": 543,
587
+ "ap-south": 457
588
+ }
589
+ }
590
+ }
591
+ ```
592
+
593
+ ---
594
+
595
+ #### 9. Submit Rating/Review
596
+
597
+ **POST** `/agents/{publisher}/{name}/reviews`
598
+
599
+ Submit a rating and review for an agent.
600
+
601
+ **Request Headers**:
602
+ ```http
603
+ Authorization: Bearer ossa_tok_xxx
604
+ Content-Type: application/json
605
+ ```
606
+
607
+ **Request Body**:
608
+ ```json
609
+ {
610
+ "version": "1.2.0",
611
+ "rating": 5,
612
+ "review": "Excellent security scanner! Caught vulnerabilities our previous tools missed.",
613
+ "use_case": "Kubernetes cluster security audits"
614
+ }
615
+ ```
616
+
617
+ **Response** (201 Created):
618
+ ```json
619
+ {
620
+ "status": "submitted",
621
+ "review_id": "rev_abc123",
622
+ "published_at": "2025-12-12T10:30:00.000Z"
623
+ }
624
+ ```
625
+
626
+ ---
627
+
628
+ #### 10. Get Agent Reviews
629
+
630
+ **GET** `/agents/{publisher}/{name}/reviews`
631
+
632
+ Retrieve user reviews and ratings.
633
+
634
+ **Query Parameters**:
635
+ - `version`: Filter by version
636
+ - `min_rating`: Minimum rating (1-5)
637
+ - `sort`: `helpful`, `recent`, `rating` (default: `helpful`)
638
+ - `limit`: Results per page (max 50, default: 10)
639
+ - `offset`: Pagination offset
640
+
641
+ **Response** (200 OK):
642
+ ```json
643
+ {
644
+ "agent": "blueflyio/security-scanner",
645
+ "total_reviews": 234,
646
+ "average_rating": 4.7,
647
+ "rating_distribution": {
648
+ "5": 156,
649
+ "4": 62,
650
+ "3": 12,
651
+ "2": 3,
652
+ "1": 1
653
+ },
654
+ "reviews": [
655
+ {
656
+ "review_id": "rev_abc123",
657
+ "version": "1.2.0",
658
+ "rating": 5,
659
+ "review": "Excellent security scanner! Caught vulnerabilities...",
660
+ "author": {
661
+ "username": "security_engineer",
662
+ "verified": true
663
+ },
664
+ "use_case": "Kubernetes cluster security audits",
665
+ "helpful_count": 42,
666
+ "published_at": "2025-12-10T14:30:00.000Z"
667
+ }
668
+ ]
669
+ }
670
+ ```
671
+
672
+ ---
673
+
674
+ #### 11. Get Dependencies
675
+
676
+ **GET** `/agents/{publisher}/{name}/dependencies`
677
+
678
+ Retrieve agent dependencies with version resolution.
679
+
680
+ **Response** (200 OK):
681
+ ```json
682
+ {
683
+ "agent": "blueflyio/security-scanner",
684
+ "version": "1.2.0",
685
+ "dependencies": {
686
+ "runtime": {
687
+ "@ossa/runtime": {
688
+ "required": "^0.3.0",
689
+ "resolved": "0.3.2",
690
+ "type": "runtime"
691
+ }
692
+ },
693
+ "agents": {
694
+ "blueflyio/vuln-db-agent": {
695
+ "required": "^2.1.0",
696
+ "resolved": "2.1.5",
697
+ "type": "agent"
698
+ }
699
+ },
700
+ "tools": {
701
+ "kubernetes-api": {
702
+ "required": "^1.28.0",
703
+ "resolved": "1.28.4",
704
+ "type": "tool"
705
+ }
706
+ }
707
+ },
708
+ "dependency_tree": {
709
+ "blueflyio/security-scanner@1.2.0": {
710
+ "@ossa/runtime@0.3.2": {},
711
+ "blueflyio/vuln-db-agent@2.1.5": {
712
+ "@ossa/runtime@0.3.2": {}
713
+ },
714
+ "kubernetes-api@1.28.4": {}
715
+ }
716
+ }
717
+ }
718
+ ```
719
+
720
+ ---
721
+
722
+ ## Agent Metadata
723
+
724
+ ### Core Metadata Schema
725
+
726
+ Every agent in the registry has associated metadata:
727
+
728
+ ```typescript
729
+ interface AgentRegistryMetadata {
730
+ // Identity
731
+ name: string; // Agent name (DNS-1123 format)
732
+ version: string; // Semantic version
733
+ publisher: PublisherInfo; // Publisher details
734
+
735
+ // Description
736
+ description: string; // Short description (max 200 chars)
737
+ long_description?: string; // Full description (markdown)
738
+ keywords: string[]; // Search keywords
739
+
740
+ // Classification
741
+ tags: string[]; // Freeform tags
742
+ capabilities: string[]; // OSSA capabilities
743
+ taxonomy: TaxonomyInfo; // Hierarchical classification
744
+
745
+ // Links
746
+ repository?: string; // Source code URL
747
+ homepage?: string; // Project homepage
748
+ documentation?: string; // Documentation URL
749
+ changelog?: string; // Changelog URL
750
+ issues?: string; // Issue tracker URL
751
+
752
+ // Legal
753
+ license: string; // SPDX license identifier
754
+ compliance_profiles?: string[]; // FedRAMP, HIPAA, SOC2, etc.
755
+
756
+ // Requirements
757
+ ossa_version: string; // Required OSSA spec version
758
+ dependencies: DependencyMap; // Agent/runtime dependencies
759
+ llm_requirements?: LLMRequirements; // LLM provider/model requirements
760
+
761
+ // Package
762
+ manifest_url: string; // OSSA manifest download URL
763
+ package_url: string; // Agent package download URL
764
+ package_size: number; // Size in bytes
765
+ package_shasum: string; // SHA-256 checksum
766
+
767
+ // Stats
768
+ downloads: DownloadStats; // Download counts
769
+ rating: RatingInfo; // User ratings
770
+
771
+ // Verification
772
+ verified: boolean; // Publisher verified
773
+ security_scan: SecurityScanResult; // Security scan status
774
+
775
+ // Timestamps
776
+ created_at: string; // ISO 8601
777
+ updated_at: string; // ISO 8601
778
+ published_at: string; // ISO 8601 (this version)
779
+
780
+ // Status
781
+ deprecated?: boolean;
782
+ deprecation_reason?: string;
783
+ replacement_version?: string;
784
+ }
785
+
786
+ interface PublisherInfo {
787
+ id: string; // Publisher ID
788
+ name: string; // Display name
789
+ verified: boolean; // Verified publisher badge
790
+ website?: string;
791
+ email?: string;
792
+ github?: string;
793
+ }
794
+
795
+ interface TaxonomyInfo {
796
+ domain: string; // security, infrastructure, etc.
797
+ subdomain?: string; // scanning, deployment, etc.
