Skip to main content
v0.4.8Apache 2.09 export targetsNIST CAISI RFI Submitted

Every Agent
Needs a Contract

MCP connects tools. A2A connects agents. Neither defines the contract.

$ ossa init my-agent --template full -y
$ ossa export my-agent.ossa.yaml --to docker
5-minute Quick StartAgent BuilderView Specnpm Package
Standards-Aligned

Interoperability by Design, Not Afterthought

OSSA applies formal schema validation, measurable conformance testing, and cryptographic provenance to agent definitions. Built for environments where interoperability must be demonstrated, not assumed.

See our federal standards alignment

Portable Agent Contracts

Schema-validated YAML manifests with measurable export fidelity across 9 deployment targets.

Open Discovery (DUADP)

DNS-native discovery with 5-layer resolution: TXT records, well-known endpoints, federated mesh, identity, trust verification.

Verifiable Trust

Three-tier trust model (self-declared, org-verified, independently audited) with cryptographic attestation chains.

The M×N Problem

Every framework defines agents differently. LangChain, CrewAI, Kubernetes, and GitLab each require distinct configuration schemas. Supporting M agent types across N platforms means maintaining M×N configurations — a combinatorial scaling problem with measurable cost.

Our analysis of production deployments shows 40–60% of agent configuration is duplicated across platforms. Each new target adds linearly to maintenance burden, compliance gaps emerge when governance metadata is scattered, and there is no single artifact to validate against.

Before OpenAPI, every API had a different description format. The same thing is happening with agents right now.
LangChain
CrewAI
K8s
Claude
Support Bot
.yml
.yml
.yml
.yml
Code Review
.yml
.yml
.yml
.yml
Data Pipeline
.yml
.yml
.yml
.yml

3 agents × 4 platforms = 12 configs to maintain

With OSSA: 3 agents × 1 manifest each

The fix

Where OSSA Sits

A formally specified contract layer between protocol transports and application logic. One definition, validated export to any target.

Your ApplicationAgent Logic & Business Rules
OSSA Contract Layer
Identity·Capabilities·Compliance·Lifecycle·Security·Trust
MCPTools & Context
A2AAgent Comms
ANP / ACPNetwork Layer
Deployment Platforms
LangChain·CrewAI·Kubernetes·Docker·GitLab Duo·Claude Code·Cursor·Drupal·MCP·A2A·npm·+ more

3 agents × 1 manifest each → export to any platform

The Missing Layer

The Contract Layer That Bridges Protocols to Platforms

MCP connects tools. A2A connects agents. A recent survey of four major protocols confirms: none addresses the contract layer — the portable definition of what an agent is, what it can access, and under what governance rules.

MCP

Tool and context protocol. Connects LLMs to external data and capabilities.

What the agent can use

OSSA

The agent contract. Deploy, govern, and migrate agents across any platform.

The portable definition

A2A

Inter-agent communication. How agents talk to each other.

How agents communicate

MCPOSSAA2A
PurposeConnects agents to toolsDefines the agent contractConnects agents to agents
Answers“How does it access tools?”“What IS this agent?”“How do agents talk?”
ArtifactServer definitionPortable YAML manifestAgent Card (per-endpoint descriptor)
SecurityNone nativeCompliance + trust metadataEndpoint-level auth
PortabilityServer-specificFramework & platform agnosticProtocol-specific

OSSA doesn't replace MCP or A2A — it's the portable manifest that references both.
Define once in YAML. Export to any platform.

Try The Hosted Agent Builder

Runtime builder features are hosted at uiapi.openstandardagents.org to keep this site focused on standards, docs, and interoperability.

Open Agent BuilderOpen Transformer

What's in the Spec

OSSA covers the full lifecycle of production agent systems. Every feature has an honest maturity label.

Agent Identity & Capabilities

MCP Tool Integration

production

Define MCP server connections, operations, and capabilities directly in your manifest. Works with the official MCP PHP SDK, Symfony MCP Bundle, and all major implementations.

A2A Protocols

production

Agent-to-agent communication patterns, message schemas, and coordination contracts. Complements Google A2A protocol.

Skills Pipeline

new

Research, generate, and export agent skills. New in v0.4.5.

Governance & Safety

Compliance Modeling

production

SOC2, HIPAA, GDPR, and FedRAMP requirements expressed as structured metadata in the manifest.

Human-in-the-Loop

production

Approval workflows, intervention points, and escalation policies defined at the spec level.

Cost Controls

production

Token budgets, daily spend limits, and cost tracking configuration per agent.

Runtime & Infrastructure

State Management

production

Persistent state, checkpointing, and recovery contracts for long-running agent workflows.

Mesh Networking

beta

Service discovery and inter-agent routing for distributed agent systems.

AG2 Extensions

beta

AutoGen v2 integration for multi-agent conversation patterns.

Identity & Trust Pre-Authorization

A recent security analysis of MCP identified 16 distinct threat scenarios. Agents need verifiable identity and explicitly declared trust boundaries before they execute.

