Desired Outcome Contracts (DOC) — Intent-Bound Authorization for AI Agent Workflows
Version 0.1.0 (Working Draft) | March 2026
The Desired Outcome Contract (DOC) protocol defines a framework for binding AI agent actions to declared human intent through cryptographically verifiable, time-scoped authorization contracts. It addresses a fundamental gap in current AI agent architectures: agents receive broad tool access but lack mechanisms to constrain their actions to what the principal actually intended.
A DOC is a structured agreement between a principal (human or policy authority) and an authorization system that specifies:
- What outcome is intended (outcome type)
- Which actions are permitted and prohibited (machine register)
- Why the actions are needed, in human terms (human register)
- When the authorization expires (temporal bounds)
- How each action is verified and recorded (evaluation cascade + trajectory)
The DOC protocol is grounded in the waveForms framework (Glasgow 2026), which identifies ten irreducible facets of convention that together constitute complete shared understanding. These facets ensure that every DOC captures all structural dimensions necessary for unambiguous agreement between principals and agents.
The protocol also builds on Eve Maler's eight-phase intent lifecycle for AI agent authorization, mapping each phase to concrete protocol primitives.
| Document | Description |
|---|---|
| doc-v0.1.md | Core specification (18 sections) |
| mcp-binding-v0.1.md | Model Context Protocol (MCP) binding |
| appendix-waveforms-mapping.md | waveForms facet mapping and structural completeness checklist |
| Schema | Description |
|---|---|
| schema/doc.json | DOC object schema |
| schema/outcome-type.json | Outcome type definition schema |
| schema/evaluation.json | Evaluation request/response schema |
| schema/trajectory.json | Trajectory entry schema |
| schema/primitives/ | Individual primitive message schemas (9 files) |
| Example | Description |
|---|---|
| examples/account-inquiry-flow.json | Pattern B: Library Selection with basic DOC lifecycle |
| examples/pii-stepup-flow.json | Pattern B with OAuth step-up authentication |
| examples/negotiation-flow.json | Pattern C: Live Negotiation with scope expansion |
| Diagram | Description |
|---|---|
| diagrams/lifecycle-state-machine.md | DOC lifecycle state machine |
| diagrams/evaluation-cascade.md | 10-step evaluation cascade |
| diagrams/delegation-chain.md | Multi-agent delegation with scope attenuation |
- Two-Register Architecture: Machine register (enforceable constraints) + human register (consent context) ensure both computational enforcement and informed human consent
- 9 Intent Primitives: PROPOSE, CLASSIFY, SELECT, NEGOTIATE, CONSENT, EVALUATE, ATTEST, REVOKE, ATTRIBUTE
- 4 Authorization Patterns: Pre-Approved, Library Selection, Live Negotiation, Novel Intent
- 10-Step Evaluation Cascade: First-deny-wins authorization checks including scope, trajectory, constraints, and semantic consistency
- Hash-Chained Trajectory: Cryptographic proof of every action taken under a DOC, anchored to the confirmed contract
- Primitive Extensibility: Alternative primitive profiles that maintain waveForms facet completeness
The DOC protocol builds on and composes:
- OAuth 2.0 Rich Authorization Requests (RFC 9396)
- Grant Negotiation and Authorization Protocol (RFC 9635)
- Remote Attestation Procedures (RFC 9334)
- OAuth Token Exchange (RFC 8693)
- Transaction Tokens for Agents (draft-oauth-transaction-tokens-for-agents-03)
- OpenID Connect for AI Agents (OIDC-A 1.0)
- User-Managed Access 2.0 (UMA)
- Continuous Access Evaluation Protocol (CAEP/SSF)
- Coalition for Content Provenance and Authenticity (C2PA)
This is a working draft (v0.1.0). The specification is under active development. Feedback and contributions are welcome.
This specification is provided for review and implementation. See individual documents for attribution requirements.