diff --git a/AGENTS.md b/AGENTS.md index 493fba2..95ed919 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -210,7 +210,7 @@ Agents must not rename existing taxonomy identifiers or schema fields unless exp ## Relationship to Detektor -OpenPAKT is designed to support **AI agent security scanners** such as the Detektor CLI reference implementation. +OpenPAKT is designed to support **AI agent security scanners** such as the [Detektor CLI](https://github.com/Meisterware/detektor) reference implementation. However, Detektor is developed **in a separate repository**. diff --git a/GOVERNANCE.md b/GOVERNANCE.md index 67964d4..f3a941c 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -20,4 +20,4 @@ OpenPAKT follows **semantic versioning**. ## Reference Implementation -The **Detektor CLI** serves as the reference implementation for the OpenPAKT specification. +The **[Detektor CLI](https://github.com/Meisterware/detektor)** serves as the reference implementation for the OpenPAKT specification. diff --git a/README.md b/README.md index 719a756..b29e4ea 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,8 @@ ## Open Protocol for Agent Knowledge Trust -![Specification](https://img.shields.io/badge/spec-v0.1-blue) +![Specification](https://img.shields.io/badge/spec-v0.1.0-blue) +![Spec Version](https://img.shields.io/badge/version-v0.1.0-blue) ![Status](https://img.shields.io/badge/status-draft-orange) ![License](https://img.shields.io/badge/license-Apache%202.0-green) ![Roadmap](https://img.shields.io/badge/roadmap-public-blue) @@ -11,18 +12,17 @@ OpenPAKT is an open specification for representing **AI agent security findings, The goal is to provide a **common language for AI agent security testing across tools, programming languages, and CI systems.** -> ⚠️ **Status:** OpenPAKT is currently under active development and evolving toward the **v0.1 Core Specification milestone**. -> Feedback and contributions are welcome. - --- -## Specification Status +## OpenPAKT v0.1.0 — Core Specification + +The **v0.1.0 Core Specification** defines the minimal interoperable structure for representing AI agent security testing artifacts. -OpenPAKT is currently in **Draft status** and evolving toward the **v0.1 Core Specification milestone**. +This version establishes the foundational components required for scanners and CI systems to exchange and evaluate agent security findings in a consistent way. -The v0.1 release will define the minimal interoperable structure for representing AI agent security findings, attack scenarios, and CI policy evaluation results. +⚠️ **Status:** The specification is currently in **Draft status** while the ecosystem and reference implementations mature. -Until v1.0, the specification may evolve as the ecosystem matures. +Until **v1.0**, the specification may evolve as adoption and implementation experience grows. --- @@ -78,7 +78,7 @@ OpenPAKT acts as the **interoperability layer between scanners and CI systems.** ## Scope -OpenPAKT **v0.1** focuses on defining a minimal interoperable structure for: +OpenPAKT **v0.1.0** defines a minimal interoperable structure for: - security finding reports - finding taxonomy @@ -86,6 +86,8 @@ OpenPAKT **v0.1** focuses on defining a minimal interoperable structure for: - attack scenario definitions - CI policy evaluation semantics +This version focuses on establishing a **stable core model** for representing AI agent security testing results. + --- ## Design Principles @@ -95,8 +97,8 @@ OpenPAKT is designed with the following principles: - **Language-agnostic** – usable across different programming languages and frameworks - **CI-first** – optimized for automated security validation in CI pipelines - **Portable** – findings and scenarios can be shared across tools -- **Deterministic** – results should be reproducible across implementations -- **Minimal v0.1** – start small and evolve through community adoption +- **Deterministic CI evaluation** – CI systems evaluate normalized findings consistently +- **Minimal v0.1** – start small and evolve through ecosystem adoption --- @@ -113,7 +115,7 @@ spec/ ci-policy.md ``` -Each component defines a part of the OpenPAKT security testing model. +Each document defines a component of the OpenPAKT security testing model. --- @@ -121,7 +123,7 @@ Each component defines a part of the OpenPAKT security testing model. OpenPAKT evolves through milestone-based specification releases. -### v0.1 – Core Specification +### v0.1 – Core Specification (Current) Defines the minimal interoperable structure for agent security testing. @@ -134,22 +136,49 @@ Includes: - CI policy semantics - example reports and scenarios +--- + ### v0.2 – Ecosystem Integration -Extends OpenPAKT to integrate with existing DevSecOps tooling. +Extend the OpenPAKT specification to support interoperability with existing DevSecOps