AOS Conformance

Joch implements the OWASP Agent Observability Standard (AOS) as its conformance baseline. AOS makes AI agents trustworthy by standardizing three properties: agents must be inspectable, traceable, and instrumentable.

AOS makes agents an open book: they have a dynamic bill of materials, a clear audit trail, and hard inline controls. — OWASP AOS

Joch's data plane is a faithful AOS implementation. Joch agents emit AgBOMs, expose AOS hooks, and emit AOS-aligned trace events. Third-party Guardian Agents, BOM consumers, and trace backends interoperate without bespoke integration.

The three pillars

• Inspect

  ---

  Agents publish a current Agent Bill of Materials (AgBOM) extending CycloneDX, SPDX, and SWID. Joch's AgBOM resource implements this pillar.

  Read the AgBOM page

• Instrument

  ---

  Agents expose hooks that a Guardian Agent can use to allow, deny, or modify decisions. Joch's gateways implement the AOS hook contract.

  Read the hooks reference

• Trace

  ---

  Agents emit comprehensive events on every runtime decision and lifecycle change. Joch's Trace resource implements this pillar.

  Read the events reference

Industry-standard mappings

Per AOS, Joch does not invent new BOM or telemetry standards — it extends industry-standard ones:

Standard	Joch surface	Status
CycloneDX	AgBOM emission	full support
SPDX	AgBOM emission	full support
SWID	AgBOM emission	full support
OpenTelemetry	Trace export	full support
OCSF	Security event export	full support

Mappings:

• CycloneDX Mapping
• OpenTelemetry Mapping
• OCSF Mapping

Roles

AOS distinguishes two agent roles:

• Observed Agent — the agent being instrumented. In Joch, every agent built on a framework adapter is an Observed Agent.
• Guardian Agent — the policy enforcement entity. Joch's policy engine plays the Guardian role by default; third-party Guardian Agents can be plugged in.

The Observed → Guardian relationship is the channel through which allow, deny, and modify decisions flow.

Where Joch goes beyond AOS

Joch implements AOS faithfully but adds operations features that AOS leaves to implementations:

• a portable Policy language and engine,
• a cross-SDK agent inventory keyed off framework adapters,
• a tool gateway and MCP gateway with version pinning, scanning, and idempotency,
• a model router with capability- and cost-aware fallback,
• a release management surface (Eval, Approval, promotion gates).

These build on the AOS contract; they do not replace it.

Conformance matrix

AOS requirement	Joch implementation
Standard hooks	Tool Gateway, MCP Gateway, Model Router, Memory, RAG
allow / deny / modify decisions	Policy Engine
Standardized trace	Trace + OpenTelemetry / OCSF
Comprehensive AgBOM	AgBOM + CycloneDX / SPDX / SWID
Dynamic AgBOM refresh	AgBOM.refresh.onChange and triggers
MCP integration	MCP Gateway and MCPServer
A2A integration	Handoff and the A2A broker