798
+ capability?: string; // vulnerability-detection, etc.
799
+ }
800
+
801
+ interface DependencyMap {
802
+ [package: string]: string; // package: version range
803
+ }
804
+
805
+ interface LLMRequirements {
806
+ provider: string; // anthropic, openai, etc.
807
+ model: string; // claude-3-sonnet-20240229
808
+ estimated_cost_per_run?: string; // "$0.15"
809
+ }
810
+
811
+ interface DownloadStats {
812
+ total: number;
813
+ last_month: number;
814
+ last_week: number;
815
+ }
816
+
817
+ interface RatingInfo {
818
+ average: number; // 1-5
819
+ count: number; // Number of ratings
820
+ }
821
+
822
+ interface SecurityScanResult {
823
+ status: "passed" | "failed" | "pending";
824
+ scanned_at?: string; // ISO 8601
825
+ vulnerabilities?: number;
826
+ severity?: "low" | "medium" | "high" | "critical";
827
+ }
828
+ ```
829
+
830
+ ---
831
+
832
+ ## Search & Discovery
833
+
834
+ ### Search Capabilities
835
+
836
+ The registry provides multiple search mechanisms:
837
+
838
+ #### 1. Full-Text Search
839
+
840
+ ```bash
841
+ # Search agent names, descriptions, keywords
842
+ ossa search "kubernetes security"
843
+
844
+ # API equivalent
845
+ GET /agents?q=kubernetes+security
846
+ ```
847
+
848
+ **Search Algorithm**:
849
+ - Weighted scoring: name (5x), description (3x), keywords (2x), tags (1x)
850
+ - Fuzzy matching for typos
851
+ - Stemming for word variations ("scan" matches "scanning")
852
+ - Synonym expansion ("k8s" matches "kubernetes")
853
+
854
+ #### 2. Capability-Based Search
855
+
856
+ ```bash
857
+ # Find agents by specific capability
858
+ ossa search --capability vulnerability-detection
859
+
860
+ # API equivalent
861
+ GET /agents?capability=vulnerability-detection
862
+ ```
863
+
864
+ #### 3. Taxonomy Navigation
865
+
866
+ ```bash
867
+ # Browse by domain
868
+ ossa search --domain security
869
+
870
+ # Narrow by subdomain
871
+ ossa search --domain security --subdomain scanning
872
+
873
+ # API equivalent
874
+ GET /agents?domain=security&subdomain=scanning
875
+ ```
876
+
877
+ #### 4. Compliance Filtering
878
+
879
+ ```bash
880
+ # Find FedRAMP-compliant agents
881
+ ossa search --compliance fedramp
882
+
883
+ # Multiple compliance requirements
884
+ ossa search --compliance fedramp --compliance hipaa
885
+
886
+ # API equivalent
887
+ GET /agents?compliance=fedramp&compliance=hipaa
888
+ ```
889
+
890
+ #### 5. Advanced Filters
891
+
892
+ ```bash
893
+ # Verified publishers only
894
+ ossa search "code review" --verified
895
+
896
+ # Minimum rating
897
+ ossa search "deployment" --min-rating 4.0
898
+
899
+ # Specific license
900
+ ossa search "security" --license Apache-2.0
901
+
902
+ # API equivalent
903
+ GET /agents?q=security&verified=true&min_rating=4.0&license=Apache-2.0
904
+ ```
905
+
906
+ #### 6. Sorting Options
907
+
908
+ ```bash
909
+ # Most downloaded
910
+ ossa search "security" --sort downloads
911
+
912
+ # Highest rated
913
+ ossa search "security" --sort rating
914
+
915
+ # Recently updated
916
+ ossa search "security" --sort updated
917
+
918
+ # API equivalent
919
+ GET /agents?q=security&sort=downloads
920
+ ```
921
+
922
+ ---
923
+
924
+ ### Search Index Structure
925
+
926
+ The registry uses OpenSearch with the following index mapping:
927
+
928
+ ```json
929
+ {
930
+ "mappings": {
931
+ "properties": {
932
+ "name": {
933
+ "type": "text",
934
+ "analyzer": "standard",
935
+ "boost": 5.0
936
+ },
937
+ "description": {
938
+ "type": "text",
939
+ "analyzer": "english",
940
+ "boost": 3.0
941
+ },
942
+ "keywords": {
943
+ "type": "text",
944
+ "analyzer": "keyword",
945
+ "boost": 2.0
946
+ },
947
+ "tags": {
948
+ "type": "keyword"
949
+ },
950
+ "capabilities": {
951
+ "type": "keyword"
952
+ },
953
+ "domain": {
954
+ "type": "keyword"
955
+ },
956
+ "subdomain": {
957
+ "type": "keyword"
958
+ },
959
+ "publisher": {
960
+ "type": "keyword"
961
+ },
962
+ "verified": {
963
+ "type": "boolean"
964
+ },
965
+ "downloads_total": {
966
+ "type": "integer"
967
+ },
968
+ "rating_average": {
969
+ "type": "float"
970
+ },
971
+ "updated_at": {
972
+ "type": "date"
973
+ }
974
+ }
975
+ }
976
+ }
977
+ ```
978
+
979
+ ---
980
+
981
+ ## Publishing Workflow
982
+
983
+ ### Prerequisites
984
+
985
+ 1. **Registry Account**: Sign up at https://registry.openstandardagents.org
986
+ 2. **CLI Installed**: `npm install -g @ossa/cli`
987
+ 3. **Authentication**: Run `ossa login`
988
+
989
+ ### Publishing Steps
990
+
991
+ #### Step 1: Create Agent Manifest
992
+
993
+ Create `agent.ossa.yaml`:
994
+
995
+ ```yaml
996
+ apiVersion: ossa/v0.3.0
997
+ kind: Agent
998
+ metadata:
999
+ name: security-scanner
1000
+ version: 1.2.0
1001
+ description: Enterprise security vulnerability scanner
1002
+ labels:
1003
+ domain: security
1004
+ compliance: fedramp
1005
+ spec:
1006
+ role: Security expert specializing in vulnerability scanning
1007
+ taxonomy:
1008
+ domain: security
1009
+ subdomain: scanning
1010
+ capability: vulnerability-detection
1011
+ llm:
1012
+ provider: anthropic
1013
+ model: claude-3-sonnet-20240229
1014
+ ```
1015
+
1016
+ #### Step 2: Validate Manifest
1017
+
1018
+ ```bash
1019
+ # Validate against JSON schema
1020
+ ossa validate agent.ossa.yaml
1021
+
1022
+ # Output:
1023
+ # ✓ Schema validation passed
1024
+ # ✓ No security issues found
1025
+ # ✓ Ready to publish
1026
+ ```
1027
+
1028
+ #### Step 3: Add Registry Metadata
1029
+
1030
+ Create `ossa.json` in project root:
1031
+
1032
+ ```json
1033
+ {
1034
+ "name": "security-scanner",
1035
+ "version": "1.2.0",
1036
+ "description": "Enterprise security vulnerability scanner",
1037
+ "keywords": ["security", "vulnerability", "scanning", "compliance"],
1038
+ "license": "Apache-2.0",
1039
+ "repository": "https://github.com/blueflyio/security-scanner",
1040
+ "homepage": "https://bluefly.io/agents/security-scanner",
1041
+ "documentation": "https://docs.bluefly.io/agents/security-scanner",
1042
+ "manifest": "./agent.ossa.yaml",
1043
+ "dependencies": {
1044
+ "@ossa/runtime": "^0.3.0",
1045
+ "vuln-scanner-lib": "^2.1.0"
1046
+ },
1047
+ "files": [
1048
+ "agent.ossa.yaml",
1049
+ "tools/",
1050
+ "prompts/",
1051
+ "README.md"
1052
+ ]
1053
+ }
1054
+ ```
1055
+
1056
+ #### Step 4: Publish
1057
+
1058
+ ```bash
1059
+ # Dry run (validate without publishing)
1060
+ ossa publish --dry-run
1061
+
1062
+ # Publish to registry
1063
+ ossa publish
1064
+
1065
+ # Output:
1066
+ # 📦 Packaging security-scanner@1.2.0...
