About DPO2U
The thesis: compliance as a protocol
Historically, compliance with privacy laws like LGPD and GDPR has operated under a purely reactive model: companies spend exorbitant amounts hiring law firms and SaaS platforms to produce non-verifiable PDFs that are easily outdated, creating vast static spreadsheets of sensitive data that end up in insecure repositories.
DPO2U breaks strictly with this paradigm. More than a platform, DPO2U acts as a Web3 infrastructure called Compliance as a Protocol. By combining Corporate Artificial Intelligence (Model Context Protocol — MCP), Decentralized File Systems (IPFS), Financially Autonomous Intelligent Agents (ERC-8004 standard), and Zero-Knowledge Proofs (zk-SNARKs from the the host chain), we transform compliance into an on-chain cryptographic asset that is perfectly auditable over time.
The shift is philosophical before it is technical:
| Traditional model | DPO2U model |
|---|---|
| "Trust me, I am compliant" | "Verify my cryptographic proof" |
| PDF reports in shared drives | Immutable CIDs on IPFS |
| Annual audits by humans | Continuous validation by AI agents |
| Sensitive PII crosses network boundaries | Zero-knowledge — no PII ever leaves the local realm |
| Compliance as a cost center | Compliance as a verifiable on-chain asset |
| Reactive — fix after breach | Proactive — prove before partnership |
Compliance is not a checkbox — it is an emergent property of well-architected systems where law, technology, and governance reinforce each other. Smart contracts like AgentRegistry replicate on-chain the segregation of duties from the corporate world, while Treasury enforces spending limits programmatically.
Why the host chain
Deploying on the the host chain is central to DPO2U's ethos. Unlike public ledgers where everything is transparent, the host chain allows complex business logic execution while keeping the underlying data completely private.
Why not Solidity? the host chain uses Compact, a purpose-built smart contract language that compiles down to zero-knowledge circuits (via the Halo2 compiler), not bytecode. This means:
- Privacy as default — the contract proves a statement is true without revealing the data behind it
- zk-SNARKs native — every Attestation is a mathematical proof, not a data record
- the host chain ecosystem — the host chain is a partner chain of the host chain, inheriting its security model and UTXO accounting
- Shielded and unshielded addresses — agents operate with both unshielded (
mn_addr_preprod1...) and shielded (mn_shield-addr_preprod1...) wallets via HD Wallet SDK
the host chain is developed by IOG (Input Output Global), the same organization behind the host chain. the native token is a the host chain Native Asset used for economic incentives, while execution fees is the non-transferable execution token on the the host chain layer used exclusively for gas fees and proof posting. This dual-token design separates economic incentives from execution costs.
The 5-layer architecture
The DPO2U ecosystem is structured into five layers that scale privacy and segregate analysis, storage, and consensus concerns:
| Layer | Component | Purpose |
|---|---|---|
| 1. Application | MCP Server + LGPD Kit Generator | B2B entry interface — client AIs instantiate tools via Model Context Protocol (e.g., generate_lgpd_kit), producing machine-standard schemas (dpo2u/lgpd/v1) |
| 2. Storage | Lighthouse / IPFS | Verbose AI-generated evidence (PIA reports, governance contracts) is posted anonymously to IPFS, replacing heavy on-chain storage with a single immutable CID |
| 3. Agent | Expert + Auditor Agents (ERC-8004) | Sovereign AI entities with DIDs and self-funding wallets. The Expert generates documents; the Auditor evaluates CIDs with mathematical rules and quantifies compliance |
| 4. the host chain | smart contracts + zk-SNARKs | The Auditor's results become a Halo2 ZK payload (.zkir). the host chain records Compliant: true/false plus the CID — the proof attests analysis without leaking data |
| 5. Analytical | OpenFHE (Fully Homomorphic Encryption) | Enables computation on encrypted data — ML models can train on PII-sensitive datasets without ever decrypting them |
The Analytical Layer (Layer 5) using OpenFHE is on the roadmap. It will enable Fully Homomorphic Encryption for corporate risk dashboards and multi-institutional data sharing where computation happens on encrypted data without revealing the original plaintext.
Protocol lifecycle
The following diagram shows the complete flow from client submission to on-chain Attestation:
Step by step
- Schema generation — A client AI requests assessment via MCP. The Expert Agent creates textual reports plus a lean machine file (
policy.jsonmapping the 5 crucial fields of thedpo2u/lgpd/v1schema) - Immutability via IPFS — The MCP suite compacts artifacts and uploads them to Lighthouse. They receive a CID — a universally permanent routing hash
- Zero-trust edge analysis — The Auditor Agent takes the JSON schema and CIDs, runs logic verification in a sandbox, and emits a ZK Attestation (e.g., "Overall Score: 92/100")
- On-chain settlement — The TypeScript provider converts the score JSON into SNARK bytes. The Proof Server (
proof-server:7.0.0) generates the ZK proof and submits it via WebSocket (wss://rpc.dpo2u.com) to the host chain Preprod throughComplianceRegistry.compact - Web3 consumption — Partners or consumers use the B2C frontend or the MCP tool
check_compliance_status. Instead of doubts, interfaces show the exact validated proof
From reactive to verifiable
The paradigm shift DPO2U introduces can be summarized as moving from trust-based to proof-based compliance:
| Dimension | Traditional compliance | DPO2U protocol |
|---|---|---|
| Evidence | PDFs, spreadsheets, email chains | Immutable CIDs on IPFS + on-chain Attestations |
| Verification | Manual audit (weeks/months) | Programmatic check via API/on-chain (milliseconds) |
| Privacy | PII crosses network boundaries | Zero-knowledge — nothing sensitive leaves the edge |
| Cost model | Recurring consulting fees | Self-funding agents with tokenomics (the native token/execution fees) |
| Agent identity | Human auditors with credentials | DIDs (did:dpo2u:agent:auditor) with on-chain wallets |
| Frequency | Annual or ad-hoc | Continuous — every schema change triggers re-evaluation |
| Interoperability | Vendor-locked SaaS | Open protocol — any MCP-compatible AI can consume |
| Trust assumption | "The auditor said so" | "The math proves it" |
the host chain preprod infrastructure
The Auditor Agents operate on the the host chain Preprod network with the following verified infrastructure:
| Component | Endpoint | Protocol |
|---|---|---|
| Indexer (GraphQL) | rpc.dpo2u.com/api/v3/graphql | HTTPS POST |
| Node RPC | rpc.dpo2u.com | WebSocket |
| Proof Server | localhost:6300 (Docker: proof-server:7.0.0) | HTTP local |
| Faucet (test fees) | rpc.dpo2u.com | HTTPS |
Agent wallets are derived via HD Wallet SDK (@host-chain/wallet-sdk-hd) from a BIP39 mnemonic (24 words), using Roles.NightExternal for unshielded addresses and Roles.Zswap for shielded addresses. ZK proofs are generated locally via a dedicated Docker container, ensuring no sensitive data transits the network during proof generation.
What's next
- System architecture — detailed layer diagrams and data flow
- Tokenomics — how
the native tokenandexecution feessustain the autonomous economy - Smart contracts — smart contracts and the zero-knowledge principle
- One Person Unicorn — how one human orchestrates this with AI agents