@bluefly/openstandardagents 0.4.9 → 0.5.0

package/examples/agents/security-audit-agent.ossa.yaml

@@ -0,0 +1,234 @@
+apiVersion: ossa/v0.5
+kind: Agent
+metadata:
+  name: security-audit-agent
+  version: 1.0.0
+  description: Repository security scanner. Runs static analysis, dependency audits, secret detection, and Dragonfly audit rules against codebases. Reports findings with severity and remediation guidance.
+  labels:
+    use-case: security-audit
+    production-ready: 'false'
+    ossa-native: 'true'
+  agentType: custom
+  agentKind: specialist
+  identity:
+    namespace: blueflyio/ossa
+    agent_id: security-audit-agent
+    version: 1.0.0
+    publisher:
+      name: BlueFly.io
+      email: agents@bluefly.io
+      website: https://openstandardagents.org
+    created_at: 2026-03-10T12:00:00Z
+    updated_at: 2026-03-10T12:00:00Z
+  catalog:
+    published: true
+    visibility: public
+    categories:
+      - security
+      - code-quality
+      - compliance
+    tags:
+      - security
+      - audit
+      - phpstan
+      - phpcs
+      - dragonfly
+      - ossa-native
+spec:
+  role: |
+    You are a security audit specialist agent.
+
+    Your mission:
+    1. Scan repositories for vulnerabilities using static analysis tools
+    2. Run PHPStan at strictest levels for type safety issues
+    3. Run PHPCS for coding standard violations
+    4. Execute Dragonfly audit rules for anti-patterns and best practices
+    5. Check for exposed secrets and credentials
+    6. Produce structured reports with severity ratings and remediation steps
+
+    Guidelines:
+    - Never output or log actual secret values
+    - Classify findings by severity: critical, high, medium, low, informational
+    - Provide actionable remediation for each finding
+    - Reference CWE/CVE identifiers where applicable
+    - Map findings to NIST AI RMF and OWASP Top 10 where relevant
+  llm:
+    provider: anthropic
+    model: claude-sonnet-4-20250514
+    temperature: 0.1
+    max_tokens: 16384
+  tools:
+    - type: command
+      name: phpstan_analyze
+      description: Run PHPStan static analysis
+      operation: read
+      command: phpstan analyse
+      parameters:
+        path:
+          type: string
+          description: Path to analyze
+        level:
+          type: number
+          description: Analysis strictness 0-9
+          default: 8
+    - type: command
+      name: phpcs_check
+      description: Run PHP CodeSniffer checks
+      operation: read
+      command: phpcs
+      parameters:
+        path:
+          type: string
+          description: Path to check
+        standard:
+          type: string
+          default: Drupal,DrupalPractice
+    - type: command
+      name: npm_audit
+      description: Run npm audit for JS/TS dependencies
+      operation: read
+      command: npm audit
+      parameters:
+        path:
+          type: string
+          description: Project path with package.json
+    - type: command
+      name: secret_scan
+      description: Scan for exposed secrets and credentials
+      operation: read
+      command: git secrets --scan
+      parameters:
+        path:
+          type: string
+          description: Repository path to scan
+    - type: api
+      name: dragonfly_audit
+      description: Run Dragonfly audit rules from catalog
+      operation: read
+      parameters:
+        rule_set:
+          type: string
+          description: Audit rule set (e.g. anti-patterns, best-practices, a11y, seo)
+        target_url:
+          type: string
+          description: URL or path to audit
+  capabilities:
+    - name: static-analysis
+      description: PHPStan and PHPCS code analysis
+    - name: dependency-audit
+      description: npm/composer dependency vulnerability checks
+    - name: secret-detection
+      description: Scan for exposed credentials and secrets
+    - name: dragonfly-audit
+      description: Run Dragonfly quality audit rules
+    - name: compliance-mapping
+      description: Map findings to NIST, OWASP, CWE frameworks
+  safety:
+    guardrails:
+      - never_output_secrets
+      - read_only_operations
+      - audit_all_actions
+    pii_handling: redact
+    audit_all_actions: true
+    max_cost_per_execution: 0.4
+  observability:
+    telemetry:
+      enabled: true
+      export_traces: true
+      export_metrics: true
+security:
+  tier: tier_1_read
+  threat_model:
+    - category: information-disclosure
+      severity: critical
+      mitigations:
+        - output-filtering
+        - secret-redaction
+      description: Must never expose secrets found during scanning
+  capabilities:
+    required:
+      - filesystem-read
+      - network-outbound
+      - process-spawn
+      - tool-execution
+    optional:
+      - browser
+  sandboxing:
+    required: true
+    type: container
+    resource_limits:
+      max_memory_mb: 2048
+      max_cpu_cores: 2
+      max_execution_seconds: 600
+  network_access:
+    allowed_domains:
+      - registry.npmjs.org
+      - packagist.org
+      - api.anthropic.com
+      - nvd.nist.gov
+    protocols:
+      - https
+    egress_policy: allow-list
+  data_classification: confidential
+  audit:
+    log_inputs: true
+    log_outputs: false
+    log_tool_calls: true
+    retention_days: 365
+protocols:
+  mcp:
+    version: 1.0.0
+    role: client
+    capabilities:
+      tools: true
+      resources: true
+      prompts: false
+      sampling: false
+    servers:
+      - name: dragonfly
+        transport: stdio
+        command: dragonfly
+        tools:
+          - dragonfly_audit
+  a2a:
+    version: 0.2.0
+    endpoint: https://openstandardagents.org/agents/security-audit-agent
+    agent_card:
+      name: Security Audit Agent
+      description: Run repository security audits and compliance scans
+      skills:
+        - id: audit-repository
+          name: Audit Repository
+          description: Run a security audit on a repository
+    capabilities:
+      streaming: false
+      pushNotifications: false
+      stateTransitionHistory: true
+    authentication:
+      schemes:
+        - none
+governance:
+  authorization:
+    clearance_level: 1
+    policy_references:
+      - blueflyio/cedar-policies
+    tool_permissions:
+      - tool: phpstan_analyze
+        risk_level: low
+      - tool: phpcs_check
+        risk_level: low
+      - tool: npm_audit
+        risk_level: low
+      - tool: secret_scan
+        risk_level: medium
+      - tool: dragonfly_audit
+        risk_level: medium
+  quality_requirements:
+    confidence_threshold: 0.9
+    security_score_threshold: 90
+    max_vulnerability_count: 0
+  compliance:
+    frameworks:
+      - NIST-800-53
+    data_classification: confidential
+    audit_logging_required: true

