{
  "feature": "user-federation-ldap-kerberos",
  "version": "1.0.0",
  "description": "LDAP, Kerberos, and AD directory integration",
  "category": "integration",
  "tags": [
    "federation",
    "ldap"
  ],
  "fields": [
    {
      "name": "connection_url",
      "type": "url",
      "required": true,
      "label": "LDAP URL",
      "validation": [
        {
          "type": "required",
          "message": "URL required"
        },
        {
          "type": "url",
          "message": "Must be valid URL"
        }
      ]
    },
    {
      "name": "bind_dn",
      "type": "text",
      "required": true,
      "label": "Bind DN",
      "validation": [
        {
          "type": "required",
          "message": "Bind DN required"
        }
      ]
    }
  ],
  "rules": {
    "core": "Directory synchronization"
  },
  "outcomes": {
    "user_found": {
      "priority": 5,
      "given": [
        {
          "field": "connection_url",
          "operator": "exists",
          "value": null
        }
      ],
      "then": [
        {
          "action": "emit_event",
          "event": "federation.user_found",
          "payload": [
            "username"
          ]
        }
      ],
      "result": "User found in directory"
    }
  },
  "errors": [
    {
      "code": "FEDERATION_ERROR",
      "status": 503,
      "message": "Federation service unavailable"
    }
  ],
  "events": [
    {
      "name": "federation.user_found",
      "description": "User found in directory",
      "payload": [
        "username"
      ]
    }
  ],
  "related": [],
  "agi": {
    "goals": [
      {
        "id": "reliable_user_federation_ldap_kerberos",
        "description": "LDAP, Kerberos, and AD directory integration",
        "success_metrics": [
          {
            "metric": "success_rate",
            "target": ">= 99.5%",
            "measurement": "Successful operations divided by total attempts"
          },
          {
            "metric": "error_recovery_rate",
            "target": ">= 95%",
            "measurement": "Errors that auto-recover without manual intervention"
          }
        ],
        "constraints": [
          {
            "type": "availability",
            "description": "Must degrade gracefully when dependencies are unavailable",
            "negotiable": false
          }
        ]
      }
    ],
    "autonomy": {
      "level": "supervised",
      "escalation_triggers": [
        "error_rate > 5"
      ]
    },
    "safety": {
      "action_permissions": [
        {
          "action": "user_found",
          "permission": "autonomous"
        }
      ]
    },
    "tradeoffs": [
      {
        "prefer": "reliability",
        "over": "throughput",
        "reason": "integration failures can cascade across systems"
      }
    ]
  },
  "extensions": {
    "source": {
      "repo": "https://github.com/keycloak/keycloak",
      "project": "Keycloak",
      "tech_stack": "Java"
    }
  }
}