Skip to content

OCI format ADR #115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dmartinol wants to merge 13 commits into
base: main
Choose a base branch
from
Open

OCI format ADR #115

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
38715d1
OCI format ADR
dmartinol Apr 29, 2026
6e7e273
Merge branch 'main' into oci_format_adr
dmartinol Jun 3, 2026
2037b5e
renamed ADR
dmartinol Jun 4, 2026
d553ed8
refactor: reorder artifact verification and extraction steps
dmartinol Jun 4, 2026
bff3d62
nitpick comment: “Interface” is redundant
dmartinol Jun 4, 2026
643ce3b
nitpick comment: Add a language tag to the fenced block
dmartinol Jun 4, 2026
e921292
fix: Align build/push output examples with the declared single-layer …
dmartinol Jun 4, 2026
2edeec5
fix: Invalid Table of Contents anchor fragments
dmartinol Jun 4, 2026
bdc1e13
docs: Update OCI format documentation with new Cosign resources
dmartinol Jun 4, 2026
0220304
fix: Correct provenance verification flag in OCI CLI exploration docu…
dmartinol Jun 4, 2026
56dbf21
Reduced ADR length
dmartinol Jun 4, 2026
518736c
Merge branch 'main' into oci_format_adr
dmartinol Jun 5, 2026
7806c41
Merge branch 'main' into oci_format_adr
dmartinol Jun 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 112 additions & 0 deletions docs/adr/oci-format.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
# ADR: OCI Format

**Status**: Proposed
**Date**: 2026-04-29
**Authors**: Daniele Martinoli
**Reviewers**: []

## Context

Lola distributes modules (skills, commands, agents) via Git, Zip/Tar, local folders, and marketplace YAML catalogs. That model works for many teams but lacks enterprise supply-chain controls: cryptographic verification, SLSA-style provenance, digest-pinned immutable versions, and registry-native RBAC for regulated or air-gapped environments.

The [Open Container Initiative (OCI)](https://github.com/opencontainers/distribution-spec) artifact format addresses those gaps. OCI is **one supported format among many**—not a replacement for Git/Zip/Tar. Users may build artifacts with Lola, [skillimage](https://github.com/redhat-et/skillimage), or existing CI/CD; Lola consumes OCI references such as `oci://registry.io/org/module:version` the same way it consumes Git URLs.

Industry alignment: [Red Hat skillimage](https://github.com/redhat-et/skillimage) (library-first OCI skill distribution) and [CNCF TOC Issue #1740](https://github.com/cncf/toc/issues/1740) (OCI artifact standardization for AI). Marketplace discovery stays source-agnostic: `repository` may point at OCI, Git, or archive URLs without schema changes.

Implementation depends on the [Go Migration](go-migration.md) ADR (single binary, skillimage and sigstore-go integration).

## Decision

We will add OCI artifact distribution for Lola modules alongside existing sources.

1. **OCI as an optional format**
- Support `oci://` module references; no migration for current modules.
- Marketplace catalogs remain format-neutral.
- Modules still bundle `skills/`, `commands/`, and `agents/`.

2. **Go implementation via skillimage**
- Use skillimage for pull, push, verify, and single-layer packaging.
- Lola defines semantics in the `io.lola.module.*` annotation namespace (skillimage handles OCI mechanics; Lola models multi-component modules).
- Packaging follows skillimage’s single content layer pattern; details in [OCI CLI Exploration](oci-format/oci-cli-exploration.md).

3. **Verify before materialize**
- Signature and provenance verification enabled by default for OCI modules.
- `--skip-verification` disables both (development only, with warnings).
- Illustrative consumption flow:

```go
import "github.com/redhat-et/skillimage/pkg/oci"

artifact, err := oci.Pull(ctx, "registry.io/lola/module:1.0.0")
err = artifact.Verify(ctx, oci.WithCosign(), oci.WithSLSA())
err = artifact.ExtractTo("/path/to/.lola/modules/") // after verification succeeds
```

CLI command proposals (`lola build`, `lola push`, `lola sign`, `lola verify`, phasing, metadata schema) live in [OCI CLI Exploration](oci-format/oci-cli-exploration.md).

@SecKatie SecKatie Jun 5, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like we should recommend cosign for signing. I think lola verify makes sense but I'm not sure we want the liability for our users if our signing doesn't work properly.

