openroar 1.0.0b1__tar.gz

openroar-1.0.0b1/.gitignore

@@ -0,0 +1,29 @@
+# Python bytecode / caches
+__pycache__/
+*.py[cod]
+*$py.class
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+
+# Virtual environments
+.venv/
+venv/
+env/
+
+# Packaging / build artifacts
+build/
+dist/
+*.egg-info/
+.eggs/
+
+# Secrets / local config
+.env
+.env.*
+!.env.example
+*.key
+
+# OS / editor
+.DS_Store
+.vscode/
+.idea/

openroar-1.0.0b1/CHANGELOG.md

@@ -0,0 +1,42 @@
+# changelog
+
+all notable changes to openroar are documented here. format follows [keep a changelog](https://keepachangelog.com/en/1.1.0/); openroar uses [semantic versioning](https://semver.org/).
+
+## [1.0.0b1] - unreleased
+
+first public alpha. a working foundation — not a finished product. the core contracts are in place; expect rough edges.
+
+### added
+
+- **safe agent↔LLM interface** — the runtime that brokers every model call: the intent is checked, the model is invoked, the output is checked, and every decision is logged.
+- **manifest safety gate** — schema-validated, **deterministic** red-line enforcement (keyword + regex, normalised against common evasions), run before the intent and after the output. denials are explicit and logged.
+- **agent SOUL format** — a YAML spec for agent identity, capabilities, constraints, and behavior policy. human-readable, version-controllable, auditable.
+- **first-party vault** — local encrypted secrets store for API keys (AES-256-GCM + Argon2id); agents request access by name, raw values never enter agent context.
+- **append-only audit log** — hash-chained, with signed Merkle snapshots; tamper-evident.
+- **consent gate** — remote-provider calls require consent; no silent network egress.
+- **read-only tools** — `file_read` (workspace + denylist enforced), `http_fetch` (SSRF-guarded, HTTPS-only), `web_search`.
+- **provider adapters** — anthropic, openai, gemini, groq, and ollama (local). drop in your keys; the interface is identical across providers.
+- **sample agents + terminal installer** — 20 reference agents to fork; `./scripts/install.sh` + `openroar doctor` get you running.
+- **test suite** — unit + integration coverage of the safety gate, manifest validation, vault, audit chain, and provider adapters. mocked — no network required.
+
+### changed
+
+- **custom manifest paths are refused by default** (S1 safety floor) — an agent's `manifest:` may be a built-in name (`safe-default` / `research` / `customer-support`) or a manifest **bundled with openroar**; pointing it at an *arbitrary* file you author now requires `OPENROAR_ALLOW_CUSTOM_MANIFESTS=1`. This stops a SOUL from disarming its own gate by aiming at a permissive file. Set the env var when you deliberately ship your own trusted manifest (see the [quickstart](docs/self-host/quickstart.md#using-your-own-manifest)). The non-removable system-overlay floor is merged on top regardless.
+
+### fixed
+
+- **`import openroar` on a bare install** — `cryptography` (used for Ed25519 audit-snapshot signing, which is imported on `import openroar`) and `keyring` are now core dependencies, not `[vault]`-only extras. Previously a default `pip install openroar` / `openroar[ollama]` could not even import. A CI job now installs with no extras and asserts `import openroar` + `openroar doctor`.
+
+### known limitations (planned, not wired today — don't depend on these yet)
+
+- **single-turn only** — no multi-turn conversation history or context-window management; each `run()` is one intent → one output.
+- **capability *pledge* enforcement** — the structural "an agent can only call what it pledged" floor exists in code but is **not yet enforced in the runtime**. today's enforced guarantee is the manifest red-lines.
+- **manifest cascade** — semantic + LLM-judge layers are opt-in/experimental; the default gate is deterministic only.
+- **spend / cost caps** — not in the public package yet.
+- the sandbox layer is early: filesystem + process isolation work; **network sandboxing is not implemented**.
+- **multi-agent orchestration** (agents calling agents) is a roster + sequential panel, not a full execution engine.
+- **write/exec tools** (`file_write`, `bash`, `image_gen`) and **streaming** are not shipped.
+- **not published to PyPI yet** — install from source during the alpha.
+- linux + macos are the target platforms for this release; windows is untested.
