The ROSIE framework is defined by five Request for Comments (RFC) documents. Together, they specify the data structures, engine behavior, evidence formats, API contracts, and qualification requirements for a compliant implementation.

RFC Overview

RFCTitleStatusFocus
RFC-001Data StandardDraftTagging syntax, manifest schema
RFC-002Engine SpecDraftHard-gates, AI protocols, sync logic
RFC-003Evidence StandardDraftArtifact packaging, 21 CFR Part 11
RFC-004API InterfaceDraftSoR connector, REST contracts
RFC-005TQ BaselineDraftSelf-validation, product archetypes

RFC-001: Data Standard

”Truth-in-Repo” Schema

Defines the universal syntax and structure for embedding GxP validation metadata within Git repositories. Covers:

  • Repository manifest (gxp-product.md)
  • Requirement schema in Markdown
  • Annotation syntax (@gxp-id, @gxp-traces, @gxp-type)
  • Directed acyclic graph (DAG) representation

Read RFC-001 →

RFC-002: Engine Spec

Integrity Guard and Sync

Defines the functional requirements for the ROSIE Engine — the automated orchestrator responsible for:

  • Dual-ledger synchronization (repo ↔ SoR)
  • Manifest hash computation
  • Pre-commit enforcement
  • AI agent protocols
  • Release Readiness Token (RRT) generation

Read RFC-002 →

RFC-003: Evidence Standard

Artifact Packaging

Defines the structure of the gxp-execution.json artifact for capturing automated test outputs in a format that satisfies 21 CFR Part 11:

  • Evidence package schema
  • Environment state capture
  • Visual evidence requirements
  • Log sanitization rules
  • Immutability guarantees

Read RFC-003 →

RFC-004: API Interface

SoR Connector

Defines the RESTful API contract that any System of Record must implement to support ROSIE:

  • Core endpoints (/sync/manifest, /release/readiness, /evidence/upload)
  • Security requirements (mTLS, OAuth2)
  • Non-repudiation via signed requests

Read RFC-004 →

RFC-005: TQ Baseline

Tool Qualification and Product Archetypes

Provides the standard protocol and reference data required to qualify a ROSIE Engine:

  • Golden repository reference data
  • Product archetype definitions
  • Self-validating continuous validation (SVCV)
  • OQ/PQ protocols for the engine itself

Read RFC-005 →

Implementation Status

RFC-001 Data Standard ............ DRAFT
RFC-002 Engine Spec .............. DRAFT
RFC-003 Evidence Standard ........ DRAFT
RFC-004 API Interface ............ DRAFT
RFC-005 TQ Baseline .............. DRAFT