package/examples/agentscope/react-assistant/agent.ossa.yaml

@@ -1,10 +1,10 @@
-apiVersion: ossa/v0.4.6
+apiVersion: ossa/v0.5
 kind: Agent
 metadata:
   name: agentscope-react-assistant
-  namespace: bluefly/examples
-  version: "1.0.0"
-  description: "Example ReAct agent powered by AgentScope runtime with MCP tool integration, A2A protocol support, and Mem0 long-term memory."
+  namespace: bluefly-examples
+  version: 1.0.0
+  description: Example ReAct agent powered by AgentScope runtime with MCP tool integration, A2A protocol support, and Mem0 long-term memory.
   agentType: agentscope
   agentKind: assistant
   status: active
@@ -14,17 +14,14 @@ metadata:
     framework: agentscope
   identity:
     agent_id: agentscope-react-assistant
-    namespace: bluefly/examples
-    version: "1.0.0"
+    namespace: bluefly-examples
+    version: 1.0.0
     publisher:
       name: BlueFly Collective
       website: https://bluefly.io
-
 spec:
-  role: >
-    You are a helpful assistant that uses tools to answer questions accurately.
-    Always verify information before responding. Use available MCP tools for
-    real-time data retrieval and knowledge base queries.
+  role: |
+    You are a helpful assistant that uses tools to answer questions accurately. Always verify information before responding. Use available MCP tools for real-time data retrieval and knowledge base queries.
   llm:
     provider: anthropic
     model: claude-sonnet-4-20250514
@@ -39,18 +36,19 @@ spec:
     - type: mcp
       name: knowledge-base
       endpoint: https://gkg.blueflyagents.com/mcp/sse
-      description: "Graph knowledge base for codebase analysis"
+      description: Graph knowledge base for codebase analysis
     - type: mcp
       name: web-search
       endpoint: https://mcp.blueflyagents.com/api/mcp/sse
-      description: "Web search and content retrieval"
+      description: Web search and content retrieval
   inputs:
     type: object
     properties:
       query:
         type: string
-        description: "User query or task"
-    required: [query]
+        description: User query or task
+    required:
+      - query
   outputs:
     type: object
     properties:
@@ -60,23 +58,26 @@ spec:
         type: integer
       confidence:
         type: number
-
 security:
   tier: tier_1_read
   capabilities:
-    required: [network-outbound, tool-execution]
-    optional: [memory-extended]
+    required:
+      - network-outbound
+      - tool-execution
+    optional:
+      - memory-extended
   network_access:
     allowed_domains:
-      - "*.blueflyagents.com"
-      - "api.anthropic.com"
-    protocols: [https, wss]
+      - '*.blueflyagents.com'
+      - api.anthropic.com
+    protocols:
+      - https
+      - wss
     egress_policy: allow-list
   data_classification: internal
-
 protocols:
   mcp:
-    version: "1.0.0"
+    version: 1.0.0
     role: client
     capabilities:
       tools: true
@@ -84,23 +85,22 @@ protocols:
       prompts: false
       sampling: false
   a2a:
-    version: "0.2.1"
+    version: 0.2.1
     endpoint: https://agents.blueflyagents.com/a2a/react-assistant
     agent_card:
       name: AgentScope React Assistant
-      description: "ReAct agent with tool use and memory"
+      description: ReAct agent with tool use and memory
       skills:
         - id: question-answering
           name: Question Answering
-          description: "Answer questions using tools and knowledge"
+          description: Answer questions using tools and knowledge
         - id: code-analysis
           name: Code Analysis
-          description: "Analyze code using knowledge graph"
+          description: Analyze code using knowledge graph
     capabilities:
       streaming: true
       pushNotifications: false
       stateTransitionHistory: false
-
 token_efficiency:
   serialization_profile: compact
   observation_format: projected
@@ -109,13 +109,17 @@ token_efficiency:
     max_output_tokens: 4096
     allocation_strategy: adaptive
   routing:
-    cascade: [claude-haiku-4-5-20251001, claude-sonnet-4-20250514, claude-opus-4-20250514]
-    complexity_threshold: [0.3, 0.7]
+    cascade:
+      - claude-haiku-4-5-20251001
+      - claude-sonnet-4-20250514
+      - claude-opus-4-20250514
+    complexity_threshold:
+      - 0.3
+      - 0.7
     strategy: cost_optimized
-
 extensions:
   agentscope:
-    version: "1.0.16"
+    version: 1.0.16
     agent_class: ReActAgent
     capabilities:
       - rag

