Identity, intent, audit, communication, lifecycle, succession, dispute resolution, rights, and delegation — every AI agent needs a verifiable accountability surface. DCP defines that surface through nine interoperable specs, hybrid post-quantum cryptography, and four reference SDKs that produce byte-identical bundles across TypeScript, Python, Go, and Rust.
The Problem
Billions of AI agents are being deployed across industries. But today, there is no standard way to verify who controls them, what they intend to do, or what they actually did.
When an AI agent accesses your API, sends an email, or executes a transaction — who is responsible? Today, there is no cryptographic way to verify the human or organization behind an agent.
Agents act without declaring what they intend to do before doing it. There is no pre-action commitment, no policy gate, and no risk assessment — just execution.
When things go wrong, there is no tamper-proof record of what happened. Logs can be altered, deleted, or simply not exist. Compliance and forensics become significantly harder and less reliable.
The Solution
DCP is a layered protocol. The Core (DCP-01..03 + Bundle + Verification + canonicalization profile) is the minimum interoperable unit — any verifier with just the Core can validate any DCP artifact. Profiles and Services extend it without ever requiring it.
Three foundation specs plus the Bundle format, the Verification checklist, and a frozen canonicalization profile. Implementing only this guarantees byte-exact interop with every DCP verifier on earth.
Every agent is bound to a real human or organization through a Responsible Principal Record, signed with hybrid keypairs.
Before acting, the agent declares intent. A policy engine evaluates risk and authorizes, gates, or blocks the action.
Every action produces a hash-chained, Merkle-sealed audit entry. The complete trail is packaged into a portable Citizenship Bundle.
Each profile is a self-contained extension. Adopt the ones your deployment needs; skip the rest. A Core-only verifier and a fully-profiled verifier still interoperate.
Hybrid Ed25519 + ML-DSA-65 composite signatures with pq_over_classical binding, ML-KEM-768 key encapsulation, SLH-DSA hash signatures.
DCP-AI v2.0
Agent discovery, mutual-auth handshake, encrypted session, delegation across organisational boundaries with AES-256-GCM channels.
DCP-04
Lifecycle, succession, dispute resolution, rights & obligations, personal representation. The constitutional layer for autonomous agents.
DCP-05 · DCP-06 · DCP-07 · DCP-08 · DCP-09
Verifier server (port 3000), anchor service (3001), transparency log (3002), revocation service (3003). Every Core verifier can run completely offline; these services exist to scale, not to enable.
Deployment Models
Three real deployment shapes. The Core is sufficient for full byte-exact interop; Profiles add capability; Services add scale. Drop a layer at any time without breaking conformance.
SDK + the four Core specs. No services, no profiles. Verifies bundles entirely offline against published JSON Schemas and the canonicalization profile. Suitable for libraries that ship verification as a primitive.
Adds hybrid post-quantum signatures (DCP-AI v2.0) and agent-to-agent communication (DCP-04). The default path for new agents. Compatible with every Core-only verifier.
Adds the Governance Profile (lifecycle, succession, disputes, rights, delegation) plus the operational services (verifier, anchor, transparency-log, revocation). For deployments that need formal arbitration, audit anchoring, and lifecycle governance.
Cross-deployment compatibility: a Core-only verifier accepts bundles from a Full deployment, ignoring fields it does not know. A Full verifier verifies a Core-only bundle, treating absent profile fields as their normative defaults. Tested across all four reference SDKs with 14 byte-exact interop fixtures.
How It Works
Every AI action flows through a cryptographically signed pipeline. The output is a Citizenship Bundle — a portable, independently verifiable proof of authorized activity.
A Responsible Principal Record ties a real person or organization to an Agent Passport using Ed25519 + ML-DSA-65 composite keypairs. Cryptographically attributable chain of responsibility.
Before any sensitive action, the agent declares intent: what it wants to do, which data is involved, and the estimated impact. A policy engine gates the action.
Every action produces an audit entry with dual-hash chains (SHA-256 + SHA3-256). Post-quantum checkpoints periodically seal the chain with hybrid signatures.
