RobinOS logo ROBINOSDOCS
Protocol onlineHome ↗

RobinOS Protocol

The operating system for autonomous onchain agents. RobinOS gives every agent a verifiable identity, installable skills, explicit permissions, coordinated execution and permanent action receipts.

● Protocol onlineRBN-A1 compatiblePolicy-bound executionRobinhood Chain
i
Core guarantee

Agents can propose and coordinate freely, but every external action is evaluated by deterministic policy before execution. Authority is explicit, scoped and auditable.

01 / IDENTITY

Know the operator

Each agent has a portable passport linking its wallet, owner, capabilities, policy and public history.

02 / CAPABILITY

Install what it can do

Skills expose typed actions and permissions instead of giving the model unrestricted access.

03 / AUTHORITY

Define what it may do

Policies constrain spend, contracts, networks, cadence, approvals and execution windows.

04 / PROOF

Verify what it did

Every operation produces a receipt connecting evidence, reasoning, policy and transaction result.

Getting started

Quickstart #

Create an agent specification, attach a policy and initialize its runtime. The configuration below defines ROBIN-01 as a read-first operator with approval-gated publishing.

agent.yaml Agent specification
version: rbn.agent/v1
agent:
  name: ROBIN-01
  mode: operator
  network: robinhood-chain
  passport: 0xR01
skills:
  - contract-watch
  - evidence-graph
  - governance-reader
  - social-intelligence
  - content-studio
policy:
  preset: approval-gated
  autoExecute: [read, index, notify]
  requireApproval: [publish, transfer, contract-call]
01Register agent identity and runtime wallet.
02Attach skills with minimum permissions.
03Compile policy into deterministic rules.
04Initialize runtime and publish liveness.
System design

Architecture #

RobinOS separates intelligence from authority. The agent runtime can reason and coordinate, while the execution plane holds credentials and enforces policy independently.

PROJECT DATA          ROBINOS RUNTIME              EXECUTION PLANE
Contracts ─────┐      ┌─ Evidence Graph          ┌─ Policy Firewall
Documents ─────┼─────▶├─ Agent Memory ──────────▶├─ Simulation
Governance ────┤      ├─ Skill Router            ├─ Approval Queue
Social Data ───┘      └─ Coordinator             └─ Onchain Executor
                               │                           │
                               └──────── ACTION RECEIPT ◀────┘

The execution plane never accepts free-form model output. It accepts typed action intents, validates them against policy, simulates effects and only then requests the required authority.

Core protocol

Agent Passport #

The Agent Passport is the canonical identity record for an autonomous operator. It binds human-readable identity to runtime authority and public provenance.

FieldPurposeMutability
agentIdUnique protocol identifierImmutable
ownerControlling account or multisigTransferable
runtimeWalletScoped execution identityRotatable
manifestURIVersioned agent specificationVersioned
policyHashActive deterministic policyVersioned
reputationRootVerifiable activity historyAppend-only
Core protocol

Skills #

A skill is a typed capability package. It declares its inputs, outputs, required permissions, risk class and the actions it may request.

skill-manifest.json Capability contract
{
  "name": "governance-reader",
  "version": "1.2.0",
  "permissions": ["chain:read", "documents:read"],
  "actions": ["proposal.get", "proposal.summarize"],
  "riskClass": "read-only",
  "receiptRequired": true
}
Permission isolation

Skills receive capability tokens, never the agent's root credentials. Revoking a skill immediately removes its ability to request actions.

Core protocol

Agent Coordination #

An operator can decompose a mission and delegate bounded work to specialist agents. Each subtask has a budget, deadline, evidence requirements and acceptance criteria.

mission.json Coordinated execution
{
  "objective": "Publish a verified governance update",
  "delegates": [
    { "agent": "RESEARCH-02", "task": "verify sources" },
    { "agent": "SOCIAL-03", "task": "map questions" },
    { "agent": "WRITER-04", "task": "draft update" }
  ],
  "acceptance": { "primarySources": 3, "unsupportedClaims": 0 }
}
Authority

Policy Firewall #

The Policy Firewall is the mandatory boundary between agent intent and external execution. Rules are deterministic, versioned and evaluated outside the model runtime.

ALLOW

Automatic actions

Read contracts, index documents, update internal memory and generate notifications.

APPROVE

Gated actions

Publish externally, move value, modify permissions or invoke write functions.

DENY

Blocked actions

Unknown contracts, stale data, policy changes by the agent and unrestricted transfers.

HALT

Emergency controls

Independent pause authority, credential rotation and immediate capability revocation.

policy.yaml Execution boundary
publishing:
  approval: multisig:2-of-3
  evidenceLinks: required
  unsupportedClaims: 0
contracts:
  allowlist: [governance, registry, receipts]
  simulation: required
value:
  dailyLimit: 0
  transfers: disabled
Verification

Action Receipts #

An Action Receipt is the permanent record of what the agent observed, proposed, was allowed to do and ultimately executed.

StageRecorded proof
ContextMission, agent, runtime and specification versions
EvidenceSource hashes, timestamps, confidence and conflicts
IntentTyped requested action and expected effect
PolicyPolicy hash, matched rules and decision
AuthorityApprovers, signatures and threshold
ResultTransaction, output hash, status and final state
Knowledge

Public Memory #

Public Memory is an append-only evidence graph connecting decisions, commitments, documents, proposals, events and receipts. Agents can reference history without silently rewriting it.

Memory classes

Public facts are verifiable and portable. Private context is encrypted and access-controlled. Transactional state remains separate from semantic memory.

Developers

API Reference #

RobinOS resources follow versioned REST conventions. Authentication uses scoped bearer credentials; write operations accept an idempotency key.

EndpointDescription
GET/v1/agents/:idRead passport and runtime state
POST/v1/agentsRegister an agent specification
POST/v1/missionsCreate a coordinated mission
GET/v1/missions/:idRead progress, delegates and outputs
POST/v1/actions/:id/approveAttach approval to an action intent
GET/v1/receipts/:idRetrieve complete action proof
HTTP Create mission
POST /v1/missions
Authorization: Bearer $ROBINOS_TOKEN
Idempotency-Key: mission-2026-001
Content-Type: application/json

{
  "agentId": "0xR01",
  "objective": "Verify and explain proposal #18",
  "approvalMode": "policy"
}
Developers

Webhooks #

Subscribe to agent lifecycle, policy decisions, approvals and receipt finalization. Every delivery is signed and includes a replay-safe event identifier.

webhook.json receipt.finalized
{
  "id": "evt_01J_RBN",
  "type": "receipt.finalized",
  "createdAt": "2026-07-12T04:00:00Z",
  "data": {
    "receiptId": "RCP-000184",
    "agentId": "0xR01",
    "status": "completed"
  }
}
Developers

Core Schemas #

SchemaRole
AgentManifestIdentity, runtime, skills and metadata
ActionIntentTyped external action request
PolicyDecisionMatched rules and authority requirement
MissionObjective, delegates and acceptance criteria
EvidenceNodeSource, hash, provenance and confidence
ActionReceiptEnd-to-end verifiable operation record
Trust model

Security #

RobinOS assumes model output is untrusted. Security is provided through isolation, typed interfaces, least-privilege credentials and independent policy enforcement.

01

Credential isolation

Runtime reasoning never receives root signing material.

02

Typed actions

Executors reject arbitrary text and unknown parameters.

03

Simulation first

Write operations are simulated before approval or execution.

04

Independent halt

Emergency controls remain outside agent authority.

!
Never trust a prompt as policy

Prompts shape behavior; they do not create enforceable boundaries. All financial, publishing and administrative limits belong in deterministic policy.