Agents generate code. DNA tells them what it should be.
ribo.dev is the identity layer that sits above your code and below your agents. It declares what your software is. Agents read it. CI validates against it. Teams query it.
The Seven Atoms of Software Identity
Each atom captures a different dimension of what your system is. Together they give agents the full picture before they write a single line.
Intent
What this service does and, just as importantly, what it does not do. The boundary that keeps agents focused.
Invariant
The non-negotiables. Rules that can never be broken, no matter the context or which agent is generating.
Contract
Exact interface expectations between services. What goes in, what comes out, what happens when it fails.
Algorithm
The specific logic patterns chosen for a reason. Not "sort the list" but which sort and why.
Evaluation
How you measure success. The metrics that tell you whether this service is doing its job.
Pace
How fast this service moves and how stable it needs to stay. The guardrails on deployment velocity.
Monitor
What to watch and who to wake up. Health definitions that agents use to generate the right alerts.
Semantic Identity Search
Agents don't search for file paths. They ask questions in plain English. ribo.dev maps natural language to your identity artifacts and returns the answer with the source.
"All microservices must use OIDC with short-lived bearer tokens. No local session storage permitted."
"GET /auth/token returns 200 with access_token (TTL 300s) or 429 with retry_after header."
Native MCP Support
One JSON block connects your identity layer to every MCP-compatible tool. Claude, Cursor, Copilot, your custom internal agents. They all read the same DNA before generating a single line.
- settings_input_componentZero-config server for Claude Desktop
- apiReal-time identity verification in every IDE
{
"mcpServers": {
"ribo": {
"command": "ribo",
"args": ["mcp", "serve"]
}
}
}The Difference Identity Makes
Three scenarios. Same team, same tools. The only variable is whether agents can read the identity before they act.
cancelAgent without DNA
Agent generates a payment endpoint. No idempotency. Wrong error format. Ignores the rate limiting convention. Passes code review because the reviewer is checking syntax, not intent.
check_circleAgent with DNA
Same agent, same prompt. Reads the identity first: idempotency required, errors follow RFC 7807, rate limiting uses shared middleware. Generates compliant code from the start.
cancelCI without DNA
Tests pass. Linter is clean. PR merges. Two weeks later the team discovers the new service violates the zero-trust boundary and stores sessions locally.
check_circleCI with DNA
CI validates the PR against the identity layer. Drift detected: "local session storage violates Auth-Stateless-Policy." Blocked before merge.
cancelNew engineer without DNA
Spends two weeks reading docs, Slack threads, and stale Confluence pages. Still asks the wrong person about auth. First PR gets rejected for violating an unwritten rule.
check_circleNew engineer with DNA
Runs ribo search "how do we handle auth?" and gets the answer in seconds. First PR ships on day two.
Define what your software is.
Your software already has an identity. It is just not written down yet.