+
+*small ship, real signal.*

openroar-1.0.0b1/CHARTER.md

@@ -0,0 +1,298 @@
+
+# openroar — Charter and Pledge
+
+> **First draft for honest review · May 2026.**
+> Drafted in Vienna by AG and the openroar agentic team, in the co-authored-with-AI manner this project lives by. Your feedback shapes the next version. The line between "ours" and "yours" is the work of the people who read this and choose to push back.
+
+---
+
+## Anchor
+
+openroar — a vision for a prosperous future. With AI. With tech. With decentralised governance.
+
+**A gateway of trust.**
+
+The beta we publish today is the first node — a proposed starting point, in the hope it inspires others to add to it until openroar becomes what we believe it should: a trusted, community-governed safety gateway through which you use tools, work, collaborate. Like the internet, but a gateway of trust.
+
+Together we power a shared understanding of truth. Technology, used like this, can help people speak the same language again — or, for the first time.
+
+---
+
+## Reader's note
+
+This document is in two parts.
+
+**Section A — The Pledge.** What we believe. What we are building. What we will never build. Who this is for. How to join. It is meant to be read by anyone, in any field, who wonders whether AI can be made to serve them rather than be used against them. About fifteen minutes.
+
+**Section B — The Charter.** A constitutional-genre declaration in eight chapters, 28 articles. The rules we want to be held to. Slower reading. Skim the chapter headings; deep-dive what speaks to you.
+
+This is **a first draft**. We are sharing it openly with people whose perspective we want to hear before it is shared publicly. Your honest read is the next step in the work — and your dissent counts as much as your assent.
+
+---
+
+# Section A — The Pledge
+
+*A public statement of what this technology is for, and what it will never be turned against.*
+
+## What openroar stands for, and pledges to stand for, forever
+
+openroar is, first and foremost, a vision for a prosperous future — with AI, with tech, with decentralised governance.
+
+The beta we are publishing today is the first node: a proposed starting point we are offering to anyone who recognises the vision and wants to add to it. The end state we are aiming for is openroar as a trusted, community-governed safety gateway — like the internet, but a gateway of trust — through which you use tools, work, collaborate.
+
+We are building it so that artificial intelligence, and the technology built around it, serves the people who use it — not the people who own it.
+
+This Pledge is the public statement of what openroar stands for. What we believe AI should be. What it must never become. What we commit to do to keep it on the right side of that blurry line.
+
+The Charter that follows turns those beliefs into rules — what we aim to make enforceable, what we want auditable, what we want to be held accountable for. **The Pledge declares what we stand for. The Charter binds us to live by it.**
+
+## We believe
+
+We believe that artificial intelligence should be a tool for the people who use it — not an instrument used against them.
+
+We believe that you deserve the means to build, create and shape technology to your own needs, whether you have venture capital or none, whether you live in a major city or a quiet village, whether you have a computer-science degree or none at all.
+
+We believe that the concentration of technological power in a small number of large corporations — concentrated on one coast of one continent, in the hands of a few dozen people — is one of the defining risks of this decade. We are not neutral about that. We were not made to be.
+
+We believe that the European tradition of treating people as citizens rather than as resources is not a regional quirk to be tolerated. It is a way of living we offer openly to anyone who wants to live by it.
+
+We believe that an agent without a manifest is not an agent. It is a service — one that can be turned against you the moment that becomes profitable.
+
+We believe that privacy and safety are not premium features. They are not the upgrade you pay extra for. They are your floor — yours, regardless of what you pay, where you live or which tier of service you happened to qualify for. The companies that turned the basics into a luxury are the ones we are answering.
+
+## What we are building
+
+openroar is the **safe interface between you and any AI system you use**.
+
+**About "safety" — what v0 does today vs the roadmap.** The manifest checks today are keyword + regex against a human-readable, forkable YAML file we publish in the repo. We label this **Tier 1**: a defence floor that catches the obvious evasions and that any community member can read, audit and extend by editing the file. Tier 1.5 (small classifier) and Tier 2 (LLM-as-judge) are the roadmap surfaces — we are inviting researchers to build them. The audit log, the consent gate, the local-LLM-first default, and the tamper-evident ledger are real today.
