Show HN: Open Envelope – an open schema for defining AI agent teams (openenvelope.org)

52 points by ashconway ↗ HN
Built an open JSON Schema for defining AI agent teams.

Multi-agent systems are becoming a real deployment pattern — not single assistants, but teams with roles, handoffs, and human checkpoints. But there's no shared way to define one that travels across frameworks. Every implementation is scattered, locked to whichever tool you picked first. Built the schema to fix that.

The schema lives at schema.openenvelope.org and is registered in SchemaStore, so if you drop a .envelope.json file in VS Code you get autocomplete and validation without installing anything. It's also on npm as @openenvelope/schema if you want to validate programmatically.

The spec covers: agent definitions (role, prompt, model, access policy), supervisor/sub-agent hierarchy, human-in-the-loop gates, pipelines, schedules, and secrets/variables that get injected at deploy time. Access policies let you declare exactly which hosts each agent can call — the runtime enforces this at the network level, not in the prompt.

The goal is a portable definition format — define a team once, any compatible runtime can execute it. Similar to how Dockerfiles describe a container without being tied to a specific host. There's a managed runtime at openenvelope.org but the schema is Apache 2.0 and anyone can implement it.

Happy to answer questions on any part of the spec — especially interested in feedback from people who've built multi-agent systems and have opinions on what's missing.

11 comments

[ 4.4 ms ] story [ 29.0 ms ] thread
I think this is kinda wrong.

Declarative approaches require validation to live at a synthesis layer, while an imperative approach that compiles down to declarative configs at runtime gives you the best of both worlds -- this is why anyone who does not need terraform cross compatibility will write things against CDK or Pulumi that has the same declarative schema wins with the niceness of testability and author-time typing.

Edit:

That said, it is shockingly close to the schema that we wound up with with a few ideas that I think are interesting.

reportsTo allows bottoms up orchestrator delegation

workspaces are interesting -- right now we have one bag of data with per-subagent data subscriptions, but this means that we frequently add input requirements to subagents that really should be more implicit

accessPolicy seems like a footgun to me -- i feel fairly convicted that tools should define their access scope and the only thing a subagent should know is the bag of tools available to it.

human approval seems redundant given we already have input requirements, and one can just be `email_approved` with a tool that emits the human approval request and `email_approved | email_not_approved` -- same feeling about `GateTypes` in general. If we are working on flat input-output requirements, then why do we need a specific GateType handler?

Trigger `any_approved | all_approved` is going to bite you if you move into plan solving. It is not rich enough to express XOR style relationships and I am willing to bet that v2 of your implementation splits TriggerRequirements where TriggerRequirements can be recursively applied to the type.

It seems like the tool definition is missing a lot of niceties that have been important for us -- for instance, at most once invocation. But we are working primarily over voice where there is a strong need to control execution for quality of service.

Strong for the downstream part.

Upstream rules should travel with your repository, never be locked to just one agent. I want to experiment, test different models.

I could never work in one model, it requires specific parts that work only in that specific snowflake implementation.

It's clear that you understand that releasing a schema with this much documentation makes the AI-assisted reverse engineering loop trivial. I'm interested in understanding why I should trust/use/pay for your hosted runtime versus rolling my own to run on cheap VPS?
this is sick nicely done, definitely where things are trending
Appreciate it. Let me know if you hit gaps in the schema, or if you build multi agent systems and see anything missing.
It's really useful to have a clear list of who's on the team and what they do, because there isn't one at the moment. A static team definition doesn't show the runtime hazard. This is when two agents read the same artifact. One updates it, while the other keeps acting on the version it loaded. The roles can be clearly defined, but the output is still unclear because agent B wasn't told that agent A had moved the shared state. I would like to know if you think that coordination layer is part of the problem, or if it is only a problem with the runtime.