Cross-Protocol Manifest System Overview
The Cross-Protocol Manifest System (CPMS) is a manifest-first framework for describing data sets, event streams, APIs, semantic intents, and AI agents with zero runtime dependencies. Every artifact—validators, SDKs, migrations, docs—is derived from the manifest, so governance and automation stay in sync.
Core Principles
- Manifest as Source of Truth – Contracts live in JSON manifests that are immutable, signed, and versioned.
- Zero Dependencies – Each protocol package is self-contained to simplify supply-chain audits.
- Deterministic Tooling – Hash-based normalization plus canonical JSON ensures reproducible diffs and migrations.
- Delegated Validators – Validators are pluggable, making it easy to enforce company-specific rules without patching core packages.
- Security by Design – OWASP Top 10 guidance is applied to every helper: no eval, no dynamic imports, sandboxed CLI execution.
Repo at a Glance
- Protocol Packages
- Tooling
| Package | Description | Key API |
|---|---|---|
@cpms/data | Dataset schema contracts, lifecycle governance, migration helpers | createDataProtocol, createDataCatalog |
@cpms/event | Event bus contracts for Kafka/Kinesis/AsyncAPI | createEventProtocol |
@cpms/api | API surface specifications with OpenAPI + SDK codegen | createApiProtocol, createApiCatalog |
@cpms/agent | Agent capability manifests, guardrails, evaluation hooks | createAgentProtocol |
@cpms/semantic | Semantic intent graph, similarity search, criticality scoring | createSemanticProtocol |
proto.js– Zero-install CLI withvalidate,diff,generate,query,graphcommands.benchmark.js– Enforces hash performance ≥ 1M ops/sec and diff < 10 ms for 500-field manifests.npm run test– Node's test runner with coverage gates for every protocol.cmos/– Mission orchestration, telemetry, and parity validation.
Performance Guarantees
| Capability | Target | Status |
|---|---|---|
| Hashing (FNV-1a) | 1M ops/sec | ✅ |
| Hashing (SHA-256) | 100K ops/sec | ✅ |
| Manifest Parsing | < 5 ms for 1K fields | ✅ |
| Diff | < 10 ms for 500-field manifests | ✅ |
| CLI Startup | < 500 ms | ✅ |
When to Use CPMS
Use CPMS when you need:
- A single description for data, APIs, and agents that drives automation.
- Upgrade-safe governance with verifiable diffs and migration recipes.
- A way to expose live documentation + playground experiences without provisioning infra.
- Strong compliance gates (PII tracking, retention policies, lineage policies) baked into manifests.
If you only need ad-hoc schema validation or post-hoc documentation, CPMS is overkill. The system shines when manifests are treated as code and reviewed like any other critical artifact.
Next Steps
- Read the installation guide.
- Create your first manifest with the quickstart.
- Explore protocol-specific reference pages to understand advanced capabilities.
- Open the live playground to experiment without installing anything.
Stay manifest-first and let the automation derive everything else.