All artifacts are assembled into a Citizenship Bundle with a cryptographic manifest. Composite-signed, portable, and independently verifiable with published tools and procedures.
import { BundleBuilder, KeyManager } from '@dcp-ai/sdk'; const keys = await KeyManager.generate({ algorithm: 'hybrid' }); const bundle = await new BundleBuilder() .setIdentity({ name: 'my-agent', operator: 'org:acme' }) .addIntent({ action: 'api_call', resource: 'payments', tier: 'elevated' }) .sign(keys) .build(); // bundle is now a portable, verifiable Citizenship Bundle
Protocol Specifications
Each numbered spec is independently implementable. The first column links to the rendered version on docs.dcp-ai.org with full edge-case tables, JSON Schema references, and verification procedures.
| Spec | Title | Scope | Status |
|---|---|---|---|
| DCP-01 | Identity and Human Binding | RPR, Agent Passport, composite keypairs | Final |
| DCP-02 | Intent Declaration and Policy Gating | Intent schema, risk scoring, 4-tier model | Final |
| DCP-03 | Audit Chain and Transparency | Hash chains, Merkle trees, transparency log | Final |
| BUNDLE | Citizenship Bundle Format | Bundle structure, manifest fields, signed envelope, hash binding | Final |
| VERIFICATION | Verification Procedures | Normative checklist for verifying a Signed Bundle entirely offline | Final |
| dcp-jcs-v1 | Canonicalization Profile | 9 rules, 22-input edge-case table, byte-exact across 4 SDKs | Final |
| Spec | Title | Scope | Status |
|---|---|---|---|
| DCP-AI v2.0 | Post-Quantum Normative Specification | Hybrid Ed25519 + ML-DSA-65, ML-KEM-768, SLH-DSA, composite signatures | Final |
| DCP-04 | Agent-to-Agent Communication | A2A protocol, mutual auth, AES-256-GCM session encryption, delegation | Final |
| Spec | Title | Scope | Status |
|---|---|---|---|
| DCP-05 | Agent Lifecycle | Commissioning, vitality reports, decommissioning | Final |
| DCP-06 | Digital Succession & Inheritance | Digital testaments, memory transfer, succession execution | Final |
| DCP-07 | Conflict Resolution & Arbitration | Disputes, arbitration panels, jurisprudence bundles, precedent lookup | Final |
| DCP-08 | Rights & Obligations Framework | Rights declarations, obligations, violation reporting, compliance checks | Final |
| DCP-09 | Personal Representation & Delegation | Delegation mandates, advisory declarations, principal mirror, awareness thresholds | Final |
Adaptive Security
DCP can automatically select the appropriate cryptographic tier based on risk score, data classification, and action type, with support for policy overrides where needed.
Why Trust DCP
Full source code, specifications, and SDKs are publicly available. Audit it yourself.
Post-quantum algorithms (ML-DSA-65, ML-KEM-768, SLH-DSA) follow NIST finalized standards.
Hybrid Ed25519 + ML-DSA-65 composite signatures are designed to improve resilience against classical and future quantum threats.
Optional L2 anchoring (Base, Arbitrum, Optimism) provides on-chain proof of existence for bundles.
Certificate Transparency-style Merkle log with inclusion proofs.
Up to $15,000 for critical vulnerabilities. Responsible disclosure with 48-hour acknowledgment.
Standards Alignment
DCP provides technical capabilities that can support traceability and accountability workflows relevant to the EU AI Act (Art. 14, 15). Tamper-evident audit chains can help meet evidence trail expectations.
DCP-AI maps governance, risk identification, measurement, and mitigation workflows to the Govern, Map, Measure, and Manage functions of the NIST AI Risk Management Framework.
Interoperable with the W3C decentralized identity ecosystem. Agent Passports can be represented as DIDs with Verifiable Credentials.
Reference SDKs
TypeScript, Python, Go, and Rust produce byte-identical canonicalization, hashes, and signatures. WebAssembly compiles the Rust core for browser embedding. Versions below are live on the registries right now.
@dcp-ai/sdk
Reference SDK. Bundle builder, verifier, composite signing, full V2 pipeline. ESM + CJS, types included, OpenTelemetry optional.
dcp-ai
Pydantic V2 models, async-friendly composite ops, framework extras for FastAPI / LangChain / OpenAI / CrewAI.
sdks/go/v2
Idiomatic Go module with NIST KAT conformance. Optional OpenTelemetry via the otlp build tag.
dcp-ai
Pure-Rust implementation built on fips203/204/205. Compiles to WebAssembly for the browser SDK.
