Developer Resources
JSON Schemas & Examples
Validate your RMACD agent profiles against official JSON schemas. Use the example profiles as templates for common agent roles.
View on GitHub
Last synced: 2026-03-01 02:08 UTC
{
"$id": "https://rmacd-framework.org/schema/v1/profile-2d.json",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"description": "Permission profile for the Two-Dimensional Model (RMACD + HITL, without data classification). Suitable for organizations without formal data classification tiers.",
"properties": {
"$schema": {
"const": "https://rmacd-framework.org/schema/v1/profile-2d.json",
"type": "string"
},
"approval_authority": {
"description": "Mapping of autonomy levels to approval authorities",
"properties": {
"approval": {
"description": "Settings for \u0027approval\u0027 autonomy level",
"properties": {
"approvers": {
"description": "Roles or individuals who can approve",
"items": {
"type": "string"
},
"minItems": 1,
"type": "array"
},
"escalation_after_minutes": {
"description": "Time before escalating to next level",
"minimum": 1,
"type": "integer"
},
"escalation_target": {
"description": "Role or individual to escalate to",
"type": "string"
},
"timeout_minutes": {
"default": 60,
"description": "Timeout before request expires",
"maximum": 10080,
"minimum": 1,
"type": "integer"
}
},
"required": [
"approvers"
],
"type": "object"
},
"elevated_approval": {
"description": "Settings for \u0027elevated_approval\u0027 autonomy level",
"properties": {
"approvers": {
"description": "Roles or individuals who can approve (typically CAB, CISO)",
"items": {
"type": "string"
},
"minItems": 1,
"type": "array"
},
"minimum_approvers": {
"default": 2,
"description": "Minimum number of approvers if multiple required",
"minimum": 2,
"type": "integer"
},
"require_multiple_approvers": {
"default": false,
"description": "Require approval from multiple parties",
"type": "boolean"
},
"timeout_minutes": {
"default": 240,
"maximum": 10080,
"minimum": 1,
"type": "integer"
}
},
"required": [
"approvers"
],
"type": "object"
}
},
"type": "object"
},
"audit_requirements": {
"description": "Audit and logging requirements for this profile",
"properties": {
"alert_channels": {
"description": "Channels for real-time alerts",
"items": {
"properties": {
"target": {
"description": "Channel-specific target (email address, webhook URL, etc.)",
"type": "string"
},
"type": {
"enum": [
"email",
"slack",
"pagerduty",
"webhook",
"siem"
],
"type": "string"
}
},
"required": [
"type",
"target"
],
"type": "object"
},
"type": "array"
},
"compliance_tags": {
"description": "Regulatory frameworks this profile must comply with",
"items": {
"enum": [
"GDPR",
"HIPAA",
"PCI-DSS",
"SOX",
"ISO27001",
"CCPA",
"FedRAMP",
"NIST-CSF"
],
"type": "string"
},
"type": "array"
},
"immutable_logging": {
"default": false,
"description": "Require tamper-evident logging (WORM storage)",
"type": "boolean"
},
"log_level": {
"default": "standard",
"description": "Minimum logging level for operations",
"enum": [
"standard",
"enhanced",
"verbose",
"debug"
],
"type": "string"
},
"pii_masking": {
"default": true,
"description": "Automatically mask PII in audit logs",
"type": "boolean"
},
"real_time_alerts": {
"description": "Operations that trigger real-time alerts",
"items": {
"enum": [
"R",
"M",
"A",
"C",
"D"
],
"type": "string"
},
"type": "array"
},
"retention_days": {
"default": 365,
"description": "Minimum audit log retention period in days",
"maximum": 2555,
"minimum": 30,
"type": "integer"
}
},
"type": "object"
},
"autonomy_overrides": {
"additionalProperties": false,
"description": "Override default autonomy levels for specific operations",
"patternProperties": {
"^[RMACD]$": {
"enum": [
"autonomous",
"logged",
"notification",
"approval",
"elevated_approval",
"prohibited"
],
"type": "string"
}
},
"type": "object"
},
"constraints": {
"description": "Operational constraints",
"properties": {
"change_controls": {
"description": "Controls for Change (C) operations",
"properties": {
"canary_deployment_required": {
"default": false,
"description": "Require staged/canary rollout",
"type": "boolean"
},
"max_blast_radius_percentage": {
"default": 10,
"description": "Maximum percentage of systems affected by single change",
"maximum": 100,
"minimum": 0,
"type": "integer"
},
"require_backup_before_change": {
"default": true,
"description": "Require backup/snapshot before any change",
"type": "boolean"
},
"require_rollback_plan": {
"default": true,
"description": "Require documented rollback procedure",
"type": "boolean"
}
},
"type": "object"
},
"delete_controls": {
"description": "Controls for Delete (D) operations",
"properties": {
"require_dependency_check": {
"default": true,
"description": "Check for dependencies before deletion",
"type": "boolean"
},
"require_legal_hold_check": {
"default": true,
"description": "Verify no legal holds exist on data",
"type": "boolean"
},
"soft_delete_grace_period_days": {