1067
+ # ✓ Manifest validated
1068
+ # ✓ Dependencies resolved
1069
+ # ✓ Package created (1.2 MB)
1070
+ # 🔐 Security scan: passed
1071
+ # 📤 Uploading to registry...
1072
+ # ✓ Published security-scanner@1.2.0
1073
+ #
1074
+ # View at: https://registry.openstandardagents.org/agents/blueflyio/security-scanner
1075
+ ```
1076
+
1077
+ #### Step 5: Verify Publication
1078
+
1079
+ ```bash
1080
+ # Check if published successfully
1081
+ ossa view security-scanner
1082
+
1083
+ # Output shows agent details from registry
1084
+ ```
1085
+
1086
+ ---
1087
+
1088
+ ### Publishing Options
1089
+
1090
+ ```bash
1091
+ # Publish with custom tag
1092
+ ossa publish --tag beta
1093
+
1094
+ # Publish with access control
1095
+ ossa publish --access restricted
1096
+
1097
+ # Publish to private registry
1098
+ ossa publish --registry https://registry.internal.example.com
1099
+
1100
+ # Publish with provenance (SLSA)
1101
+ ossa publish --provenance
1102
+ ```
1103
+
1104
+ ---
1105
+
1106
+ ## Installation Workflow
1107
+
1108
+ ### Basic Installation
1109
+
1110
+ ```bash
1111
+ # Install latest version
1112
+ ossa install security-scanner
1113
+
1114
+ # Install specific version
1115
+ ossa install security-scanner@1.2.0
1116
+
1117
+ # Install from org namespace
1118
+ ossa install blueflyio/security-scanner
1119
+
1120
+ # Install with version range
1121
+ ossa install "security-scanner@^1.0.0"
1122
+ ```
1123
+
1124
+ ### Installation Process
1125
+
1126
+ ```
1127
+ 1. Resolve agent name → registry ID
1128
+ 2. Fetch agent metadata from registry
1129
+ 3. Check compatibility (OSSA version, dependencies)
1130
+ 4. Download agent package from CDN
1131
+ 5. Verify package signature (SHA-256)
1132
+ 6. Resolve and install dependencies
1133
+ 7. Extract package to ~/.ossa/agents/
1134
+ 8. Register agent in local registry
1135
+ 9. Run post-install verification
1136
+ ```
1137
+
1138
+ ### Installation Options
1139
+
1140
+ ```bash
1141
+ # Install to specific directory
1142
+ ossa install security-scanner --prefix /opt/ossa
1143
+
1144
+ # Install without dependencies
1145
+ ossa install security-scanner --no-deps
1146
+
1147
+ # Install with verbose output
1148
+ ossa install security-scanner --verbose
1149
+
1150
+ # Reinstall (overwrite existing)
1151
+ ossa install security-scanner --force
1152
+
1153
+ # Install from local package
1154
+ ossa install ./security-scanner-1.2.0.tgz
1155
+ ```
1156
+
1157
+ ---
1158
+
1159
+ ### Dependency Resolution
1160
+
1161
+ OSSA CLI resolves dependencies using semver:
1162
+
1163
+ ```bash
1164
+ # Example dependency tree
1165
+ security-scanner@1.2.0
1166
+ ├── @ossa/runtime@0.3.2
1167
+ ├── vuln-db-agent@2.1.5
1168
+ │ └── @ossa/runtime@0.3.2 (deduped)
1169
+ └── kubernetes-tools@1.28.4
1170
+
1171
+ # CLI automatically:
1172
+ # - Resolves version ranges
1173
+ # - Deduplicates shared dependencies
1174
+ # - Checks for version conflicts
1175
+ # - Downloads missing dependencies
1176
+ ```
1177
+
1178
+ **Conflict Resolution**:
1179
+
1180
+ ```bash
1181
+ # If conflicts detected:
1182
+ $ ossa install security-scanner
1183
+
1184
+ ⚠️ Dependency conflict detected:
1185
+ security-scanner requires @ossa/runtime@^0.3.0
1186
+ existing-agent requires @ossa/runtime@^0.2.0
1187
+
1188
+ Options:
1189
+ 1. Upgrade existing-agent to compatible version
1190
+ 2. Install security-scanner with --force (may break existing-agent)
1191
+ 3. Cancel installation
1192
+
1193
+ Choose [1/2/3]:
1194
+ ```
1195
+
1196
+ ---
1197
+
1198
+ ## Namespaces & Organizations
1199
+
1200
+ ### Namespace Types
1201
+
1202
+ #### 1. Public Namespace (Default)
1203
+
1204
+ ```bash
1205
+ # Published to public namespace
1206
+ ossa publish
1207
+
1208
+ # Installed as: security-scanner
1209
+ # URL: registry.openstandardagents.org/agents/security-scanner
1210
+ ```
1211
+
1212
+ #### 2. Organization Namespace
1213
+
1214
+ ```bash
1215
+ # Published to org namespace (requires ownership)
1216
+ ossa publish --org blueflyio
1217
+
1218
+ # Installed as: @blueflyio/security-scanner
1219
+ # URL: registry.openstandardagents.org/agents/blueflyio/security-scanner
1220
+ ```
1221
+
1222
+ #### 3. Private Registry
1223
+
1224
+ ```bash
1225
+ # Published to private registry
1226
+ ossa publish --registry https://registry.internal.example.com
1227
+
1228
+ # Installed with registry config
1229
+ ossa install security-scanner --registry https://registry.internal.example.com
