DCP-AI Quick Start Guide¶
Get up and running with the Digital Citizenship Protocol in under 5 minutes.
Prerequisites¶
- Node.js 18+ (for TypeScript SDK / CLI)
- Python 3.10+ (for Python SDK)
1. Install the CLI¶
2. Initialize Your Agent¶
This creates the following files in your project:
| File | Purpose |
|---|---|
.dcp/config.json |
Agent configuration and metadata |
.dcp/keys/ |
Ed25519 + ML-DSA-65 keypairs |
.dcp/identity.json |
Responsible Principal Record (RPR) |
.dcp/passport.json |
Agent Passport |
3. TypeScript SDK¶
Create and Sign a Bundle (V1 — Ed25519)¶
import {
generateKeypair,
signObject,
verifyObject,
BundleBuilder,
signBundle,
verifySignedBundle,
} from '@dcp-ai/sdk';
// Generate an Ed25519 keypair
const keys = generateKeypair();
// Define artifacts
const hbr = {
dcp_version: '1.0',
human_id: 'human-001',
legal_name: 'Alice Johnson',
entity_type: 'natural_person',
jurisdiction: 'US-CA',
liability_mode: 'owner_responsible',
override_rights: true,
public_key: keys.publicKeyB64,
issued_at: new Date().toISOString(),
expires_at: null,
contact: 'alice@example.com',
};
const passport = {
dcp_version: '1.0',
agent_id: 'agent-001',
human_id: 'human-001',
public_key: keys.publicKeyB64,
capabilities: ['browse', 'api_call'],
risk_tier: 'low',
created_at: new Date().toISOString(),
status: 'active',
};
const intent = {
dcp_version: '1.0',
intent_id: 'intent-001',
agent_id: 'agent-001',
human_id: 'human-001',
timestamp: new Date().toISOString(),
action_type: 'api_call',
target: { channel: 'api', domain: 'api.example.com' },
data_classes: ['none'],
estimated_impact: 'low',
requires_consent: false,
};
const policy = {
dcp_version: '1.0',
intent_id: 'intent-001',
decision: 'approve',
risk_score: 15,
reasons: ['Low risk action'],
required_confirmation: null,
applied_policy_hash: 'sha256:abc123',
timestamp: new Date().toISOString(),
};
const audit = {
dcp_version: '1.0',
audit_id: 'audit-001',
prev_hash: '0'.repeat(64),
timestamp: new Date().toISOString(),
agent_id: 'agent-001',
human_id: 'human-001',
intent_id: 'intent-001',
intent_hash: signObject(intent, keys.secretKeyB64),
policy_decision: 'approved',
outcome: 'API call completed successfully',
evidence: { tool: 'fetch', result_ref: 'https://api.example.com/data' },
};
// Build the bundle
const bundle = new BundleBuilder()
.responsiblePrincipalRecord(hbr)
.agentPassport(passport)
.intent(intent)
.policyDecision(policy)
.addAuditEntry(audit)
.build();
// Sign the bundle
const signed = signBundle(bundle, keys.secretKeyB64);
// Verify the bundle
const result = verifySignedBundle(signed);
console.log('Verified:', result.verified); // true
Verify a Bundle¶
import { verifySignedBundle } from '@dcp-ai/sdk';
const result = verifySignedBundle(signedBundle);
if (result.verified) {
console.log('Bundle is valid');
} else {
console.error('Verification failed:', result.errors);
}
V2 — Post-Quantum Hybrid Signatures¶
import {
registerDefaultProviders,
getDefaultRegistry,
compositeSign,
compositeVerify,
BundleBuilderV2,
computeSecurityTier,
type CompositeKeyPair,
} from '@dcp-ai/sdk';
// Register Ed25519 + ML-DSA-65 providers
registerDefaultProviders();
const registry = getDefaultRegistry();
// Generate composite keypair
const ed = await registry.getSigner('ed25519').generateKeyPair();
const pq = await registry.getSigner('ml-dsa-65').generateKeyPair();
const keys: CompositeKeyPair = {
classical: { kid: 'ed-01', alg: 'ed25519', ...ed },
pq: { kid: 'pq-01', alg: 'ml-dsa-65', ...pq },
};
// Compute the security tier for your intent
const tier = computeSecurityTier(intentV2);