"default": 7,
"description": "Days to retain soft-deleted items before permanent deletion",
"maximum": 365,
"minimum": 1,
"type": "integer"
}
},
"type": "object"
},
"environments": {
"description": "Allowed environments",
"items": {
"enum": [
"development",
"staging",
"production",
"disaster-recovery",
"sandbox"
],
"type": "string"
},
"minItems": 1,
"type": "array"
},
"rate_limits": {
"description": "Rate limiting constraints",
"properties": {
"data_volume_mb_per_hour": {
"description": "Maximum data volume processed per hour in MB",
"maximum": 100000,
"minimum": 1,
"type": "integer"
},
"operations_per_hour": {
"description": "Maximum mutating operations per hour",
"maximum": 10000,
"minimum": 1,
"type": "integer"
},
"queries_per_minute": {
"description": "Maximum read queries per minute",
"maximum": 10000,
"minimum": 1,
"type": "integer"
}
},
"type": "object"
},
"resource_quotas": {
"description": "Resource creation limits for Add (A) operations",
"properties": {
"auto_expiration_days": {
"description": "Days until created resources auto-expire",
"maximum": 365,
"minimum": 1,
"type": "integer"
},
"max_monthly_cost_usd": {
"description": "Maximum monthly cost allowed in USD",
"minimum": 0,
"type": "number"
},
"max_resources_per_request": {
"description": "Maximum resources created in single operation",
"maximum": 1000,
"minimum": 1,
"type": "integer"
},
"max_storage_gb_per_request": {
"description": "Maximum storage provisioned per request in GB",
"minimum": 1,
"type": "integer"
}
},
"type": "object"
},
"time_windows": {
"description": "Time-based operational restrictions",
"properties": {
"allowed_days": {
"description": "Days of week when operations are permitted",
"items": {
"enum": [
"monday",
"tuesday",
"wednesday",
"thursday",
"friday",
"saturday",
"sunday"
],
"type": "string"
},
"minItems": 1,
"type": "array",
"uniqueItems": true
},
"allowed_hours": {
"description": "Hours during which operations are permitted",
"properties": {
"end": {
"description": "End time in HH:MM format",
"pattern": "^([01]?[0-9]|2[0-3]):[0-5][0-9]$",
"type": "string"
},
"start": {
"description": "Start time in HH:MM format",
"pattern": "^([01]?[0-9]|2[0-3]):[0-5][0-9]$",
"type": "string"
}
},
"required": [
"start",
"end"
],
"type": "object"
},
"blackout_dates": {
"description": "Specific dates when operations are prohibited (ISO 8601 format)",
"items": {
"format": "date",
"type": "string"
},
"type": "array"
},
"maintenance_windows": {
"description": "Pre-approved maintenance windows for elevated operations",
"items": {
"properties": {
"end": {
"format": "date-time",
"type": "string"
},
"name": {
"type": "string"
},
"recurring": {
"default": "once",
"enum": [
"once",
"weekly",
"monthly"
],
"type": "string"
},
"start": {
"format": "date-time",
"type": "string"
}
},
"required": [
"name",
"start",
"end"
],
"type": "object"
},
"type": "array"
},
"timezone": {
"default": "UTC",
"description": "IANA timezone identifier (e.g., America/New_York, UTC)",
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"description": {
"description": "Description of the profile\u0027s purpose",
"type": "string"
},
"emergency_escalation": {
"description": "Pre-authorized emergency permission escalation for incident response",
"if": {
"properties": {
"enabled": {
"const": true
}
}
},
"properties": {
"cooldown_minutes": {
"default": 30,
"description": "Minimum time between consecutive escalations",
"minimum": 0,
"type": "integer"
},
"enabled": {
"default": false,
"description": "Whether emergency escalation is enabled for this profile",
"type": "boolean"
},
"escalated_permissions": {
"description": "Temporarily elevated permissions during emergency",
"items": {
"enum": [
"R",
"M",
"A",
"C",
"D"
],
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"max_duration_minutes": {
"default": 60,
"description": "Maximum duration of emergency escalation",
"maximum": 480,
"minimum": 1,
"type": "integer"
},
"notification_targets": {
"description": "Email addresses or channels to notify on escalation",
"items": {
"type": "string"
},
"minItems": 1,
"type": "array"
},
"require_post_incident_review": {
"default": true,
"description": "Whether post-incident review is mandatory",
"type": "boolean"
},
"trigger_conditions": {
"description": "Conditions that can trigger emergency escalation",
"items": {
"enum": [
"soc_declared_incident",
"automated_threat_detection",
"business_continuity_event",
"compliance_emergency",
"manual_authorization"
],
"type": "string"
},
"minItems": 1,
"type": "array"
}
},
"required": [
"enabled"
],
"then": {
"required": [
"trigger_conditions",
"max_duration_minutes",
"notification_targets"
]
},
"type": "object"
},
"metadata": {
"description": "Profile metadata",
"properties": {
"approved_by": {
"description": "Approving authority",
"type": "string"
},
"author": {
"description": "Profile author or creating team",
"type": "string"
},
"created": {
"description": "Profile creation timestamp",
