docs(integrations): register agno-dcp as the 11th framework integration

lktron00 · lktron00 · commit a9d3e9f93c41 · 2026-04-28T00:49:48.000-04:00
Adds the Agno integration to docs.dcp-ai.org and the main README. - New `docs/QUICKSTART_AGNO.md`: 60-second onramp covering install, DCPAgent + DCPTeam + DCPWorkflow wrappers, run_tool pipeline, YAML policy authoring, audit chain sealing, offline verifier, Compliance Bundle export, and the production Postgres swap. - `mkdocs.yml`: nav entry under Quick Start. - `scripts/build-docs-site.sh`: copies the new file to out/quickstart/. - `README.md`: adds an "Agno" row to the Framework Integrations table and an AGNO node to the Mermaid stack diagram. Integrations count bumped from 10 to 11. agno-dcp ships as a separate pip package (not a dcp-ai[agno] extra) because it pins agno>=2.0.0 as a peer dependency. The cryptographic primitives import from dcp-ai>=2.8.1 so produced bundles are byte-exact compatible with every DCP-AI verifier. Source: https://github.com/dcp-ai-protocol/agno-dcp PyPI: https://pypi.org/project/agno-dcp/
diff --git a/README.md b/README.md
@@ -156,12 +156,13 @@ graph TB
     WA["WASM Module"]
   end
 
-  subgraph integrations["Integrations (10)"]
+  subgraph integrations["Integrations (11)"]
     EX["Express Middleware"]
     FA["FastAPI Middleware"]
     LC["LangChain"]
     OA["OpenAI"]
     CR["CrewAI"]
+    AGNO["Agno (agno-dcp)"]
     OC["OpenClaw Plugin"]
     W3C["W3C DID/VC Bridge"]
     A2A["Google A2A Bridge"]
@@ -247,6 +248,7 @@ Drop-in DCP governance for popular AI and web frameworks.
 | **LangChain** | [![PyPI extra](https://img.shields.io/pypi/v/dcp-ai?label=dcp-ai%5Blangchain%5D&logo=pypi&logoColor=white)](https://pypi.org/project/dcp-ai/) | `DCPAgentWrapper`, `DCPTool`, `DCPCallback` | [integrations/langchain/](integrations/langchain/README.md) |
 | **OpenAI** | [![PyPI extra](https://img.shields.io/pypi/v/dcp-ai?label=dcp-ai%5Bopenai%5D&logo=pypi&logoColor=white)](https://pypi.org/project/dcp-ai/) | `DCPOpenAIClient`, `DCP_TOOLS` function calling | [integrations/openai/](integrations/openai/README.md) |
 | **CrewAI** | [![PyPI extra](https://img.shields.io/pypi/v/dcp-ai?label=dcp-ai%5Bcrewai%5D&logo=pypi&logoColor=white)](https://pypi.org/project/dcp-ai/) | `DCPCrewAgent`, `DCPCrew` multi-agent governance | [integrations/crewai/](integrations/crewai/README.md) |
+| **Agno** | [![PyPI](https://img.shields.io/pypi/v/agno-dcp?label=agno-dcp&logo=pypi&logoColor=white&color=blue)](https://pypi.org/project/agno-dcp/) | `DCPAgent`, `DCPTeam`, `DCPWorkflow` wrappers (separate package) | [agno-dcp repo](https://github.com/dcp-ai-protocol/agno-dcp) |
 | **OpenClaw** | [![npm](https://img.shields.io/npm/v/@dcp-ai/openclaw?label=%40dcp-ai%2Fopenclaw&logo=npm)](https://www.npmjs.com/package/@dcp-ai/openclaw) | Plugin + SKILL.md, 6 agent tools | [integrations/openclaw/](integrations/openclaw/README.md) |
 | **W3C DID/VC** | [![npm](https://img.shields.io/npm/v/@dcp-ai/w3c-did?label=%40dcp-ai%2Fw3c-did&logo=npm)](https://www.npmjs.com/package/@dcp-ai/w3c-did) | DID Document ↔ DCP identity bridge, VC issuance | [integrations/w3c-did/](integrations/w3c-did/README.md) |
 | **Google A2A** | [![npm](https://img.shields.io/npm/v/@dcp-ai/google-a2a?label=%40dcp-ai%2Fgoogle-a2a&logo=npm)](https://www.npmjs.com/package/@dcp-ai/google-a2a) | A2A Agent Card ↔ DCP identity, task governance | [integrations/google-a2a/](integrations/google-a2a/README.md) |
diff --git a/docs/QUICKSTART_AGNO.md b/docs/QUICKSTART_AGNO.md
@@ -0,0 +1,219 @@
+# Quickstart: Agno + DCP-AI
+
+[Agno](https://www.agno.com/) is a Python framework and runtime for building AI agents. The [`agno-dcp`](https://github.com/dcp-ai-protocol/agno-dcp) integration wraps Agno's `Agent`, `Team`, `Workflow`, and MCP primitives with the full DCP-AI governance stack: cryptographic identity (DCP-01), signed policy gating (DCP-02), tamper-evident audit (DCP-03), and signed inter-agent messaging (DCP-04).
