npm - @bluefly/openstandardagents - Versions diffs - 0.3.1 → 0.3.2 - Mend

@bluefly/openstandardagents 0.3.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (338) hide show

package/spec/{v0.3.1/ossa-0.3.0.schema.json → v0.3.2/ossa-0.3.2.schema.json} RENAMED Viewed

@@ -1,8 +1,8 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "https://openstandardagents.org/schemas/v0.3.1/manifest.json",
-  "title": "OSSA v0.3.1 Manifest Schema",
-  "description": "Open Standard for Scalable AI Agents (OSSA) v0.3.1 - Unified Task Schema. Supports Agent (agentic loops with LLM), Task (deterministic workflow steps), and Workflow (composition of Tasks and Agents) kinds Includes Agent-to-Agent Messaging Extension.",
+  "$id": "https://openstandardagents.org/schemas/v0.3.2/manifest.json",
+  "title": "OSSA v0.3.2 Manifest Schema",
+  "description": "Open Standard for Scalable AI Agents (OSSA) v0.3.2 - Unified Task Schema with Access Tiers & Separation of Duties. Supports Agent (agentic loops with LLM), Task (deterministic workflow steps), and Workflow (composition of Tasks and Agents) kinds. Includes Agent-to-Agent Messaging Extension and Access Control Tiers for privilege separation.",
   "type": "object",
   "required": [
     "apiVersion",
@@ -13,9 +13,9 @@
     "apiVersion": {
       "type": "string",
       "pattern": "^ossa/v(0\\.3\\.[0-9]+(-[a-zA-Z0-9]+)?|0\\.2\\.[2-9](-dev)?|1)(\\.[0-9]+)?(-[a-zA-Z0-9]+)?$",
-      "description": "OSSA API version (v0.3.1+ supports Task and Workflow kinds)",
+      "description": "OSSA API version (v0.3.2+ supports Task and Workflow kinds)",
       "examples": [
-        "ossa/v0.3.1",
+        "ossa/v0.3.2",
         "ossa/v1",
         "ossa/v0.2.9"
       ]
@@ -110,6 +110,447 @@
     }
   ],
   "definitions": {
+    "AccessTier": {
+      "type": "object",
+      "description": "Access tier configuration for separation of duties (v0.3.2+). Defines privilege levels and role separations for agents.",
+      "required": ["tier"],
+      "properties": {
+        "tier": {
+          "type": "string",
+          "enum": ["tier_1_read", "tier_2_write_limited", "tier_3_write_elevated", "tier_4_policy"],
+          "description": "Access tier level: tier_1_read (analyzers), tier_2_write_limited (workers), tier_3_write_elevated (operators), tier_4_policy (governors)"
+        },
+        "permissions": {
+          "type": "array",
+          "description": "Explicit permissions granted to this agent",
+          "items": {
+            "type": "string",
+            "enum": [
+              "read_code",
+              "read_configs",
+              "read_metrics",
+              "read_logs",
+              "read_issues",
+              "read_mrs",
+              "execute_queries",
+              "write_docs",
+              "write_tests",
+              "write_scaffolds",
+              "write_configs_draft",
+              "create_issues",
+              "create_mrs_draft",
+              "execute_sandboxed",
+              "write_production_code",
+              "merge_mrs",
+              "delete_branches",
+              "modify_infrastructure",
+              "modify_secrets",
+              "execute_deployments",
+              "modify_pipelines",
+              "modify_configs",
+              "execute_commands",
+              "define_policies",
+              "publish_policies",
+              "audit_compliance",
+              "report_violations"
+            ]
+          },
+          "uniqueItems": true
+        },
+        "prohibited": {
+          "type": "array",
+          "description": "Explicitly prohibited actions for this agent",
+          "items": {
+            "type": "string"
+          },
+          "uniqueItems": true
+        },
+        "audit_level": {
+          "type": "string",
+          "enum": ["standard", "detailed", "comprehensive"],
+          "default": "standard",
+          "description": "Audit logging level: standard (30 days), detailed (90 days), comprehensive (365 days)"
+        },
+        "requires_approval": {
+          "type": "boolean",
+          "default": false,
+          "description": "Whether operations require approval chain"
+        },
+        "approval_chain": {
+          "type": "string",
+          "enum": ["standard", "elevated", "critical"],
+          "description": "Approval workflow to use when requires_approval is true"
+        },
+        "isolation": {
+          "type": "string",
+          "enum": ["none", "standard", "strict"],
+          "default": "none",
+          "description": "Isolation level: none (default), standard (limited delegation), strict (no execution, policy only)"
+        }
+      },
+      "additionalProperties": false
+    },
+    "SeparationOfDuties": {
+      "type": "object",
+      "description": "Role separation rules for preventing conflicts of interest",
+      "properties": {
+        "role": {
+          "type": "string",
+          "description": "Primary role of this agent",
+          "enum": [
+            "analyzer",
