OpenWOP — The OpenWOP protocol

Everything that makes OpenWOP a standard — the wire contract, the evolution process, the security posture, and the project that maintains them — lives in one of six surfaces below. This page exists so a reviewer can find the surface they need without digging through the index.

Specification

The normative wire contract for v1.x.

Spec corpus → — 55 prose specs, thematically grouped (foundation, runtime, agents, humans, transports, security, ecosystem, production, integration). The specs are independently citable; each carries a status banner from the legend on auth.md.
REST API reference → — every endpoint with request, response, and error envelope, rendered from api/openapi.yaml.
Profiles → — the coherent capability slices a host can claim (openwop-core, openwop-stream-sse, openwop-secrets, openwop-provider-policy, openwop-node-packs, etc.).

Comparisons and positioning

Where OpenWOP sits relative to adjacent agent protocols.

A2A vs MCP vs OpenWOP → — a specification-level comparison of agent-to-agent collaboration, tool/context integration, and durable workflow orchestration.
OpenExO 3.0 and OpenWOP → — an architecture thesis for using OpenWOP as the durable execution protocol beneath OpenExO 3.0, the Intelligence Stack, REWRITE, and Edge Twins.
Positioning & non-goals → — the normative OpenWOP positioning surface inside the v1 spec.

Conformance

How a host proves it implements the spec.

Conformance leaderboard → — live record of which hosts pass which scenarios, sourced from INTEROP-MATRIX.md.
Conformance suite → — @openwop/openwop-conformance, the npm-published behavioural test suite that gates every leaderboard row.
Error codes → — the canonical error vocabulary every conforming host emits.

RFCs

How the protocol evolves.

RFC index → — every RFC, status, and target version. v1.x stays additive-only per COMPATIBILITY.md.
RFC process → — what counts as Draft / Active / Accepted, the comment-window discipline, and the path to a v2 working group.

Governance

Who decides what gets in, and how.

Governance → — decision rules, role definitions, the bootstrap-phase amendment, and the cross-vendor working-group charter for v2.
Maintainers → — current maintainer set, recruitment criteria, and the affiliation policy that drives the vendor-neutral-org migration tripwire.
Contributing → — per-artifact change rules (editorial / additive / safety-fix / breaking), the eight-step CI gate, the DCO requirement.

Security

What's promised, what's threat-modelled, and how to report a vulnerability.

Security posture → — threat model, disclosure policy, public invariants (CTI-1, SR-1, MCP-1).
GitHub Security Advisories → — coordinated disclosure channel for vulnerabilities.

Versioning and roadmap

What's stable, what's planned, what's tracked but not committed.

Versioning policy → — additive within v1.x, the 90-day safety-fix window, breaking changes only in major versions.
Changelog → — every spec, schema, SDK, and reference-host change with its compatibility classification.
Roadmap → — gap-closure tracks the steward maintains in the open. No dates beyond what has a CHANGELOG.md entry.