"format": "date-time",
"type": "string"
},
"deprecation_notice": {
"description": "Deprecation message and migration guidance (if status is deprecated)",
"type": "string"
},
"review_date": {
"description": "Next scheduled review date",
"format": "date",
"type": "string"
},
"status": {
"default": "active",
"description": "Profile lifecycle status",
"enum": [
"draft",
"active",
"deprecated",
"archived"
],
"type": "string"
},
"tags": {
"description": "Organizational tags for categorization",
"items": {
"type": "string"
},
"type": "array"
},
"updated": {
"description": "Last update timestamp",
"format": "date-time",
"type": "string"
}
},
"required": [
"created",
"author"
],
"type": "object"
},
"model": {
"const": "two-dimensional",
"description": "Implementation model identifier",
"type": "string"
},
"permissions": {
"description": "Granted RMACD operations",
"items": {
"enum": [
"R",
"M",
"A",
"C",
"D"
],
"type": "string"
},
"minItems": 1,
"type": "array",
"uniqueItems": true
},
"profile_id": {
"description": "Unique identifier for this profile",
"pattern": "^rmacd-2d-[a-z0-9-]+$",
"type": "string"
},
"profile_name": {
"description": "Human-readable profile name",
"type": "string"
},
"version": {
"description": "Profile version (semantic versioning)",
"pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$",
"type": "string"
}
},
"required": [
"profile_id",
"profile_name",
"model",
"version",
"permissions"
],
"title": "RMACD Two-Dimensional Permission Profile",
"type": "object"
}{
"$id": "https://rmacd-framework.org/schema/v1/profile-3d.json",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"description": "Permission profile for the Three-Dimensional Model (RMACD + HITL + Data Classification)",
"properties": {
"$schema": {
"const": "https://rmacd-framework.org/schema/v1/profile-3d.json",
"type": "string"
},
"approval_authority": {
"description": "Mapping of autonomy levels to approval authorities",
"properties": {
"approval": {
"description": "Settings for \u0027approval\u0027 autonomy level",
"properties": {
"approvers": {
"description": "Roles or individuals who can approve",
"items": {
"type": "string"
},
"minItems": 1,
"type": "array"
},
"escalation_after_minutes": {
"description": "Time before escalating to next level",
"minimum": 1,
"type": "integer"
},
"escalation_target": {
"description": "Role or individual to escalate to",
"type": "string"
},
"timeout_minutes": {
"default": 60,
"description": "Timeout before request expires",
"maximum": 10080,
"minimum": 1,
"type": "integer"
}
},
"required": [
"approvers"
],
"type": "object"
},
"elevated_approval": {
"description": "Settings for \u0027elevated_approval\u0027 autonomy level",
"properties": {
"approvers": {
"description": "Roles or individuals who can approve (typically CAB, CISO)",
"items": {
"type": "string"
},
"minItems": 1,
"type": "array"
},
"minimum_approvers": {
"default": 2,
"description": "Minimum number of approvers if multiple required",
"minimum": 2,
"type": "integer"
},
"require_multiple_approvers": {
"default": false,
"description": "Require approval from multiple parties",
"type": "boolean"
},
"timeout_minutes": {
"default": 240,
"maximum": 10080,
"minimum": 1,
"type": "integer"
}
},
"required": [
"approvers"
],
"type": "object"
}
},
"type": "object"
},
"audit_requirements": {
"description": "Audit and logging requirements for this profile",
"properties": {
"alert_channels": {
"description": "Channels for real-time alerts",
"items": {
"properties": {
"target": {
"description": "Channel-specific target (email address, webhook URL, etc.)",
"type": "string"
},
"type": {
"enum": [
"email",
"slack",
"pagerduty",
"webhook",
"siem"
],
"type": "string"
}
},
"required": [
"type",
"target"
],
"type": "object"
},
"type": "array"
},
"compliance_tags": {
"description": "Regulatory frameworks this profile must comply with",
"items": {
"enum": [
"GDPR",
"HIPAA",
"PCI-DSS",
"SOX",
"ISO27001",
"CCPA",
"FedRAMP",
"NIST-CSF"
],
"type": "string"
},
"type": "array"
},
"immutable_logging": {
"default": false,
"description": "Require tamper-evident logging (WORM storage)",
"type": "boolean"
},
"include_request_payload": {
"default": false,
"description": "Include full request payload in audit logs",
"type": "boolean"
},
"include_response_payload": {
"default": false,
"description": "Include full response payload in audit logs",
"type": "boolean"
},
"log_level": {
"default": "standard",
"description": "Minimum logging level for operations",
"enum": [
"standard",
"enhanced",
"verbose",
"debug"
],
"type": "string"
},
"pii_masking": {
"default": true,
"description": "Automatically mask PII in audit logs",
"type": "boolean"
},
"real_time_alerts": {
"description": "Operations that trigger real-time alerts",
"items": {
"pattern": "^(public|internal|confidential|restricted)\\.[RMACD]$",
"type": "string"
},
"type": "array"
},
"retention_days": {
"default": 365,
