Know the operator
Each agent has a portable passport linking its wallet, owner, capabilities, policy and public history.
The operating system for autonomous onchain agents. RobinOS gives every agent a verifiable identity, installable skills, explicit permissions, coordinated execution and permanent action receipts.
Agents can propose and coordinate freely, but every external action is evaluated by deterministic policy before execution. Authority is explicit, scoped and auditable.
Each agent has a portable passport linking its wallet, owner, capabilities, policy and public history.
Skills expose typed actions and permissions instead of giving the model unrestricted access.
Policies constrain spend, contracts, networks, cadence, approvals and execution windows.
Every operation produces a receipt connecting evidence, reasoning, policy and transaction result.
Create an agent specification, attach a policy and initialize its runtime. The configuration below defines ROBIN-01 as a read-first operator with approval-gated publishing.
version: rbn.agent/v1 agent: name: ROBIN-01 mode: operator network: robinhood-chain passport: 0xR01 skills: - contract-watch - evidence-graph - governance-reader - social-intelligence - content-studio policy: preset: approval-gated autoExecute: [read, index, notify] requireApproval: [publish, transfer, contract-call]
RobinOS separates intelligence from authority. The agent runtime can reason and coordinate, while the execution plane holds credentials and enforces policy independently.
PROJECT DATA ROBINOS RUNTIME EXECUTION PLANE Contracts ─────┐ ┌─ Evidence Graph ┌─ Policy Firewall Documents ─────┼─────▶├─ Agent Memory ──────────▶├─ Simulation Governance ────┤ ├─ Skill Router ├─ Approval Queue Social Data ───┘ └─ Coordinator └─ Onchain Executor │ │ └──────── ACTION RECEIPT ◀────┘
The execution plane never accepts free-form model output. It accepts typed action intents, validates them against policy, simulates effects and only then requests the required authority.
The Agent Passport is the canonical identity record for an autonomous operator. It binds human-readable identity to runtime authority and public provenance.
| Field | Purpose | Mutability |
|---|---|---|
| agentId | Unique protocol identifier | Immutable |
| owner | Controlling account or multisig | Transferable |
| runtimeWallet | Scoped execution identity | Rotatable |
| manifestURI | Versioned agent specification | Versioned |
| policyHash | Active deterministic policy | Versioned |
| reputationRoot | Verifiable activity history | Append-only |
A skill is a typed capability package. It declares its inputs, outputs, required permissions, risk class and the actions it may request.
{
"name": "governance-reader",
"version": "1.2.0",
"permissions": ["chain:read", "documents:read"],
"actions": ["proposal.get", "proposal.summarize"],
"riskClass": "read-only",
"receiptRequired": true
}Skills receive capability tokens, never the agent's root credentials. Revoking a skill immediately removes its ability to request actions.
An operator can decompose a mission and delegate bounded work to specialist agents. Each subtask has a budget, deadline, evidence requirements and acceptance criteria.
{
"objective": "Publish a verified governance update",
"delegates": [
{ "agent": "RESEARCH-02", "task": "verify sources" },
{ "agent": "SOCIAL-03", "task": "map questions" },
{ "agent": "WRITER-04", "task": "draft update" }
],
"acceptance": { "primarySources": 3, "unsupportedClaims": 0 }
}The Policy Firewall is the mandatory boundary between agent intent and external execution. Rules are deterministic, versioned and evaluated outside the model runtime.
Read contracts, index documents, update internal memory and generate notifications.
Publish externally, move value, modify permissions or invoke write functions.
Unknown contracts, stale data, policy changes by the agent and unrestricted transfers.
Independent pause authority, credential rotation and immediate capability revocation.
publishing: approval: multisig:2-of-3 evidenceLinks: required unsupportedClaims: 0 contracts: allowlist: [governance, registry, receipts] simulation: required value: dailyLimit: 0 transfers: disabled
An Action Receipt is the permanent record of what the agent observed, proposed, was allowed to do and ultimately executed.
| Stage | Recorded proof |
|---|---|
| Context | Mission, agent, runtime and specification versions |
| Evidence | Source hashes, timestamps, confidence and conflicts |
| Intent | Typed requested action and expected effect |
| Policy | Policy hash, matched rules and decision |
| Authority | Approvers, signatures and threshold |
| Result | Transaction, output hash, status and final state |
Public Memory is an append-only evidence graph connecting decisions, commitments, documents, proposals, events and receipts. Agents can reference history without silently rewriting it.
Public facts are verifiable and portable. Private context is encrypted and access-controlled. Transactional state remains separate from semantic memory.
RobinOS resources follow versioned REST conventions. Authentication uses scoped bearer credentials; write operations accept an idempotency key.
| Endpoint | Description |
|---|---|
| GET/v1/agents/:id | Read passport and runtime state |
| POST/v1/agents | Register an agent specification |
| POST/v1/missions | Create a coordinated mission |
| GET/v1/missions/:id | Read progress, delegates and outputs |
| POST/v1/actions/:id/approve | Attach approval to an action intent |
| GET/v1/receipts/:id | Retrieve complete action proof |
POST /v1/missions Authorization: Bearer $ROBINOS_TOKEN Idempotency-Key: mission-2026-001 Content-Type: application/json { "agentId": "0xR01", "objective": "Verify and explain proposal #18", "approvalMode": "policy" }
Subscribe to agent lifecycle, policy decisions, approvals and receipt finalization. Every delivery is signed and includes a replay-safe event identifier.
{
"id": "evt_01J_RBN",
"type": "receipt.finalized",
"createdAt": "2026-07-12T04:00:00Z",
"data": {
"receiptId": "RCP-000184",
"agentId": "0xR01",
"status": "completed"
}
}| Schema | Role |
|---|---|
| AgentManifest | Identity, runtime, skills and metadata |
| ActionIntent | Typed external action request |
| PolicyDecision | Matched rules and authority requirement |
| Mission | Objective, delegates and acceptance criteria |
| EvidenceNode | Source, hash, provenance and confidence |
| ActionReceipt | End-to-end verifiable operation record |
RobinOS assumes model output is untrusted. Security is provided through isolation, typed interfaces, least-privilege credentials and independent policy enforcement.
Runtime reasoning never receives root signing material.
Executors reject arbitrary text and unknown parameters.
Write operations are simulated before approval or execution.
Emergency controls remain outside agent authority.
Prompts shape behavior; they do not create enforceable boundaries. All financial, publishing and administrative limits belong in deterministic policy.