tooling, CI pipelines, and agent security scanners. + +This milestone introduces mappings to widely used security reporting formats, defines metadata required for cross-surface correlation, and establishes guidance for tool compatibility and implementation. Planned features: - SARIF mapping for CI security dashboards - cross-surface finding correlation model - provenance metadata fields -- tool interoperability guidelines -- implementation guide for tool developers +- implementation guidance for tool developers - reference implementation alignment (Detektor CLI) +The goal of this milestone is to make OpenPAKT practical for real-world integrations while maintaining the minimal core defined in v0.1. + +--- + +### v0.3 – Multi-Agent Security + +Expands OpenPAKT to support security testing and validation of multi-agent systems and agent ecosystems. + +As AI systems increasingly involve multiple cooperating agents and tool integrations, security testing must account for interactions across agent boundaries. + +Planned areas of exploration include: + +- multi-agent interaction testing scenarios +- agent-to-agent security boundaries +- tool invocation trust validation +- cross-agent data flow analysis +- distributed agent security findings + +The goal of this milestone is to enable OpenPAKT to represent security findings that emerge from complex agent workflows rather than single agent prompts. + +--- + ### v1.0 – Stable Standard -Finalizes OpenPAKT as a stable open standard. +Finalize the OpenPAKT specification as a stable, production-ready standard for representing AI agent security findings, scenarios, and CI validation results. + +This milestone formalizes governance rules, versioning semantics, compatibility guarantees, and conformance requirements needed for long-term ecosystem adoption. Planned components: @@ -159,15 +188,21 @@ Planned components: - conformance tests - registry compatibility +The objective of v1.0 is to provide a reliable and stable contract that tool vendors, platforms, and CI systems can implement with confidence. + --- ## Versioning -OpenPAKT follows **semantic versioning** for the specification. +OpenPAKT follows **Semantic Versioning** for specification releases. Current version: -### v0.1 – Initial Draft +```text +v0.1.0 — Core Specification +``` + +Until **v1.0**, the specification may evolve as the ecosystem matures. --- @@ -175,7 +210,7 @@ Current version: Example OpenPAKT reports and scenarios are available in the `examples/` directory. -These examples demonstrate how security findings and attack scenarios can be represented using the specification. +These demonstrate how security findings and attack scenarios can be represented using the specification. --- @@ -197,12 +232,31 @@ To become the **common interoperability layer for AI agent security testing.** --- +## Specification vs Implementations + +OpenPAKT defines an **open specification**, not a single security scanner. + +The specification defines the **interoperable format for scenarios, findings, and CI evaluation**, while different tools may implement scanners that produce OpenPAKT-compliant reports. + +This separation allows multiple tools and vendors to adopt the specification. + +OpenPAKT-compatible scanners may include: + +- Detektor (reference CLI implementation) +- future ecosystem tools +- CI security scanners +- agent security testing frameworks + +--- + ## Reference Implementation -**Detektor** is the reference CLI implementation of the OpenPAKT specification. +**[Detektor](https://github.com/Meisterware/detektor)** is the reference CLI implementation of the OpenPAKT specification. Detektor demonstrates how OpenPAKT findings, scenarios, and CI policy validation can be implemented in practice. +The reference implementation helps validate the specification and provides a starting point for building compatible scanners. + --- ## Project Documents diff --git a/SECURITY.md b/SECURITY.md index 95c8ff9..528c4a9 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,7 +7,7 @@ If you discover a security vulnerability related to: - the OpenPAKT specification - example artifacts - reference implementations -- the Detektor scanner (when available) +- the [Detektor](https://github.com/Meisterware/detektor) scanner please report it responsibly. diff --git a/spec/index.md b/spec/index.md index fa4f796..5e83b22 100644 --- a/spec/index.md +++ b/spec/index.md @@ -50,6 +50,6 @@ Historical versions of the specification are stored in the `archive/` directory. ## Reference Implementation -The **Detektor CLI** is the reference implementation of the OpenPAKT specification. +The **[Detektor CLI](https://github.com/Meisterware/detektor)** is the reference implementation of the OpenPAKT specification. Detektor demonstrates how OpenPAKT findings, scenarios, and CI policy validation can be implemented in practice.