+
+Unlike the other Python integrations (`dcp-ai[fastapi]`, `dcp-ai[langchain]`, ...), `agno-dcp` ships as a **separate package** because it depends on Agno as a peer dependency. The cryptographic primitives are imported from `dcp-ai>=2.8.1` so bundles produced by `agno-dcp` are byte-exact compatible with every DCP-AI verifier.
+
+The full source, end-to-end design notes, and API reference live in the dedicated repository: <https://github.com/dcp-ai-protocol/agno-dcp>. This page is a 60-second onramp.
+
+---
+
+## Install
+
+```bash
+pip install agno-dcp
+```
+
+For production with Postgres-backed storage:
+
+```bash
+pip install "agno-dcp[postgres]"
+```
+
+Requires Python 3.11+. Agno itself is a peer dependency; install your preferred Agno version separately.
+
+---
+
+## Wrap an Agno agent
+
+```python
+import asyncio
+
+from agno_dcp import (
+    DCPAgent,
+    PolicyEngine,
+    MerkleAuditChain,
+    SQLiteStorage,
+)
+
+
+async def main() -> None:
+    # 1. Storage and audit chain (DCP-03)
+    storage = SQLiteStorage("./agent.db")
+    audit = MerkleAuditChain(storage=storage)
+
+    # 2. Policy engine from a YAML file (DCP-02)
+    policy = PolicyEngine.from_yaml("policies.yaml")
+
+    # 3. Wrap an Agno Agent
+    agent = DCPAgent(
+        # Native Agno arguments (forwarded as-is)
+        name="Collections Agent",
+        model="claude:sonnet-4",
+        tools=[crm_lookup, payment_plan_offer],
+        instructions="You help customers reschedule overdue invoices.",
+        # DCP-AI governance arguments
+        dcp_human_principal="ops@example.com",
+        dcp_security_tier="tier-3",
+        dcp_audit_chain=audit,
+        dcp_policy_engine=policy,
+        dcp_strict_mode=True,
+    )
+    await agent.dcp_initialize()
+
+    # 4. Run a tool through the full DCP-AI pipeline:
+    #    intent + policy gate + tool execution + audit
+    result = await agent.run_tool(
+        crm_lookup,
+        {"customer_id": 12345},
+    )
+
+    # 5. Periodically seal a tamper-evident root signature
+    root = await audit.seal_root()
+    print(f"Sealed Merkle root: {root.root_hash}, entries: {root.entry_count}")
+
+
+asyncio.run(main())
+```
+
+The corresponding `policies.yaml`:
+
+```yaml
+version: "1.0"
+default: deny
+rules:
+  - name: "Allow CRM lookups"
+    when:
+      action_type: tool_call
+      tool_name: crm_lookup
+    then: allow
+
+  - name: "Limit payment discounts"
+    when:
+      action_type: tool_call
+      tool_name: payment_plan_offer
+      payload.discount_pct:
+        gt: 20
+    then: deny
+    reason: "Discounts above 20% require human approval"
+```
+
+The matcher supports dotted paths (`payload.discount_pct`) and the operators `eq`, `ne`, `gt`, `gte`, `lt`, `lte`, `in`, `nin`. The first matching rule wins; if none match, the `default` verdict applies.
+
+---
+
+## What `run_tool` does under the hood
+
+```
+DCPAgent.run_tool(tool, args)
+  ├── 1. Build and sign IntentDeclaration with the agent's keypair
+  ├── 2. PolicyGate.evaluate
+  │      ├── verify intent signature
+  │      ├── PolicyEngine.evaluate -> signed PolicyDecision
+  │      ├── persist intent + decision
+  │      └── append INTENT_DECLARED + POLICY_DECISION audit events
+  ├── 3. If deny + strict_mode -> raise PolicyDenied
+  ├── 4. Execute tool (sync or async)
+  ├── 5. Append TOOL_EXECUTED (or ERROR) audit event
+  └── 6. Return tool result
+```
+
+Strict vs observation mode:
+
+* `dcp_strict_mode=True`: a deny verdict raises `PolicyDenied` and the tool does not run.
+* `dcp_strict_mode=False` (default): the deny is logged and audited, but the tool still runs. Useful for onboarding when you want audit trails before you have policy coverage.
+
+---
+
+## Teams and workflows
+
+```python
+from agno_dcp import DCPTeam, DCPWorkflow
+
+team = DCPTeam(
+    dcp_team_name="Collections + Risk",
+    dcp_human_principal="ops@example.com",
+    members=[collections_agent, risk_agent],
+    dcp_audit_chain=audit,  # shared chain across the team
+)
+await team.dcp_initialize()
+
+workflow = DCPWorkflow(
+    dcp_workflow_id="escalation",
+    dcp_human_principal="ops@example.com",
+    dcp_audit_chain=audit,
+    dcp_strict_mode=True,
+)
+await workflow.dcp_initialize()
+result = await workflow.run_step("evaluate_credit", evaluate_credit_fn, {"amount": 5000})
+```
+
+Both wrappers reuse the team's audit chain so an external auditor sees a coherent ordering of agent actions and team coordination.
