npm - @bluefly/openstandardagents - Versions diffs - 0.4.6 → 0.4.8 - Mend

@bluefly/openstandardagents 0.4.6 → 0.4.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (300) hide show

package/dist/spec/v0.5/extensions/governance/governance-extension.yaml ADDED Viewed

@@ -0,0 +1,161 @@
+# OSSA Agent Manifest Schema Extension - Governance
+governance:
+  type: object
+  description: |
+    Governance configuration for agent authorization and quality gates.
+    Implementation-agnostic: any governance provider (Cedar, OPA, custom)
+    can consume this configuration.
+  properties:
+    authorization:
+      type: object
+      description: Authorization requirements for this agent
+      properties:
+        clearance_level:
+          type: integer
+          description: |
+            Required clearance level (0-5)
+            Levels:
+            - 0: Public access (read-only)
+            - 1: Junior agent (low-risk tools)
+            - 2: Standard agent (medium-risk tools)
+            - 3: Senior agent (high-risk tools)
+            - 4: Principal agent (critical tools)
+            - 5: System agent (unrestricted)
+          minimum: 0
+          maximum: 5
+          default: 1
+        tool_permissions:
+          type: array
+          description: Required tool access permissions
+          items:
+            type: object
+            required: [tool, risk_level]
+            properties:
+              tool:
+                type: string
+                description: Tool identifier (e.g., "gitlab_api", "llm_inference")
+              risk_level:
+                type: string
+                enum: [low, medium, high, critical]
+                description: |
+                  Risk classification:
+                  - low: Read-only, no side effects
+                  - medium: Write operations, reversible
+                  - high: Destructive operations, requires review
+                  - critical: System-level, requires approval
+              requires_approval:
+                type: boolean
+                default: false
+                description: Requires human approval before execution
+        policy_references:
+          type: array
+          description: External policy IDs (implementation-specific)
+          items:
+            type: string
+            pattern: '^[a-zA-Z0-9-_]+$'
+          examples:
+            - agent-tool-001
+            - mr-review-policy
+    quality_requirements:
+      type: object
+      description: Quality metrics and thresholds for deployment gates
+      properties:
+        confidence_threshold:
+          type: integer
+          minimum: 0
+          maximum: 100
+          default: 70
+          description: |
+            Minimum confidence score required (percentage)
+            Recommended thresholds:
+            - Production: 90-95%
+            - Staging: 70-85%
+            - Development: 50-70%
+        test_coverage_threshold:
+          type: integer
+          minimum: 0
+          maximum: 100
+          default: 60
+          description: Minimum test coverage percentage
+        security_score_threshold:
+          type: integer
+          minimum: 0
+          maximum: 100
+          default: 70
+          description: Minimum security scan score
+        max_vulnerability_count:
+          type: integer
+          minimum: 0
+          default: 0
+          description: Maximum allowed vulnerabilities (production should be 0)
+    compliance:
+      type: object
+      description: Compliance and regulatory requirements
+      properties:
+        frameworks:
+          type: array
+          description: Required compliance frameworks
+          items:
+            type: string
+            enum: [SOC2, HIPAA, GDPR, PCI-DSS]
+          examples:
+            - SOC2
+            - HIPAA
+        data_classification:
+          type: string
+          enum: [public, internal, confidential, restricted]
+          default: internal
+          description: |
+            Data classification level:
+            - public: Publicly available data
+            - internal: Company-internal data
+            - confidential: Sensitive business data
+            - restricted: Highly sensitive (PII, PHI, PCI)
+        audit_logging_required:
+          type: boolean
+          default: false
+          description: Requires audit logging for all actions
+# Example usage in agent manifest
+example:
+  apiVersion: v0.4.1
+  kind: Agent
+  metadata:
+    name: mr-reviewer
+  spec:
+    governance:
+      authorization:
+        clearance_level: 2
+        tool_permissions:
+          - tool: gitlab_api
+            risk_level: medium
+          - tool: llm_inference
+            risk_level: low
+        policy_references:
+          - agent-tool-001
+          - mr-review-policy
+      quality_requirements:
+        confidence_threshold: 85
+        test_coverage_threshold: 80
+        security_score_threshold: 90
+        max_vulnerability_count: 0
+      compliance:
+        frameworks: [SOC2]
+        data_classification: internal
+        audit_logging_required: true

