Vendor-Neutral AI Governance
OSSA is a specification for defining AI agents with built-in governance โ compliance, cost controls, human approval workflows, and audit logging โ all declared in a single YAML manifest.
What is OSSA
Define once
One YAML manifest describes everything โ the agent role, LLM config, compliance rules, cost limits, HITL gates.
Execute anywhere
Switch Gemini โ Claude โ GPT by changing one line. All governance stays identical.
Govern automatically
Cost budgets enforced at runtime. HITL triggers on configured conditions. Every action audited.
Trust by design
Compliance frameworks (HIPAA, SOC2) declared per agent. Data classification and retention built in.
Architecture & Key Concepts
Manifest as Code
Define agents in YAML โ provider, compliance, cost limits, HITL rules. Version control friendly.
Vendor Neutral
Switch between Gemini, Claude, GPT by changing one line. Governance rules stay the same.
HITL Approval
Human-in-the-loop gates trigger on conditions like input size or cost threshold.
Cost Governance
Per-execution and daily token budgets enforced. Provider-specific pricing tracked in real-time.
Audit Logging
Every action logged with timestamp. Full traceability for compliance investigation.
Compliance
HIPAA, SOC2 declared per manifest. Data classification and retention policy enforced.
Sample OSSA Manifest
apiVersion: ossa/v0.4.6
kind: Agent
metadata:
name: document-summarizer
spec:
llm:
provider: gemini # โ change to: anthropic / openai
model: gemini-2.5-flash
compliance:
frameworks: [HIPAA, SOC2]
cost:
tokenBudget:
perExecution: 2000
spendLimits:
daily: 0.50
hitl:
enabled: true
interventionPoints:
- trigger:
type: on_condition
condition: input_size > 5000
mode: ALWAYSโ Select an agent from the sidebar to start executing
Validate
Manifest
Budget
Governance
LLM
Invoke
Audit
Capture
Complete
Run an agent to see the OSSA execution pipeline