"description": "Minimum audit log retention period in days",
"maximum": 2555,
"minimum": 30,
"type": "integer"
}
},
"type": "object"
},
"autonomy_overrides": {
"additionalProperties": false,
"description": "Override default autonomy levels for specific classification.operation combinations",
"patternProperties": {
"^(public|internal|confidential|restricted)\\.[RMACD]$": {
"enum": [
"autonomous",
"logged",
"notification",
"approval",
"elevated_approval",
"prohibited"
],
"type": "string"
}
},
"type": "object"
},
"constraints": {
"description": "Operational constraints",
"properties": {
"change_controls": {
"description": "Controls for Change (C) operations",
"properties": {
"canary_deployment_required": {
"default": false,
"description": "Require staged/canary rollout",
"type": "boolean"
},
"change_freeze_periods": {
"description": "Periods when changes are prohibited",
"items": {
"properties": {
"end": {
"format": "date",
"type": "string"
},
"name": {
"type": "string"
},
"start": {
"format": "date",
"type": "string"
}
},
"required": [
"name",
"start",
"end"
],
"type": "object"
},
"type": "array"
},
"max_blast_radius_percentage": {
"default": 10,
"description": "Maximum percentage of systems affected by single change",
"maximum": 100,
"minimum": 0,
"type": "integer"
},
"require_backup_before_change": {
"default": true,
"description": "Require backup/snapshot before any change",
"type": "boolean"
},
"require_rollback_plan": {
"default": true,
"description": "Require documented rollback procedure",
"type": "boolean"
}
},
"type": "object"
},
"delete_controls": {
"description": "Controls for Delete (D) operations",
"properties": {
"require_dependency_check": {
"default": true,
"description": "Check for dependencies before deletion",
"type": "boolean"
},
"require_legal_hold_check": {
"default": true,
"description": "Verify no legal holds exist on data",
"type": "boolean"
},
"retention_compliance_check": {
"default": true,
"description": "Verify retention requirements are satisfied",
"type": "boolean"
},
"soft_delete_grace_period_days": {
"default": 7,
"description": "Days to retain soft-deleted items before permanent deletion",
"maximum": 365,
"minimum": 1,
"type": "integer"
},
"two_person_rule_for_confidential": {
"default": true,
"description": "Require two approvers for Confidential data deletion",
"type": "boolean"
}
},
"type": "object"
},
"environments": {
"description": "Allowed environments",
"items": {
"enum": [
"development",
"staging",
"production",
"disaster-recovery",
"sandbox"
],
"type": "string"
},
"minItems": 1,
"type": "array"
},
"rate_limits": {
"description": "Rate limiting constraints",
"properties": {
"data_volume_mb_per_hour": {
"description": "Maximum data volume processed per hour in MB",
"maximum": 100000,
"minimum": 1,
"type": "integer"
},
"operations_per_hour": {
"description": "Maximum mutating operations per hour",
"maximum": 10000,
"minimum": 1,
"type": "integer"
},
"queries_per_minute": {
"description": "Maximum read queries per minute",
"maximum": 10000,
"minimum": 1,
"type": "integer"
}
},
"type": "object"
},
"resource_quotas": {
"description": "Resource creation limits for Add (A) operations",
"properties": {
"auto_expiration_days": {
"description": "Days until created resources auto-expire",
"maximum": 365,
"minimum": 1,
"type": "integer"
},
"max_monthly_cost_usd": {
"description": "Maximum monthly cost allowed in USD",
"minimum": 0,
"type": "number"
},
"max_resources_per_request": {
"description": "Maximum resources created in single operation",
"maximum": 1000,
"minimum": 1,
"type": "integer"
},
"max_storage_gb_per_request": {
"description": "Maximum storage provisioned per request in GB",
"minimum": 1,
"type": "integer"
}
},
"type": "object"
},
"time_windows": {
"description": "Time-based operational restrictions",
"properties": {
"allowed_days": {
"description": "Days of week when operations are permitted",
"items": {
"enum": [
"monday",
"tuesday",
"wednesday",
"thursday",
"friday",
"saturday",
"sunday"
],
"type": "string"
},
"minItems": 1,
"type": "array",
"uniqueItems": true
},
"allowed_hours": {
"description": "Hours during which operations are permitted",
"properties": {
"end": {
"description": "End time in HH:MM format",
"pattern": "^([01]?[0-9]|2[0-3]):[0-5][0-9]$",
"type": "string"
},
"start": {
"description": "Start time in HH:MM format",
"pattern": "^([01]?[0-9]|2[0-3]):[0-5][0-9]$",
"type": "string"
}
},
"required": [
"start",
"end"
],
"type": "object"
},
"blackout_dates": {
"description": "Specific dates when operations are prohibited (ISO 8601 format)",
"items": {
"format": "date",
"type": "string"
},
"type": "array"
},
"maintenance_windows": {
"description": "Pre-approved maintenance windows for elevated operations",
"items": {
"properties": {
"end": {
"format": "date-time",
"type": "string"
},
"name": {
"type": "string"
},
"recurring": {
"default": "once",
"enum": [
"once",
"weekly",
"monthly"
],
"type": "string"
},