package/dist/spec/v0.5/extensions/identity/identity.schema.json ADDED Viewed

@@ -0,0 +1,302 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://openstandardagents.org/schemas/v0.4/extensions/identity.json",
+  "title": "OSSA Identity Extension Schema (DID Document)",
+  "description": "Validates W3C DID Core-compliant identity documents for OSSA agents. Provides decentralized identity binding so agents can be cryptographically verified across platforms.",
+  "type": "object",
+  "required": ["@context", "id"],
+  "properties": {
+    "@context": {
+      "description": "JSON-LD context. Must include the W3C DID Core context.",
+      "oneOf": [
+        {
+          "type": "string",
+          "const": "https://www.w3.org/ns/did/v1"
+        },
+        {
+          "type": "array",
+          "items": { "type": "string" },
+          "contains": {
+            "const": "https://www.w3.org/ns/did/v1"
+          },
+          "minItems": 1
+        }
+      ]
+    },
+    "id": {
+      "type": "string",
+      "description": "DID identifier. Must use the did:web method for OSSA agents.",
+      "pattern": "^did:web:.+$",
+      "examples": [
+        "did:web:openstandardagents.org:agents:my-agent",
+        "did:web:example.com:agents:code-reviewer"
+      ]
+    },
+    "controller": {
+      "description": "DID(s) authorized to make changes to this DID document",
+      "oneOf": [
+        {
+          "type": "string",
+          "pattern": "^did:.+$"
+        },
+        {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "pattern": "^did:.+$"
+          },
+          "minItems": 1
+        }
+      ]
+    },
+    "alsoKnownAs": {
+      "type": "array",
+      "description": "Alternative identifiers for this agent (URIs)",
+      "items": {
+        "type": "string",
+        "format": "uri"
+      }
+    },
+    "verificationMethod": {
+      "type": "array",
+      "description": "Cryptographic verification methods (public keys) associated with this DID",
+      "items": {
+        "$ref": "#/definitions/VerificationMethod"
+      }
+    },
+    "authentication": {
+      "type": "array",
+      "description": "Verification methods used for authentication. References verificationMethod entries by id or embeds them inline.",
+      "items": {
+        "oneOf": [
+          {
+            "type": "string",
+            "description": "Reference to a verificationMethod id"
+          },
+          {
+            "$ref": "#/definitions/VerificationMethod"
+          }
+        ]
+      }
+    },
+    "assertionMethod": {
+      "type": "array",
+      "description": "Verification methods used for issuing verifiable credentials or assertions",
+      "items": {
+        "oneOf": [
+          {
+            "type": "string",
+            "description": "Reference to a verificationMethod id"
+          },
+          {
+            "$ref": "#/definitions/VerificationMethod"
+          }
+        ]
+      }
+    },
+    "keyAgreement": {
+      "type": "array",
+      "description": "Verification methods used for key agreement (e.g., establishing shared secrets)",
+      "items": {
+        "oneOf": [
+          {
+            "type": "string",
+            "description": "Reference to a verificationMethod id"
+          },
+          {
+            "$ref": "#/definitions/VerificationMethod"
+          }
+        ]
+      }
+    },
+    "capabilityInvocation": {
+      "type": "array",
+      "description": "Verification methods used to invoke cryptographic capabilities (e.g., authorization to update the DID document)",
+      "items": {
+        "oneOf": [
+          {
+            "type": "string",
+            "description": "Reference to a verificationMethod id"
+          },
+          {
+            "$ref": "#/definitions/VerificationMethod"
+          }
+        ]
+      }
+    },
+    "capabilityDelegation": {
+      "type": "array",
+      "description": "Verification methods used to delegate capabilities to other DIDs",
+      "items": {
+        "oneOf": [
+          {
+            "type": "string",
+            "description": "Reference to a verificationMethod id"
+          },
+          {
+            "$ref": "#/definitions/VerificationMethod"
+          }
+        ]
+      }
+    },
+    "service": {
+      "type": "array",
+      "description": "Service endpoints associated with this agent DID",
+      "items": {
+        "$ref": "#/definitions/ServiceEndpoint"
+      }
+    }
+  },
+  "additionalProperties": true,
+  "definitions": {
+    "VerificationMethod": {
+      "type": "object",
+      "description": "A cryptographic verification method (public key) per W3C DID Core",
+      "required": ["id", "type", "controller"],
+      "properties": {
+        "id": {
+          "type": "string",
