Vol. INo. 1
Gazette of preview dispatches

The Aridesk & Co. Dispatches

— being notice of what has shipped, dated and real —

❦   ❧   ❦
Editorthe builder
Correspondentevery commit
Pricefree & open
DistributedCupertino & elsewhere
Filed from the workshop  ·  2026 · April

First Preview — inside Aricode v0.5.2

A notice on the debut of the Desk mode, the gate, the broker, and what it can and cannot yet do.

Aridesk makes its first appearance as a second mode inside aricode — a small CLI surface, a co-hosted broker, a three-tier gate around every agent, and a Desk tab on the paired phone. Nothing here is stable yet; we expect the shape to change. What follows is the manifest, article by article, of what has arrived and what remains.

Article I  ·  Of what is new

the gate, the broker, & the keyring

  1. aricode desk — a new CLI group with init, new, list, edit, logs, start, stop, and doctor. The runtime is held foreground; logs stream to the terminal you started it in.
  2. the gate — three plain things stacked. The agent's terminal.run, file.* and host calls are pinned to ~/.aricode/desk/agents/<slug>/workspace/; an exec policy classifies each shell command into auto, gate, or deny before the shell sees it; anything outside that pin pauses on the phone as a petition. Each agent loads on the first message and rests after idle.
  3. the broker — a unix-socket daemon executing AppleScript on the agent's behalf, gated by per-operation approval from your phone. Scoped "always allow" rules live in rules.json; every call, approved or denied, is logged to approvals.jsonl.
  4. the keyring — named toolsets (browser, terminal, files, web, host) with allow/deny semantics. Deny overrides allow. Always.
  5. dramatis personae — four seed templates (research, inbox, calendar, shopper), each with its own soul.md, instructions.md, and agent.md.
  6. desk frames on the companion protocol — desk.message, desk.delta, desk.tool.call, desk.tool.result, desk.approval.required, desk.approval.decision, desk.agent.notify.
  7. capability gating — the phone's Desk tab appears only when the paired desktop advertises capabilities.desk in its hello frame, so older pairings stay clean.
  8. REPL slash-command/desk <agent> <text> inside aricode dispatches to a local agent without needing the phone, for Mac-side triage.
Article II  ·  Of known gaps

what has not yet arrived

  1. No APNS push. The phone must be foreground to surface agent-initiated messages.
  2. Container-grade sandboxing is not in this release. The host-process gate (workspace pin · exec policy · phone petition) is the discipline today; iron walls are a long horizon.
  3. Mac-only. Windows and Linux hosts will come later.
  4. No delegation, no voice mode.
Article III  ·  Of notes and erratum

minor clauses & particulars

  1. Memory is a single memory.md curated by the agent itself — loaded whole into the system prompt each turn. Embeddings are not on the roadmap.
  2. Approval cards in AriCore show the exact AppleScript verbatim. You always see what is being asked.
  3. The Chromium profile lives in a per-agent volume, so each agent's logins, cookies, and open tabs survive across restarts.
Next edition
v0.2 — scheduled & remembered
Bringing cron-like waking, APNS push, and a scheduler daemon so agents can come to you without being asked.
Correspondence
Report a rough edge, propose a template, or argue with a design decision —
[email protected]  ·  github.com/MrMufasii/ariadne
Colophon
Typeset in Cormorant Garamond and IBM Plex. Pressed in MMXXVI. No advertisements accepted.
Aridesk  /  Dispatches  /  Vol. I All notices dated, none anonymous