README.md

March 24, 2026 ยท View on GitHub

OpenSRM

The Open Service Reliability Manifest

A specification and ecosystem for declaring, enforcing, and measuring service reliability as code.


Status: Draft License: Apache 2.0 Spec: v1


TL;DR

# service.reliability.yaml
apiVersion: opensrm/v1
kind: ServiceReliabilityManifest
metadata:
  name: payment-api
  team: payments
  tier: critical

spec:
  type: api

  slos:
    availability:
      target: 0.9995
      window: 30d
    latency:
      p99: 200ms
      target: 0.995

  dependencies:
    - service: database
      critical: true
      expects:
        availability: 0.99999

The Problem

Reliability requirements are scattered across wikis, runbooks, Slack threads, and tribal knowledge. Services ship to production without defined SLOs, ownership, or operational readiness. Reliability decisions happen in postmortems instead of before deployment.

We have version control for code (Git), infrastructure (Terraform), and policy (OPA). We're missing version control for reliability.

The Solution

OpenSRM defines reliability requirements in a single manifest that travels with your service:

Manifest processing flow: service.reliability.yaml to validate, enforce, and deploy

The Ecosystem

OpenSRM is the foundation for a complete operational reliability stack:

OpenSRM ecosystem overview: Specification, NthLayer, nthlayer-correlate, Consumers, and OTel Semantic Conventions

Components

ComponentPurposeStatus
SpecificationCore manifest schemaStable
ai-gate ExtensionAI decision servicesStable
Judgment SLOsDecision quality metricsDocumented
GitHub ActionCI/CD validationAvailable
nthlayer-learnData primitive for AI judgmentsImplemented
NthLayerReliability-as-code CLI toolAlpha
nthlayer-measureQuality measurement + governanceImplemented
Change EventsOTel semantic conventionsDrafted
Decision TelemetryOTel semantic conventionsDrafted
nthlayer-correlatePre-correlation agentArchitecture
nthlayer-respondMulti-agent incident responseArchitecture

See STATUS.md for detailed progress.


Core Features

Contracts & SLOs

OpenSRM separates what you promise externally (contracts) from what you measure internally (SLOs):

spec:
  contract:
    availability: 0.999
    latency:
      p99: 300ms

  slos:
    availability:
      target: 0.9995    # Internal target is tighter
      window: 30d

Dependency-Aware SLO Feasibility

Declare dependencies with expected guarantees. Tools can calculate your maximum achievable SLO.

dependencies:
  - service: postgresql
    critical: true
    expects:
      availability: 0.9995
  - service: user-service
    critical: true
    manifest: https://github.com/org/user-service/blob/main/service.reliability.yaml
    expects:
      availability: 0.999
      latency:
        p99: 100ms

Ownership & Escalation

Never wonder who owns a service or how to reach them.

ownership:
  team: payments
  slack: "#payments-team"
  escalation: payments-oncall
  pagerduty:
    service_id: PXXXXXX
  runbook: https://wiki.example.com/payment-api-runbook

Observability Requirements

Declare what metrics, dashboards, and alerts must exist.

observability:
  metrics:
    required:
      - http_server_request_duration_seconds
      - http_server_requests_total
  dashboards:
    required: true
  alerts:
    required: true

Deployment Gates

Block deploys based on error budgets, SLO compliance, or recent incidents.

deployment:
  gates:
    error_budget:
      enabled: true
      threshold: 0
    slo_compliance:
      enabled: true
      min_compliance: 0.99
    recent_incidents:
      enabled: true
      lookback: 7d
      max_p1: 0

Templates for Inheritance

Define standard configurations once and inherit across services:

# Template definition
apiVersion: opensrm/v1
kind: Template
metadata:
  name: api-critical
spec:
  slos:
    availability:
      target: 0.9999

# Service inherits from template
metadata:
  name: checkout-api
  template: api-critical

AI Gate Support

For AI-powered decision systems, OpenSRM supports judgment SLOs that measure decision quality, not just uptime. A layered maturity model supports incremental adoption -- from basic reversal tracking through audit sampling, outcome-based ground truth, and segment-level analysis.

spec:
  type: ai-gate
  slos:
    judgment:
      reversal:
        rate:
          target: 0.05
          window: 30d
        high_confidence_failure:
          target: 0.02
          confidence_threshold: 0.9
      audit:
        enabled: true
        sample_rate: 0.10
        accuracy:
          target: 0.95
          window: 30d
      escalation:
        rate:
          min: 0.05
          max: 0.30

See Judgment SLOs for the full framework.


Semantic Conventions

OpenSRM proposes OTel semantic conventions for operational signals:

Change Events

Standardized schema for operational changes (deploys, config, feature flags). These enable correlation between changes and incidents.

# OTel Event
name: change
attributes:
  change.id: chg-deploy-001
  change.type: deployment
  change.scope.service: payment-service
  change.timestamp: "2026-02-20T14:25:00Z"

See conventions/change-events/.

Decision Telemetry

Standardized schema for AI/human decisions and their outcomes.