+            "auditor",
+            "scanner",
+            "reviewer",
+            "monitor",
+            "generator",
+            "scaffolder",
+            "documenter",
+            "test_writer",
+            "deployer",
+            "operator",
+            "executor",
+            "maintainer",
+            "governor",
+            "policy_definer",
+            "compliance_officer",
+            "approver",
+            "critic",
+            "remediator",
+            "enforcer"
+          ]
+        },
+        "conflicts_with": {
+          "type": "array",
+          "description": "Roles that this agent must NOT also perform (separation of duties)",
+          "items": {
+            "type": "string"
+          },
+          "uniqueItems": true
+        },
+        "can_delegate_to": {
+          "type": "array",
+          "description": "Roles/tiers this agent can delegate tasks to",
+          "items": {
+            "type": "string"
+          },
+          "uniqueItems": true
+        },
+        "prohibited_actions": {
+          "type": "array",
+          "description": "Specific actions this role must never perform",
+          "items": {
+            "type": "string",
+            "enum": ["approve", "merge", "execute", "deploy", "delete", "modify_production", "define_policies", "bypass_approvals"]
+          },
+          "uniqueItems": true
+        }
+      },
+      "additionalProperties": false
+    },
+    "DelegationConfig": {
+      "type": "object",
+      "description": "Configuration for delegating tasks to other agents",
+      "properties": {
+        "enabled": {
+          "type": "boolean",
+          "default": true,
+          "description": "Whether this agent can delegate to others"
+        },
+        "allowed_tiers": {
+          "type": "array",
+          "description": "Tiers this agent can delegate to",
+          "items": {
+            "type": "string",
+            "enum": ["tier_1_read", "tier_2_write_limited", "tier_3_write_elevated"]
+          },
+          "uniqueItems": true
+        },
+        "allowed_operations": {
+          "type": "array",
+          "description": "Operations that can be delegated",
+          "items": {
+            "type": "string"
+          }
+        },
+        "requires": {
+          "type": "array",
+          "description": "Requirements for delegation",
+          "items": {
+            "type": "string",
+            "enum": ["delegation_token", "audit_trail", "violation_report", "task_specification", "approval"]
+          }
+        }
+      },
+      "additionalProperties": false
+    },
+    "TaxonomyClassification": {
+      "type": "object",
+      "description": "Hierarchical taxonomy classification for agents (v0.3.2+). Links to taxonomy.yaml spec.",
+      "required": ["domain"],
+      "properties": {
+        "domain": {
+          "type": "string",
+          "enum": ["security", "infrastructure", "documentation", "backend", "frontend", "data", "agents", "development", "content"],
+          "description": "Primary domain classification - every agent belongs to exactly one domain"
+        },
+        "subdomain": {
+          "type": "string",
+          "description": "Subdomain within the primary domain (e.g., auth, ci-cd, api-docs)"
+        },
+        "capability": {
+          "type": "string",
+          "pattern": "^[a-z][a-z0-9_]*$",
+          "description": "Primary capability this agent provides"
+        },
+        "concerns": {
+          "type": "array",
+          "description": "Cross-cutting concerns that apply to this agent",
+          "items": {
+            "type": "string",
+            "enum": ["quality", "observability", "governance", "performance", "architecture", "cost", "reliability"]
+          },
+          "uniqueItems": true
+        },
+        "recommended_tier": {
+          "type": "string",
+          "enum": ["tier_1_read", "tier_2_write_limited", "tier_3_write_elevated", "tier_4_policy"],
+          "description": "Recommended access tier based on domain defaults"
+        }
+      },
+      "additionalProperties": false
+    },
+    "AgentIdentity": {
+      "type": "object",
+      "description": "Comprehensive agent identity configuration for service accounts, authentication, and observability",
+      "properties": {
+        "provider": {
+          "type": "string",
+          "enum": ["gitlab", "github", "azure-devops", "bitbucket", "generic"],
+          "description": "Identity provider type for service account integration"
+        },
+        "service_account": {
+          "type": "object",
+          "description": "Service account details for automated operations",
+          "required": ["username", "email"],
+          "properties": {
+            "id": {
+              "oneOf": [{"type": "integer"}, {"type": "string"}],
+              "description": "Provider-specific account ID"
+            },
+            "username": {
+              "type": "string",
+              "pattern": "^[a-z0-9_\\[\\]-]+$",