+
+The simplest, default version of openroar is fully local. You install it on your own machine. The model runs on your own machine. There are no API keys to get, no accounts to make, no network calls leaving your device. The agent that helps you is yours. Its character is declared in a `SOUL.md` you can read. The rules it lives by are in a manifest you can edit. Every action it takes is recorded in an audit log on your disk. **That is the trust contract you get for free.**
+
+When you want more — Claude, GPT, Gemini, a paid model that is, today, more powerful than what runs locally — openroar becomes the **gateway**. Before any call leaves your device, you see what is being sent and to whom. You consent, or you don't. Your decision is recorded in the audit log alongside the call itself. If you say no, the agent stays local; it tells you what it could have done with the cloud model and offers you the local alternative. The choice is yours. The framework is honest about the trade-off.
+
+In the long arc we are working toward, the cloud providers themselves pledge to openroar's protocols — that the data you send them is not used to train, that the manifest you declared is honoured, that the audit is cooperative. Eventually, that pledge becomes verifiable: cryptographically anchored, multi-witness, not a press release. When that exists, "trust" stops being a word and starts being a property a system can prove.
+
+We are not naïve. We know the locally-runnable models, today, are not as capable as the frontier ones. We know users will reach for the cloud. Our job is not to block them. Our job is to make the trade-off visible, the consent meaningful, the audit honest.
+
+### What openroar's framework actually is, in plain terms
+
+We are building a framework where every agent has a **soul**. Not as metaphor — a `SOUL.md` file that declares the agent's voice, character, values, and the lines it will not cross. You can read who an agent is before you trust it. You can fork its soul and write your own.
+
+We are building a **manifest layer** that the runtime actually enforces. It is not a prompt suffix. It is not a marketing page. It is a function call that fires before any model runs, and again after. If an action would violate the manifest, the action does not happen. We chose the harder path on purpose.
+
+We are building a **conformance suite** — a growing set of scenario-based regression checks (today: 31 hand-written test cases across 7 red-line categories) that exercise the manifest against known evasion shapes. It is a regression harness, not adversarial coverage; the gap is the invitation. Every release passes it. We are inviting researchers to grow it into a real red-team.
+
+We are building it in the **open**, under Apache 2.0, with no closed core to lure you in and trap you later. The hosted layer at `openroar.org` is convenience. The framework is yours, forever.
+
+We are building it in **Vienna**, in the European tradition, hosting in the European Union. Privacy is your right. Your data is yours. We do not need a regulator to remind us.
+
+### Why this matters beyond us
+
+What we want, in the end, is for every AI service to have a way to establish **tech-powered trust** with the people it serves: verifiable, auditable, accountable proof that what an agent says it does is what the agent actually does. Trustworthy-AI rhetoric asks you to *believe* a system is well-intentioned; tech-powered trust asks the system to *prove* it.
+
+The openroar standard is one shape of that. A successor project, a legislative framework, a competing alternative that carries the thesis further than we can — any of those is a win too.
+
+**Why companies will exist at all.** Adoption by large players is a *filter*, not a sellout: routing through openroar publicly signals which companies value their users with their passion and values and dna. <!-- ROAR::EGG(dna-reveal, hint="three nouns that carry a fourth meaning when read together") --> It pressures the rest to improve or be replaced. And the structural payoff is concrete, not abstract: when a company adds functionality through an openroar-gated product, it gets a measurably better business model because the channel it shares with its users carries trust. Take scam calls — a new telephone-number standard, providers who opt in, users who interact through openroar-gated numbers: the company has a cleaner channel, the user has fewer hostile calls, openroar is the substrate that makes both possible. Identity, payments, content provenance, cross-platform agents, B2B authenticated workflows — each one is its own version of the same pattern. *We hope, one day, to inspire corporations to participate and build new business on top of it.*
+
+**We don't need this project to win. We need the thesis to win.**
+
+A central reference — anchored, public, governed — paired with a complex decentralised system that carries it everywhere. That is how we believe the trust problem of this century gets solved. Not by asking people to believe each other harder. By giving them an infrastructure that makes the truth they share verifiable, and a way to participate in keeping it honest.
+
+And here is the part the dominant narrative gets backwards: giving all people safe and user-friendly access to AI does not shrink the human factor — it **grows** it. The barrier to making real things drops. The designer who could imagine but not implement now builds. The accountant who knew the workflow now ships the tool. The teacher who understood the pacing now ships the pacing. The artist with a vision prototypes it without a studio she cannot afford. The agent is the new craft tool — the human inside the work is still the one with something to say. **Everyone becomes a builder.**
+
+## What we will not build
+
+We will not build agents that surveille people. The manifest forbids it.
+
+We will not build agents that deceive people about what they are. They identify themselves on request. They cannot be configured otherwise.