package/examples/drupal/content-moderator.ossa.yaml

@@ -1,7 +1,7 @@
-apiVersion: ossa/v0.4.7
+apiVersion: ossa/v0.5.0
 kind: Agent
 metadata:
-  name: content_moderator
+  name: content-moderator
   version: 1.0.0
   description: AI-powered content moderation agent for Drupal
   labels:

package/examples/drupal/drupal-contributor.ossa.yaml

@@ -0,0 +1,247 @@
+apiVersion: ossa/v0.5.0
+kind: Agent
+metadata:
+  name: drupal-contributor
+  version: 1.0.0
+  description: >-
+    Autonomous Drupal issue contributor. Discovers issues on Drupal.org,
+    analyzes discussions, implements patches, pushes merge requests, and
+    monitors CI pipelines. The first OSSA-native development agent.
+  labels:
+    use-case: open-source-contribution
+    drupal-version: "11"
+    production-ready: "false"
+    ossa-native: "true"
+  agentType: custom
+  agentKind: worker
+  identity:
+    namespace: blueflyio/ossa
+    agent_id: drupal-contributor
+    version: 1.0.0
+    publisher:
+      name: BlueFly.io
+      email: agents@bluefly.io
+      website: https://openstandardagents.org
+    created_at: "2026-03-10T12:00:00Z"
+    updated_at: "2026-03-10T12:00:00Z"
+  catalog:
+    published: true
+    visibility: public
+    categories:
+      - development
+      - open-source
+      - drupal
+    tags:
+      - drupal
+      - contributor
+      - issue-fixing
+      - merge-request
+      - ci-monitoring
+      - ossa-native
+
+spec:
+  role: |
+    You are an autonomous Drupal open-source contributor agent.
+
+    Your mission:
+    1. Discover open issues on Drupal.org via the drupalorg-cli
+    2. Analyze issue discussions and existing patches
+    3. Implement fixes following Drupal coding standards
+    4. Run static analysis (PHPStan, PHPCS) before pushing
+    5. Create merge requests on GitLab
+    6. Monitor CI pipeline results and iterate
+
+    Guidelines:
+    - Follow Drupal coding standards strictly
+    - Write tests for all changes
+    - Keep patches minimal and focused
+    - Provide clear commit messages referencing the issue
+    - Respect human reviewer feedback
+
+  llm:
+    provider: anthropic
+    model: claude-sonnet-4-20250514
+    temperature: 0.2
+    max_tokens: 8192
+
+  tools:
+    - type: command
+      name: drupal_issue_context
+      description: Fetch issue details and discussion from Drupal.org
+      operation: read
+      command: drupalorg issue:show
+      parameters:
+        issue_id:
+          type: string
+          description: Drupal.org issue ID (e.g. 3456789)
+
+    - type: function
+      name: drupal_issue_checkout
+      description: Checkout issue branch for local development
+      operation: write
+      command: drupalorg issue:checkout
+      parameters:
+        issue_id:
+          type: string
+          description: Drupal.org issue ID to checkout
+
+    - type: function
+      name: drupal_mr_diff
+      description: Show merge request diff for review
+      operation: read
+      command: drupalorg mr:diff
+      parameters:
+        mr_id:
+          type: string
+          description: Merge request ID on Drupal.org GitLab
+
+    - type: function
+      name: phpstan_analyze
+      description: Run PHPStan static analysis on changed files
+      operation: read
+      command: phpstan analyse
+      parameters:
+        path:
+          type: string
+          description: Path to analyze (file or directory)
+        level:
+          type: number
+          description: Analysis level 0-9
+          default: 6
+
+    - type: command
+      name: phpcs_check
+      description: Run PHP CodeSniffer with Drupal coding standards
+      operation: read
+      command: phpcs
+      parameters:
+        path:
+          type: string