+              "minLength": 1,
+              "maxLength": 64,
+              "description": "Service account username"
+            },
+            "email": {
+              "type": "string",
+              "format": "email",
+              "description": "Service account email for git attribution"
+            },
+            "display_name": {
+              "type": "string",
+              "description": "Human-readable display name"
+            },
+            "roles": {
+              "type": "array",
+              "items": {
+                "type": "string",
+                "enum": ["developer", "maintainer", "owner", "reporter", "guest"]
+              },
+              "description": "Roles assigned to this service account"
+            }
+          }
+        },
+        "authentication": {
+          "type": "object",
+          "description": "Authentication method configuration",
+          "properties": {
+            "method": {
+              "type": "string",
+              "enum": ["personal_access_token", "project_access_token", "group_access_token", "deploy_token", "oauth2", "ssh_key", "mtls", "github_app", "azure_service_principal"],
+              "default": "personal_access_token",
+              "description": "Authentication method type"
+            },
+            "scopes": {
+              "type": "array",
+              "items": {"type": "string"},
+              "description": "Required token scopes (provider-specific)"
+            },
+            "auto_refresh": {
+              "type": "boolean",
+              "default": false,
+              "description": "Automatically refresh token before expiry"
+            },
+            "expiry_warning_days": {
+              "type": "integer",
+              "default": 7,
+              "minimum": 1,
+              "maximum": 90,
+              "description": "Days before expiry to warn about token rotation"
+            },
+            "rotation_policy": {
+              "type": "object",
+              "properties": {
+                "enabled": {"type": "boolean", "default": false},
+                "interval_days": {"type": "integer", "default": 90, "minimum": 7, "maximum": 365},
+                "notify_on_rotation": {"type": "boolean", "default": true}
+              }
+            }
+          }
+        },
+        "token_source": {
+          "type": "object",
+          "description": "Token/credential source configuration with priority order",
+          "properties": {
+            "env_var": {
+              "type": "string",
+              "pattern": "^[A-Z][A-Z0-9_]*$",
+              "description": "Environment variable name containing the token (highest priority)"
+            },
+            "file_path": {
+              "type": "string",
+              "description": "Path to token file (second priority, supports ~ expansion)"
+            },
+            "vault": {
+              "type": "object",
+              "properties": {
+                "path": {"type": "string", "description": "Vault secret path"},
+                "key": {"type": "string", "default": "value"},
+                "role": {"type": "string", "description": "Vault role for authentication"}
+              }
+            },
+            "kubernetes_secret": {
+              "type": "object",
+              "properties": {
+                "name": {"type": "string"},
+                "namespace": {"type": "string"},
+                "key": {"type": "string", "default": "token"}
+              }
+            }
+          }
+        },
+        "patterns": {
+          "type": "array",
+          "items": {"type": "string"},
+          "description": "Glob patterns for auto-detection based on working directory (picomatch syntax)"
+        },
+        "fallback": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": ["provider", "service_account"],
+            "properties": {
+              "provider": {"type": "string", "enum": ["gitlab", "github", "azure-devops", "bitbucket", "generic"]},
+              "service_account": {"$ref": "#/definitions/AgentIdentity/properties/service_account"},
+              "token_source": {"$ref": "#/definitions/AgentIdentity/properties/token_source"},
+              "condition": {
+                "type": "object",
+                "properties": {
+                  "pattern_match": {"type": "array", "items": {"type": "string"}},
+                  "platform_unavailable": {"type": "boolean"}
+                }
+              }
+            }
+          },
+          "description": "Fallback identity chain for high availability"
+        },
+        "dora_tracking": {
+          "type": "object",
+          "description": "DORA metrics tracking configuration",
+          "properties": {
+            "enabled": {"type": "boolean", "default": false},
+            "metrics": {
+              "type": "array",
+              "items": {
+                "type": "string",
+                "enum": ["deployment_frequency", "lead_time", "change_failure_rate", "mttr"]