console.log('Security tier:', tier); // 'routine' | 'standard' | 'elevated' | 'maximum'
// Build a V2 bundle with the fluent builder
const bundle = new BundleBuilderV2(sessionNonce)
.responsiblePrincipalRecord(signedHbr)
.agentPassport(signedPassport)
.intent(signedIntent)
.policyDecision(signedPolicy)
.addAuditEntries(auditEvents)
.enableDualHash()
.build();
4. Python SDK¶
Create and Verify a Bundle¶
from dcp_ai import (
generate_keypair,
sign_object,
verify_object,
build_bundle,
sign_bundle,
verify_signed_bundle,
)
# Generate Ed25519 keypair
keys = generate_keypair()
# Define artifacts
hbr = {
"dcp_version": "1.0",
"human_id": "human-001",
"legal_name": "Alice Johnson",
"entity_type": "natural_person",
"jurisdiction": "US-CA",
"liability_mode": "owner_responsible",
"override_rights": True,
"public_key": keys["public_key_b64"],
"issued_at": "2025-01-01T00:00:00Z",
"expires_at": None,
"contact": "alice@example.com",
}
passport = {
"dcp_version": "1.0",
"agent_id": "agent-001",
"human_id": "human-001",
"public_key": keys["public_key_b64"],
"capabilities": ["browse", "api_call"],
"risk_tier": "low",
"created_at": "2025-01-01T00:00:00Z",
"status": "active",
}
# Sign and build
signed = sign_bundle(
build_bundle(hbr, passport, intent, policy, [audit]),
keys["secret_key_b64"],
)
# Verify
result = verify_signed_bundle(signed)
assert result["verified"] is True
5. Security Tiers¶
DCP automatically selects a cryptographic security tier based on the intent's risk profile:
| Tier | Name | Verification Mode | PQ Checkpoint Interval | Trigger |
|---|---|---|---|---|
| 0 | Routine | Classical only (Ed25519) | Every 50 events | Risk score < 200 |
| 1 | Standard | Hybrid preferred | Every 10 events | Risk score 200–499 |
| 2 | Elevated | Hybrid required | Every event | Risk score 500–799, PII, payments |
| 3 | Maximum | Hybrid required + immediate verify | Every event | Risk score ≥ 800, credentials |
import { computeSecurityTier, tierToVerificationMode } from '@dcp-ai/sdk';
const tier = computeSecurityTier(intent);
const mode = tierToVerificationMode(tier);
// tier: 'elevated', mode: 'hybrid_required'
6. Telemetry & Observability¶
import { dcpTelemetry } from '@dcp-ai/sdk';
dcpTelemetry.init({
serviceName: 'my-agent',
enabled: true,
exporterType: 'console', // or 'otlp'
});
// Automatic span tracking
const spanId = dcpTelemetry.startSpan('sign_bundle', { tier: 'elevated' });
// ... perform operation ...
dcpTelemetry.endSpan(spanId);
// Record metrics
dcpTelemetry.recordSignLatency(12.5, 'ed25519');
// Get summary
const summary = dcpTelemetry.getMetricsSummary();
console.log(summary.sign.p95); // p95 sign latency in ms
7. Agent-to-Agent (A2A) Communication¶
import { createHello, createWelcome, createSession, encryptMessage } from '@dcp-ai/sdk';
// Agent A initiates
const hello = createHello(bundleA, kemPublicKeyB64, ['api_call'], 'standard');
// Agent B responds
const welcome = createWelcome(bundleB, kemPubB, kemCiphertextB64, 'standard');
// Establish encrypted session
const session = createSession(sessionId, sessionKey, 'agent-a', 'agent-b', 'standard');
// Send encrypted messages
const encrypted = encryptMessage(session, { action: 'transfer', amount: 100 });
Next Steps¶
- LangChain Integration — Add DCP to LangChain agents
- CrewAI Integration — Add DCP to CrewAI crews
- OpenAI Integration — Add DCP to OpenAI function calling
- Express Middleware — Verify DCP bundles in Express APIs
- API Reference — Complete SDK documentation
- Protocol Specification — Full DCP v2.0 specification
- Security Model — Threat model and security architecture