+
+---
+
+## Verify an audit chain offline
+
+```bash
+agno-dcp verify --sqlite ./agent.db
+agno-dcp verify --postgres-url $DATABASE_URL --agent-id agent:abc123 --range 0:1000
+```
+
+The CLI walks the chain, recomputes every `entry_hash`, validates the `prev_hash` linkage, and verifies the embedded signature on every sealed Merkle root. Exits non-zero on corruption.
+
+---
+
+## Compliance bundle export
+
+For auditor handoff, ship a signed ZIP:
+
+```python
+from pathlib import Path
+from agno_dcp import ComplianceBundleExporter
+
+exporter = ComplianceBundleExporter(audit, storage)
+zip_path = await exporter.export(
+    framework="eu_ai_act",   # or "nist_ai_rmf"
+    output_dir=Path("./bundles"),
+)
+```
+
+The archive contains the audit log in index order, every sealed Merkle root, the relevant Citizenship Bundles, and the framework mapping (EU AI Act articles 12, 13, 14, 15, 50, or NIST AI RMF Govern/Map/Measure/Manage subcategories). The whole archive is signed with the audit chain's keypair so an auditor detects tampering between export and review.
+
+---
+
+## Production deployment
+
+Swap `SQLiteStorage` for `PostgresStorage` and the application code stays identical:
+
+```python
+from agno_dcp import PostgresStorage  # requires the [postgres] extra
+
+storage = PostgresStorage("postgresql+psycopg://user:pass@host/db")
+await storage.initialize()
+audit = MerkleAuditChain(storage=storage)
+```
+
+The bundled idempotent schema (`agno_dcp/storage/schema.sql`) reuses the same database that hosts Agno's own tables; the `dcp_*` prefix on every table avoids collisions.
+
+---
+
+## Status
+
+`agno-dcp v0.1.0` (April 2026) is an **early access** release. Suitable for evaluation, demo work, and internal pilots. End-to-end demo, AWS / GCP KMS key custody, and DCP-05 through DCP-09 (lifecycle, succession, dispute, rights, delegation) are scheduled for future minor releases.
+
+Status of the package on the registries:
+
+* PyPI: <https://pypi.org/project/agno-dcp/>
+* Source: <https://github.com/dcp-ai-protocol/agno-dcp>
+* CI status: visible on the GitHub Actions tab of the repo.
+
+---
+
+## Further reading
+
+* [agno-dcp README](https://github.com/dcp-ai-protocol/agno-dcp#readme) for the full quickstart and comparison table.
+* [agno-dcp `docs/why.md`](https://github.com/dcp-ai-protocol/agno-dcp/blob/main/docs/why.md) for the pitch (when to adopt it, when not to).
+* [agno-dcp `docs/architecture.md`](https://github.com/dcp-ai-protocol/agno-dcp/blob/main/docs/architecture.md) for the layered diagram and hook semantics.
+* [agno-dcp `docs/compliance_mapping.md`](https://github.com/dcp-ai-protocol/agno-dcp/blob/main/docs/compliance_mapping.md) for the EU AI Act and NIST AI RMF mappings.
+* [DCP-AI v2.0 spec](DCP-AI-v2.0.md) for the protocol-level normative reference.
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -110,6 +110,7 @@ nav:
       - LangChain: quickstart/QUICKSTART_LANGCHAIN.md
       - OpenAI: quickstart/QUICKSTART_OPENAI.md
       - CrewAI: quickstart/QUICKSTART_CREWAI.md
+      - Agno: quickstart/QUICKSTART_AGNO.md
   - Specifications:
       - Overview: specs/README.md
       - DCP-01 Identity & Human Binding: specs/DCP-01.md
diff --git a/scripts/build-docs-site.sh b/scripts/build-docs-site.sh
@@ -27,6 +27,7 @@ cp "$ROOT/docs/QUICKSTART_EXPRESS.md"   "$OUT/quickstart/QUICKSTART_EXPRESS.md"
 cp "$ROOT/docs/QUICKSTART_LANGCHAIN.md" "$OUT/quickstart/QUICKSTART_LANGCHAIN.md"
 cp "$ROOT/docs/QUICKSTART_OPENAI.md"    "$OUT/quickstart/QUICKSTART_OPENAI.md"
 cp "$ROOT/docs/QUICKSTART_CREWAI.md"    "$OUT/quickstart/QUICKSTART_CREWAI.md"
+cp "$ROOT/docs/QUICKSTART_AGNO.md"      "$OUT/quickstart/QUICKSTART_AGNO.md"
 
 # Specifications — every .md directly under spec/
 cp "$ROOT/spec/README.md"            "$OUT/specs/README.md"
