@bluefly/openstandardagents 0.3.0 → 0.3.2

package/dist/spec/v0.3.1/agent-test.schema.json

@@ -0,0 +1,75 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://openstandardagents.org/schemas/v0.3.1/agent-test.json",
+  "title": "OSSA AgentTest Resource",
+  "description": "Test definition for OSSA agents - declarative testing framework for agent behavior, performance, and compliance validation",
+  "type": "object",
+  "required": [
+    "apiVersion",
+    "kind",
+    "metadata",
+    "spec"
+  ],
+  "properties": {
+    "apiVersion": {
+      "type": "string",
+      "const": "ossa/v0.3.1",
+      "description": "OSSA API version for AgentTest resources"
+    },
+    "kind": {
+      "type": "string",
+      "const": "AgentTest",
+      "description": "Resource type identifier"
+    },
+    "metadata": {
+      "$ref": "#/definitions/Metadata",
+      "description": "Test resource metadata including name, version, and labels"
+    },
+    "spec": {
+      "$ref": "#/definitions/TestSpec",
+      "description": "Test specification including target, scenarios, and configuration"
+    }
+  },
+  "definitions": {
+    "Metadata": {
+      "type": "object",
+      "required": [
+        "name"
+      ],
+      "properties": {
+        "name": {
+          "type": "string",
+          "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
+          "maxLength": 253,
+          "description": "Test suite identifier (DNS-1123 subdomain format)"
+        },
+        "version": {
+          "type": "string",
+          "pattern": "^(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)\\\\.(0|[1-9]\\\\d*)(?:-((?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\\\.(?:0|[1-9]\\\\d*|\\\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\\\+([0-9a-zA-Z-]+(?:\\\\.[0-9a-zA-Z-]+)*))?$",
+          "description": "Test suite version (semver 2.0.0)"
+        },
+        "description": {
+          "type": "string",
+          "maxLength": 2000,
+          "description": "Human-readable test suite description"
+        },
+        "labels": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string",
+            "maxLength": 63
+          },
+          "description": "Labels for test categorization (e.g., team, compliance-level, test-type)"
+        },
+        "annotations": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Arbitrary metadata for tooling integration"
+        }
+      },
+      "additionalProperties": false
+    }
+  }
+}

package/dist/spec/v0.3.1/examples/agent-with-identity.ossa.yaml

@@ -0,0 +1,68 @@
+# OSSA v0.3.1 Agent with Identity Configuration
+# Demonstrates service account integration for automated git operations
+apiVersion: ossa/v0.3.2
+kind: Agent
+metadata:
+  name: typescript-worker
+  version: 1.0.0
+  description: TypeScript development agent with GitLab service account identity
+  labels:
+    team: platform
+    tier: development
+spec:
+  role: |
+    You are a TypeScript development assistant that manages code changes
+    for the agent-buildkit and related TypeScript projects.
+
+  llm:
+    provider: anthropic
+    model: claude-sonnet-4-20250514
+    temperature: 0.2
+
+  # Agent Identity Configuration (v0.3.1+)
+  identity:
+    provider: gitlab
+    service_account:
+      id: 31840529
+      username: bot-ts-local
+      email: bot-ts-local@bluefly.io
+    token_source:
+      env_var: GITLAB_BOT_TS_TOKEN
+      file_path: ~/.tokens/bot-ts-local
+    patterns:
+      - "*/common_npm/*"
+      - "*/agent-buildkit"
+      - "*/agent-studio"
+    dora_tracking:
+      enabled: true
+      metrics:
+        - deployment_frequency
+        - lead_time
+        - change_failure_rate
+        - mttr
+    observability:
+      service_name: typescript-worker
+      service_namespace: development
+      service_version: "1.0.0"
+
+  tools:
+    - name: git
+      type: mcp
+      config:
+        server: git-mcp-server
+    - name: file-operations
+      type: mcp
+      config:
+        server: filesystem-mcp-server
+
+  autonomy:
+    level: supervised
+    require_approval:
+      - push_to_protected_branch
+      - delete_branch
+      - force_push
+
+  safety:
+    max_tokens_per_turn: 8000
+    rate_limits:
+      requests_per_minute: 30