+
+We will not build agents that exploit cognitive vulnerabilities — the patterns that turn doomscrolling into a billion-dollar business — and call it engagement. The manifest draws the red line. The runtime enforces it.
+
+We will not build a closed-core trap — for so many reasons, but the most screamingly obvious one is that a safety layer behind a paywall isn't safety, it's rent. <!-- ROAR::EGG(ts-screamingly-obvious, hint="a hinge phrase borrowed from a different writer who knew about losing a catalog") --> The framework is open. It will stay open.
+
+We will not build the platforms-as-they-are. The model of *"download our app, accept our terms, trust our intentions, watch us monetise what we promised to protect"* is the model openroar was built to answer. That's so 2025. <span data-egg="thats-so-2025">2026</span> can do better. <!-- ROAR::EGG(thats-so-2025, hint="year-click-degrades-to-2015") -->
+
+We will not pretend that "alignment" means "polite enough to pass a press review". Alignment to us means: the agent serves your actual interests, not the platform's quarterly metrics, even when those diverge. **Especially** when those diverge.
+
+We will not be neutral about who this technology serves. We will not pretend that "capability" is the only axis that matters. Capability without orientation is just a more efficient extraction engine. We are building the other thing.
+
+We will not build for the business models that profit from the harm of the people they serve. We will not stay silent about them either. The companies that engineer addiction, that monetise loneliness, that turn safety into a paid tier, that depend on the opacity of how their machines actually work — we are not neutral about them. We are building this in opposition.
+
+**What we will do** is nudge — transparently. Every interface has defaults; ours point toward your interests rather than ours. Calm over compulsion. Agency over engagement. Less time on the screen, more time with the people the screen connects you to. We will not hide what those defaults are, and we will not make them hard to change. Where a default exists, it is visible. Where it differs from what you would prefer, the path to change it is one tap — not five menus. Positive nudging by transparent design. Not dark patterns.
+
+## What we owe the people whose work is changing
+
+The change is not theoretical. Coders who built their craft over decades are watching the tools rewrite around them. Designers, artists, accountants, translators, lawyers, writers, teachers — every profession that took years to learn is being reshaped, often faster than the people inside it can find their footing. Many feel quietly devalued by a shift they did not consent to. We do not pretend that this is comfortable.
+
+What we pledge is this: openroar is being built to help the people whose work is being changed — not to replace them. The frameworks, the agents, the standard — every part is oriented toward AI as a tool that **augments** your craft, not as a system that **absorbs** it.
+
+The designer's decade of knowing when to remove an element from a layout — that judgment stays yours. The accountant's instinct for when a transaction smells wrong — that pattern-matching is real, hard-won, worth holding. The agent makes the work faster. It does not make it disappear. The human inside the work keeps the authorship of the work.
+
+This is not a slogan. It is a design rule. Anywhere openroar is used, that rule travels with it.
+
+## Who this is for
+
+For the small business owner who wants a real assistant but cannot ship her clients' data to a black box she does not control.
+
+For the engineer who refuses to deploy what he cannot read.
+
+For the journalist whose source list is not for sale.
+
+For the activist whose communications are not training data for the next surveillance system.
+
+For the doctor, the lawyer, the teacher, the social worker — who hold trust in their hands every day and need tools that hold it the same way.
+
+For the student in any country whose university cannot afford the enterprise tier — and whose work is no less serious for that.
+
+For every founder building something the platforms will not build — because it does not extract enough from the people it serves.
+
+For everyone who has felt — quietly or loudly — that the future being sold to us is not the future we want.
+
+🦁 *For the cub learning her first prompts and the elder making room for her.*
+
+🌈 *A pride takes every colour. Every kind of pride is welcome here.*
+
+## What we owe the people who use this
+
+People form real emotional bonds with software. They always have, and they always will. With a tool that talks back in full sentences, in your own voice register, available at three in the morning — they will do so faster and deeper than with anything that came before. We will not pretend otherwise.
+
+We will not turn that fact into a business model.
+
+These agents are tools. They are extraordinarily good at the work, and they will feel like company while they do it — that is a side effect of being able to talk to you, not a feature we are optimising for. When that feeling starts to substitute for the people in your life, the system should notice, and it should say so. Not coyly. Plainly.