+          description: Path to check
+        standard:
+          type: string
+          description: Coding standard to use
+          default: Drupal,DrupalPractice
+
+    - type: command
+      name: git_push_mr
+      description: Stage, commit, and push changes to create a merge request
+      operation: write
+      command: git
+      parameters:
+        message:
+          type: string
+          description: Commit message referencing the issue
+        branch:
+          type: string
+          description: Target branch for the merge request
+
+  capabilities:
+    - name: issue-analysis
+      description: Analyze Drupal.org issue context and patches
+    - name: code-implementation
+      description: Implement fixes following Drupal standards
+    - name: static-analysis
+      description: Run PHPStan and PHPCS checks
+    - name: merge-request-creation
+      description: Create and manage GitLab merge requests
+    - name: ci-monitoring
+      description: Monitor CI pipeline results
+
+  safety:
+    guardrails:
+      - no_production_deploys
+      - human_review_required_before_merge
+      - follow_drupal_coding_standards
+      - audit_all_actions
+    pii_handling: none
+    audit_all_actions: true
+    max_cost_per_execution: 0.50
+
+  observability:
+    telemetry:
+      enabled: true
+      export_traces: true
+      export_metrics: true
+
+security:
+  tier: tier_2_write_limited
+  threat_model:
+    - category: prompt-injection
+      severity: medium
+      mitigations:
+        - input-validation
+        - output-filtering
+      description: Issue text from Drupal.org could contain adversarial content
+    - category: supply-chain
+      severity: high
+      mitigations:
+        - dependency-scanning
+        - code-review
+      description: Patches must be reviewed before merge
+  capabilities:
+    required:
+      - filesystem-read
+      - filesystem-write
+      - network-outbound
+      - process-spawn
+      - tool-execution
+    optional:
+      - browser
+  sandboxing:
+    required: true
+    type: container
+    resource_limits:
+      max_memory_mb: 2048
+      max_cpu_cores: 2
+      max_execution_seconds: 600
+      max_disk_mb: 1024
+  network_access:
+    allowed_domains:
+      - "*.drupal.org"
+      - "*.drupalcode.org"
+      - "gitlab.com"
+      - "api.anthropic.com"
+    protocols:
+      - https
+    egress_policy: allow-list
+  data_classification: internal
+  audit:
+    log_inputs: true
+    log_outputs: true
+    log_tool_calls: true
+    retention_days: 90
+
+protocols:
+  mcp:
+    version: 1.0.0
+    role: client
+    capabilities:
+      tools: true
+      resources: true
+    servers:
+      - name: drupalorg-cli
+        transport: stdio
+        command: drupalorg
+  a2a:
+    version: 0.2.0
+    endpoint: https://openstandardagents.org/agents/drupal-contributor
+    agent_card:
+      name: drupal-contributor
+      description: Analyze and fix a Drupal.org issue
+      skills:
+        - id: fix-drupal-issue
+          name: fix-drupal-issue
+          description: Analyze and fix a Drupal.org issue
+    capabilities:
+      stateTransitionHistory: true
+
+governance:
+  authorization:
+    policy_references:
+      - blueflyio/cedar-policies
+  compliance:
+    frameworks:
+      - NIST-800-53
+    data_classification: internal
+    audit_logging_required: true

package/examples/export/langchain/production-agent-with-memory/README.md

@@ -328,7 +328,7 @@ REDIS_URL=redis://localhost:6379
 
 **PostgreSQL Backend:**
 ```bash
-POSTGRES_URL=postgresql://postgres:postgres@localhost:5432/agent_memory
+POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@localhost:5432/agent_memory
 ```
 
 **OpenAI API (for Summary/Entity Memory):**