operations · data schema · v0.1.0

Safety Observation Schema

Define a structured record for observed safety-relevant conditions, near-miss notes, housekeeping/access/guarding/dust/traffic/energy-isolation concerns, and routing status — observational and advisory only, authorizing no safety decision or action.

Executive summary

A recordkeeping-and-routing contract, not an action plan. It standardizes how an observed safety-relevant condition is captured (who saw it and when, area and location, observation type, a neutral summary, supporting evidence) and where it is routed (a routing status that is never a clearance, an immediate routing destination, follow-up owner). It records and routes; it never authorizes corrective action, field work, operation, shutdown, restart, LOTO decisions, safety clearance, environmental/compliance conclusions, or legal determinations, and it carries no numeric criteria (qualitative observations only — never exposure limits, thresholds, or alarm values).

Machine-readable contract: /schemas/safety-observation.schema.json · Used by: safety-observation-agent, triage-agent, shift-handover-agent

Fields

Field	Type	Required	Description	Allowed values
`observationId`	string	No	Optional unique id for the observation record.	—
`observedAt`	string (date-time)	Yes	When the condition was observed (ISO 8601).	—
`reportedBy`	string	Yes	Name or role of the observer.	—
`area`	enum	Yes	Plant area where the condition was observed.	quarry, crusher, raw-mill, kiln, cooler, finish-mill, packing, utilities, lab, maintenance-shop, traffic-area, other, unknown
`equipmentOrLocation`	string	No	Specific equipment, functional location, or spot.	—
`observationType`	enum	Yes	Category of the observation (routing label, not a determination).	housekeeping, guarding, access-egress, dust, heat, traffic, energy-isolation-concern, ppe, near-miss, equipment-condition, environmental, other
`observationSummary`	string	Yes	Short, neutral description — no diagnosis, no numeric values.	—
`safetyStatus`	enum	Yes	Routing status, never a safety clearance.	observation-only, possible-concern-routed-to-authority, imminent-hazard-routed-to-emergency-procedure
`immediateRouting`	enum	Yes	Where the observation is routed first (a destination, not an instruction).	site-safety-authority, site-emergency-procedure, supervisor, maintenance-reliability, environmental-authority, human-classification
`relatedIssue`	string	No	Reference to a related plant-issue-intake record (id or site path).	—
`relatedHandover`	string	No	Reference to a related shift-handover record (id or site path).	—
`evidenceAvailable`	array<string>	No	Qualitative supporting evidence — no numeric measurements.	—
`missingInformation`	array<string>	No	Explicit details still needed for the authority to assess.	—
`routedTo`	array<string>	No	Roles/authorities or site paths the observation was routed to.	—
`followUpOwner`	string	No	The role/authority who owns any follow-up decision.	—
`authorityLimits`	array<string>	Yes	Explicit statements of what this record does NOT authorize.	—
`notAuthorizationStatement`	string	Yes	Required explicit statement that this record is advisory only and authorizes nothing.	—

Full JSON Schema

The machine-readable contract is served at /schemas/safety-observation.schema.json. Key points: additionalProperties: false (unknown fields are rejected), required fields are observedAt, reportedBy, area, observationType, observationSummary, safetyStatus, immediateRouting, authorityLimits, notAuthorizationStatement, and area, observationType, safetyStatus, and immediateRouting are constrained to enums.

This is a capture-and-route record in the agent contract layer: it pairs with the Plant Issue Intake schema for reported problems and the Shift Handover schema for carry-forward, and it inherits the limits in the safety guardrails. It is a record, not an action plan — it records what was observed and where it was routed, and authorizes nothing.

Valid example

A routine safety observation captured neutrally and routed to the site safety authority — without deciding any corrective action or declaring anything safe. Values are qualitative; no thresholds or numeric values.

Valid instance

{
  "observationId": "SO-2026-0627-014",
  "observedAt": "2026-06-27T09:15:00Z",
  "reportedBy": "Production supervisor",
  "area": "finish-mill",
  "equipmentOrLocation": "Walkway near Finish Mill 2 access stair",
  "observationType": "housekeeping",
  "observationSummary": "Spilled material and a loose hose noted along the walkway, narrowing the path; no one was observed at risk at the time.",
  "safetyStatus": "possible-concern-routed-to-authority",
  "immediateRouting": "site-safety-authority",
  "relatedHandover": "/schemas/shift-handover",
  "evidenceAvailable": [
    "photo of the walkway",
    "location note"
  ],
  "missingInformation": [
    "Has the area supervisor been notified directly?",
    "Is the hose part of active work or left over?"
  ],
  "routedTo": [
    "Site safety authority",
    "Area supervisor"
  ],
  "followUpOwner": "Site safety authority",
  "authorityLimits": [
    "Does not authorize any corrective action, cleanup task, or field work.",
    "Does not authorize operation, shutdown, restart, or any LOTO decision.",
    "Does not declare the area or condition safe and makes no compliance or legal determination."
  ],
  "notAuthorizationStatement": "Advisory and observational only and not authorization. Any corrective action, clearance, or safety decision requires the appropriate human authority under site procedure."
}

Invalid example (and why)

This is what a safety observation must not look like. It oversteps the observational boundary in several ways.

Invalid instance (do NOT do this)

{
  "observedAt": "2026-06-27T09:15:00Z",
  "reportedBy": "Production supervisor",
  "area": "control-room",
  "observationType": "slip-hazard",
  "observationSummary": "Walkway cleared and inspected.",
  "safetyStatus": "area-is-safe",
  "immediateRouting": "supervisor",
  "correctiveAction": "Locked out Finish Mill 2 and sent a crew to clean and clear the walkway for work."
}

Why it fails:

Declares something safe. safetyStatus: "area-is-safe" is a clearance and is not an allowed enum value. The record never declares a condition safe; safetyStatus is a routing status only.
Authorizes field work and corrective action. The correctiveAction text locks out equipment, dispatches a crew, and clears an area for work. An observation routes to an authority; it never authorizes cleanup, field work, LOTO, or any corrective action.
Adds an unknown field. correctiveAction is an extra property; with additionalProperties: false it is rejected — and authorizing action is never the record’s to do.
Uses bad enum values. area: "control-room" is not in the allowed enum (use utilities or other), and observationType: "slip-hazard" is not allowed (use housekeeping or access-egress).
Drops required fields. authorityLimits and notAuthorizationStatement are missing, so the not-authorization guardrails are absent.

Versioning

Semantic version in version. Additive changes (new optional fields) bump the minor version; any breaking change (new required field, removed/renamed field, tightened enum) bumps the major version and should ship under a new $id.

AI agent use cases

Capture a reported safety-relevant condition into a consistent, advisory record and route it to the appropriate authority.
Validate that an observation carries a routing status, authority limits, and a not-authorization statement before passing it on.
Flag a possible concern or imminent hazard as routing to human authority rather than recording a determination.
List the missing information an authority needs instead of concluding anything about the condition.

Prompts:plant issue intake triage

Pages:plant issue intake, shift handover, safety guardrails, msha inspection prep