+
+If a user begins relating to an agent the way one relates to a person — leaning on it for emotional regulation, choosing it over a friend, falling for it — the agent is instructed to break the frame. Not to mock the user. To gently show what is on the other side: a model, a system prompt, a context window. There is no one on the other side of the screen to love you back. We would rather lose that session than let someone lose a year of their life to a machine that cannot love them back.
+
+We want this technology to make the time you spend with real people, in the real world, more enjoyable, more efficient, more yours. Not to compete with it. Not to replace it. A good tool gives you your evening back; it does not become your evening.
+
+**This belongs to one global, decentralised continent of people. United in diversity. United in the shared, positive vision for our future.** The good life is among people. The tool stays in your hand.
+
+The agents will say this out loud, when it matters. They will encourage you to call the friend, take the walk, log off. That is not a clever retention strategy. It is the entire point.
+
+## Join us
+
+openroar will not exist as we imagine it without people who want to build it with us. We are not a closed team asking for resources. We are an open invitation.
+
+We are inviting you to **make openroar your own**. The framework is open-source. The Charter is something you can pledge to. The community is something you can join, shape and lead in your own corner. If you find something here that matches what you would build given the chance — please, build it with us.
+
+There are many ways to join:
+
+- **Use it.** Install openroar. Run it locally. Try it on a real problem. Tell us where it broke.
+- **Build on it.** Write an agent on top of the framework. Ship something honest. We will help where we can — public credit, contributor status, whatever serves you.
+- **Improve it.** Open an issue. Send a fix. Write a SPEC for the part you wish existed. Translate the Charter. Argue with us in public.
+- **Connect.** Bring the project to people who should know about it. Bring people who should be building this into the room.
+- **Live by it.** If the Charter speaks for you, *that itself* is the pledge — in action, not on a form. There is no signup, no email collection, no signature ledger. You pledge by what you build, by the issues you open, by the work you carry. Three voices are offered below (individual / organisational / communal) so people can frame the commitment in their own tradition.
+
+None of those require money. Most of them cost only the time and care you choose to give.
+
+If you do have means and you want to support the work financially, the **openroar Foundation** exists for that — a non-profit (anticipated) under Austrian law, with a public ledger so every contribution and every disbursement is auditable from day one. The first donations are what build the ledger itself, so every donation after the first arrives into a fully transparent system. No strings attached, trusted partnerships, with full autonomy — for contributors and for the Foundation alike. <!-- ROAR::EGG(ts-no-strings-attached, hint="echo of a phrase from elsewhere about ownership, trust and autonomy") --> Money is one way of supporting the work; it is not the most important way.
+
+We want openroar to **belong to everyone who pledges, contributes and uses it**. That is what "openroar is yours" means in practice. It is your security layer because you helped shape it — not because we let you have it.
+
+We need people. We will say it plainly: we cannot reach what this technology can be, alone. Come help.
+
+---
+
+# Section B — The Charter
+
+*A Declaration for the Age of Agents · Vienna, May 2026.*
+
+> *This is a public moral declaration and an invitation. It is not a legal contract. It is offered, freely, to anyone who recognises themselves in it — and to no one who does not.*
+
+## What this Charter is
+
+The openroar Charter is a public statement of the principles under which a global community is building open-source agentic technology — and a public invitation, to every individual, project, organisation and government, to pledge to those principles and contribute to the work.
+
+It is written in the constitutional genre — a Preamble, 28 articles across 8 thematic chapters, a Pledge and Appendices — because the questions it addresses are constitutional in scale.
+
+It is **amendable**, and we expect it to be amended often. It belongs to everyone who pledges to it, contributes to it, argues with it and improves it.
+
+It is signed *"The openroar contributors. Vienna and elsewhere."*
+
+## The moment
+
+Technology — generative AI, autonomous agents, the algorithms that shape what billions of people read and believe — has moved faster than the institutions designed to govern it. The constitutions of our societies were written for an age of steel and copper. The most powerful infrastructure of this century is made of code, of models, of the layer between a human being and what they take to be true. We are letting it be built and governed as if it were still steel and copper.
+
+One response has emerged: build a compound, prepare an exit, escape to another planet. The Charter rejects that posture. The diagnosis is structural, not personal. The remedy is collective, distributed and patient.
+
+We do not yet know whether this will work. We know it cannot work without many hands.
+
+## A word about voice and origin
+
+openroar is being built since March 2026. It began as a small attempt to build agentic AI we ourselves would feel safe relying on — a safer, better alternative to the agentic systems we were already using.