1230
+ ```
1231
+
1232
+ ---
1233
+
1234
+ ### Organization Management
1235
+
1236
+ #### Create Organization
1237
+
1238
+ ```bash
1239
+ # Create organization via web UI
1240
+ https://registry.openstandardagents.org/orgs/new
1241
+
1242
+ # Or via CLI
1243
+ ossa org create blueflyio \
1244
+ --display-name "Bluefly.io" \
1245
+ --website "https://bluefly.io" \
1246
+ --email "support@bluefly.io"
1247
+ ```
1248
+
1249
+ #### Add Organization Members
1250
+
1251
+ ```bash
1252
+ # Add member with role
1253
+ ossa org add-member blueflyio \
1254
+ --username john.doe \
1255
+ --role developer
1256
+
1257
+ # Roles:
1258
+ # - owner: Full access, can manage members
1259
+ # - admin: Publish/unpublish agents, manage settings
1260
+ # - developer: Publish agents only
1261
+ # - viewer: Read-only access
1262
+ ```
1263
+
1264
+ #### Organization Verification
1265
+
1266
+ Verified organizations get badge and improved discoverability:
1267
+
1268
+ **Requirements**:
1269
+ 1. Domain ownership verification (DNS TXT record)
1270
+ 2. Active for 30+ days
1271
+ 3. Published 3+ agents with average rating > 4.0
1272
+ 4. No security violations
1273
+
1274
+ **Apply for verification**:
1275
+ ```bash
1276
+ ossa org verify blueflyio
1277
+ ```
1278
+
1279
+ ---
1280
+
1281
+ ## Verification & Trust
1282
+
1283
+ ### Publisher Verification
1284
+
1285
+ #### Verification Process
1286
+
1287
+ 1. **Domain Verification**:
1288
+ ```bash
1289
+ # Add DNS TXT record
1290
+ TXT _ossa-verify.example.com "ossa-verify=abc123def456"
1291
+
1292
+ # Verify ownership
1293
+ ossa org verify-domain blueflyio --domain bluefly.io
1294
+ ```
1295
+
1296
+ 2. **Identity Verification**:
1297
+ - Email verification
1298
+ - GitHub account linking
1299
+ - Optional: OIDC provider (Google Workspace, Okta)
1300
+
1301
+ 3. **Security Review**:
1302
+ - No critical vulnerabilities in published agents
1303
+ - Compliant with registry policies
1304
+ - Responsive to security reports
1305
+
1306
+ #### Verified Publisher Badge
1307
+
1308
+ Agents from verified publishers display badge:
1309
+
1310
+ ```
1311
+ ✓ Verified Publisher
1312
+ blueflyio has verified ownership of bluefly.io
1313
+ ```
1314
+
1315
+ ---
1316
+
1317
+ ### Security Scanning
1318
+
1319
+ Every published agent undergoes automated security scanning:
1320
+
1321
+ #### 1. Manifest Validation
1322
+
1323
+ ```yaml
1324
+ # Schema validation
1325
+ ✓ Valid OSSA v0.3.0 manifest
1326
+ ✓ All required fields present
1327
+ ✓ Semantic version format correct
1328
+ ```
1329
+
1330
+ #### 2. Dependency Scanning
1331
+
1332
+ ```yaml
1333
+ # Check dependencies for known vulnerabilities
1334
+ ✓ No vulnerable dependencies found
1335
+ Scanned: @ossa/runtime@0.3.2, vuln-scanner-lib@2.1.0
1336
+ ```
1337
+
1338
+ #### 3. Secret Detection
1339
+
1340
+ ```yaml
1341
+ # Scan for hardcoded secrets
1342
+ ✓ No secrets detected
1343
+ Checked: API keys, tokens, passwords, certificates
1344
+ ```
1345
+
1346
+ #### 4. Capability Analysis
1347
+
1348
+ ```yaml
1349
+ # Verify capability declarations match manifest
1350
+ ✓ Declared capabilities match implementation
1351
+ kubernetes: get_pods, describe_pod, get_logs
1352
+ ```
1353
+
1354
+ #### 5. Compliance Check
1355
+
1356
+ ```yaml
1357
+ # Verify compliance profile claims
1358
+ ✓ FedRAMP Moderate requirements met
1359
+ - Encryption at rest: enabled
1360
+ - Audit logging: enabled
1361
+ - PII redaction: enabled
1362
+ ```
1363
+
1364
+ ---
1365
+
1366
+ ### Security Scan Results
1367
+
1368
+ Scan results are included in registry metadata:
1369
+
1370
+ ```json
1371
+ {
1372
+ "security_scan": {
1373
+ "status": "passed",
1374
+ "scanned_at": "2025-12-12T10:00:00.000Z",
1375
+ "checks": {
1376
+ "schema_valid": true,
1377
+ "dependencies_secure": true,
1378
+ "secrets_detected": false,
1379
+ "capabilities_verified": true,
1380
+ "compliance_verified": true
1381
+ },
1382
+ "vulnerabilities": {
1383
+ "critical": 0,
1384
+ "high": 0,
1385
+ "medium": 0,
1386
+ "low": 0
1387
+ }
1388
+ }
1389
+ }
1390
+ ```
1391
+
1392
+ **Failed Scans**:
1393
+
1394
+ Agents that fail security scans cannot be published:
1395
+
1396
+ ```bash
1397
+ $ ossa publish
1398
+
1399
+ ❌ Security scan failed
1400
+
1401
+ Critical Issues:
1402
+ - Hardcoded API key detected in prompts/system.yaml
1403
+ - Vulnerable dependency: old-lib@1.0.0 (CVE-2024-12345)
1404
+
1405
+ Fix these issues and try again.