+              },
+              "uniqueItems": true
+            },
+            "labels": {
+              "type": "object",
+              "additionalProperties": {"type": "string"},
+              "description": "Additional labels for metrics"
+            },
+            "prometheus": {
+              "type": "object",
+              "properties": {
+                "push_gateway": {"type": "string", "format": "uri"},
+                "job_name": {"type": "string"}
+              }
+            }
+          }
+        },
+        "session": {
+          "type": "object",
+          "description": "Session management for Claude Code integration",
+          "properties": {
+            "init_on_start": {"type": "boolean", "default": true},
+            "propagate_to_subprocesses": {"type": "boolean", "default": true},
+            "git_attribution": {"type": "boolean", "default": true},
+            "heartbeat_interval": {"type": "integer", "default": 300, "minimum": 30, "maximum": 3600},
+            "timeout": {"type": "integer", "default": 3600, "minimum": 60, "maximum": 86400},
+            "hooks": {
+              "type": "object",
+              "properties": {
+                "pre_prompt_submit": {"type": "boolean", "default": true},
+                "post_session": {"type": "boolean", "default": false}
+              }
+            }
+          }
+        },
+        "observability": {
+          "type": "object",
+          "description": "OpenTelemetry service identity for distributed tracing",
+          "properties": {
+            "service_name": {"type": "string"},
+            "service_namespace": {"type": "string"},
+            "service_version": {"type": "string", "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+(-[a-zA-Z0-9.]+)?$"},
+            "service_instance_id": {"type": "string"},
+            "resource_attributes": {
+              "type": "object",
+              "additionalProperties": {"type": "string"}
+            }
+          }
+        },
+        "security": {
+          "type": "object",
+          "description": "Security policies for identity management",
+          "properties": {
+            "token_encryption": {
+              "type": "string",
+              "enum": ["none", "at_rest", "in_transit", "both"],
+              "default": "both"
+            },
+            "minimum_token_length": {"type": "integer", "default": 32},
+            "prohibited_actions": {
+              "type": "array",
+              "items": {"type": "string"}
+            },
+            "required_approvals": {
+              "type": "object",
+              "properties": {
+                "force_push": {"type": "boolean", "default": true},
+                "delete_protected_branch": {"type": "boolean", "default": true},
+                "modify_ci_config": {"type": "boolean", "default": false}
+              }
+            },
+            "rate_limits": {
+              "type": "object",
+              "properties": {
+                "requests_per_minute": {"type": "integer", "default": 60},
+                "requests_per_hour": {"type": "integer", "default": 1000},
+                "git_operations_per_hour": {"type": "integer", "default": 100}
+              }
+            }
+          }
+        }
+      },
+      "additionalProperties": false
+    },
     "Metadata": {
       "type": "object",
       "required": [
@@ -513,7 +954,7 @@
         },
         "messaging": {
           "$ref": "#/definitions/MessagingExtension",
-          "description": "Agent-to-agent messaging configuration (v0.3.1+)"
+          "description": "Agent-to-agent messaging configuration (v0.3.2+)"
         },
         "functions": {
           "type": "array",
@@ -523,27 +964,29 @@
           }
         },
         "identity": {
-          "type": "object",
-          "description": "OpenTelemetry service identity for tracing and observability",
-          "properties": {
-            "service_name": {
-              "type": "string",
-              "description": "Service name for OpenTelemetry traces"
-            },
-            "service_namespace": {
-              "type": "string",
-              "description": "Service namespace (e.g., production, staging, development)"
-            },
-            "service_version": {
-              "type": "string",
-              "description": "Service version (semver recommended)"
-            },
-            "service_instance_id": {
-              "type": "string",
-              "description": "Unique instance identifier"
-            }
-          },
-          "additionalProperties": false
+          "$ref": "#/definitions/AgentIdentity",
+          "description": "Agent identity configuration including service accounts, authentication, and observability (v0.3.2+)"
+        },
+        "access": {
+          "$ref": "#/definitions/AccessTier",
+          "description": "Access tier configuration for separation of duties (v0.3.2+). Defines privilege level and allowed operations."
