{"id":33347351,"url":"https://github.com/blueflyio/openstandardagents","last_synced_at":"2026-01-20T17:31:19.897Z","repository":{"id":324634953,"uuid":"1096698399","full_name":"blueflyio/openstandardagents","owner":"blueflyio","description":null,"archived":false,"fork":false,"pushed_at":"2025-11-21T15:17:51.000Z","size":65139,"stargazers_count":0,"open_issues_count":18,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-21T20:14:57.804Z","etag":null,"topics":["agents","ai","mcp","openapi"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blueflyio.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-14T20:15:24.000Z","updated_at":"2025-11-20T14:25:04.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/blueflyio/openstandardagents","commit_stats":null,"previous_names":["blueflycollective/openstandardagents","blueflyio/openstandardagents"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/blueflyio/openstandardagents","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blueflyio%2Fopenstandardagents","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blueflyio%2Fopenstandardagents/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blueflyio%2Fopenstandardagents/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blueflyio%2Fopenstandardagents/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blueflyio","download_url":"https://codeload.github.com/blueflyio/openstandardagents/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blueflyio%2Fopenstandardagents/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":285755366,"owners_count":27226257,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-22T02:00:05.934Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents","ai","mcp","openapi"],"created_at":"2025-11-22T08:01:27.192Z","updated_at":"2026-01-20T17:31:19.878Z","avatar_url":"https://github.com/blueflyio.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n```\n   ___  ____ ____    _\n  / _ \\/ ___/ ___|  / \\\n | | | \\___ \\___ \\ / _ \\\n | |_| |___) |__) / ___ \\\n  \\___/|____/____/_/   \\_\\\n```\n\n# Open Standard for Scalable AI Agents\n\n### **The OpenAPI of AI Agents**\n\n*Define once, deploy anywhere. A vendor-neutral specification for portable, composable, and compliant AI agents.*\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![npm version](https://img.shields.io/npm/v/@bluefly/openstandardagents)](https://www.npmjs.com/package/@bluefly/openstandardagents)\n[![CI Status](https://img.shields.io/badge/CI-passing-brightgreen.svg)](https://gitlab.com/blueflyio/openstandardagents/-/pipelines)\n[![npm downloads](https://img.shields.io/npm/dm/@bluefly/openstandardagents)](https://www.npmjs.com/package/@bluefly/openstandardagents)\n\n[**Quick Start**](#quick-start-under-60-seconds) • [**Documentation**](https://openstandardagents.org/docs/) • [**Examples**](https://openstandardagents.org/examples/) • [**Community**](#community)\n\n\u003c/div\u003e\n\n---\n\n## Why OSSA?\n\n### 🔄 Portability\n**One manifest, any provider**\n\nSwitch between OpenAI, Anthropic, Azure, or Ollama without changing a single line of code. Runtime bindings abstract implementation from definition.\n\n### 🧩 Composability\n**Build workflows from agents**\n\nCompose agents into workflows with parallel execution, conditional branching, and loop control. Orchestrate complex multi-agent systems declaratively.\n\n### 🛡️ Safety\n**Built-in guardrails**\n\nEnterprise-grade compliance out of the box. SOC2, FedRAMP, HIPAA, and GDPR controls are first-class schema properties, not afterthoughts.\n\n### 📊 Observability\n**Full visibility**\n\nNative OpenTelemetry tracing, structured logging, cost tracking, and performance metrics. Know exactly what your agents are doing and what they cost.