Skillget

open-qa-protocol

mcp
Guvenlik Denetimi
Uyari
Health Uyari
  • License — License: Apache-2.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 6 GitHub stars
Code Gecti
  • Code scan — Scanned 1 files during light audit, no dangerous patterns found
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This tool provides a standardized protocol (OQP) for AI agents and CI/CD pipelines to query business rules, assess release risks, and execute autonomous testing workflows. It acts as a bridge between coding agents and verification systems.

Security Assessment
Overall risk: Low. The automated code scan found no dangerous patterns, no hardcoded secrets, and no dangerous permission requests. The core of the project appears to be an OpenAPI specification rather than executable application code, which inherently limits traditional software vulnerabilities. However, because the tool's explicit purpose is to assess pull request diffs and trigger sandboxed testing workflows, any implemented backend server will naturally require access to source code. You should ensure that any sandbox execution environments remain strictly isolated.

Quality Assessment
The project is quite new and has very low community visibility, currently sitting at only 6 GitHub stars. Despite the lack of widespread adoption, the repository is under active development (last push was today), has a clear description, and is protected by the standard Apache-2.0 license.

Verdict
Use with caution — the protocol appears structurally sound and safe, but its low community adoption means it is likely an early-stage project lacking battle-tested maturity.
SUMMARY

The open standard for agentic software verification: query business rules, assess release risk, and execute autonomous testing workflows.

README.md

Open QA Protocol (OQP)

The Open QA Protocol (OQP) is an open standard designed to facilitate agentic software verification. It provides a common language for coding agents, CI/CD pipelines, and human developers to query semantic business rules, assess release risk, and execute autonomous testing workflows against a centralized Knowledge Graph.

Why OQP?

In the era of agentic software development, the bottleneck is no longer writing code—it is verifying that the code satisfies business requirements. Traditional UI-driven testing tools and monolithic dashboards are incompatible with autonomous agents.

OQP solves this by defining a standardized set of API primitives that allow any agent (e.g., Cursor, Claude Code, GitHub Copilot) to:

  1. Discover testing capabilities available in a repository.
  2. Query the semantic business rules and historical edge cases for a specific workflow.
  3. Assess the risk of a proposed code change before merging.
  4. Execute sandboxed, autonomous verification workflows.

The Specification

The core of OQP is an OpenAPI 3.1 specification.

Core Primitives

OQP defines four primary interactions:

Endpoint Purpose Caller
GET /.well-known/oqp Capability discovery. Agents query this to learn what the server supports. Coding Agents
GET /context/workflows/{id} Returns semantic business rules and historical incidents for a workflow. Coding Agents (via MCP)
POST /verification/assess-risk Submits a PR diff and returns a risk score, impacted workflows, and coverage gaps. CI/CD Pipelines
POST /verification/execute Triggers an autonomous sandboxed testing agent to verify a change. Engineering Managers / Release Gates

How it Works (The Agentic Flow)

OQP is designed to be the "Green Contract" between a coding agent and a verification agent.

  1. Context Phase: A developer (or coding agent) begins working on the "Guest Checkout" flow. The agent queries the OQP server (GET /context/workflows/checkout_flow) to retrieve the business rules and known edge cases before writing code.
  2. Implementation Phase: The code is written, guided by the semantic context.
  3. Verification Phase: A pull request is opened. The CI/CD pipeline queries the OQP server (POST /verification/assess-risk) with the diff. The server maps the syntactic changes to the semantic Knowledge Graph and returns a risk score.
  4. Execution Phase: If the risk is high, or if tests are missing, the pipeline triggers an autonomous verification agent (POST /verification/execute). The agent generates tests, runs them, and attempts recovery until the "Green Contract" is satisfied.

Extensibility

OQP is designed to be an "open bazaar" of capabilities. No central committee is required to approve new features. Implementers can extend the protocol using reverse-domain naming (e.g., com.yourcompany.custom_capability).

Agents negotiate capabilities during the discovery phase (GET /.well-known/oqp). If an agent doesn't support an extension, it gracefully degrades to the core specification.

Contributing

We welcome contributions from the community! Please see our Contributing Guide for details on how to propose changes to the specification.

License

The Open QA Protocol specification is licensed under the Apache License 2.0.

Contributors

OQP is shaped by practitioners and researchers across the software quality, AI, and developer tooling communities. We are grateful to the following contributors for their review and endorsement of the specification:

Name Organization Role
Philip Lew XBOSoft Specification Reviewer & Endorser

Yorumlar (0)

Sonuc bulunamadi