@bluefly/openstandardagents 0.3.1 → 0.3.2

package/dist/spec/v0.3.2/schemas/unified-llm.yaml

@@ -0,0 +1,91 @@
+# OSSA v0.3.1 - Unified LLM Configuration Schema
+# Compatible with: OSSA, GitLab Duo, Google A2A, MCP
+# Zero hardcoded models, runtime-configurable, multi-provider
+
+$schema: http://json-schema.org/draft-07/schema#
+$id: https://openstandardagents.org/schemas/v0.3.1/unified-llm.yaml
+
+title: Unified LLM Configuration
+description: |
+  Universal LLM configuration that works across OSSA, GitLab Duo, Google A2A, and MCP.
+  Eliminates hardcoded model names and enables runtime model selection.
+
+type: object
+required:
+  - provider
+  - model
+properties:
+  provider:
+    type: string
+    description: LLM provider name (runtime-configurable via env var)
+    default: ${LLM_PROVIDER:-anthropic}
+    examples:
+      - anthropic
+      - openai
+      - google
+      - groq
+      - ollama
+      - bedrock
+
+  model:
+    type: string
+    description: Model identifier (runtime-configurable via env var)
+    default: ${LLM_MODEL:-claude-sonnet}
+    examples:
+      - claude-sonnet-4
+      - gpt-4o
+      - gemini-2.0-flash
+      - llama-3.3-70b
+      - mixtral-8x7b
+
+  profile:
+    type: string
+    description: Execution profile for task-specific optimization (A2A compatible)
+    default: ${LLM_PROFILE:-balanced}
+    enum:
+      - fast
+      - balanced
+      - deep
+      - safe
+
+  temperature:
+    type: number
+    description: Sampling temperature
+    default: ${LLM_TEMPERATURE:-0.1}
+    minimum: 0.0
+    maximum: 2.0
+
+  maxTokens:
+    type: integer
+    description: Maximum tokens in response
+    default: ${LLM_MAX_TOKENS:-16000}
+
+  topP:
+    type: number
+    description: Nucleus sampling threshold
+    default: ${LLM_TOP_P:-0.9}
+
+  fallback_models:
+    type: array
+    items:
+      type: object
+      required: [provider, model]
+      properties:
+        provider:
+          type: string
+        model:
+          type: string
+        condition:
+          type: string
+          enum: [on_error, on_timeout, on_rate_limit, always]
+
+  retry_config:
+    type: object
+    properties:
+      max_attempts:
+        type: integer
+        default: ${LLM_RETRY_ATTEMPTS:-3}
+      backoff_strategy:
+        type: string
+        enum: [exponential, linear, constant]
+        default: ${LLM_BACKOFF_STRATEGY:-exponential}

package/dist/spec/v0.3.2/taxonomy.yaml

@@ -0,0 +1,363 @@
+# =============================================================================
+# OSSA v0.3.2 - Agent Taxonomy Specification
+# =============================================================================
+# Hierarchical classification system for agents with cross-cutting concerns
+# Now includes access tier integration for separation of duties
+# Issues:
+#   - https://gitlab.com/blueflyio/openstandardagents/-/issues/194 (taxonomy)
+#   - https://gitlab.com/blueflyio/openstandardagents/-/issues/363 (separation of duties)
+# =============================================================================
+
+apiVersion: ossa/v0.3.2
+kind: TaxonomySpec
+version: "2.0.0"
+
+# =============================================================================
+# ACCESS TIER INTEGRATION
+# Links taxonomy to access_tiers.yaml for separation of duties
+# =============================================================================
+access_tier_reference: "./access_tiers.yaml"
+
+# =============================================================================
+# PRIMARY DOMAINS
+# Top-level classification - every agent belongs to exactly one domain
+# =============================================================================
+domains:
+  security:
+    description: "Authentication, authorization, encryption, compliance, vulnerability management"
+    subdomains:
+      - auth                 # Authentication & authorization
+      - encryption          # Encryption & key management
+      - compliance          # Regulatory compliance (SOC2, ISO, GDPR)
+      - vulnerability       # Vulnerability scanning & remediation
+      - secrets             # Secrets management & rotation
+      - threat-detection    # Threat detection & response
+    examples:
+      - security-scanner
+      - compliance-checker
+      - secret-detector
+      - threat-modeler
+
+  infrastructure:
+    description: "DevOps, CI/CD, deployment, configuration, cloud resources"
+    subdomains:
+      - ci-cd               # CI/CD pipeline management
+      - gitops              # GitOps workflows
+      - deployment          # Deployment automation
+      - configuration       # Configuration management
+      - networking          # Network configuration
+      - storage             # Storage management
+      - kubernetes          # Kubernetes orchestration
+      - cloud               # Cloud provider management
+    examples:
+      - deployment-manager
+      - pipeline-fixer
+      - infrastructure-provisioner
+      - incident-responder
+
+  documentation:
+    description: "Documentation, wiki, guides, knowledge management"
+    subdomains:
+      - api-docs            # API documentation
+      - user-guides         # User guides & tutorials
+      - wiki                # Wiki management