Global Agent Identifier (GAID)

OSSA introduces the GAID — a W3C DID-compliant uniform resource name that anchors an agent's identity to a verifiable registry. Before an A2A connection is made, the origin agent's GAID is verified.

did:ossa:bluefly:finance-agent-v2.1

Cedar Policy Integration

Manifests embed Cedar policies to declare data access limitations and action guardrails. OSSA runtimes evaluate these policies at the transport layer, enforcing zero-trust before the LLM ever receives the context.

Attribute-Based Access ControlAWS Cedar
OSSA Trust TierValidation RequirementEnvironment
Tier 1: Self-DeclaredSchema validation onlyLocal dev, internal sandboxes
Tier 2: Enterprise VerifiedSigned by org key + UADP networkCorporate intra-agent mesh
Tier 3: Audited3rd-party cryptographic attestationPublic APIs, financial actions

Get Started

Install, create, export. Under 5 minutes.

terminal

# 1. Install

npm install -g @bluefly/openstandardagents

# 2. Create & validate

ossa init my-agent --template full -y
ossa validate my-agent.ossa.yaml

# 3. Export to any platform

ossa export my-agent.ossa.yaml --to docker
ossa export my-agent.ossa.yaml --to claude-agent-sdk
ossa export my-agent.ossa.yaml --to langchain
Full Getting Started Guide

Built-in MCP Server

10 MCP Tools. Works in Every AI IDE.

OSSA ships a production MCP server that works in Claude Code, Cursor, Windsurf, and any MCP-compatible client. Validate, scaffold, convert, and publish agents without leaving your editor.

ossa_validate

Validate manifests against v0.4 schema

ossa_scaffold

Create new agent directory structure

ossa_convert

Export to 23+ platforms instantly

ossa_inspect

Deep analysis of capabilities and access tiers

ossa_generate

Generate agent-card.json for A2A discovery

ossa_publish

Publish to registries via HTTP or arctl

ossa_list

Discover all agents in workspace

ossa_workspace

Init, discover, and manage workspaces

ossa_diff

Compare manifests with breaking change detection

ossa_migrate

Migrate manifests to newer spec versions

.mcp.json
{
  "mcpServers": {
    "ossa": {
      "command": "npx",
      "args": ["-y", "@bluefly/openstandardagents", "serve", "--mcp"]
    }
  }
}

Add to your IDE's MCP config. Works in Claude Code, Cursor, Windsurf, and more.

CMS Integration

Drupal-Native Agent Import

OSSA manifests import directly into Drupal as config entities. Create agents with the CLI wizard, import into your CMS, and Drupal auto-discovers API tools.

1

Create

Use the interactive wizard to define your agent

ossa wizard
2

Export

Wizard outputs a portable OSSA YAML manifest

agent.ossa.yaml
3

Import

Import into Drupal via UI form or Drush

drush ossa:import manifest.yaml

What happens on import

  • Drupal creates a config entity from the OSSA manifest (PHP-native validation included)
  • API tools are auto-discovered from the manifest's tool definitions
  • Agent becomes available to Drupal AI modules (ai_agents, ai_agents_ossa, MCP Registry)
  • Works with the Drupal import form (paste YAML) or CLI: drush ossa:import manifest.yaml

Powered by ai_agents_ossa Drupal module. Requires Drupal 10.3+ with AI Agents module.

Platform Status

Transparent maturity classification. Each adapter is labeled by its tested conformance level, not its marketing readiness.

Production

  • LangChain (Python/TS)
  • MCP (Model Context Protocol)
  • npm (installable package)
  • Docker (compose + multi-stage)
  • Kubernetes (kagent CRDs)
  • GitLab Duo Agent
  • Agent Skills
  • A2A (agent-card.json)
  • Anthropic (Messages API)
  • OpenAI (Assistants/function_calling)

Beta

  • CrewAI (agent roles)
  • Claude Code (IDE)
  • Claude Agent SDK (TS/Py/Go/Rust)
  • Cursor (IDE rules)
  • Drupal (CMS import)
  • LangFlow (visual workflow)
  • Warp (terminal agents)
  • Mobile Agent (runtime)
  • AutoGen (ConversableAgent)
  • Semantic Kernel (plugin)

Key Numbers

Early-stage adoption

  • npm versionv0.4.8
  • GitHub stars3
  • Weekly downloads198
  • Export targets23+
  • CLI commands65+
  • MCP tools10
  • Example manifests50+
  • Test suites121
  • LicenseApache 2.0

Early adopters: metrics from npm and GitHub. Updated every 5 minutes.

Dogfooding OSSA — this site uses OSSA-defined agents

content-syncversion-updaterlink-validatordeploy-orchestrator

Try it in 5 minutes

Install the CLI, create a manifest, validate it, export it. Feedback welcome — we're still early and we know it.

Quick Start GuideGitLab RepoJoin Discord
How this site is built →