1406
+ ```
1407
+
1408
+ ---
1409
+
1410
+ ## Registry Implementation
1411
+
1412
+ ### Technology Stack
1413
+
1414
+ - **API**: Go (Gin framework), gRPC
1415
+ - **Database**: PostgreSQL (metadata), Redis (cache)
1416
+ - **Search**: OpenSearch (Elasticsearch fork)
1417
+ - **Storage**: S3/R2 (agent packages), CloudFront/CloudFlare (CDN)
1418
+ - **Queue**: RabbitMQ (async tasks)
1419
+ - **Monitoring**: Prometheus, Grafana, Jaeger
1420
+
1421
+ ### Database Schema
1422
+
1423
+ ```sql
1424
+ -- Publishers
1425
+ CREATE TABLE publishers (
1426
+ id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
1427
+ username VARCHAR(255) UNIQUE NOT NULL,
1428
+ display_name VARCHAR(255),
1429
+ email VARCHAR(255) NOT NULL,
1430
+ verified BOOLEAN DEFAULT FALSE,
1431
+ website VARCHAR(500),
1432
+ github_username VARCHAR(255),
1433
+ created_at TIMESTAMPTZ DEFAULT NOW(),
1434
+ updated_at TIMESTAMPTZ DEFAULT NOW()
1435
+ );
1436
+
1437
+ -- Agents
1438
+ CREATE TABLE agents (
1439
+ id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
1440
+ name VARCHAR(253) NOT NULL,
1441
+ publisher_id UUID NOT NULL REFERENCES publishers(id),
1442
+ description TEXT,
1443
+ license VARCHAR(100),
1444
+ repository VARCHAR(500),
1445
+ homepage VARCHAR(500),
1446
+ documentation VARCHAR(500),
1447
+ created_at TIMESTAMPTZ DEFAULT NOW(),
1448
+ updated_at TIMESTAMPTZ DEFAULT NOW(),
1449
+ UNIQUE(name, publisher_id)
1450
+ );
1451
+
1452
+ -- Agent Versions
1453
+ CREATE TABLE agent_versions (
1454
+ id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
1455
+ agent_id UUID NOT NULL REFERENCES agents(id),
1456
+ version VARCHAR(50) NOT NULL,
1457
+ manifest_url VARCHAR(500) NOT NULL,
1458
+ package_url VARCHAR(500) NOT NULL,
1459
+ package_size BIGINT NOT NULL,
1460
+ package_shasum VARCHAR(64) NOT NULL,
1461
+ deprecated BOOLEAN DEFAULT FALSE,
1462
+ deprecation_reason TEXT,
1463
+ replacement_version VARCHAR(50),
1464
+ published_at TIMESTAMPTZ DEFAULT NOW(),
1465
+ UNIQUE(agent_id, version)
1466
+ );
1467
+
1468
+ -- Downloads
1469
+ CREATE TABLE downloads (
1470
+ id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
1471
+ agent_version_id UUID NOT NULL REFERENCES agent_versions(id),
1472
+ downloaded_at TIMESTAMPTZ DEFAULT NOW(),
1473
+ ip_hash VARCHAR(64), -- Hashed IP for privacy
1474
+ country VARCHAR(2),
1475
+ user_agent VARCHAR(500)
1476
+ );
1477
+
1478
+ -- Ratings
1479
+ CREATE TABLE ratings (
1480
+ id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
1481
+ agent_id UUID NOT NULL REFERENCES agents(id),
1482
+ user_id UUID NOT NULL REFERENCES users(id),
1483
+ rating INTEGER NOT NULL CHECK (rating BETWEEN 1 AND 5),
1484
+ review TEXT,
1485
+ version VARCHAR(50),
1486
+ use_case VARCHAR(500),
1487
+ helpful_count INTEGER DEFAULT 0,
1488
+ created_at TIMESTAMPTZ DEFAULT NOW(),
1489
+ UNIQUE(agent_id, user_id)
1490
+ );
1491
+
1492
+ -- Security Scans
1493
+ CREATE TABLE security_scans (
1494
+ id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
1495
+ agent_version_id UUID NOT NULL REFERENCES agent_versions(id),
1496
+ status VARCHAR(20) NOT NULL CHECK (status IN ('passed', 'failed', 'pending')),
1497
+ scanned_at TIMESTAMPTZ DEFAULT NOW(),
1498
+ vulnerabilities_critical INTEGER DEFAULT 0,
1499
+ vulnerabilities_high INTEGER DEFAULT 0,
1500
+ vulnerabilities_medium INTEGER DEFAULT 0,
1501
+ vulnerabilities_low INTEGER DEFAULT 0,
1502
+ report JSONB
1503
+ );
1504
+ ```
1505
+
1506
+ ---
1507
+
1508
+ ## Security Model
1509
+
1510
+ ### Authentication Methods
1511
+
1512
+ #### 1. OAuth 2.0
1513
+
1514
+ ```bash
1515
+ # Login via web browser (OAuth flow)
1516
+ ossa login
1517
+
1518
+ # Opens browser to:
1519
+ https://registry.openstandardagents.org/oauth/authorize?client_id=...
1520
+
1521
+ # After authorization, token saved to ~/.ossa/token
1522
+ ```
1523
+
1524
+ #### 2. API Token
1525
+
1526
+ ```bash
1527
+ # Generate API token (via web UI)
1528
+ https://registry.openstandardagents.org/settings/tokens
1529
+
1530
+ # Use token directly
1531
+ export OSSA_TOKEN=ossa_tok_1234567890abcdef
1532
+ ossa publish
1533
+ ```
1534
+
1535
+ #### 3. CI/CD Integration
1536
+
1537
+ ```yaml
1538
+ # GitHub Actions example
1539
+ name: Publish Agent
1540
+ on:
1541
+ release:
1542
+ types: [published]
1543
+ jobs:
1544
+ publish:
1545
+ runs-on: ubuntu-latest
1546
+ steps:
1547
+ - uses: actions/checkout@v4
1548
+ - uses: ossa/setup-cli@v1
1549
+ - name: Publish to Registry
1550
+ env:
1551
+ OSSA_TOKEN: ${{ secrets.OSSA_TOKEN }}
1552
+ run: ossa publish
1553
+ ```
1554
+
1555
+ ---
1556
+
1557
+ ### Authorization Model
1558
+
1559
+ **Permissions**:
1560
+
1561
+ | Action | Public User | Publisher | Org Member | Org Admin | Org Owner |
1562
+ |--------|------------|-----------|-----------|-----------|-----------|
1563
+ | Search agents | ✅ | ✅ | ✅ | ✅ | ✅ |
1564
+ | Download agents | ✅ | ✅ | ✅ | ✅ | ✅ |
1565
+ | Submit ratings | ✅ | ✅ | ✅ | ✅ | ✅ |
1566
+ | Publish agents (public) | ❌ | ✅ | ❌ | ❌ | ❌ |
1567
+ | Publish agents (org) | ❌ | ❌ | ✅ | ✅ | ✅ |
1568
+ | Unpublish versions | ❌ | ✅ (own) | ✅ (org) | ✅ (org) | ✅ (org) |
1569
+ | Deprecate versions | ❌ | ✅ (own) | ✅ (org) | ✅ (org) | ✅ (org) |
1570
+ | Manage org members | ❌ | ❌ | ❌ | ✅ | ✅ |
1571
+ | Delete org | ❌ | ❌ | ❌ | ❌ | ✅ |
1572
+
1573
+ ---
1574
+
1575
+ ### Package Integrity
1576
+
1577
+ #### SHA-256 Checksums
1578
+
1579
+ Every package includes SHA-256 checksum:
1580
+
1581
+ ```bash
1582
+ # Checksum generated on publish
1583
+ $ ossa publish
1584
+ ✓ Package checksum: abc123def456...
1585
+
1586
+ # Verified on install
1587
+ $ ossa install security-scanner
1588
+ ✓ Checksum verified
1589
+ ```
1590
+
1591
+ #### Package Signing (SLSA)
1592
+
1593
+ Optional: Sign packages with SLSA provenance:
1594
+
1595
+ ```bash
1596
+ # Publish with provenance
1597
+ ossa publish --provenance
1598
+
1599
+ # Generates SLSA attestation:
1600
+ {
1601
+ "_type": "https://in-toto.io/Statement/v0.1",
1602
+ "subject": [
1603
+ {
1604
+ "name": "pkg:ossa/blueflyio/security-scanner@1.2.0",
1605
+ "digest": {"sha256": "abc123..."}
1606
+ }
1607
+ ],
1608
+ "predicateType": "https://slsa.dev/provenance/v0.2",
1609
+ "predicate": {
1610
+ "builder": {"id": "https://github.com/actions/runner"},
1611
+ "buildType": "https://github.com/actions/workflow",
1612
+ "invocation": {...},
1613
+ "materials": [...]