# AI makes a decision
gen_ai.decision.id: dec-001
gen_ai.decision.value: approve
gen_ai.decision.confidence: 0.87

# Human overrides
gen_ai.reversal.decision_id: dec-001
gen_ai.reversal.type: human_override
gen_ai.reversal.new_value: request_changes

See conventions/decision-telemetry/.


Quick Start

1. Create an OpenSRM manifest

# service.reliability.yaml
apiVersion: opensrm/v1
kind: ServiceReliabilityManifest
metadata:
  name: my-service
  team: my-team
  tier: standard

spec:
  type: api
  slos:
    availability:
      target: 0.999
      window: 30d

2. Validate it

# Using the OpenSRM GitHub Action (recommended)
# See GitHub Action section below

# Or using a JSON Schema validator
npx ajv validate -s spec/v1/schema.json -d service.reliability.yaml

# Or using NthLayer (reference implementation)
nthlayer validate service.reliability.yaml

3. Enforce it

# Check if the service meets its declared requirements
nthlayer check --manifest service.reliability.yaml

# Gate a deployment
nthlayer check-deploy --manifest service.reliability.yaml --exit-on-failure

GitHub Action

Validate OpenSRM manifests in your CI/CD pipeline with the official GitHub Action.

Basic Usage

- uses: rsionnach/opensrm@v1
  with:
    manifest: 'service.reliability.yaml'

Inputs

InputDescriptionRequiredDefault
manifestPath to manifest file (supports glob patterns)Yes-
schema-versionSchema version to validate againstNov1
strictFail on warnings (missing recommended fields)Nofalse

Outputs

OutputDescription
validWhether all manifests are valid (true/false)
validated-countNumber of manifests validated
warnings-countNumber of warnings generated

Full Workflow Example

name: Validate OpenSRM

on:
  push:
    paths:
      - '**/*.reliability.yaml'
      - '**/service.reliability.yaml'
  pull_request:
    paths:
      - '**/*.reliability.yaml'
      - '**/service.reliability.yaml'

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Validate OpenSRM manifests
        uses: rsionnach/opensrm@v1
        with:
          manifest: '**/*.reliability.yaml'
          strict: 'false'

What You Can Do With OpenSRM

Use CaseDescription
Pre-deployment validationCheck that metrics, dashboards, and alerts exist before shipping
SLO feasibility checksValidate that targets are achievable given dependencies
Drift detectionAlert when declared vs. actual reliability diverges
Deployment gatingBlock releases when error budgets are exhausted
Service catalog enrichmentFeed reliability metadata into Backstage, Cortex, etc.
Audit & complianceProve that services meet reliability standards

How OpenSRM Is Different

Traditional ApproachOpenSRM
SLOs in wiki pagesSLOs in version-controlled YAML
Ownership in tribal knowledgeOwnership declared and discoverable
Dependencies undocumentedDependencies explicit with criticality
Observability requirements assumedObservability requirements enforced
"Is this ready?" = opinion"Is this ready?" = schema validation

Documentation

ResourceDescription
Full SpecificationComplete OpenSRM schema reference
JSON SchemaFor validation tooling
Judgment SLOsAI decision quality framework
ExamplesReal-world OpenSRM manifest examples
ArchitectureEcosystem architecture and data flows
Shift-Left Reliability SkillClaude Code skill for generating manifests
ContributingHow to contribute
GovernanceRFC process for spec changes

Implementations

Tools that implement OpenSRM:

ToolTypeStatus
NthLayerCI/CD enforcementReference implementation

Full implementations list

Building a tool that implements OpenSRM? Add it to the list.


Design Principles

  1. Schemas + enforcement -- Every component is defined by a specification first. Implementation follows. Define contracts, then validate them.
  2. Shift-left reliability -- Reliability concerns move earlier in the lifecycle. Service manifests define SLOs before deployment. CI/CD gates enforce contracts.
  3. Operator-agnostic -- The stack supports both human and AI operators. nthlayer-correlate snapshots work for dashboards (human) and LLMs (AI). Decision telemetry captures human and AI decisions equally.
  4. Open standards -- Extend existing standards (OTel) rather than invent new ones. Works with Prometheus, Datadog, or any backend.
  5. Reasoning boundary -- Agent capabilities are reserved for components that require interpretation of ambiguous inputs. Deterministic operations (validation, generation, arithmetic) remain as tools. If a component doesn't need to reason, it isn't an agent.

See ARCHITECTURE.md for the full ecosystem architecture.


Relationship to Other Standards

StandardRelationship
OpenSLOComplementary -- OpenSRM adds service context around SLO definitions
OpenTelemetryExtends -- Change events and decision telemetry as OTel conventions
KubernetesAligned -- Manifest structure follows K8s conventions
BackstageIntegrates -- Manifests can populate service catalogs

Contributing

We welcome contributions to OpenSRM. See CONTRIBUTING.md for guidelines.

Major changes go through the RFC process described in GOVERNANCE.md.


License

Apache License 2.0 -- See LICENSE


Acknowledgments

OpenSRM builds on ideas from: