OAP
Conformance

Six levels. Mechanically verified. No certification authority.

OAP defines six Conformance Levels (L0 through L5). Implementations declare their Level through a signed Conformance Receipt produced by the open-source test suite. There is no certification authority and no fee. L4 and L5 require independent peer-witness signatures from already-conformant implementations and an anchor in the OAP Registry, an append-only Git repository (RFC 0026).

L0
Compatible
Implements MCP or A2A and publishes a minimal OAP Manifest mapping. Self-attested.
L1
Discoverable
Full Manifest, categories, examples, machine-validated by the OAP test suite. Self-signed Conformance Receipt.
L2
Billable
L1 plus Pricing, Auth, Subscription, Wallet, refund endpoint. Self-signed.
L3
Trusted
L2 plus Audit Log, Data Policy, CCC, Verified Publisher, Multi-Party Review for high-risk Actions. DNS or DID-based publisher verification.
L4
Collaborative
L3 plus Multi-Agent Coordination, Conflict Resolution, Change Broadcast, Coordination Sessions. Requires at least one independent peer-witness signature, anchored in the OAP Registry.
L5
Peer-Certified
L4 plus an independent third-party security audit (SOC 2 Type II, ISO 27001, or equivalent). Requires at least three independent peer-witness signatures from L4+ implementations, anchored in the OAP Registry.

Non-Commercial Profile (RFC 0025)

Implementations that do not collect revenue from their users (BYOK platforms, self-hosted deployments, grant-funded services) MAY claim a Non-Commercial Profile. The -NC suffix waives the Commerce Plane requirements but preserves every other requirement of the base level.

L1-NC
L1 Non-Commercial
L1 with Wallet, Subscription, and refund waived. For BYOK platforms, self-hosted deployments, and grant- or donation-funded services.
L3-NC
L3 Non-Commercial
L3 with the Commerce Plane requirements waived. Trust requirements (Audit Log, Data Policy, CCC, Verified Publisher) still apply in full.

How to claim a level

  1. Run node test-suite/runner.js against your deployment.
  2. Run node test-suite/attest.js --target ... --signing-key ... to produce a signed Conformance Receipt.
  3. Publish the Receipt at a stable URL and reference it from your Manifest's conformance.receipt_uri.
  4. For L4 and L5: send your Receipt to peer witnesses (other L4+ implementations) and ask each to run attest.js --peer-witness.
  5. Submit a Pull Request to openagentprotocol-OAP/oap-registry with your implementations/<slug>.json.
  6. The Registry CI gate validates schema, signatures, manifest reachability, peer witnesses, and the 30-day domain-age sybil filter. If everything passes, a Maintainer merges. The merge commit is your anchor.

Conformance Receipts are valid for 90 days and MUST be re-issued before expiry. The full procedure is normative in RFC 0019 and RFC 0026. The Non-Commercial Profile is defined in RFC 0025.