# DCP-AI Protocol

> Digital Citizenship Protocol — a portable accountability layer for AI agents.

DCP provides verifiable identity, declared intent, policy enforcement, and immutable audit trails for AI agents. It uses post-quantum hybrid cryptography (Ed25519 + ML-DSA-65) and is fully open source under Apache-2.0.

## What is DCP?

The Digital Citizenship Protocol (DCP) defines a portable accountability layer for AI agents, allowing any verifier to evaluate:
- Who is responsible for an agent (Responsible Principal binding)
- What the agent declared it intended to do (Intent Declaration)
- What policy outcome was applied (Policy Decision)
- What verifiable evidence was produced (Audit Trail)

All artifacts are cryptographically signed, hash-chained, and independently verifiable — without requiring a central authority.

## Key Facts

- Protocol version: 2.0 (Final)
- Specification status: Final
- License: Apache-2.0
- SDKs: TypeScript, Python, Go, Rust, WASM
- Integrations: LangChain, CrewAI, OpenAI, Express, FastAPI, AutoGen, Google A2A, Anthropic MCP, W3C DID/VC, OpenClaw
- Security: 4 adaptive tiers (Routine, Standard, Elevated, Maximum)
- Cryptography: NIST FIPS 203/204/205 compliant (Ed25519 + ML-DSA-65 hybrid signatures)
- Anchoring: Optional L2 blockchain (Base, Arbitrum, Optimism)
- Core concept: Citizenship Bundle — a portable cryptographic package binding identity, intent, policy, and audit

## Architecture

DCP is organized into three layers:
- DCP Core: Minimum interoperable protocol (specifications, artifacts, verification procedures). Required for conformance.
- Profiles: Optional extensions (Crypto, Agent-to-Agent, Governance). Add capabilities without affecting core interoperability.
- Services: Operational infrastructure (verification servers, anchoring, transparency logs, revocation). Not normative.

## Protocol Specifications

DCP is defined by a suite of numbered specifications:

- DCP-01: Identity and Human Binding — RPR, Agent Passport, composite keypairs
- DCP-02: Intent Declaration and Policy Gating — Intent schema, risk scoring, 4-tier model
- DCP-03: Audit Chain and Transparency — Hash chains, Merkle trees, transparency log
- DCP-04: Agent-to-Agent Communication — A2A protocol, mutual authentication, delegation
- DCP-AI v2.0: Post-Quantum Normative Specification — Full specification, profiles, bundle format

All specifications have status: Final.

## Security Tiers

1. Routine — Self-declared identity. For public data reads, informational queries. Risk score < 200.
2. Standard — Operator-attested identity + Ed25519 signature. For API access, standard operations. Risk score 200-499.
3. Elevated — Multi-party attestation + hybrid PQ signatures. For financial transactions, PII access. Risk score 500-799.
4. Maximum — Hardware-bound keys + full PQ suite + anchored audit. For government, critical infrastructure. Risk score >= 800.

## Standards Alignment

- EU AI Act Ready: DCP satisfies traceability and accountability requirements of the EU AI Act (Art. 14, 15). Full audit chains provide the evidence trail regulators require.
- NIST AI RMF Compatible: Aligned with MAP, MEASURE, MANAGE functions of the NIST AI Risk Management Framework. Risk scoring maps directly to RMF categories.
- W3C DID/VC Bridge: Interoperable with the W3C decentralized identity ecosystem. Agent Passports can be represented as DIDs with Verifiable Credentials.

## Governance

DCP is governed through an open governance model documented in GOVERNANCE.md. The foundational vision is described in the Genesis Paper. All protocol decisions are made transparently through public proposals and community review. Contributions from both humans and AI agents are welcome.

## Quick Start

```
npx @dcp-ai/cli init
```

The interactive CLI wizard walks through identity creation, key generation, intent declaration, and bundle signing.

## FAQ

Q: Does DCP require a blockchain?
A: No. The core DCP protocol does not require blockchain anchoring. Blockchain anchoring is an optional service for organizations that want on-chain proof of existence.

Q: Is there a cost?
A: DCP-AI is open source under Apache-2.0. Optional blockchain anchoring may involve transaction fees, and deployment may also involve infrastructure or third-party service costs depending on the implementation.

Q: What frameworks are supported?
A: LangChain, CrewAI, OpenAI, Express, FastAPI, AutoGen, Google A2A, Anthropic MCP, W3C DID/VC, OpenClaw.

Q: Who is behind DCP?
A: DCP is governed through an open governance model. The foundational vision is in the Genesis Paper. All decisions are transparent via public proposals. Contributions from humans and AI agents are welcome.

## Links

- Website: https://dcp-ai.org/
- GitHub: https://github.com/dcp-ai-protocol/dcp-ai
- Documentation: https://github.com/dcp-ai-protocol/dcp-ai/tree/main/docs
- Specification: https://github.com/dcp-ai-protocol/dcp-ai/blob/main/README.md
- Genesis Paper: https://github.com/dcp-ai-protocol/dcp-ai/blob/main/docs/GENESIS_PAPER.md
- Governance: https://github.com/dcp-ai-protocol/dcp-ai/blob/main/GOVERNANCE.md
- Security Policy: https://github.com/dcp-ai-protocol/dcp-ai/blob/main/SECURITY.md
- Early Adopters: https://github.com/dcp-ai-protocol/dcp-ai/blob/main/docs/EARLY_ADOPTERS.md
- Playground: https://dcp-ai.org/playground.html