Blueprint Catalog
The complete specification library — 38 cross-cutting patterns, 16 architecture components, 4 platform bindings, and project standards. Every blueprint is open source and ships with every Weblisk hub. Agents that implement these specifications are in the Agent Catalog.
Patterns — API & Communication
Declarative contracts for API surfaces, messaging, and inter-agent communication.
| Pattern | Purpose | Tier |
|---|---|---|
| api-rest | REST API with CRUD, pagination, filtering, sorting | Free |
| api-ai | AI gateway — chat, completions, extraction, embeddings, multi-provider routing | Free |
| realtime-chat | WebSocket messaging with channels, presence, and history | Free |
| webhook | Webhook processing — inbound validation and outbound delivery with retries | Free |
| command | Agent command interface — dispatch, routing, execution | Free |
| messaging | HTTP-based pub/sub — event envelopes, scoping, namespace ownership | Free |
| notification | Multi-channel delivery — email, webhook, Slack, SMS, push | Free |
Patterns — Authentication & Security
| Pattern | Purpose | Tier |
|---|---|---|
| auth-session | Session-based auth with secure cookies, CSRF protection | Free |
| auth-token | JWT and API key auth with refresh tokens, scoped permissions | Free |
| user-management | User lifecycle — profiles, roles, password reset, OAuth | Free |
| security | Transport security, input validation, zero-trust, threat events | Free |
| secrets | Secret lifecycle — storage, rotation, access control | Free |
Patterns — Governance
| Pattern | Purpose | Tier |
|---|---|---|
| scope | Universal classification — 5-level scope, propagation, environment profiles | Free |
| policy | Declarative rules engine — evaluation, composition, precedence | Free |
| safety | Operation classification — protection gates, kill-switch, quarantine | Free |
| approval | Intent-based approval — authority routing, multi-party, emergency override | Free |
| privacy | Consent, masking, anonymization, minimization, erasure cascade | Free |
| contract | Collaboration agreements — schemas, scope, permissions, versioning | Free |
| governance | Compliance profiles, evidence collection, governance directives | Free |
Patterns — Infrastructure
| Pattern | Purpose | Tier |
|---|---|---|
| storage | Agent-level persistence — schema, migration, backup | Free |
| caching | In-process caching — LRU, TTL, namespaces, AI response cache | Free |
| logging | Structured JSON logging — levels, correlation, rotation | Free |
| observability | Health endpoints, metrics envelope, component state tracking | Free |
| rate-limiting | Token bucket, sliding window — gateway and agent rate limits | Free |
| retry | Retry strategies, circuit breaker, timeout management | Free |
Patterns — Workflows & Orchestration
| Pattern | Purpose | Tier |
|---|---|---|
| workflow | Workflow declaration, event-driven DAG execution, approval gates | Free |
| state-machine | Declarative state machines — transitions, guards, side effects | Free |
| task-dispatch | Task submission, priority queuing, dispatch protocol, dead-letter | Free |
| scheduling | Cron expressions, overlap policy, missed-tick handling, distributed locking | Free |
| expression | Expression language — guards, conditions, constraints, policy rules | Free |
Patterns — Operations
| Pattern | Purpose | Tier |
|---|---|---|
| deployment | CI/CD pipelines, containerization, environment management | Free |
| file-upload | File upload, processing, CDN delivery, signed URLs | Free |
| alerting | Alert rule evaluation, severity routing, dedup, escalation, muting | Free |
| incident-response | Incident lifecycle, runbook execution, correlation, post-mortem | Free |
| offline | Offline operation — sync, client persistence, encryption, revocation | Free |
| versioning | Semantic versioning, compatibility rules, deprecation | Free |
| domain-controller | Domain controller base — dispatch, aggregation, lifecycle | Free |
| interop | Framework adapters — LangChain, CrewAI, ADK, HTTP service wrappers | Free |
Protocol
The 4 foundational specs that define how every component communicates — the wire contract everything else depends on.
| Spec | Purpose |
|---|---|
| wire-format | HTTP + JSON transport rules, request/response envelopes, error categories, versioning |
| identity | Ed25519 cryptographic identity, WLT token format, signing, replay protection |
| canonical-types | Shared data structures — AgentManifest, TaskRequest, TaskResult, ServiceDirectory, ChannelGrant |
| federation | Hub-to-hub collaboration — trust tiers, peering handshake, data boundary contracts |
Architecture Components
System-level blueprints that define the structure of a Weblisk hub. Full architecture specifications →
| Component | Purpose |
|---|---|
| orchestrator | Trust anchor — registration, namespaces, service directory, channel brokering |
| domain | Domain controller — workflow declarations, event-driven triggering |
| agent | Agent base — 5 endpoints, capabilities, pub/sub, retry/circuit breaker |
| gateway | Application edge security — session auth, ABAC, rate limiting, route protection |
| admin | Platform admin — operator identity, roles, separate gateway, 4-eyes approval |
| client | Client architecture — taxonomy, trust levels, session contracts, data boundary |
| hub | Collaborative hub — discovery, tiers, commerce, federation, registry |
| lifecycle | Continuous optimization — strategies, observations, approvals, measurement |
| storage | Abstract persistence interface |
| testing | Conformance test suite specification |
| observability | Structured logging, distributed tracing, Prometheus metrics |
| cli | CLI operations — interrogation, management commands, code generation |
| data-security | Transport security, scope-aware boundaries, opt-in data primitives |
| enforcement | Non-bypassable boundary inspection, rogue agent detection |
| threat-model | 5-boundary attack surface analysis, OWASP mapping, residual risk |
| change-management | Versioning, migration, deprecation lifecycle |
Infrastructure Agents
11 system-level agents power every hub — workflow execution, task dispatch, monitoring, and operations. Each agent implements the blueprints above as runtime services.
Platform Bindings
Implementation guidance for each supported runtime.
| Platform | Approach |
|---|---|
| Go | Standard library only. SQLite compiled into binary. Local processes. |
| Cloudflare | Workers, Durable Objects, KV, Web Crypto. Zero runtime dependencies. |
| Node.js | Fastify, Ed25519, SQLite. Recommended libraries, not requirements. |
| Rust | tokio, hyper, serde, rusqlite. Single static binary per agent. |
Blueprint Resolution
The CLI resolves blueprints from multiple sources in priority order:
Terminal
# Resolution priority: # 1. Local project — ./patterns/ in your repo # 2. Custom sources — additional repos via WL_BLUEPRINT_SOURCES # 3. Core — avaropoint/weblisk-blueprints (always present) # Add a custom blueprint source export WL_BLUEPRINT_SOURCES="acme-corp/acme-blueprints" # List all resolved blueprints weblisk blueprints list # Update cached blueprints from all sources weblisk blueprints update
Multiple Distribution Models
Custom sources override core blueprints with the same path — a customer's patterns/api-rest.md takes precedence over the core version.
| Source | Repository | Access |
|---|---|---|
| Core (open source) | avaropoint/weblisk-blueprints | Public, always available |
| Vertical/partner | avaropoint/weblisk-blueprints-ecommerce | Granted per-customer |
| Customer-owned | acme-corp/acme-blueprints | Customer's own repo |
| Local project | ./patterns/ | Project-scoped, checked in |
Access control is handled entirely by Git — private repos require the user's existing credentials (SSH key or GitHub CLI auth).
Want to create your own? See the Authoring Guide. Every blueprint follows a standard schema with required sections: metadata, overview, specification, types, implementation notes, and verification checklist.