Agent Configurations

LODE can encode AI agent definitions — identity, skills, compliance policies, and model preferences — into verified binary payloads. This enables agents to be distributed, cached, and validated across registries with the same integrity guarantees as model layers.

This use case is inspired by the GitAgent open standard, which defines agents as files in a git repository.

Schema: AgentManifest

An agent manifest captures the core fields from an agent.yaml — the name, version, model, description, skills list, and a link to the source repository.

agent-manifest-v1.lode


{
  "schema": "lode",
  "version": 1,
  "name": "AgentManifest",
  "fields": [
    { "id": 1,  "name": "specVersion",  "type": "string",             "required": true },
    { "id": 2,  "name": "name",         "type": "string",             "required": true },
    { "id": 3,  "name": "version",      "type": "string",             "required": true },
    { "id": 4,  "name": "description",  "type": "string",             "required": true },
    { "id": 5,  "name": "model",        "type": "string",             "required": true },
    { "id": 6,  "name": "skills",       "type": "string[]",           "required": true },
    { "id": 7,  "name": "repoUrl",      "type": "string",             "required": false },
    { "id": 8,  "name": "metadata",     "type": "map<string,string>", "required": false }
  ]
}

Example: Encoding an Agent

compliance-analyst.json


{
  "specVersion": "0.1.0",
  "name": "compliance-analyst",
  "version": "1.0.0",
  "description": "Financial compliance analysis agent",
  "model": "claude-opus-4-6",
  "skills": ["audit-review", "regulation-lookup", "risk-assessment"],
  "repoUrl": "https://github.com/org/compliance-analyst",
  "metadata": {
    "author": "finops-team",
    "riskTier": "high"
  }
}


$ lodec compile compliance-analyst.json -s agent-manifest-v1.lode -o agent.vein
Compiled compliance-analyst.json → agent.vein (214 bytes)
Fingerprint: e7b3a1f9...

Schema: CompliancePolicy

Compliance policies define risk tiers, framework requirements, and supervision rules. Encoding these as Vein binaries allows them to be distributed alongside agent manifests and verified independently.

compliance-policy-v1.lode


{
  "schema": "lode",
  "version": 1,
  "name": "CompliancePolicy",
  "fields": [
    { "id": 1, "name": "agentName",      "type": "string",             "required": true },
    { "id": 2, "name": "riskTier",       "type": "string",             "required": true },
    { "id": 3, "name": "frameworks",     "type": "string[]",           "required": true },
    { "id": 4, "name": "humanInLoop",    "type": "bool",               "required": true },
    { "id": 5, "name": "killSwitch",     "type": "bool",               "required": true },
    { "id": 6, "name": "roles",          "type": "string[]",           "required": false },
    { "id": 7, "name": "enforcement",    "type": "string",             "required": false },
    { "id": 8, "name": "constraints",    "type": "map<string,string>", "required": false }
  ]
}

Example: Compliance Policy

finops-compliance.json


{
  "agentName": "compliance-analyst",
  "riskTier": "high",
  "frameworks": ["finra", "federal_reserve", "sec"],
  "humanInLoop": true,
  "killSwitch": true,
  "roles": ["analyst", "reviewer"],
  "enforcement": "strict",
  "constraints": {
    "maxTokens": "1000000",
    "dataRetention": "90d",
    "auditLog": "required"
  }
}


$ lodec compile finops-compliance.json -s compliance-policy-v1.lode -o policy.vein
Compiled finops-compliance.json → policy.vein (178 bytes)
Fingerprint: c4d2e8a1...
 
$ lodec verify policy.vein c4d2e8a1... -s compliance-policy-v1.lode
✓ Verified

Why LODE for Agents?

Verified Distribution

When agents are distributed across a registry or fleet, each node can verify the manifest hasn’t been tampered with. The fingerprint in the HTTP header guarantees the agent configuration matches what was published.


GET /v1/agents/compliance-analyst/manifest
→ Content-Type: application/x-vein
→ X-Lode-Fingerprint: e7b3a1f9...

Compliance Audit Trail

Fingerprints serve as content-addressable identifiers for compliance policies. An audit log can record which exact policy was active at any point:


2026-03-10T10:00:00Z  c4d2e8a1...  policy deployed (finra,sec,fed)
2026-03-12T14:30:00Z  a1b2c3d4...  policy updated (added sox)
2026-03-14T09:00:00Z  c4d2e8a1...  policy rolled back

Framework Agnostic

LODE schemas are independent of any agent framework. The same AgentManifest schema works whether the agent runs on Claude, OpenAI, CrewAI, or any other runtime — the binary payload is the same.

Repository Linking

The repoUrl field links the binary manifest back to the source repository. Combined with the version and fingerprint, this creates a verifiable chain from source code to deployed configuration.

Multi-Agent Systems

For orchestrated multi-agent systems, each sub-agent gets its own manifest and compliance policy. The orchestrator distributes verified Vein binaries to each node:


# Compile all agent manifests
lodec compile planner.json    -s agent-manifest-v1.lode -o agents/planner.vein
lodec compile researcher.json -s agent-manifest-v1.lode -o agents/researcher.vein
lodec compile reviewer.json   -s agent-manifest-v1.lode -o agents/reviewer.vein
 
# Compile shared compliance policy
lodec compile policy.json     -s compliance-policy-v1.lode -o compliance/policy.vein

Each agent verifies its own manifest and the shared compliance policy before starting execution.