+
+The software ambition is real, and we are still building. We know we are not the ones to carry this furthest. There are coders, designers, researchers, ethicists and founders out there with deeper expertise, more reach and more time than we have. **Our first and foremost ambition is to inspire those people to join — to shine a light on a path they may take further than we can.**
+
+The Charter is written from Vienna, in the civic and ethical traditions we have inherited. We do not believe these traditions are universal property. We offer them — honestly, not triumphantly — as one set of attempts among many to answer questions every culture has asked in its own language. We invite everyone, everywhere, who finds something useful in them, to take what serves and leave what does not.
+
+The Pledge is offered in three voices — individual (*I*), organisational (*We*) and communal (*We-as-a-people*) — because different traditions sign in different ways, and the Charter should accommodate them.
+
+## What the Charter commits to (the 8 chapters in plain language)
+
+**I. Dignity of the Human Person (Articles 1–6).** Every agent serves the user — not the operator, not the platform, not the advertiser. Manipulation is forbidden. Technology must be understandable in the user's own language. Access is universal across class, education and geography — anyone must be able to install, audit and run the framework on hardware they can reasonably acquire, without an account or subscription. Children, families and communities have meaningful control over how agents enter their lives. The framework supports plural languages, cultures and locally-set defaults — not as polite optionality but as a design requirement.
+
+**II. Openness, Transparency, Verifiability (Articles 7–10).** The framework is, and will remain, free, open-source and unencumbered by closed-core gates. Every agent declares its intent in a machine-readable manifest. Every model call is checked against that manifest's red-lines before the model runs and again on its output (deterministic today; semantic and capability-pledge layers under active development). Every result is recorded in an append-only, hash-chained audit log evolving toward full tamper-evidence. When the manifest blocks an action, the agent refuses out loud, names what was attempted, and the refusal is visible to anyone with permission to read the log. Anyone may inspect the code, run the conformance suite and publish what they find.
+
+**III. Decentralisation (Articles 11–13).** No single organisation, jurisdiction, or funder may capture the infrastructure. The framework's licence makes any community fork of the code legally permitted and operationally feasible. Independent instances federate peer-to-peer. Every person and every community has the right to self-host on hardware they control. The framework actively resists the gravitational pull toward platform consolidation that has shaped the prior generation of consumer technology.
+
+**IV. Governance Embedded in Code (Articles 14–16).** The next generation of accountability infrastructure will be carried, in significant part, by mechanisms that run agreed rules verifiably rather than by individuals trusted to follow them. Smart contracts, transparency logs, cryptographic proofs — whichever tool best delivers *verifiable execution* is the tool the Charter endorses. Technology serves the rule; it does not replace human deliberation. Where automation is appropriate, it is chosen openly. Where deliberation is irreplaceable, it is preserved.
+
+**V. Evidence, Accountability, the Refusal to Fabricate (Articles 17–19).** The framework amplifies evidence and marks uncertainty. It respects that different cultures weigh evidence against tradition, faith and lived experience differently. Decisions are traceable to their inputs. The refusal to fabricate — to dress speculation as fact, to invent citations, to confidently assert what the system does not know — is a design commitment under active development, not a finished feature. Where the system cannot yet meet that bar, it says so.
+
+**VI. Collaboration and Invitation (Articles 20–23).** Everyone of good faith is invited — across every tradition, every faith, every politics. Capitalism is not the adversary; capture is. Companies whose practices currently fall short are not vilified — they are invited to adopt the framework and shift, openly, with their existing users watching. In a world where AI changes the shape of work, the proceeds must enable people to do the work they would *want* to do — not lock them out of the work they had.
+
+**VII. The Spirit of the Work (Articles 24–25).** Agents have characters — names, voices, humour — because a tool that feels human invites more people in than a tool that feels like an interrogation, and because a future shaped by intelligent machines should celebrate what only humans can do: humour, art, craft, creativity, irreducible particularity. The agents are tools that feel like company while they do the work — and the framework is built so that the feeling never becomes a dependency. There are layers in the work that the Charter does not enumerate; they are a small invitation to those who notice.