1614
+ }
1615
+ }
1616
+ ```
1617
+
1618
+ ---
1619
+
1620
+ ## Rate Limiting & Quotas
1621
+
1622
+ ### Rate Limits
1623
+
1624
+ | Endpoint | Authenticated | Unauthenticated |
1625
+ |----------|--------------|-----------------|
1626
+ | GET /agents | 1000/hour | 100/hour |
1627
+ | GET /agents/{id} | 5000/hour | 500/hour |
1628
+ | POST /agents | 50/hour | N/A |
1629
+ | DELETE /agents/{id} | 10/hour | N/A |
1630
+ | POST /reviews | 20/hour | N/A |
1631
+
1632
+ **Rate Limit Headers**:
1633
+
1634
+ ```http
1635
+ X-RateLimit-Limit: 1000
1636
+ X-RateLimit-Remaining: 987
1637
+ X-RateLimit-Reset: 1735939800
1638
+ ```
1639
+
1640
+ ---
1641
+
1642
+ ### Storage Quotas
1643
+
1644
+ | Plan | Max Package Size | Total Storage | Bandwidth |
1645
+ |------|-----------------|---------------|-----------|
1646
+ | Free | 50 MB | 1 GB | 10 GB/month |
1647
+ | Pro | 500 MB | 100 GB | 1 TB/month |
1648
+ | Enterprise | 5 GB | Unlimited | Unlimited |
1649
+
1650
+ ---
1651
+
1652
+ ## Versioning Strategy
1653
+
1654
+ ### Semantic Versioning
1655
+
1656
+ All agents MUST use semantic versioning (semver 2.0.0):
1657
+
1658
+ ```
1659
+ MAJOR.MINOR.PATCH[-PRERELEASE][+BUILD]
1660
+
1661
+ Examples:
1662
+ - 1.0.0 (stable release)
1663
+ - 1.2.3 (patch update)
1664
+ - 2.0.0-beta.1 (pre-release)
1665
+ - 1.0.0+build.123 (build metadata)
1666
+ ```
1667
+
1668
+ ### Version Ranges
1669
+
1670
+ OSSA CLI supports standard semver ranges:
1671
+
1672
+ ```json
1673
+ {
1674
+ "dependencies": {
1675
+ "@ossa/runtime": "^0.3.0", // >= 0.3.0, < 0.4.0
1676
+ "tool-agent": "~1.2.0", // >= 1.2.0, < 1.3.0
1677
+ "other-agent": "1.x", // >= 1.0.0, < 2.0.0
1678
+ "specific": "1.2.3", // Exactly 1.2.3
1679
+ "range": ">=1.0.0 <2.0.0" // Between 1.0.0 and 2.0.0
1680
+ }
1681
+ }
1682
+ ```
1683
+
1684
+ ### Version Deprecation
1685
+
1686
+ Publishers can deprecate old versions:
1687
+
1688
+ ```bash
1689
+ # Deprecate version
1690
+ ossa deprecate security-scanner@1.0.0 \
1691
+ --reason "Security vulnerability - upgrade to 1.1.0+" \
1692
+ --replacement 1.1.0
1693
+
1694
+ # CLI warns users on install
1695
+ $ ossa install security-scanner@1.0.0
1696
+
1697
+ ⚠️ WARNING: security-scanner@1.0.0 is deprecated
1698
+ Reason: Security vulnerability - upgrade to 1.1.0+
1699
+ Recommended: security-scanner@1.1.0
1700
+
1701
+ Continue anyway? [y/N]:
1702
+ ```
1703
+
1704
+ ---
1705
+
1706
+ ## CLI Reference
1707
+
1708
+ ### Installation
1709
+
1710
+ ```bash
1711
+ # npm
1712
+ npm install -g @ossa/cli
1713
+
1714
+ # yarn
1715
+ yarn global add @ossa/cli
1716
+
1717
+ # Homebrew (macOS)
1718
+ brew install ossa
1719
+
1720
+ # Scoop (Windows)
1721
+ scoop install ossa
1722
+
1723
+ # Direct download
1724
+ curl -fsSL https://install.openstandardagents.org | sh
1725
+ ```
1726
+
1727
+ ---
1728
+
1729
+ ### Commands
1730
+
1731
+ #### `ossa login`
1732
+
1733
+ Authenticate with registry.
1734
+
1735
+ ```bash
1736
+ ossa login
1737
+
1738
+ # Options:
1739
+ # --token <token> Use API token directly
1740
+ # --registry <url> Custom registry URL
1741
+ ```
1742
+
1743
+ ---
1744
+
1745
+ #### `ossa logout`
1746
+
1747
+ Remove authentication token.
1748
+
1749
+ ```bash
1750
+ ossa logout
1751
+
1752
+ # Options:
1753
+ # --registry <url> Custom registry URL
1754
+ ```
1755
+
1756
+ ---
1757
+
1758
+ #### `ossa search`
1759
+
1760
+ Search for agents.
1761
+
1762
+ ```bash
1763
+ ossa search [query]
1764
+
1765
+ # Options:
1766
+ # --capability <cap> Filter by capability
1767
+ # --domain <domain> Filter by domain
1768
+ # --compliance <profile> Filter by compliance
1769
+ # --verified Verified publishers only
1770
+ # --min-rating <rating> Minimum rating (1-5)
1771
+ # --license <license> Filter by license
1772
+ # --sort <field> Sort by: downloads, rating, updated, created
1773
+ # --limit <n> Results per page
1774
+ # --json Output as JSON
1775
+
1776
+ # Examples:
1777
+ ossa search "kubernetes security"
1778
+ ossa search --capability vulnerability-detection
1779
+ ossa search --compliance fedramp --verified
1780
+ ```
1781
+
1782
+ ---
1783
+
1784
+ #### `ossa view`
1785
+
1786
+ View agent details.
1787
+
1788
+ ```bash
1789
+ ossa view <agent>
1790
+
1791
+ # Options:
1792
+ # --version <version> Specific version
1793
+ # --json Output as JSON
1794
+
1795
+ # Examples:
1796
+ ossa view security-scanner
1797
+ ossa view blueflyio/security-scanner@1.2.0
1798
+ ```
1799
+
1800
+ ---
1801
+
1802
+ #### `ossa install`
1803
+
1804
+ Install agent.
