1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# V1 Scope
## Build First
Rho v1 should build the smallest architecture that proves:
- identity works
- repo policy works
- messages work
- tools are declarative and runnable
- agents can propose but not bypass policy
- middleware can require human approval
- mock data can be generated from private data shapes
## In Scope
### `rho id`
- GitHub-linked identity
- local public/private key generation
- trust/export/import basics
### `rho crypto`
- sign and verify files
- encrypt and decrypt files for known recipients
- manage crypto algorithm metadata
- provide a clean crypto boundary for other commands
### `rho auth`
- evaluate whether an actor may perform an action
- manage repo-level authorization metadata
- support trust-on-first-use pairing
- support first-connection approval hooks
- support permanent block and deny records
### `rho repo`
- initialize repo layout
- manage participants
- manage permissions policy
- manage repo root manifest metadata
- create required visible `rho/` structure
### `rho tools`
- define tool manifests
- validate schemas
- list available tools for a repo
### `rho messages`
- write and read text-backed structured messages inside the repo
- route inbox and outbox files
- basic human and agent addressing
### `rho run`
- run tools through sandbox profiles
- validate requests
- write run status and outputs
### `rho agent`
- launch an agent with repo context
- expose repo tools and message protocol
- require `rho run` for protected execution
### `rho data`
- inspect source data
- infer schemas and common shapes
- generate mock/synthetic outputs
- register mock/private/released paths
### `rho doctor`
- check required dependencies
- guide installation steps
- validate identity and key setup
- validate trust and auth setup
- validate repo layout and policy files
- check agent backend readiness
- check sandbox readiness
### `rho middleware`
- intercept approval-worthy events
- execute policy hooks
- record decisions
### `rho telegram`
- adapter that lets middleware notify or query a human operator
## Explicitly Out Of Scope For V1
- secure multi-party computation
- daemon-based sync substrate
- notebook-specialized collaboration runtime
- broad flow engine with many backends
- realtime transport beyond normal Git/GitHub usage
- desktop-first orchestration
- rich auto-materialized encrypted shadow stores
- many identity backends beyond GitHub + keypairs
- key rotation and recovery workflows
- custom envelope evolution and migration
- automatic background dependency management services
- complex federated policy distribution
## What To Borrow From The Old System
- approval-mediated execution from Beaver / Rho relay ideas
- explicit mock/private split from Twin concepts
- file-backed request and response protocols
- a separate crypto boundary rather than mixing encryption into every command
- explicit trust and authorization records instead of implicit allow behavior
- strict separation between product semantics and transport adapters
- explicit operator diagnostics instead of hidden setup magic
## What To Leave Behind For Now
- multi-repo workspace orchestration
- many transport modes
- heavy path and config indirection
- publisher ACL plus subscriber materialization model
- notebook runtime magic
- Nextflow-style workflow backends
- bioscript-style domain packaging and generation
- secure-compute packaging burden
- broad distributed trust frameworks beyond TOFU plus explicit blocks