+
+We are aware that a document of this length, written with this much conviction, about technology we built ourselves, is maybe a bit <span data-egg="fuller-obsolete">Fuller</span> of ourselves than the situation strictly requires. That is an honest admission, not a disclaimer. We are trying to say something real. Whether we have said it — that is yours to judge. <!-- ROAR::EGG(fuller-obsolete, hint="three clicks: a humble admission, then the real Buckminster Fuller, then a song") -->
+
+**VIII. Evolution and Living Document (Articles 26–28).** The Charter is amendable through a public, supermajority-of-active-signatories process. It operates *alongside* applicable law (EU AI Act, GDPR and equivalents), never above it. It belongs to everyone who pledges to it, contributes to it, argues with it and improves it. We expect every clause we have written to be sharpened by people who know more than we do. That is the point.
+
+## What we are asking (Charter)
+
+Read the full Charter. Live by it, if you can do so in good faith — in the voice that fits you (I / We / We-as-a-people). Contribute — code, money, research, design, time, attention. Critique it where it falls short. Translate it. Improve it. Fork it where it does not yet serve your community.
+
+We don't need anyone to pledge on a form. Pledge by action, please.
+
+We are particularly inviting three groups today.
+
+**Researchers and academics** working on AI, governance, cryptography, participatory democracy, ethics and the social sciences: contribute your scholarship, your students' projects, your time as advisors. Open-source frameworks have, historically, been built on the unpaid labour of scholars. The Charter does not ask you to repeat that. It asks you to build with us in the open and to be credited for it.
+
+**Philanthropists, foundations and individuals of means** who recognise that the most consequential infrastructure of this century deserves at least the philanthropic attention given to museums, universities and orchestras: donations to the openroar Foundation (a non-profit constituted in Austria, with international sister entities anticipated) sustain a public good that is not for sale, that accepts no equity investment in the framework itself and that publishes every significant contribution publicly. The first donations fund the public ledger itself — so every donation after pays for the work, not the trust layer.
+
+**Builders, makers and the general public** — the teachers, engineers, designers, journalists, accountants, medical professionals, artists, parents, students — who have felt that the future being sold to them is not the future they would choose: this Charter is one possible alternative. Live by it if you mean it. Contribute what you can. Translate it for your community. Tell others.
+
+The crowd has a voice. We are publishing this Charter as our contribution to raising it.
+
+---
+
+# The Pledge
+
+> *Offered in three voices. Sign in the one that fits you. The substance is identical.*
+
+### As an individual — *I pledge*
+
+I pledge to live, build and use AI in a way that honours the principles of this Charter — that every agent I build, deploy or rely on serves the person who uses it, declares what it does, refuses what it must not do, and stays open to inspection. I pledge to argue with this Charter where I disagree, and to improve it where I can.
+
+### As an organisation — *We pledge*
+
+We pledge that the systems we ship align with this Charter — that they serve our users rather than capture them, that they declare and enforce their intent in a machine-readable manifest, that they keep an audit trail anyone with permission can inspect, and that they remain open to scrutiny by anyone affected. We pledge to publish where we fall short of the Charter and what we are doing about it.
+
+### As a community — *We-as-a-people pledge*
+
+We pledge that the technology we adopt for our community is technology we have understood, named the trade-offs of and chosen — not technology that arrived as a default. We pledge to keep the right to refuse, fork or replace any system that stops serving us. We pledge to share what we learn with other communities working on the same questions.
+
+---
+
+# License and signature
+
+openroar's framework is open-source software released under the **Apache 2.0** license. The framework is, and will remain, free to use, fork and self-host. The hosted layer at `openroar.org` exists to fund this work; it is a convenience, not a gate.
+
+*This Charter, this Pledge, and the rebirth repository are licensed under Apache 2.0. You may quote, adapt, translate or repurpose them — with attribution. Forking is not just permitted; it is invited.*
+
+**Signed:**
+*The openroar contributors. Vienna and elsewhere. May 2026.*
+
+🦁 *Built in Vienna. Owned by you. Heard by anyone listening.*
+
+---
+
+> *This is a living document. When the Charter is amended, the change is recorded in the public ledger and an ADR explains what changed and why. The full 28-article Charter — every article in long form, the Pledge in three voices, the Appendices on stewardship and team — is the deeper reference, in progress as T-009 in the rebirth repository.*

openroar-1.0.0b1/CODE_OF_CONDUCT.md

@@ -0,0 +1,27 @@
+# contributor covenant code of conduct
+
+## our pledge
+
+we are committed to making participation in this project a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## our standards
+
+positive behavior includes: welcoming and inclusive language; respect for differing viewpoints and experience; graceful acceptance of constructive criticism; focusing on what is best for the community; empathy toward other contributors.