\n\n\n---\n\n## Quick Start (Under 60 Seconds)\n\n### One-Command Quickstart\n\n```bash\n# macOS/Linux\ncurl -fsSL https://ossa.dev/quickstart.sh | bash\n\n# Or with npx (works everywhere)\nnpx @bluefly/openstandardagents quickstart\n\n# Windows PowerShell\niwr -useb https://ossa.dev/quickstart.ps1 | iex\n```\n\n### Manual Setup\n\n```bash\n# Install the CLI\nnpm install -g @bluefly/openstandardagents\n\n# Create your first agent\nossa init my-agent --type agent\ncd my-agent\n\n# Validate the manifest\nossa validate agent.ossa.yaml\n\n# Run it\nexport ANTHROPIC_API_KEY=sk-ant-...\nossa run agent.ossa.yaml --interactive\n```\n\nThat's it. You now have a working AI agent defined in a portable, standard format.\n\n[**→ Full Getting Started Guide**](https://openstandardagents.org/docs/getting-started/)\n\n---\n\n## What is OSSA?\n\n**OSSA** (Open Standard for Scalable AI Agents) is a **specification standard** for defining AI agents in a vendor-neutral, portable format—like OpenAPI for REST APIs or Kubernetes manifests for containers.\n\nOSSA is **NOT** a framework. It's a standard that frameworks implement.\n\n### The Three Kinds\n\nOSSA defines three resource types:\n\n#### Agent\n**LLM-powered agentic loops**\n\nAgents use LLMs to reason, plan, and execute tools. They handle inference, state management, and autonomous decision-making.\n\n```yaml\nkind: Agent\nspec:\n  llm:\n    provider: openai\n    model: gpt-4\n  role: |\n    You are a helpful assistant\n```\n\n#### Task\n**Deterministic operations**\n\nTasks are pure functions—no LLM required. Use them for data transformation, API calls, batch processing, or system integration.\n\n```yaml\nkind: Task\nspec:\n  type: function\n  runtime:\n    language: typescript\n    entry: transform.ts\n```\n\n#### Workflow\n**Orchestrated compositions**\n\nWorkflows compose Agents and Tasks into multi-step pipelines with parallel execution, conditionals, and loops.\n\n```yaml\nkind: Workflow\nspec:\n  steps:\n    - agent: analyzer\n    - parallel:\n        - task: transform\n        - task: validate\n```\n\n---\n\n## What's New in v0.3.2\n\n### 🔐 Access Tiers System\n**Enterprise privilege separation built into the spec**\n\nv0.3.2 introduces a 4-tier access hierarchy for agents:\n\n| Tier | Name | Permissions | Example Agents |\n|------|------|-------------|----------------|\n| **Tier 1** | Read Only | Analyze, audit, scan (no writes) | security-scanner, code-analyzer |\n| **Tier 2** | Write Limited | Docs, tests, drafts only | doc-generator, test-generator |\n| **Tier 3** | Write Elevated | Production code with approval | code-assistant, refactorer |\n| **Tier 4** | Policy | Full access + governance | compliance-governor |\n\n```yaml\nspec:\n  access:\n    tier: tier_1_read  # NEW: Declare access level\n    approval_chain: standard\n```\n\n### 🏗️ Workspace Governance Layer\n**`.agents-workspace/` for multi-agent management**\n\n```\n.agents-workspace/\n├── registry/index.yaml       # Agent discovery\n├── policies/tool-allowlist.yaml  # MCP permissions\n├── policies/security-tiers.yaml  # Access controls\n├── orchestration/            # Workflow definitions\n└── shared-context/           # Global standards\n```\n\n### 🤖 10 Production-Ready Showcase Agents\nConsolidated from 60+ agents into optimized examples:\n- `code-assistant` - Universal IDE integration\n- `security-scanner` - SAST/DAST analysis\n- `ci-pipeline` - GitLab/GitHub automation\n- `compliance-validator` - SOC2/HIPAA/GDPR\n- `workflow-orchestrator` - Multi-agent composition\n\n### 📡 A2A Protocol Support\n**Agent-to-Agent discovery with agent-card.json**\n\n```bash\nossa agent-card generate my-agent.ossa.yaml\nossa agent-card validate agent-card.json\n```\n\n---\n\n## Example: Security Scanner with Access Tiers (v0.3.2)\n\nThis agent demonstrates OSSA v0.3.2's **access tier system**—a Tier 1 (read-only) agent that can analyze but never modify:\n\n```yaml\napiVersion: ossa/v0.3.2\nkind: Agent\n\nmetadata:\n  name: security-scanner\n  version: \"1.0.0\"\n  description: SAST/DAST security analysis agent\n  labels:\n    ossa.dev/category: security\n    ossa.dev/tier: tier_1_read  # Access tier label\n\nspec:\n  # NEW v0.3.2: Access tier declaration\n  access:\n    tier: tier_1_read           # Read-only - cannot modify code\n    approval_chain: none        # No approval needed for read ops\n    audit_level: enhanced       # Full audit trail\n\n  role: |\n    You are a security scanner. Analyze code for vulnerabilities,\n    check dependencies for CVEs, and generate security reports.\n    You have READ-ONLY access - you cannot modify any files.\n\n  llm:\n    provider: anthropic\n    model: claude-sonnet-4\n    temperature: 0.1            # Low temp for consistent analysis\n\n  capabilities:\n    - type: function\n      name: scan.sast\n      description: Static application security testing\n    - type: function\n      name: scan.dependencies\n      description: Check dependencies for known CVEs\n    - type: function\n      name: report.generate\n      description: Generate security findings report\n\n  tools:\n    - type: mcp\n      server: filesystem\n      capabilities: [read_file, list_directory]  # Read-only!\n    - type: function\n      name: trivy_scan\n      description: Container vulnerability scanning\n\n  # Safety enforces the tier restrictions\n  safety:\n    constraints:\n      - \"NEVER write, edit, or delete any files\"\n      - \"NEVER execute commands that modify state\"\n      - \"Report findings only - never auto-fix\"\n    prohibited_tools:\n      - file.write\n      - file.edit\n      - terminal.run\n\n  # NEW v0.3.2: Separation of duties\n  separation_of_duties:\n    cannot_be_same_as:\n      - code-assistant    # Scanner can't also be the fixer\n      - deployment-agent  # Scanner can't also deploy\n    requires_review_by:\n      - security-team\n\n  observability:\n    tracing:\n      enabled: true\n      provider: opentelemetry\n    metrics:\n      track_findings: true\n      track_scan_duration: true\n```\n\n**What v0.3.2 Access Tiers provide:**\n- **Privilege Separation**: Tier 1 agents physically cannot write files\n- **Audit Trail**: All actions logged with tier context\n- **Separation of Duties**: Scanner can't also be the fixer\n- **Approval Chains**: Higher tiers require explicit approval\n\n```bash\n# Validate access tier compliance\nossa validate security-scanner.ossa.yaml --check-access-tiers\n\n# Run with tier enforcement\nossa run security-scanner.ossa.yaml --enforce-tier\n```\n\n[**→ See Access Tiers Examples**](spec/v0.3.2/examples/access-tiers/)\n\n---\n\n## Features\n\n### 🌐 20+ LLM Providers\n\nSwitch providers without changing your agent definition:\n\n- **OpenAI** (GPT-4, GPT-3.5)\n- **Anthropic** (Claude 3.5, Claude 3)\n- **Google** (Gemini Pro, Gemini Ultra)\n- **Azure OpenAI**\n- **AWS Bedrock**\n- **Ollama** (local models)\n- **Mistral AI**\n- **Cohere**\n- And more...\n\n### 🛠️ MCP Tool Support\n\nNative integration with [Model Context Protocol](https://modelcontextprotocol.io/) for standardized tool definitions:\n\n```yaml\ntools:\n  - type: mcp\n    server: filesystem\n    capabilities:\n      - read_file\n      - write_file\n      - list_directory\n```\n\n### 💬 Agent-to-Agent Messaging\n\nBuilt-in pub/sub messaging for multi-agent coordination:\n\n```yaml\nspec:\n  messaging:\n    publishes:\n      - channel: task.completed\n    subscribes:\n      - channel: task.started\n        handler: on_task_started\n    reliability:\n      deliveryGuarantee: at-least-once\n```\n\n### 🔒 Safety Controls\n\nEnterprise-grade security and compliance:\n\n- Input/output validation\n- Content filtering\n- Rate limiting\n- Audit logging\n- Data boundary controls\n- PII detection and redaction\n\n### 💰 Cost