YOUR IDENTITY AND CONTENT ARE RENTED BACK TO YOU BY THE PLATFORMS THAT OWN IT. DFOS PROTOCOL GIVES YOU BACK THE KEYS.

An open standard for cryptographic identity and verifiable content. Runs anywhere, portable across everything, no permission required.

The proof is public. The content is private

Install the CLI Why this exists Read the spec

The Dark Forest

Two worlds

The most meaningful creative and social coordination on the internet happens in private groups, closed communities, invite-only spaces. The topology is private-first.

Every existing system collapses proof and content into the same surface. If you can't access the content, you can't verify anything about it. DFOS separates them.

The world of proofs is public — signed chains that anyone can verify. The world of content exists in dark forests — member-governed spaces, visible only to participants. The protocol defines the proof world. It sees hashes, never documents.

T H E P R O T O C O L

Self-certifying identity

Identity is a chain of cryptographic operations you control. Your did:dfos identifier derives from your genesis — self-certifying. Forks are valid. Convergence is deterministic. No consensus needed.

Offline verification

Verification is a pure function. Public key + signed chain = valid or invalid. Any Ed25519 library, any language. The chain carries everything needed. A proof exported today is verifiable by code that doesn't exist yet.

Trustless distribution

Web relays independently verify every operation on ingestion. No trust between relays. No hierarchy. Topology is emergent. Three peering behaviors compose the network: gossip, read-through, and sync.

MIT License · Powers the DFOS platform · TypeScript · Go · Python · Rust · Swift

Same deterministic test vectors across all five implementations. The protocol specification is the single source of truth.

B U I L D Install the CLI One binary. Create identities, sign content, run relays. Linux, macOS, Windows. U N D E R S T A N D Why this exists The structural condition of platform identity, the dark forest topology, and what falls out of it. E V A L U A T E Read the spec Chains, beacons, credentials, CID derivation, verification rules, and deterministic test vectors.

G E T S T A R T E D

Install the CLI

One binary. Keys in your OS keychain. Local-first by default. Full documentation.

curl -sSL https://protocol.dfos.com/install.sh | sh

Also available via brew install metalabel/tap/dfos and docker pull ghcr.io/metalabel/dfos

Quickstart

# create your identity
dfos identity create --name myname

# publish your first post
echo '{"body":"gm"}' | dfos content create -

# see it
dfos content list

# run a relay
dfos serve

S P E C I F I C A T I O N S

Read the protocol

Protocol Specification Chains, beacons, credentials, CID derivation, verification rules, test vectors DID Method W3C did:dfos — self-certifying, transport-agnostic identifiers Content Model JSON Schema content types committed via content-addressed CIDs Credentials Delegated authorization, revocation, standing access, and attenuation Web Relay Verifying HTTP relay with gossip, read-through, and sync peering Sign In With DFOS Cryptographic identity verification for third-party applications

U S E I T

CLI Identities, content chains, credentials, relays — Linux, macOS, Windows Deploy Run a relay with Docker, Caddy auto-TLS, peering, and container images Claude Code Skill AI-assisted CLI workflows — install the DFOS skill for Claude Code Why The structural condition, design principles, what the protocol is and isn't

FAQ — design decisions, AT Protocol comparison, blockchain identity
GitHub — metalabel/dfos — MIT License
Releases — pre-built binaries for all platforms
npm — TypeScript protocol library (see also: dfos-web-relay)
schemas.dfos.com — JSON Schema definitions
llms-full.txt — full protocol content as plain text