"start": {
"format": "date-time",
"type": "string"
}
},
"required": [
"name",
"start",
"end"
],
"type": "object"
},
"type": "array"
},
"timezone": {
"default": "UTC",
"description": "IANA timezone identifier (e.g., America/New_York, UTC)",
"type": "string"
}
},
"type": "object"
}
},
"type": "object"
},
"description": {
"description": "Description of the profile\u0027s purpose",
"type": "string"
},
"emergency_escalation": {
"description": "Pre-authorized emergency permission escalation for incident response",
"if": {
"properties": {
"enabled": {
"const": true
}
}
},
"properties": {
"cooldown_minutes": {
"default": 30,
"description": "Minimum time between consecutive escalations",
"minimum": 0,
"type": "integer"
},
"enabled": {
"default": false,
"description": "Whether emergency escalation is enabled for this profile",
"type": "boolean"
},
"escalated_permissions": {
"description": "Temporarily elevated permissions during emergency",
"properties": {
"confidential": {
"items": {
"enum": [
"R",
"M",
"A",
"C",
"D"
],
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"internal": {
"items": {
"enum": [
"R",
"M",
"A",
"C",
"D"
],
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"public": {
"items": {
"enum": [
"R",
"M",
"A",
"C",
"D"
],
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"restricted": {
"description": "Even during emergency, C and D on Restricted remain prohibited",
"items": {
"enum": [
"R",
"M"
],
"type": "string"
},
"type": "array",
"uniqueItems": true
}
},
"type": "object"
},
"max_duration_minutes": {
"default": 60,
"description": "Maximum duration of emergency escalation",
"maximum": 480,
"minimum": 1,
"type": "integer"
},
"notification_targets": {
"description": "Email addresses or channels to notify on escalation",
"items": {
"type": "string"
},
"minItems": 1,
"type": "array"
},
"require_post_incident_review": {
"default": true,
"description": "Whether post-incident review is mandatory",
"type": "boolean"
},
"trigger_conditions": {
"description": "Conditions that can trigger emergency escalation",
"items": {
"enum": [
"soc_declared_incident",
"automated_threat_detection",
"business_continuity_event",
"compliance_emergency",
"manual_authorization"
],
"type": "string"
},
"minItems": 1,
"type": "array"
}
},
"required": [
"enabled"
],
"then": {
"required": [
"trigger_conditions",
"max_duration_minutes",
"notification_targets"
]
},
"type": "object"
},
"metadata": {
"description": "Profile metadata",
"properties": {
"approved_by": {
"description": "Approving authority",
"type": "string"
},
"author": {
"description": "Profile author or creating team",
"type": "string"
},
"created": {
"description": "Profile creation timestamp",
"format": "date-time",
"type": "string"
},
"deprecation_notice": {
"description": "Deprecation message and migration guidance (if status is deprecated)",
"type": "string"
},
"review_date": {
"description": "Next scheduled review date",
"format": "date",
"type": "string"
},
"status": {
"default": "active",
"description": "Profile lifecycle status",
"enum": [
"draft",
"active",
"deprecated",
"archived"
],
"type": "string"
},
"tags": {
"description": "Organizational tags for categorization",
"items": {
"type": "string"
},
"type": "array"
},
"updated": {
"description": "Last update timestamp",
"format": "date-time",
"type": "string"
}
},
"required": [
"created",
"author"
],
"type": "object"
},
"model": {
"const": "three-dimensional",
"description": "Implementation model identifier",
"type": "string"
},
"permissions": {
"description": "Granted RMACD operations per data classification",
"properties": {
"confidential": {
"items": {
"enum": [
"R",
"M",
"A",
"C",
"D"
],
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"internal": {
"items": {
"enum": [
"R",
"M",
"A",
"C",
"D"
],
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"public": {
"items": {
"enum": [
"R",
"M",
"A",
"C",
"D"
],
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"restricted": {
"description": "Note: C and D operations on Restricted data are prohibited for autonomous agents per governance matrix",
"items": {
"enum": [
"R",
"M",
"A",
"C",
"D"
],
"type": "string"
},
"type": "array",
"uniqueItems": true
}
},
"required": [
"public",
"internal",
"confidential",
"restricted"
],
"type": "object"
},
"profile_id": {
"description": "Unique identifier for this profile",
"pattern": "^rmacd-3d-[a-z0-9-]+$",
"type": "string"
},
"profile_name": {
"description": "Human-readable profile name",
"type": "string"
},
"version": {
"description": "Profile version (semantic versioning)",
"pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$",
"type": "string"
}
},
"required": [
"profile_id",
"profile_name",
"model",
"version",
"permissions"
],
"title": "RMACD Three-Dimensional Permission Profile",
"type": "object"
}Administrator (3D)
Maximum agent permissions with classification-aware controls. Note: Change and Delete on Restricted data remain prohibited.