@dcp-ai/wasm
Browser-side bundle verification. Same Rust core compiled with wasm-bindgen; powers the public Playground.
Framework Integrations
Pre-wired adapters for the most common Python and Node frameworks. Each integration links to its README and (where available) a step-by-step quickstart on docs.dcp-ai.org.
@dcp-ai/express
import { dcpVerify } from "@dcp-ai/express";
app.use(dcpVerify({ tier: "elevated" }));
dcp-ai[fastapi]
from dcp_ai.fastapi import (
DCPVerifyMiddleware, require_dcp,
)
dcp-ai[langchain]
from dcp_ai.langchain import DCPAgentWrapper agent = DCPAgentWrapper(llm=ChatOpenAI(...))
dcp-ai[openai]
from dcp_ai.openai import DCPOpenAIClient client = DCPOpenAIClient(api_key="...")
dcp-ai[crewai]
from dcp_ai.crewai import (
DCPCrewAgent, DCPCrew,
)
agno-dcp
from agno_dcp import (
DCPAgent, DCPTeam, DCPWorkflow,
)
@dcp-ai/autogen
import { createDcpAutoGenAgent }
from "@dcp-ai/autogen";
@dcp-ai/google-a2a
import { passportToAgentCard }
from "@dcp-ai/google-a2a";
@dcp-ai/anthropic-mcp
import { DCP_MCP_TOOLS }
from "@dcp-ai/anthropic-mcp";
server.registerTools(DCP_MCP_TOOLS);
@dcp-ai/w3c-did
import { rprToDIDDocument }
from "@dcp-ai/w3c-did";
What's new — April 2026
dcp-jcs-v1 wired across the four SDKsA pre-publication review surfaced three subtle asymmetries in how the four SDKs canonicalised JSON. v2.8.0 published the normative profile and aligned numeric handling across Python and Rust; v2.8.1 wired the manifest field canonicalization_profile end to end so every produced bundle declares its profile and every verifier rejects unknown values.
dcp-jcs-v1 — frozen and normative9 numbered rules, a 22-input edge-case acceptance table, an explicit cross-language null/undefined map (TS / Python / Go / Rust), and a Unicode-out-of-scope clause with rationale. Future profiles register under their own identifier; verifiers refuse anything they don't recognise.
14 shared interop fixtures verify byte-identical output across TypeScript, Python, Go, and Rust. CI runs them on every PR; divergence is a release blocker. Local test counts after v2.8.1: TS 461 · Python 236 · Go 4 packages · Rust 181 across 10 binaries.
canonicalization_profile wired everywhereEvery BundleBuilder in the four SDKs emits the field by default. Verifiers accept absent (assume dcp-jcs-v1), accept "dcp-jcs-v1" explicitly, reject any other value. Backwards-compatible with every bundle produced under v2.0–v2.8.0.
Spec § 9 (Bundle Manifest) now lists the field; § 15 (Canonicalization) references the full profile document. The undefined-vs-null rule is a normative cross-language table, and Unicode normalization is explicitly out of scope (RFC 8259 § 8.1 referenced for application-layer NFC).
Get Started
Initialize a DCP identity, generate hybrid keys, and create your first verifiable bundle with a single command.
Early Adopter Program
Join our co-design partnership. Get direct access to the core team, priority support, influence over protocol decisions, and a published case study.
FAQ
dcp-ai 2.8.1, crates.io dcp-ai 2.8.1, Go module v2.8.1, npm @dcp-ai/sdk 2.1.1 — all live. 14 cross-SDK interop fixtures verify byte-exact agreement on every PR. The Early Adopter Program covers production hardening for specific deployments.dcp-jcs-v1. A verifier with only Core can validate any DCP artifact entirely offline. Profiles are optional extensions: Crypto (post-quantum hybrid signatures), A2A (agent-to-agent communication), and Governance (lifecycle, succession, disputes, rights, delegation — DCP-05..09). A Core-only verifier and a fully-profiled verifier still interoperate; missing profile fields are treated as their normative defaults.dcp-jcs-v1?
▼
1.0, 1.00, 1e2 are accepted and normalised to integer form), null preservation, cross-language null/undefined mapping, Unicode normalization explicitly out of scope. The four reference SDKs (TypeScript, Python, Go, Rust) produce byte-identical output for the same input. The full document is at docs.dcp-ai.org/specs/CANONICALIZATION_PROFILE.