+      - knowledge-base      # Knowledge base management
+      - changelog           # Changelog & release notes
+    examples:
+      - documentation-generator
+      - wiki-manager
+      - api-docs-generator
+
+  backend:
+    description: "API, database, services, business logic"
+    subdomains:
+      - api                 # API design & implementation
+      - database            # Database management
+      - services            # Microservices
+      - messaging           # Message queues & events
+      - caching             # Caching strategies
+      - integration         # System integration
+    examples:
+      - api-builder
+      - database-migrator
+      - service-orchestrator
+
+  frontend:
+    description: "UI/UX, web, mobile interfaces"
+    subdomains:
+      - web                 # Web applications
+      - mobile              # Mobile applications
+      - design-system       # Design system components
+      - accessibility       # Accessibility (a11y)
+      - performance         # Frontend performance
+    examples:
+      - ui-reviewer
+      - accessibility-checker
+      - design-system-manager
+
+  data:
+    description: "Data engineering, analytics, ML/AI operations"
+    subdomains:
+      - analytics           # Business analytics
+      - ml-ops              # ML operations
+      - etl                 # Extract, transform, load
+      - data-quality        # Data quality & validation
+      - data-governance     # Data governance
+      - streaming           # Real-time data streaming
+    examples:
+      - analytics-collector
+      - ml-model-manager
+      - data-quality-checker
+
+  agents:
+    description: "OSSA agents, automation, orchestration, meta-operations"
+    subdomains:
+      - orchestration       # Multi-agent orchestration
+      - workers             # Worker agents
+      - supervisors         # Supervisor agents
+      - mesh                # Agent mesh networking
+      - training            # Agent training & improvement
+      - registry            # Agent registry management
+    examples:
+      - master-orchestrator
+      - agent-trainer
+      - workflow-builder
+
+  development:
+    description: "Software development, code quality, testing"
+    subdomains:
+      - code-review         # Code review automation
+      - testing             # Test generation & execution
+      - refactoring         # Code refactoring
+      - debugging           # Debugging assistance
+      - ide                 # IDE integration
+    examples:
+      - code-reviewer
+      - test-generator
+      - refactoring-assistant
+
+  content:
+    description: "Content management, editing, publishing"
+    subdomains:
+      - authoring           # Content authoring
+      - editing             # Content editing
+      - publishing          # Content publishing
+      - research            # Research & knowledge gathering
+      - localization        # Internationalization & localization
+    examples:
+      - content-orchestrator
+      - editor
+      - researcher
+      - publisher
+
+# =============================================================================
+# CROSS-CUTTING CONCERNS
+# Tags that can apply to any agent regardless of domain
+# An agent can have multiple concerns
+# =============================================================================
+concerns:
+  quality:
+    description: "Testing, code quality, standards enforcement"
+    applies_to: ["development", "backend", "frontend", "infrastructure"]
+
+  observability:
+    description: "Metrics, logging, tracing, monitoring"
+    applies_to: ["*"]  # All domains
+
+  governance:
+    description: "Policies, compliance, audit trails"
+    applies_to: ["*"]
+
+  performance:
+    description: "Optimization, caching, scaling"
+    applies_to: ["*"]
+
+  architecture:
+    description: "Design patterns, system structure"
+    applies_to: ["development", "backend", "infrastructure", "agents"]
+
+  cost:
+    description: "FinOps, resource optimization, budget management"
+    applies_to: ["infrastructure", "data", "agents"]
+
+  reliability:
+    description: "SRE, uptime, resilience, disaster recovery"
+    applies_to: ["infrastructure", "backend", "agents"]
+
+# =============================================================================
+# AGENT TYPE CLASSIFICATION
+# Based on OSSA spec.type field - now with access tier recommendations
+# =============================================================================
+agent_types:
+  analyzer:
+    description: "Read-only analysis, scanning, auditing - no modifications"
+    typical_domains: ["security", "development", "data"]
+    recommended_tier: tier_1_read
+    can_delegate_to: []
+
+  worker:
+    description: "Executes specific tasks, limited write access"
+    typical_domains: ["development", "documentation", "content"]
+    recommended_tier: tier_2_write_limited
+    can_delegate_to: ["analyzer"]
+
+  operator:
+    description: "Modifies production systems, requires approval"
+    typical_domains: ["infrastructure", "agents"]
+    recommended_tier: tier_3_write_elevated
+    can_delegate_to: ["worker", "analyzer"]
+
+  supervisor:
+    description: "Coordinates other agents, can delegate"