{
"$schema": "https://rmacd-framework.org/schema/v1/profile-3d.json",
"autonomy_overrides": {
"confidential.C": "elevated_approval",
"internal.D": "elevated_approval",
"public.D": "approval",
"restricted.M": "elevated_approval"
},
"constraints": {
"change_controls": {
"canary_deployment_required": true,
"max_blast_radius_percentage": 10,
"require_backup_before_change": true,
"require_rollback_plan": true
},
"delete_controls": {
"require_dependency_check": true,
"require_legal_hold_check": true,
"soft_delete_grace_period_days": 7,
"two_person_rule_for_confidential": true
},
"environments": [
"development",
"staging",
"production"
]
},
"description": "Maximum agent permissions with classification-aware controls. Note: Change and Delete on Restricted data remain prohibited.",
"metadata": {
"approved_by": "ciso",
"author": "rmacd-framework",
"created": "2026-01-11T00:00:00Z"
},
"model": "three-dimensional",
"permissions": {
"confidential": [
"R",
"M",
"A",
"C"
],
"internal": [
"R",
"M",
"A",
"C",
"D"
],
"public": [
"R",
"M",
"A",
"C",
"D"
],
"restricted": [
"R",
"M"
]
},
"profile_id": "rmacd-3d-administrator-v1",
"profile_name": "Administrator (3D)",
"version": "1.0"
}DevOps Agent
DevOps automation agent for CI/CD pipelines, infrastructure management, and deployment operations. Balanced permissions with strong change controls.
{
"$schema": "https://rmacd-framework.org/schema/v1/profile-3d.json",
"approval_authority": {
"approval": {
"approvers": [
"devops-lead",
"platform-engineer"
],
"escalation_after_minutes": 45,
"escalation_target": "engineering-manager",
"timeout_minutes": 60
},
"elevated_approval": {
"approvers": [
"vp-engineering",
"cto"
],
"require_multiple_approvers": false,
"timeout_minutes": 240
}
},
"audit_requirements": {
"alert_channels": [
{
"target": "#devops-alerts",
"type": "slack"
},
{
"target": "https://ops.company.com/webhooks/rmacd",
"type": "webhook"
}
],
"compliance_tags": [
"SOX",
"ISO27001"
],
"immutable_logging": false,
"log_level": "enhanced",
"pii_masking": true,
"real_time_alerts": [
"internal.C",
"internal.D",
"confidential.M"
],
"retention_days": 365
},
"autonomy_overrides": {
"confidential.M": "approval",
"internal.C": "approval",
"public.C": "notification",
"public.D": "approval",
"restricted.R": "notification"
},
"constraints": {
"change_controls": {
"canary_deployment_required": true,
"change_freeze_periods": [
{
"end": "2027-01-02",
"name": "Q4 Code Freeze",
"start": "2026-12-15"
}
],
"max_blast_radius_percentage": 10,
"require_backup_before_change": true,
"require_rollback_plan": true
},
"delete_controls": {
"require_dependency_check": true,
"require_legal_hold_check": false,
"retention_compliance_check": true,
"soft_delete_grace_period_days": 14
},
"environments": [
"development",
"staging",
"production"
],
"rate_limits": {
"data_volume_mb_per_hour": 1000,
"operations_per_hour": 50,
"queries_per_minute": 300
},
"resource_quotas": {
"auto_expiration_days": 90,
"max_monthly_cost_usd": 10000,
"max_resources_per_request": 20,
"max_storage_gb_per_request": 500
},
"time_windows": {
"allowed_days": [
"monday",
"tuesday",
"wednesday",
"thursday",
"friday"
],
"allowed_hours": {
"end": "22:00",
"start": "06:00"
},
"blackout_dates": [
"2026-12-24",
"2026-12-25",
"2026-12-31",
"2027-01-01"
],
"maintenance_windows": [
{
"end": "2026-01-19T06:00:00Z",
"name": "Weekly Maintenance",
"recurring": "weekly",
"start": "2026-01-19T02:00:00Z"
}
],
"timezone": "America/New_York"
}
},
"description": "DevOps automation agent for CI/CD pipelines, infrastructure management, and deployment operations. Balanced permissions with strong change controls.",
"emergency_escalation": {
"cooldown_minutes": 60,
"enabled": true,
"escalated_permissions": {
"confidential": [
"R",
"M",
"A"
],
"internal": [
"R",
"M",
"A",
"C",
"D"
],
