Skip to content

IvanDeepVerify/botprotocol

Bot Protocol

Open specification for AI agent identity, delegation, and accountability.

License Status Whitepaper


The problem

By 2026, autonomous AI agents are entering production. They book flights, sign documents, file complaints, manage portfolios, and make customer service calls. Existing identity standards (OAuth 2.1, OIDC, SPIFFE, W3C DID) were designed for humans and fixed service accounts. They do not address:

  • Multi-hop delegation from a human subject to an autonomous agent
  • Cross-organizational verification of agent authority
  • Cryptographic linkage between human intent and agent action
  • Real-time revocation across organizational boundaries
  • Tamper-evident audit trails verifiable by third parties

When an AI agent acts on behalf of a person, current infrastructure cannot reliably answer: who authorized this, with what limits, and is the authorization still valid?

What Bot Protocol provides

Bot Protocol is an open specification that defines:

  1. Agent Identity (AID) — a verifiable cryptographic identifier for AI agents, compatible with W3C DID
  2. Delegation Token (DT) — explicit semantics for delegating bounded authority from a subject to an agent
  3. Authority Chain — multi-hop delegation with monotonic scope reduction
  4. Action Receipt (AR) — tamper-evident records of every action, forming a hash-chain
  5. Real-time Revocation — synchronous and push-based revocation across domains

The protocol does not invent new cryptographic primitives. It defines a semantic layer over existing standards (Ed25519, JWT, COSE) that captures the missing piece: the verifiable chain of delegation between humans and autonomous agents.

Read the whitepaper

The complete v0.1 whitepaper is available in two formats:

Repository structure

Folder Purpose
spec/ Technical specification, broken into 9 chapters
whitepaper/ The whitepaper in HTML and Markdown
reference/ Reference implementations (planned, see ROADMAP.md)
examples/ Code examples (planned)
docs/ FAQ, glossary, comparisons with other standards

Status

This is a draft v0.1, published for community review. The repository is being actively developed. Some specification chapters are placeholders pointing to the whitepaper. See ROADMAP.md for the development plan.

The protocol is not yet ready for production deployment. It is ready for technical review, threat modeling discussions, and pilot integration design.

How to contribute

There are several ways to participate:

  1. Read the whitepaper and specification. Open issues for questions, ambiguities, or suggested changes. Use the issue templates in .github/ISSUE_TEMPLATE/.
  2. Review the threat model. Especially valuable feedback from security researchers and identity experts.
  3. Propose specification changes via pull requests. See CONTRIBUTING.md.
  4. Report security issues privately. See SECURITY.md.

Comparison with existing standards

Standard What it covers Gap that Bot Protocol addresses
OAuth 2.1 / OIDC Client authentication, single-hop delegation Multi-hop chains, agent-to-agent semantics
SPIFFE / WIMSE Workload identity inside infrastructure Cross-organizational delegation
W3C DID / VC Decentralized identity, verifiable credentials Delegation semantics, runtime constraints
C2PA Content provenance Identity of the agent that produced the content
OAuth CIBA Asynchronous user confirmation Cryptographic binding to biometrics

See docs/comparison.md for a detailed analysis.

License

Apache License 2.0. See LICENSE and NOTICE.

The Apache 2.0 license is chosen specifically for its patent grant clause, which is important for protocol specifications.

Contact

Citation

If you reference Bot Protocol in research:

@misc{botprotocol2026,
  author = {Stepin, Ivan and Bot Protocol contributors},
  title  = {Bot Protocol: Open Specification for AI Agent Identity and Delegation, v0.1},
  year   = {2026},
  url    = {https://botprotocol.io}
}

Bot Protocol is initiated as part of research at DeepVerify. It is published under Apache 2.0 as community infrastructure, not as a vendor-controlled product.

About

Forensic deepfake detection for Russian courts. Sister project to https://deepverify.io

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Contributors