23

Show HN: Open Envelope – an open schema for defining AI agent teams

Built an open JSON Schema for defining AI agent teams.

Multi-agent systems are becoming a real deployment pattern — not single assistants, but teams with roles, handoffs, and human checkpoints. But there's no shared way to define one that travels across frameworks. Every implementation is scattered, locked to whichever tool you picked first. Built the schema to fix that.

The schema lives at schema.openenvelope.org and is registered in SchemaStore, so if you drop a .envelope.json file in VS Code you get autocomplete and validation without installing anything. It's also on npm as @openenvelope/schema if you want to validate programmatically.

The spec covers: agent definitions (role, prompt, model, access policy), supervisor/sub-agent hierarchy, human-in-the-loop gates, pipelines, schedules, and secrets/variables that get injected at deploy time. Access policies let you declare exactly which hosts each agent can call — the runtime enforces this at the network level, not in the prompt.

The goal is a portable definition format — define a team once, any compatible runtime can execute it. Similar to how Dockerfiles describe a container without being tied to a specific host. There's a managed runtime at openenvelope.org but the schema is Apache 2.0 and anyone can implement it.

Happy to answer questions on any part of the spec — especially interested in feedback from people who've built multi-agent systems and have opinions on what's missing.

I think this is kinda wrong.

Declarative approaches require validation to live at a synthesis layer, while an imperative approach that compiles down to declarative configs at runtime gives you the best of both worlds -- this is why anyone who does not need terraform cross compatibility will write things against CDK or Pulumi that has the same declarative schema wins with the niceness of testability and author-time typing.

Edit:

That said, it is shockingly close to the schema that we wound up with with a few ideas that I think are interesting.

reportsTo allows bottoms up orchestrator delegation

workspaces are interesting -- right now we have one bag of data with per-subagent data subscriptions, but this means that we frequently add input requirements to subagents that really should be more implicit

accessPolicy seems like a footgun to me -- i feel fairly convicted that tools should define their access scope and the only thing a subagent should know is the bag of tools available to it.

human approval seems redundant given we already have input requirements, and one can just be `email_approved` with a tool that emits the human approval request and `email_approved | email_not_approved` -- same feeling about `GateTypes` in general. If we are working on flat input-output requirements, then why do we need a specific GateType handler?

Trigger `any_approved | all_approved` is going to bite you if you move into plan solving. It is not rich enough to express XOR style relationships and I am willing to bet that v2 of your implementation splits TriggerRequirements where TriggerRequirements can be recursively applied to the type.

It seems like the tool definition is missing a lot of niceties that have been important for us -- for instance, at most once invocation. But we are working primarily over voice where there is a strong need to control execution for quality of service.

an hour agonostrebored

It seems that at least Claude Code wants to entirely own this problem a la dynamic workflows: https://code.claude.com/docs/en/workflows

I guess Envelope is trying to tackle this in a vendor-agnostic way?

3 hours agozatkin

[flagged]

an hour agoashconway

[flagged]