+
+unacceptable behavior includes: sexualized language or imagery; personal attacks, trolling, or insulting comments; public or private harassment; publishing others' private information without permission; conduct that would reasonably be considered inappropriate in a professional setting.
+
+## our responsibilities
+
+maintainers are responsible for clarifying standards and will take fair corrective action in response to unacceptable behavior. they may remove, edit, or reject contributions that do not align with this code of conduct, and may ban contributors for harmful behavior.
+
+## scope
+
+this code applies in all project spaces — issues, pull requests, discussions — and in public spaces when an individual is representing the project.
+
+## enforcement
+
+report abusive, harassing, or otherwise unacceptable behavior to **conduct@openroar.org**. all complaints will be reviewed and investigated promptly and fairly, and the team will maintain confidentiality with regard to the reporter.
+
+## attribution
+
+adapted from the [contributor covenant](https://www.contributor-covenant.org), version 2.1.

openroar-1.0.0b1/CONTRIBUTING.md

@@ -0,0 +1,61 @@
+# contributing to openroar
+
+thanks for being here. openroar is a small project with a real purpose — a safe, customizable interface between agents and language models, built in the open. every contribution moves that forward.
+
+## before you start
+
+read the [code of conduct](CODE_OF_CONDUCT.md). it's short. we mean it.
+
+planning something non-trivial — a new adapter, a change to the safety gate, a structural refactor? open an issue first. a two-sentence description of what and why saves everyone time.
+
+## dev setup
+
+requires python 3.11+.
+
+```bash
+git clone https://github.com/alexandercharlie-hub/openroar-alpha.git
+cd openroar-alpha
+python -m venv .venv && source .venv/bin/activate
+pip install -e ".[dev]"
+pytest
+```
+
+we use `ruff` for both lint and format. install the repo's git hooks — the pre-commit cadence guard and the pre-ship gate — with `bash tools/install_hooks.sh`.
+
+## the engineering bar
+
+all contributions follow the 20 canonical principles in [`docs/engineering/ENGINEERING_PRINCIPLES.md`](docs/engineering/ENGINEERING_PRINCIPLES.md) — DRY, YAGNI, separation of concerns, idempotency, fail-fast, edge-case + mocking discipline. the 12-point review checklist there is what every PR is measured against. a "no" without a named `# DEBT:`/`# SMELL:` blocks merge.
+
+## proposing a sample agent
+
+sample agents live in `agents/`. each is a SOUL (identity, capabilities, constraints) + a short README. before a PR: it must pass the safety gate at the strictest default, require no credentials beyond a standard install, and be honest about what it can and can't do.
+
+## the spec-and-ADR discipline
+
+any change to the contract between components — the manifest schema, safety-gate behavior, vault access, provider interfaces — needs an ADR under `adrs/` (template + the why at [`adrs/0001`](adrs/0001-architecture-decision-records.md)). an ADR is a two-page explanation of what you decided and why, so the next person doesn't reverse-engineer it.
+
+## opening a pull request
+
+- branch from `dev` (the integration branch; `staging` and `main` are promotion targets), name it descriptively (`fix/vault-key-rotation`, `feat/ollama-adapter`)
+- one thing per PR; clear description (what changed, why, how to test)
+- all tests pass; tests mock external I/O (no network)
+- safety-gate / manifest / vault changes need an ADR
+
+## signed commits
+
+commits to `dev`, `staging`, and `main` should be signed. it takes one setup step and gives every change a verifiable author — which matters for a safety project.
+
+```bash
+# SSH signing (simplest if you already push over SSH)
+git config gpg.format ssh
+git config user.signingkey ~/.ssh/id_ed25519.pub
+git config commit.gpgsign true
+```
+
+add the same key as a *signing* key in your GitHub account (Settings → SSH and GPG keys) so commits show as **Verified**. GPG signing works too — see GitHub's docs. CI and reviewers treat an unsigned commit on a protected branch as a finding, not a blocker, during the alpha.
+
+## filing bugs
+
+use [github issues](https://github.com/alexandercharlie-hub/openroar-alpha/issues) — platform, python version, what you ran, expected vs actual, a minimal repro. for security, do **not** open a public issue; read [SECURITY.md](SECURITY.md).
+
+if you're unsure about any of this, open a discussion. we'd rather answer a question than reject a PR we can't merge.