Tracking\n\nTrack costs across providers with unified metrics:\n\n```yaml\nobservability:\n  metrics:\n    track_costs: true\n    cost_alerts:\n      - threshold: 10.00\n        action: notify\n```\n\n---\n\n## Installation\n\n### npm\n\n```bash\nnpm install -g @bluefly/openstandardagents\n```\n\n### yarn\n\n```bash\nyarn global add @bluefly/openstandardagents\n```\n\n### pnpm\n\n```bash\npnpm add -g @bluefly/openstandardagents\n```\n\n### Homebrew (Coming Soon)\n\n```bash\nbrew install ossa\n```\n\n### Docker\n\n```bash\ndocker pull bluefly/ossa:latest\ndocker run -v $(pwd):/workspace bluefly/ossa validate agent.ossa.yaml\n```\n\n---\n\n## Documentation\n\n### Getting Started\n- [Installation Guide](https://openstandardagents.org/docs/installation/)\n- [Your First Agent](https://openstandardagents.org/docs/getting-started/first-agent/)\n- [Core Concepts](https://openstandardagents.org/docs/concepts/)\n- [CLI Reference](https://openstandardagents.org/docs/cli/)\n\n### Examples \u0026 Guides\n- [Example Gallery](https://openstandardagents.org/examples/)\n- [Framework Integration](https://openstandardagents.org/docs/integrations/)\n- [Production Deployment](https://openstandardagents.org/docs/deployment/)\n- [Best Practices](https://openstandardagents.org/docs/best-practices/)\n\n### Reference\n- **Getting Started**: [openstandardagents.org/docs/getting-started/](https://openstandardagents.org/docs/getting-started/)\n- **Full Documentation**: [openstandardagents.org/docs/](https://openstandardagents.org/docs/)\n- **Schema Reference**: [openstandardagents.org/schema/](https://openstandardagents.org/schema/)\n- **Specification**: [spec/v0.3.2/ossa-0.3.2.schema.json](https://github.com/blueflyio/openstandardagents/blob/main/spec/v0.3.2/ossa-0.3.2.schema.json)\n- **Messaging Extension**: [spec/v0.3.2/messaging.md](spec/v0.3.2/messaging.md) - Agent-to-agent messaging (v0.3.2+)\n- **Examples**: [openstandardagents.org/examples/](https://openstandardagents.org/examples/)\n- **Blog**: [openstandardagents.org/blog/](https://openstandardagents.org/blog/)\n\n**OSSA** is a vendor-neutral **specification standard** (like OpenAPI)\n**LangChain/AutoGen/Semantic Kernel** are framework-specific **implementations**\n**MCP** is a formal standard for **context protocol**, not full agent lifecycle\n\n---\n\n## License\n\n**Apache License 2.0**\n\nOSSA is open source and free to use for commercial and non-commercial purposes.\n\nSee [**LICENSE**](LICENSE) for full terms.\n\n---\n\n## Links\n\n### Development\n- **GitLab** (Primary): [gitlab.com/blueflyio/openstandardagents](https://gitlab.com/blueflyio/openstandardagents)\n- **GitHub** (Mirror): [github.com/blueflyio/openstandardagents](https://github.com/blueflyio/openstandardagents)\n- **npm Package**: [@bluefly/openstandardagents](https://www.npmjs.com/package/@bluefly/openstandardagents)\n\n### Community\n- **Website**: [openstandardagents.org](https://openstandardagents.org)\n- **Documentation**: [openstandardagents.org/docs](https://openstandardagents.org/docs)\n- **Discord**: [discord.gg/ossa](https://discord.gg/ossa)\n- **Twitter/X**: [@openstandardagi](https://twitter.com/openstandardagi)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**Built with ❤️ by the open source community**\n\n[Report Bug](https://github.com/blueflyio/openstandardagents/issues) • [Request Feature](https://github.com/blueflyio/openstandardagents/issues) • [Ask Question](https://github.com/blueflyio/openstandardagents/discussions)\n\n*Note: All development happens on GitLab. GitHub is a read-only mirror.*\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblueflyio%2Fopenstandardagents","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblueflyio%2Fopenstandardagents","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblueflyio%2Fopenstandardagents/lists"}