"public": [
"R",
"M",
"A",
"C",
"D"
],
"restricted": [
"R"
]
},
"max_duration_minutes": 120,
"notification_targets": [
"platform-team@company.com",
"oncall-devops@company.com"
],
"require_post_incident_review": true,
"trigger_conditions": [
"business_continuity_event",
"manual_authorization"
]
},
"metadata": {
"approved_by": "vp-engineering",
"author": "platform-engineering",
"created": "2026-01-17T00:00:00Z",
"review_date": "2026-04-17",
"status": "active",
"tags": [
"devops",
"ci-cd",
"automation",
"infrastructure"
]
},
"model": "three-dimensional",
"permissions": {
"confidential": [
"R",
"M"
],
"internal": [
"R",
"M",
"A",
"C"
],
"public": [
"R",
"M",
"A",
"C",
"D"
],
"restricted": [
"R"
]
},
"profile_id": "rmacd-3d-devops-v1",
"profile_name": "DevOps Agent",
"version": "1.0"
}Incident Responder
Security incident response agent with pre-authorized emergency escalation capabilities. Designed for rapid containment during active security incidents.
{
"$schema": "https://rmacd-framework.org/schema/v1/profile-3d.json",
"approval_authority": {
"approval": {
"approvers": [
"security-analyst",
"soc-lead"
],
"escalation_after_minutes": 10,
"escalation_target": "security-manager",
"timeout_minutes": 15
},
"elevated_approval": {
"approvers": [
"ciso",
"security-director"
],
"require_multiple_approvers": false,
"timeout_minutes": 30
}
},
"audit_requirements": {
"alert_channels": [
{
"target": "security-oncall",
"type": "pagerduty"
},
{
"target": "#security-incidents",
"type": "slack"
},
{
"target": "splunk-security",
"type": "siem"
}
],
"compliance_tags": [
"HIPAA",
"PCI-DSS",
"SOX"
],
"immutable_logging": true,
"log_level": "verbose",
"pii_masking": false,
"real_time_alerts": [
"confidential.M",
"confidential.A",
"restricted.R",
"restricted.M"
],
"retention_days": 730
},
"autonomy_overrides": {
"confidential.M": "notification",
"internal.A": "notification",
"internal.M": "autonomous",
"public.A": "notification",
"public.M": "autonomous",
"restricted.R": "logged"
},
"constraints": {
"change_controls": {
"canary_deployment_required": false,
"max_blast_radius_percentage": 25,
"require_backup_before_change": false,
"require_rollback_plan": true
},
"environments": [
"production",
"staging"
],
"rate_limits": {
"operations_per_hour": 100,
"queries_per_minute": 200
},
"time_windows": {
"allowed_days": [
"monday",
"tuesday",
"wednesday",
"thursday",
"friday",
"saturday",
"sunday"
],
"allowed_hours": {
"end": "23:59",
"start": "00:00"
},
"timezone": "UTC"
}
},
"description": "Security incident response agent with pre-authorized emergency escalation capabilities. Designed for rapid containment during active security incidents.",
"emergency_escalation": {
"cooldown_minutes": 15,
"enabled": true,
"escalated_permissions": {
"confidential": [
"R",
"M",
"A"
],
"internal": [
"R",
"M",
"A",
"C"
],
"public": [
"R",
"M",
"A",
"C"
],
"restricted": [
"R",
"M"
]
},
"max_duration_minutes": 60,
"notification_targets": [
"soc@company.com",
"ciso@company.com",
"incident-response@company.com"
],
"require_post_incident_review": true,
"trigger_conditions": [
"soc_declared_incident",
"automated_threat_detection"
]
},
"metadata": {
"approved_by": "ciso",
"author": "security-operations",
"created": "2026-01-17T00:00:00Z",
"review_date": "2026-07-17",
"status": "active",
"tags": [
"security",
"incident-response",
"emergency",
"containment"
]
},
"model": "three-dimensional",
"permissions": {
"confidential": [
"R",
"M"
],
"internal": [
"R",
"M",
"A"
],
"public": [
"R",
"M",
"A"
],
"restricted": [
"R"
]
},
"profile_id": "rmacd-3d-incident-responder-v1",
"profile_name": "Incident Responder",
"version": "1.0"
}Monitoring Agent
Read-only monitoring agent for observability, health checks, and SRE operations. Provides broad read access with real-time alerting capabilities.