+    typical_domains: ["agents", "infrastructure"]
+    recommended_tier: tier_3_write_elevated
+    can_delegate_to: ["worker", "analyzer"]
+
+  orchestrator:
+    description: "High-level coordination, workflow management"
+    typical_domains: ["agents"]
+    recommended_tier: tier_3_write_elevated
+    can_delegate_to: ["supervisor", "worker", "analyzer"]
+
+  governor:
+    description: "Defines policies, cannot execute - ISOLATED"
+    typical_domains: ["security", "agents"]
+    recommended_tier: tier_4_policy
+    can_delegate_to: ["operator"]  # Delegation only, not execution
+    isolation: strict
+
+  specialist:
+    description: "Deep expertise in narrow domain"
+    typical_domains: ["security", "data", "backend"]
+    recommended_tier: tier_1_read  # Most specialists are analyzers
+    can_delegate_to: []
+
+  critic:
+    description: "Reviews and provides feedback, cannot approve"
+    typical_domains: ["development", "security"]
+    recommended_tier: tier_1_read
+    prohibited_actions: ["approve", "merge", "execute"]
+    can_delegate_to: []
+
+# =============================================================================
+# DOMAIN-TIER MAPPINGS
+# Recommended access tiers by domain for separation of duties
+# =============================================================================
+domain_tier_recommendations:
+  security:
+    default_tier: tier_1_read
+    rationale: "Security agents should analyze, not modify"
+    exceptions:
+      - role: remediator
+        tier: tier_3_write_elevated
+        requires: governor_approval
+      - role: policy_definer
+        tier: tier_4_policy
+
+  infrastructure:
+    default_tier: tier_3_write_elevated
+    rationale: "Infrastructure requires elevated access"
+    separation_required:
+      - readers: ["monitor", "cost_reporter"]
+        tier: tier_1_read
+      - operators: ["deployer", "provisioner"]
+        tier: tier_3_write_elevated
+
+  documentation:
+    default_tier: tier_2_write_limited
+    rationale: "Doc changes are low-risk"
+
+  development:
+    default_tier: tier_2_write_limited
+    rationale: "Code generation is sandboxed"
+    separation_required:
+      - critics: ["reviewer", "analyzer"]
+        tier: tier_1_read
+        prohibited: ["approve", "merge"]
+      - generators: ["scaffolder", "test_writer"]
+        tier: tier_2_write_limited
+
+  agents:
+    default_tier: tier_3_write_elevated
+    rationale: "Agent orchestration needs elevated access"
+    separation_required:
+      - governors: ["policy_definer", "compliance_enforcer"]
+        tier: tier_4_policy
+        isolation: strict
+      - orchestrators: ["coordinator", "scheduler"]
+        tier: tier_3_write_elevated
+
+  backend:
+    default_tier: tier_2_write_limited
+    separation_required:
+      - analyzers: ["db_analyzer", "api_auditor"]
+        tier: tier_1_read
+      - operators: ["db_migrator", "service_deployer"]
+        tier: tier_3_write_elevated
+
+  data:
+    default_tier: tier_1_read
+    rationale: "Data access is sensitive - read-only by default"
+    exceptions:
+      - role: etl_operator
+        tier: tier_3_write_elevated
+        requires: data_governance_approval
+
+# =============================================================================
+# USAGE IN AGENT MANIFESTS
+# =============================================================================
+# Example usage in OSSA agent manifest:
+#
+# metadata:
+#   name: security-scanner
+#   labels:
+#     domain: security
+#     subdomain: vulnerability
+#     concerns: quality,compliance
+#
+# spec:
+#   type: worker
+#   taxonomy:
+#     domain: security
+#     subdomain: vulnerability
+#     capability: scan_vulnerabilities
+#     concerns:
+#       - quality
+#       - compliance
+
+# =============================================================================
+# VALIDATION RULES
+# =============================================================================
+validation:
+  rules:
+    - name: valid-domain
+      description: "Domain must be from approved list"
+      severity: error
+
+    - name: valid-subdomain
+      description: "Subdomain must belong to specified domain"
+      severity: error
+
+    - name: concerns-applicable
+      description: "Concerns must be applicable to domain"
+      severity: warning
+
+    - name: type-domain-match
+      description: "Agent type should match typical domains"
+      severity: info
+
+# =============================================================================
+# MIGRATION FROM LEGACY
+# =============================================================================
+migration:
+  deprecated_domains:
+    ci-cd: { domain: infrastructure, subdomain: ci-cd }
+    gitops: { domain: infrastructure, subdomain: gitops }
+    deployment: { domain: infrastructure, subdomain: deployment }
+    configuration: { domain: infrastructure, subdomain: configuration }
+    cost-management: { domain: infrastructure, concerns: [cost] }
+    database: { domain: backend, subdomain: database }
+    performance: { concerns: [performance] }
+    observability: { concerns: [observability] }
+    governance: { concerns: [governance] }
+    architecture: { concerns: [architecture] }