+          "description": "Unique identifier for this verification method, typically DID + fragment",
+          "examples": ["did:web:openstandardagents.org:agents:my-agent#key-1"]
+        },
+        "type": {
+          "type": "string",
+          "description": "Cryptographic suite type",
+          "enum": [
+            "JsonWebKey2020",
+            "Ed25519VerificationKey2020",
+            "Ed25519VerificationKey2018",
+            "X25519KeyAgreementKey2020",
+            "X25519KeyAgreementKey2019",
+            "EcdsaSecp256k1VerificationKey2019",
+            "EcdsaSecp256r1VerificationKey2019",
+            "Multikey"
+          ]
+        },
+        "controller": {
+          "type": "string",
+          "description": "DID of the entity that controls this key",
+          "pattern": "^did:.+$"
+        },
+        "publicKeyJwk": {
+          "type": "object",
+          "description": "Public key in JWK format (RFC 7517)",
+          "properties": {
+            "kty": {
+              "type": "string",
+              "description": "Key type",
+              "enum": ["EC", "OKP", "RSA"]
+            },
+            "crv": {
+              "type": "string",
+              "description": "Curve name (for EC and OKP key types)",
+              "enum": ["Ed25519", "X25519", "P-256", "P-384", "P-521", "secp256k1"]
+            },
+            "x": {
+              "type": "string",
+              "description": "Public key x-coordinate (base64url-encoded)"
+            },
+            "y": {
+              "type": "string",
+              "description": "Public key y-coordinate (base64url-encoded, for EC keys)"
+            },
+            "kid": {
+              "type": "string",
+              "description": "Key identifier"
+            },
+            "use": {
+              "type": "string",
+              "description": "Intended use of the key",
+              "enum": ["sig", "enc"]
+            },
+            "alg": {
+              "type": "string",
+              "description": "Algorithm intended for use with this key"
+            }
+          },
+          "required": ["kty"],
+          "additionalProperties": true
+        },
+        "publicKeyMultibase": {
+          "type": "string",
+          "description": "Public key in multibase format (e.g., z-prefixed base58btc)",
+          "pattern": "^z[1-9A-HJ-NP-Za-km-z]+$"
+        },
+        "publicKeyBase58": {
+          "type": "string",
+          "description": "Public key in base58btc format (deprecated, use publicKeyMultibase)"
+        },
+        "blockchainAccountId": {
+          "type": "string",
+          "description": "CAIP-10 blockchain account identifier"
+        },
+        "revoked": {
+          "type": "boolean",
+          "description": "Whether this verification method has been revoked",
+          "default": false
+        }
+      },
+      "additionalProperties": true
+    },
+    "ServiceEndpoint": {
+      "type": "object",
+      "description": "A service endpoint associated with the agent DID",
+      "required": ["id", "type", "serviceEndpoint"],
+      "properties": {
+        "id": {
+          "type": "string",
+          "description": "Unique identifier for this service, typically DID + fragment",
+          "examples": ["did:web:openstandardagents.org:agents:my-agent#agent-endpoint"]
+        },
+        "type": {
+          "type": "string",
+          "description": "Service type identifier",
+          "examples": [
+            "OSSAAgentService",
+            "A2AService",
+            "MCPServerService",
+            "LinkedDomains",
+            "DIDCommMessaging",
+            "CredentialRegistry"
+          ]
+        },
+        "serviceEndpoint": {
+          "description": "The service endpoint URL(s)",
+          "oneOf": [
+            {
+              "type": "string",
+              "format": "uri"
+            },
+            {
+              "type": "array",
+              "items": {
+                "type": "string",
+                "format": "uri"
+              }
+            },
+            {
+              "type": "object",
+              "description": "Structured endpoint with multiple properties",
+              "additionalProperties": true
+            }
+          ]
+        },
+        "description": {
+          "type": "string",
+          "description": "Human-readable description of this service endpoint"
+        },
+        "routingKeys": {
+          "type": "array",
+          "description": "DIDComm routing keys for message encryption",
+          "items": { "type": "string" }
+        },
+        "accept": {
+          "type": "array",
+          "description": "Accepted media types or protocol versions",
+          "items": { "type": "string" }
+        }
+      },
+      "additionalProperties": true
+    }
+  }
+}