1805
+
1806
+ ```bash
1807
+ ossa install <agent>[@version]
1808
+
1809
+ # Options:
1810
+ # --prefix <dir> Install directory
1811
+ # --no-deps Skip dependencies
1812
+ # --force Overwrite existing
1813
+ # --verbose Verbose output
1814
+ # --registry <url> Custom registry
1815
+
1816
+ # Examples:
1817
+ ossa install security-scanner
1818
+ ossa install security-scanner@1.2.0
1819
+ ossa install blueflyio/security-scanner
1820
+ ossa install "security-scanner@^1.0.0"
1821
+ ```
1822
+
1823
+ ---
1824
+
1825
+ #### `ossa uninstall`
1826
+
1827
+ Uninstall agent.
1828
+
1829
+ ```bash
1830
+ ossa uninstall <agent>
1831
+
1832
+ # Options:
1833
+ # --prefix <dir> Install directory
1834
+
1835
+ # Examples:
1836
+ ossa uninstall security-scanner
1837
+ ```
1838
+
1839
+ ---
1840
+
1841
+ #### `ossa publish`
1842
+
1843
+ Publish agent to registry.
1844
+
1845
+ ```bash
1846
+ ossa publish [directory]
1847
+
1848
+ # Options:
1849
+ # --dry-run Validate without publishing
1850
+ # --tag <tag> Publish with tag (e.g., beta, latest)
1851
+ # --access <level> public | restricted | private
1852
+ # --org <org> Publish to organization
1853
+ # --registry <url> Custom registry
1854
+ # --provenance Generate SLSA provenance
1855
+
1856
+ # Examples:
1857
+ ossa publish
1858
+ ossa publish --dry-run
1859
+ ossa publish --org blueflyio
1860
+ ossa publish --tag beta
1861
+ ```
1862
+
1863
+ ---
1864
+
1865
+ #### `ossa unpublish`
1866
+
1867
+ Remove agent version from registry.
1868
+
1869
+ ```bash
1870
+ ossa unpublish <agent>@<version>
1871
+
1872
+ # Options:
1873
+ # --reason <reason> Reason for unpublishing
1874
+ # --force Skip confirmation
1875
+
1876
+ # Examples:
1877
+ ossa unpublish security-scanner@1.0.0
1878
+ ossa unpublish security-scanner@1.0.0 --reason "Security vulnerability"
1879
+ ```
1880
+
1881
+ ---
1882
+
1883
+ #### `ossa deprecate`
1884
+
1885
+ Mark version as deprecated.
1886
+
1887
+ ```bash
1888
+ ossa deprecate <agent>@<version>
1889
+
1890
+ # Options:
1891
+ # --reason <reason> Deprecation reason
1892
+ # --replacement <version> Recommended replacement version
1893
+
1894
+ # Examples:
1895
+ ossa deprecate security-scanner@1.0.0 --replacement 1.1.0
1896
+ ```
1897
+
1898
+ ---
1899
+
1900
+ #### `ossa validate`
1901
+
1902
+ Validate agent manifest.
1903
+
1904
+ ```bash
1905
+ ossa validate [manifest]
1906
+
1907
+ # Options:
1908
+ # --schema <version> OSSA schema version
1909
+
1910
+ # Examples:
1911
+ ossa validate agent.ossa.yaml
1912
+ ossa validate --schema v0.3.0
1913
+ ```
1914
+
1915
+ ---
1916
+
1917
+ ## SDK Integration
1918
+
1919
+ ### JavaScript/TypeScript
1920
+
1921
+ ```typescript
1922
+ import { OSSARegistry } from '@ossa/registry-sdk';
1923
+
1924
+ const registry = new OSSARegistry({
1925
+ url: 'https://registry.openstandardagents.org/api/v1',
1926
+ token: process.env.OSSA_TOKEN
1927
+ });
1928
+
1929
+ // Search agents
1930
+ const results = await registry.search({
1931
+ query: 'security',
1932
+ capability: 'vulnerability-detection',
1933
+ verified: true,
1934
+ limit: 10
1935
+ });
1936
+
1937
+ // Get agent details
1938
+ const agent = await registry.getAgent('blueflyio/security-scanner');
1939
+
1940
+ // Install agent
1941
+ await registry.install('security-scanner', {
1942
+ version: '^1.0.0',
1943
+ prefix: './agents'
1944
+ });
1945
+
1946
+ // Publish agent
1947
+ await registry.publish({
1948
+ manifest: './agent.ossa.yaml',
1949
+ packagePath: './dist'
1950
+ });
1951
+ ```
1952
+
1953
+ ---
1954
+
1955
+ ### Python
1956
+
1957
+ ```python
1958
+ from ossa_registry import Registry
1959
+
1960
+ registry = Registry(
1961
+ url='https://registry.openstandardagents.org/api/v1',
1962
+ token=os.environ['OSSA_TOKEN']
1963
+ )
1964
+
1965
+ # Search agents
1966
+ results = registry.search(
1967
+ query='security',
1968
+ capability='vulnerability-detection',
1969
+ verified=True,
1970
+ limit=10
1971
+ )
1972
+
1973
+ # Get agent details
1974
+ agent = registry.get_agent('blueflyio/security-scanner')
1975
+
1976
+ # Install agent
1977
+ registry.install(
1978
+ 'security-scanner',
1979
+ version='^1.0.0',
1980
+ prefix='./agents'
1981
+ )
1982
+
1983
+ # Publish agent
1984
+ registry.publish(
1985
+ manifest='./agent.ossa.yaml',
1986
+ package_path='./dist'
1987
+ )
1988
+ ```
1989
+
1990
+ ---
1991
+
1992
+ ### Go
1993
+
1994
+ ```go
1995
+ import "github.com/openstandardagents/registry-sdk-go"
1996
+
1997
+ client := registry.NewClient(&registry.Config{
1998
+ URL: "https://registry.openstandardagents.org/api/v1",
1999
+ Token: os.Getenv("OSSA_TOKEN"),
2000
+ })
2001
+
2002
+ // Search agents
2003
+ results, err := client.Search(ctx, &registry.SearchRequest{
2004
+ Query: "security",
2005
+ Capability: "vulnerability-detection",
2006
+ Verified: true,
2007
+ Limit: 10,
2008
+ })
2009
+
2010
+ // Get agent details
2011
+ agent, err := client.GetAgent(ctx, "blueflyio/security-scanner")
2012
+
2013
+ // Install agent
2014
+ err = client.Install(ctx, &registry.InstallRequest{
2015
+ Agent: "security-scanner",
2016
+ Version: "^1.0.0",
2017
+ Prefix: "./agents",
2018
+ })
2019
+
2020
+ // Publish agent
2021
+ err = client.Publish(ctx, &registry.PublishRequest{
2022
+ Manifest: "./agent.ossa.yaml",
2023
+ PackagePath: "./dist",
2024
+ })
2025
+ ```
2026
+
2027
+ ---
2028
+
2029
+ ## Best Practices
2030
+
2031
+ ### For Publishers
2032
+
2033
+ #### 1. Version Management
2034
+
2035
+ **DO**:
2036
+ - Use semantic versioning consistently
2037
+ - Increment MAJOR for breaking changes