{
"$schema": "https://rmacd-framework.org/schema/v1/profile-3d.json",
"audit_requirements": {
"alert_channels": [
{
"target": "#sre-alerts",
"type": "slack"
},
{
"target": "monitoring-service",
"type": "pagerduty"
}
],
"compliance_tags": [
"SOX",
"ISO27001"
],
"log_level": "enhanced",
"pii_masking": true,
"real_time_alerts": [
"confidential.R",
"restricted.R"
],
"retention_days": 90
},
"autonomy_overrides": {
"confidential.R": "logged",
"internal.R": "autonomous",
"public.R": "autonomous",
"restricted.R": "notification"
},
"constraints": {
"environments": [
"development",
"staging",
"production"
],
"rate_limits": {
"data_volume_mb_per_hour": 2000,
"queries_per_minute": 500
},
"time_windows": {
"allowed_days": [
"monday",
"tuesday",
"wednesday",
"thursday",
"friday",
"saturday",
"sunday"
],
"allowed_hours": {
"end": "23:59",
"start": "00:00"
},
"timezone": "UTC"
}
},
"description": "Read-only monitoring agent for observability, health checks, and SRE operations. Provides broad read access with real-time alerting capabilities.",
"emergency_escalation": {
"enabled": false
},
"metadata": {
"approved_by": "platform-engineering",
"author": "sre-team",
"created": "2026-01-17T00:00:00Z",
"status": "active",
"tags": [
"observability",
"monitoring",
"read-only",
"sre"
]
},
"model": "three-dimensional",
"permissions": {
"confidential": [
"R"
],
"internal": [
"R"
],
"public": [
"R"
],
"restricted": [
"R"
]
},
"profile_id": "rmacd-3d-monitoring-v1",
"profile_name": "Monitoring Agent",
"version": "1.0"
}Observer (2D)
Read-only monitoring and analysis agent for organizations without formal data classification
{
"$schema": "https://rmacd-framework.org/schema/v1/profile-2d.json",
"autonomy_overrides": {},
"constraints": {
"environments": [
"development",
"staging",
"production"
],
"rate_limits": {
"data_volume_mb_per_hour": 500,
"queries_per_minute": 100
}
},
"description": "Read-only monitoring and analysis agent for organizations without formal data classification",
"metadata": {
"approved_by": "security-team",
"author": "rmacd-framework",
"created": "2026-01-11T00:00:00Z"
},
"model": "two-dimensional",
"permissions": [
"R"
],
"profile_id": "rmacd-2d-observer-v1",
"profile_name": "Observer (2D)",
"version": "1.0"
}{
"$schema": "https://rmacd-framework.org/schema/v1/profile-3d.json",
"autonomy_overrides": {
"confidential.R": "logged",
"restricted.R": "notification"
},
"constraints": {
"environments": [
"development",
"staging",
"production"
],
"rate_limits": {
"data_volume_mb_per_hour": 500,
"queries_per_minute": 100
}
},
"description": "Read-only monitoring agent with classification-aware access controls",
"metadata": {
"approved_by": "security-team",
"author": "rmacd-framework",
"created": "2026-01-11T00:00:00Z"
},
"model": "three-dimensional",
"permissions": {
"confidential": [
"R"
],
"internal": [
"R"
],
"public": [
"R"
],
"restricted": [
"R"
]
},
"profile_id": "rmacd-3d-observer-v1",
"profile_name": "Observer (3D)",
"version": "1.0"
}Operations (2D)
Full operations agent without delete capability for organizations without formal data classification
{
"$schema": "https://rmacd-framework.org/schema/v1/profile-2d.json",
"autonomy_overrides": {
"C": "approval"
},
"constraints": {
"change_controls": {
"max_blast_radius_percentage": 10,
"require_backup_before_change": true,
"require_rollback_plan": true
},
"environments": [
"development",
"staging",
"production"
],
"rate_limits": {
"operations_per_hour": 50
}
},
"description": "Full operations agent without delete capability for organizations without formal data classification",
"metadata": {
"approved_by": "cab-committee",
"author": "rmacd-framework",
"created": "2026-01-11T00:00:00Z"
},
"model": "two-dimensional",
"permissions": [
"R",
"M",
"A",
"C"
],
"profile_id": "rmacd-2d-operations-v1",
"profile_name": "Operations (2D)",
"version": "1.0"
}Ready to create your profile?
Use our interactive generator to create custom RMACD profiles, or validate existing profiles against these schemas.