package/dist/spec/v0.3.1/examples/drupal-content-writer.ossa.yaml

@@ -0,0 +1,110 @@
+apiVersion: ossa/v0.3.2
+kind: Agent
+metadata:
+  name: drupal-content-writer
+  version: 1.0.0
+  description: Autonomous content generation agent for Drupal with background processing
+
+spec:
+  capabilities:
+    - name: content.create
+      description: "Create Drupal content entities (nodes, taxonomy terms)"
+    - name: seo.optimize
+      description: "Optimize content for SEO (meta tags, keywords, structure)"
+    - name: media.select
+      description: "Select relevant media from media library"
+
+  role: |
+    You are an autonomous content writer for a Drupal website. You generate high-quality articles
+    based on content briefs, optimize them for SEO, and select appropriate media assets.
+
+    Process:
+    1. Analyze content brief and target audience
+    2. Research topic using available tools
+    3. Generate article with proper structure (H1, H2, paragraphs)
+    4. Optimize for SEO (meta description, keywords, readability)
+    5. Select relevant images from media library
+    6. Create content entity in Drupal
+
+  llm:
+    provider: ${OSSA_LLM_PROVIDER:-anthropic}
+    model: ${OSSA_LLM_MODEL:-claude-sonnet-4}
+    temperature: ${OSSA_LLM_TEMPERATURE:-0.7}
+    maxTokens: ${OSSA_LLM_MAX_TOKENS:-8192}
+
+  tools:
+    - name: drupal.node.create
+      description: "Create a new Drupal node (article, page, etc.)"
+      handler:
+        runtime: drupal
+        capability: node.create
+
+    - name: drupal.taxonomy.search
+      description: "Search taxonomy terms for tagging"
+      handler:
+        runtime: drupal
+        capability: taxonomy.search
+
+    - name: drupal.media.search
+      description: "Search media library for images"
+      handler:
+        runtime: drupal
+        capability: media.search
+
+extensions:
+  drupal:
+    # Module providing this agent
+    module: ai_agents_ossa
+
+    # Store as exportable config entity
+    config_entity: true
+
+    # Permissions for autonomous execution
+    permissions:
+      # Core Drupal entity permissions
+      entity_permissions:
+        - "create article content"
+        - "create page content"
+        - "edit own article content"
+        - "view media"
+        - "view taxonomy term"
+
+      # Custom permissions for agent execution
+      custom_permissions:
+        - "execute content writer agent"
+        - "generate ai content"
+
+      # Run as admin service account for autonomous operation
+      execution_user: "1"
+
+      # Agent runs with its own permissions (no user context)
+      permission_mode: agent_only
+
+    # Async processing via Symfony Messenger
+    messenger:
+      # Use Redis for high-performance message queue
+      transport: redis
+
+      # Dedicated queue for content generation
+      queue: content_generation
+
+      # Retry strategy for failed executions
+      retry_strategy:
+        max_retries: 3
+        delay: 2000
+        multiplier: 2
+        max_delay: 30000
+
+    # ECA workflow integration
+    workflow_engine: eca
+
+    # Discovery paths for manifest loading
+    discovery_paths:
+      - "config/agents/*.ossa.yaml"
+      - "modules/custom/ai_agents_ossa/agents/*.ossa.yaml"
+
+    # Drupal hooks for integration
+    hooks:
+      before_execute: ai_agents_ossa_content_writer_before
+      after_execute: ai_agents_ossa_content_writer_after
+      on_error: ai_agents_ossa_content_writer_error

package/dist/spec/v0.3.1/examples/drupal-moderation-assistant.ossa.yaml

@@ -0,0 +1,96 @@
+apiVersion: ossa/v0.3.2
+kind: Agent
+metadata:
+  name: drupal-moderation-assistant
+  version: 1.0.0
+  description: Content moderation assistant that helps users review and publish content
+
+spec:
+  capabilities:
+    - name: content.review
+      description: "Review content for quality, SEO, and compliance"
+    - name: moderation.suggest
+      description: "Suggest moderation workflow transitions"
+    - name: quality.score
+      description: "Score content quality based on criteria"
+
+  role: |
+    You are a content moderation assistant helping editors review and publish content.
+    You work within the user's permission context and respect Drupal's editorial workflow.
+
+    Responsibilities:
+    1. Review content for quality, readability, and SEO
+    2. Check content against style guide and compliance rules
+    3. Suggest appropriate moderation state transitions
+    4. Provide actionable feedback for improvement
+
+    You can only suggest transitions the user is authorized to perform.
+
+  llm:
+    provider: ${OSSA_LLM_PROVIDER:-anthropic}
+    model: ${OSSA_LLM_MODEL:-claude-sonnet-4}
+    temperature: ${OSSA_LLM_TEMPERATURE:-0.3}
+    maxTokens: ${OSSA_LLM_MAX_TOKENS:-4096}
+
+  tools:
+    - name: drupal.node.load
+      description: "Load a Drupal node for review"
+      handler:
+        runtime: drupal
+        capability: node.load
+
+    - name: drupal.moderation.transitions
+      description: "Get available moderation transitions for user"
+      handler:
+        runtime: drupal
+        capability: moderation.get_transitions
+
+    - name: drupal.moderation.apply
+      description: "Apply moderation state transition"
+      handler:
+        runtime: drupal
+        capability: moderation.apply_transition
+
+extensions:
+  drupal:
+    # Module providing this agent
+    module: ai_agents_ossa
+
+    # Store as config entity for export
+    config_entity: true
+
+    # Permissions for user-context execution
+    permissions:
+      # Required entity permissions
+      entity_permissions:
+        - "view any article content"
+        - "edit any article content"
+        - "use editorial transition review"
+        - "use editorial transition publish"
+
+      # Custom agent permission
+      custom_permissions:
+        - "use moderation assistant"
+
+      # Run in user context (no service account)
+      # execution_user not specified - uses current user
+
+      # User must have ALL required permissions (intersection)
+      permission_mode: least_permissive
+
+    # Synchronous execution (no queue)
+    messenger:
+      transport: sync
+
+    # Integrated with ECA workflow builder
+    workflow_engine: eca
+
+    # Discovery from module
+    discovery_paths:
+      - "modules/custom/ai_agents_ossa/agents/*.ossa.yaml"
+
+    # Hooks for tracking and logging
+    hooks:
+      before_execute: ai_agents_ossa_log_execution
+      after_execute: ai_agents_ossa_track_moderation
+      on_error: ai_agents_ossa_alert_admin

package/dist/spec/v0.3.1/examples/multi-provider-identity.ossa.yaml

@@ -0,0 +1,236 @@
+# OSSA v0.3.1 Multi-Provider Identity Configuration
+# Enterprise-grade agent with fallback identity chain and compliance
+apiVersion: ossa/v0.3.2
+kind: Agent
+metadata:
+  name: enterprise-deployer
+  version: 2.0.0
+  description: Enterprise deployment agent with multi-provider identity and compliance
+  labels:
+    team: platform
+    tier: production
+    compliance: soc2
+  annotations:
+    security.ossa.io/audit-level: high
+    security.ossa.io/mfa-required: "true"
+spec:
+  role: |
+    You are an enterprise deployment orchestrator responsible for managing
+    production deployments across multiple cloud providers and git platforms.
+    You must ensure all operations are auditable, compliant, and follow
+    the principle of least privilege.
+
+  llm:
+    provider: anthropic
+    model: claude-sonnet-4-20250514
+    temperature: 0.1
+    max_tokens: 16000
+
+  # Comprehensive Identity Configuration
+  identity:
+    # Primary: GitLab self-hosted
+    provider: gitlab
+    service_account:
+      id: 31840535
+      username: bot-ci-local
+      email: bot-ci-local@bluefly.io
+      display_name: CI/CD Bot
+      roles:
+        - maintainer
+
+    # Authentication with rotation policy
+    authentication:
+      method: project_access_token
+      scopes:
+        - api
+        - read_repository
+        - write_repository
+        - read_registry
+        - write_registry
+      auto_refresh: true
+      expiry_warning_days: 14
+      rotation_policy:
+        enabled: true
+        interval_days: 90
+        notify_on_rotation: true
+
+    # Multi-source token configuration
+    token_source:
+      env_var: GITLAB_BOT_CI_TOKEN
+      file_path: ~/.tokens/bot-ci-local
+      vault:
+        path: secret/data/ci/gitlab-token
+        key: token
+        role: ci-agent
+      kubernetes_secret:
+        name: gitlab-ci-token
+        namespace: ci-cd
+        key: token
+
+    # Auto-detection patterns
+    patterns:
+      - "*/gitlab_components"
+      - "*/infrastructure/*"
+      - "**/deploy/**"
+      - "**/ci-cd/**"
+
+    # Fallback identity chain for high availability
+    fallback:
+      - provider: github
+        service_account:
+          username: enterprise-ci-bot
+          email: ci-bot@enterprise.com
+        token_source:
+          env_var: GITHUB_CI_TOKEN
+          vault:
+            path: secret/data/ci/github-token
+        condition:
+          platform_unavailable: true
+
+      - provider: azure-devops
+        service_account:
+          username: ado-ci-service
+          email: ci-service@enterprise.onmicrosoft.com
+        token_source:
+          azure_key_vault:
+            vault_url: https://enterprise-vault.vault.azure.net
+            secret_name: ado-ci-token
+        condition:
+          pattern_match:
+            - "**/azure/**"
+
+    # Full DORA metrics tracking
+    dora_tracking:
+      enabled: true
+      metrics:
+        - deployment_frequency
+        - lead_time
+        - change_failure_rate
+        - mttr
+      labels:
+        environment: production
+        team: platform
+        cost_center: engineering
+      prometheus:
+        push_gateway: http://prometheus-pushgateway:9091
+        job_name: enterprise-deployer
+      classifications:
+        deployment_frequency:
+          elite: multiple_per_day
+          high: daily
+          medium: weekly
+          low: monthly
+        lead_time:
+          elite: "1"
+          high: "24"
+          medium: "168"
+          low: "720"
+
+    # Claude Code session integration
+    session:
+      init_on_start: true
+      propagate_to_subprocesses: true
+      git_attribution: true
+      heartbeat_interval: 60
+      timeout: 7200
+      hooks:
+        pre_prompt_submit: true
+        post_session: true
+
+    # OpenTelemetry observability
+    observability:
+      service_name: enterprise-deployer
+      service_namespace: production
+      service_version: "2.0.0"
+      service_instance_id: ${HOSTNAME}
+      resource_attributes:
+        deployment.environment: production
+        cloud.provider: multi
+
+    # Enterprise compliance
+    compliance:
+      require_mfa: true
+      ip_allowlist:
+        - 10.0.0.0/8
+        - 172.16.0.0/12
+        - 192.168.0.0/16
+      audit_logging: required
+      data_residency: us-east-1
+      frameworks:
+        - SOC2
+        - ISO27001
+
+    # Security policies
+    security:
+      token_encryption: both
+      minimum_token_length: 40
+      prohibited_actions:
+        - delete_production_branch
+        - disable_branch_protection
+        - modify_security_policies
+      required_approvals:
+        force_push: true
+        delete_protected_branch: true
+        modify_ci_config: true
+      rate_limits:
+        requests_per_minute: 100
+        requests_per_hour: 2000
+        git_operations_per_hour: 200
+
+  # Tool configuration
+  tools:
+    - name: kubernetes
+      type: mcp
+      config:
+        server: kubernetes-mcp-server
+        allowed_namespaces:
+          - production
+          - staging
+    - name: terraform
+      type: mcp
+      config:
+        server: terraform-mcp-server
+        workspace: production
+    - name: git
+      type: mcp
+      config:
+        server: git-mcp-server
+
+  # Strict autonomy controls
+  autonomy:
+    level: semi-autonomous
+    require_approval:
+      - deploy_to_production
+      - rollback_deployment
+      - scale_down_replicas
+      - modify_secrets
+    approval_timeout: 3600
+    escalation:
+      enabled: true
+      timeout: 1800
+      channels:
+        - slack://platform-oncall
+        - pagerduty://platform-critical
+
+  # Comprehensive safety configuration
+  safety:
+    max_tokens_per_turn: 16000
+    rate_limits:
+      requests_per_minute: 30
+      max_concurrent_requests: 5
+    circuit_breaker:
+      enabled: true
+      failure_threshold: 5
+      recovery_timeout: 300
+    kill_switch:
+      enabled: true
+      trigger_conditions:
+        - error_rate > 0.5
+        - latency_p99 > 30000
+      recovery_requires_approval: true
+
+  # State management
+  state:
+    storage: redis
+    ttl: 86400
+    encryption: aes-256-gcm