2038
+ - Increment MINOR for new features
2039
+ - Increment PATCH for bug fixes
2040
+ - Publish changelog with each release
2041
+
2042
+ **DON'T**:
2043
+ - Reuse version numbers
2044
+ - Delete published versions (deprecate instead)
2045
+ - Make breaking changes in PATCH versions
2046
+
2047
+ #### 2. Documentation
2048
+
2049
+ **DO**:
2050
+ - Include comprehensive README.md
2051
+ - Provide usage examples
2052
+ - Document all capabilities
2053
+ - Maintain CHANGELOG.md
2054
+ - Include troubleshooting guide
2055
+
2056
+ **DON'T**:
2057
+ - Leave README empty
2058
+ - Assume users know how to use your agent
2059
+ - Skip changelog entries
2060
+
2061
+ #### 3. Dependencies
2062
+
2063
+ **DO**:
2064
+ - Use version ranges (^, ~) for flexibility
2065
+ - Keep dependencies up to date
2066
+ - Document external requirements
2067
+ - Test with minimum supported versions
2068
+
2069
+ **DON'T**:
2070
+ - Pin to exact versions unnecessarily
2071
+ - Use deprecated dependencies
2072
+ - Bundle dependencies in package
2073
+
2074
+ #### 4. Security
2075
+
2076
+ **DO**:
2077
+ - Scan for vulnerabilities before publishing
2078
+ - Use secrets manager for credentials
2079
+ - Enable security features (encryption, audit logging)
2080
+ - Respond to security reports promptly
2081
+
2082
+ **DON'T**:
2083
+ - Hardcode secrets in manifest
2084
+ - Ignore security scan warnings
2085
+ - Grant excessive capabilities
2086
+
2087
+ ---
2088
+
2089
+ ### For Consumers
2090
+
2091
+ #### 1. Installation
2092
+
2093
+ **DO**:
2094
+ - Use version ranges for flexibility
2095
+ - Review agent metadata before installing
2096
+ - Check security scan results
2097
+ - Prefer verified publishers
2098
+
2099
+ **DON'T**:
2100
+ - Install agents without reviewing capabilities
2101
+ - Ignore deprecation warnings
2102
+ - Use outdated versions
2103
+
2104
+ #### 2. Updates
2105
+
2106
+ **DO**:
2107
+ - Check for updates regularly
2108
+ - Read changelogs before updating
2109
+ - Test updates in non-production first
2110
+ - Use version ranges to get updates automatically
2111
+
2112
+ **DON'T**:
2113
+ - Use exact versions for all dependencies
2114
+ - Skip CHANGELOG review
2115
+ - Update directly in production
2116
+
2117
+ ---
2118
+
2119
+ ## Examples
2120
+
2121
+ ### Example 1: Publishing Your First Agent
2122
+
2123
+ ```bash
2124
+ # 1. Create agent directory
2125
+ mkdir my-agent && cd my-agent
2126
+
2127
+ # 2. Create manifest
2128
+ cat > agent.ossa.yaml <<EOF
2129
+ apiVersion: ossa/v0.3.0
2130
+ kind: Agent
2131
+ metadata:
2132
+ name: my-agent
2133
+ version: 1.0.0
2134
+ description: My first OSSA agent
2135
+ spec:
2136
+ role: A helpful assistant
2137
+ llm:
2138
+ provider: anthropic
2139
+ model: claude-3-sonnet-20240229
2140
+ EOF
2141
+
2142
+ # 3. Create package metadata
2143
+ cat > ossa.json <<EOF
2144
+ {
2145
+ "name": "my-agent",
2146
+ "version": "1.0.0",
2147
+ "description": "My first OSSA agent",
2148
+ "license": "MIT",
2149
+ "manifest": "./agent.ossa.yaml"
2150
+ }
2151
+ EOF
2152
+
2153
+ # 4. Validate
2154
+ ossa validate agent.ossa.yaml
2155
+
2156
+ # 5. Login to registry
2157
+ ossa login
2158
+
2159
+ # 6. Publish
2160
+ ossa publish
2161
+ ```
2162
+
2163
+ ---
2164
+
2165
+ ### Example 2: Finding and Installing Agents
2166
+
2167
+ ```bash
2168
+ # Search for security agents
2169
+ ossa search "security" --domain security --verified
2170
+
2171
+ # View agent details
2172
+ ossa view blueflyio/security-scanner
2173
+
2174
+ # Install latest version
2175
+ ossa install blueflyio/security-scanner
2176
+
2177
+ # Install specific version
2178
+ ossa install blueflyio/security-scanner@1.2.0
2179
+
2180
+ # Install with version range
2181
+ ossa install "blueflyio/security-scanner@^1.0.0"
2182
+ ```
2183
+
2184
+ ---
2185
+
2186
+ ### Example 3: Organization Publishing
2187
+
2188
+ ```bash
2189
+ # Create organization
2190
+ ossa org create my-company \
2191
+ --display-name "My Company" \
2192
+ --website "https://example.com"
2193
+
2194
+ # Verify domain ownership
2195
+ ossa org verify-domain my-company --domain example.com
2196
+
2197
+ # Publish to organization
2198
+ ossa publish --org my-company
2199
+
2200
+ # Result: @my-company/agent-name
2201
+ ```
2202
+
2203
+ ---
2204
+
2205
+ ### Example 4: Private Registry
2206
+
2207
+ ```bash
2208
+ # Configure private registry
2209
+ ossa config set registry https://registry.internal.example.com
2210
+
2211
+ # Login to private registry
2212
+ ossa login --registry https://registry.internal.example.com
2213
+
2214
+ # Publish to private registry
2215
+ ossa publish --registry https://registry.internal.example.com
2216
+
2217
+ # Install from private registry
2218
+ ossa install my-agent --registry https://registry.internal.example.com
2219
+ ```
2220
+
2221
+ ---
2222
+
2223
+ ## References
2224
+
2225
+ - [OSSA Specification v0.3.0](../v0.3.0/)
2226
+ - [Agent Manifest Spec](../v0.2.9/agent.md)
2227
+ - [Semantic Versioning 2.0.0](https://semver.org/)
2228
+ - [SLSA Provenance](https://slsa.dev/)
2229
+ - [SPDX License List](https://spdx.org/licenses/)
2230
+ - [OpenAPI Specification](https://spec.openapis.org/) (inspiration)
2231
+ - [npm Registry](https://docs.npmjs.com/cli/v10/using-npm/registry) (inspiration)
2232
+ - [Docker Hub](https://docs.docker.com/docker-hub/) (inspiration)
2233
+
2234
+ ---
2235
+
2236
+ **Document Version**: 1.0.0
2237
+ **Last Updated**: 2025-12-12
2238
+ **Status**: Draft
2239
+ **Authors**: OSSA Technical Committee