+        },
+        "separation": {
+          "$ref": "#/definitions/SeparationOfDuties",
+          "description": "Role separation configuration to prevent conflicts of interest (v0.3.2+)"
+        },
+        "delegation": {
+          "$ref": "#/definitions/DelegationConfig",
+          "description": "Delegation configuration for multi-agent hierarchies (v0.3.2+)"
+        },
+        "type": {
+          "type": "string",
+          "enum": ["analyzer", "worker", "operator", "supervisor", "orchestrator", "governor", "specialist", "critic"],
+          "description": "Agent type classification aligned with access tiers (v0.3.2+)"
+        },
+        "taxonomy": {
+          "$ref": "#/definitions/TaxonomyClassification",
+          "description": "Taxonomy classification for domain and cross-cutting concerns (v0.3.2+)"
         },
         "compliance": {
           "type": "object",
@@ -959,6 +1402,10 @@
             },
             "additionalProperties": false
           }
+        },
+        "kubernetes": {
+          "$ref": "#/definitions/KubernetesConfig",
+          "description": "Kubernetes-specific configuration (KAS-inspired)"
         }
       },
       "additionalProperties": false
@@ -1437,10 +1884,25 @@
           "type": "object",
           "description": "Conditions that trigger fallback",
           "properties": {
-            "on_error": { "type": "boolean", "description": "Trigger on any error from primary" },
-            "max_retries": { "type": "integer", "description": "Retries before falling back" },
-            "error_codes": { "type": "array", "items": { "type": "integer" }, "description": "Specific error codes to trigger on" },
-            "latency_threshold_ms": { "type": "integer", "description": "Trigger when latency exceeds this threshold" }
+            "on_error": {
+              "type": "boolean",
+              "description": "Trigger on any error from primary"
+            },
+            "max_retries": {
+              "type": "integer",
+              "description": "Retries before falling back"
+            },
+            "error_codes": {
+              "type": "array",
+              "items": {
+                "type": "integer"
+              },
+              "description": "Specific error codes to trigger on"
+            },
+            "latency_threshold_ms": {
+              "type": "integer",
+              "description": "Trigger when latency exceeds this threshold"
+            }
           },
           "additionalProperties": true
         }
@@ -1611,10 +2073,14 @@
         "approval_required": {
           "description": "Whether human approval is required, or list of specific actions requiring approval",
           "anyOf": [
-            { "type": "boolean" },
+            {
+              "type": "boolean"
+            },
             {
               "type": "array",
-              "items": { "type": "string" },
+              "items": {
+                "type": "string"
+              },
               "description": "List of action types that require human approval"
             }
           ]
@@ -2240,7 +2706,7 @@
     },
     "MessagingExtension": {
       "type": "object",
-      "description": "Agent-to-agent messaging configuration (v0.3.1+)",
+      "description": "Agent-to-agent messaging configuration (v0.3.2+)",
       "properties": {
         "publishes": {
           "type": "array",
@@ -2782,6 +3248,69 @@
         }
       },
       "additionalProperties": false
+    },
+    "KubernetesConfig": {
+      "type": "object",
+      "description": "Kubernetes-specific runtime configuration (KAS-inspired)",
+      "properties": {
+        "namespace": {
+          "type": "string",
+          "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
+          "description": "Kubernetes namespace (DNS-1123 subdomain)"
+        },
+        "service_account": {
+          "type": "string",
+          "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
+          "description": "Kubernetes service account name"
+        },
+        "api_server_url": {
+          "type": "string",
+          "format": "uri",
+          "description": "Kubernetes API server URL (similar to KAS private API URL)"
+        },
+        "network_family": {
+          "type": "string",
+          "enum": [
+            "tcp",
+            "tcp4",
+            "tcp6"
+          ],
+          "default": "tcp",
+          "description": "Network family (KAS pattern: tcp, tcp4, tcp6)"
+        },
+        "health_check_endpoint": {
+          "type": "string",
+          "format": "uri",
+          "description": "Health check endpoint URL"
+        },
+        "config_map_ref": {
+          "type": "string",
+          "description": "Reference to Kubernetes ConfigMap"
+        },
+        "secret_ref": {
+          "type": "string",
+          "description": "Reference to Kubernetes Secret"
+        },
+        "rbac": {
+          "type": "object",
+          "properties": {
+            "role": {
+              "type": "string",
+              "description": "Kubernetes Role name"
+            },
+            "cluster_role": {
+              "type": "string",
+              "description": "Kubernetes ClusterRole name"
+            },
+            "role_binding": {
+              "type": "string",
+              "description": "Kubernetes RoleBinding name"
+            }
+          },
+          "additionalProperties": false
+        }
+      },
+      "additionalProperties": false
     }
   }
 }