@dmartinol dmartinol Jun 5, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same concern for lola sign, I imagine

@SecKatie SecKatie Jun 5, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think so. Do you want to hold this open and change that or is it okay and we can keep taking about it after this is merged?

@dmartinol dmartinol Jun 8, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think so. Do you want to hold this open and change that or is it okay and we can keep taking about it after this is merged?

I think it's better to review the low level details at execution time. So I'd merge this as-is for now.

@dmartinol dmartinol Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we merge it after the latest rebase?


4. **Deployment modes** (installation adapts by target; see CLI exploration for `lola install --mode`)
- **Local (default)** — Pull OCI artifact, verify, unpack to `~/.lola/modules/` and generate assistant-native files (Claude Code, Cursor, Gemini CLI, etc.). Git/Zip/Tar use the same path.
- **Container** — Mount the OCI image as a read-only volume for containerized agents (e.g. OpenCode); no unpack. Requires a container runtime; OCI-only.
- **Cloud** — Verify and install into cluster workloads (e.g. OpenShift/Kubernetes Jobs or operator-driven flows); primarily for signed OCI modules in regulated environments.

## Rationale

- **Format neutrality** — Teams keep Git/Zip/Tar workflows; OCI is for registry-backed, verifiable distribution.
- **Reuse infrastructure** — Container registries, Cosign/Sigstore, oc-mirror, and Kubernetes ImageVolumes (1.33+) instead of bespoke packaging.
- **skillimage** — Avoid reimplementing OCI; align with Red Hat/CNCF direction for agent skills.
- **Separate metadata namespace** — Lola modules are not single-skill SkillCards; `io.lola.module.*` can evolve independently.

## Consequences

### Positive Consequences

- Cosign/Sigstore verification and optional SLSA provenance for audit requirements
- Digest-pinned, immutable artifact versions
- Registry RBAC and standard pull tooling (podman, skopeo, etc.)
- Air-gap mirroring with signatures; read-only mounts for containerized agents
- No change required for existing Git/Zip/Tar users

### Negative Consequences

- **Backwards compatibility** — Must preserve non-OCI flows; mitigated by automatic format detection.
- **skillimage dependency** — External library; mitigated by open source and forkability.
- **Format choice** — Users may be unsure when to use OCI; mitigated by docs in CLI exploration and defaults.
- **Go rewrite scope** — OCI ships with Go migration; see [go-migration.md](go-migration.md).

## Alternatives Considered

### Alternative 1: Git/Zip/Tar only
- **Pros:** No new format or registry operations.
- **Cons:** No digest pinning, limited provenance, weak enterprise registry story.
- **Rejected:** Does not meet supply-chain requirements for target deployments.

### Alternative 2: Other AI packaging formats
- **Examples:** Docker model-CLI (proprietary), KitOps, ONNX-only bundles, centralized hubs.
- **Cons:** Poor fit for multi-component Lola modules or self-hosted registries.
- **Rejected:** OCI reuses mature registry and signing tooling.

## Implementation Notes

Phases (detail and estimates in [OCI CLI Exploration](oci-format/oci-cli-exploration.md#implementation-phasing)):

| Phase | Focus |
|-------|--------|
| 0 | Go rewrite; port Git/Zip/Tar/marketplace; skillimage integration |
| 1 | `lola mod add oci://…`, verify-by-default, local unpack install |
| 2 | Optional `lola build` / `lola push` / `lola sign` |
| 3 | Container volume mount and cloud deployment modes |

**Out of scope:** Mandatory OCI-only distribution; requiring Lola to build artifacts; coupling to a specific governance platform (Compass, MLflow, etc.).

## References

- [Go Migration](go-migration.md)
- [OCI CLI Exploration](oci-format/oci-cli-exploration.md)
- [OCI Distribution Spec](https://github.com/opencontainers/distribution-spec)
- [Red Hat skillimage](https://github.com/redhat-et/skillimage)
- [CNCF TOC Issue #1740](https://github.com/cncf/toc/issues/1740)
- [SLSA Framework](https://slsa.dev/)
- [Verifying signatures with Cosign](https://docs.sigstore.dev/cosign/verifying/verify/)
- [Sigstore quickstart with Cosign](https://docs.sigstore.dev/quickstart/quickstart-cosign/)
- [Cosign signing overview](https://docs.sigstore.dev/cosign/signing/overview/)
- [PR #109](https://github.com/LobsterTrap/lola/pull/109), [PR #111](https://github.com/LobsterTrap/lola/pull/111) — Go implementation
Loading
Loading