> ## Documentation Index
> Fetch the complete documentation index at: https://docs.prometheusprotocol.org/llms.txt
> Use this file to discover all available pages before exploring further.

# ICRC Standards

> An overview of the powerful composition of ICRC standards that form the Prometheus Protocol's trustless software supply chain.

The Prometheus Protocol is not a single canister, but a composition of several powerful ICRC (Internet Computer Request for Comments) standards working in concert. This architecture creates a transparent, on-chain, and fully auditable lifecycle for decentralized applications.

This page provides a reference for the key standards we use and the role each one plays in the system.

### Core Trust & Verification Standards

These standards form the backbone of the decentralized App Store and the software supply chain.

<CardGroup cols={1}>
  <Card title="ICRC-118: WASM Management" href="https://forum.dfinity.org/t/icrc-118-wasm-registry-definition-for-version-control-and-history/42589" icon="cubes">
    **The Shelf.** This standard manages application namespaces (`CanisterType`)
    and their versioned WASM histories. It's the underlying storage layer for
    all application code.
  </Card>

  <Card title="ICRC-120: Canister Orchestration" href="https://forum.dfinity.org/t/icrc-120-canister-wasm-orchestration-service/42591" icon="rocket">
    **The Canister Manager.** This standard handles the deployment and
    orchestration of canisters. Crucially, it ensures that only WASM that has
    been verified by the protocol can be deployed.
  </Card>

  <Card title="ICRC-126: Verification & Auditing" href="https://forum.dfinity.org/t/icrc-126-wasm-verification/42592" icon="clipboard-check">
    **The Immutable Logbook.** This standard provides the immutable ledger for
    verification requests and attestations. Verifiers file cryptographic
    attestations after performing reproducible builds, creating a permanent
    on-chain audit trail. **Key Features:** - **Attestation filing:** Verifiers
    submit build verification results with metadata - **Audit type system:**
    Supports multiple verification types (build\_reproducibility\_v1,
    security\_audit, etc.) - **Consensus tracking:** Records multiple independent
    verifications per WASM - **Authorization:** Integrates with ICRC-127 bounty
    system to authorize attestations - **Immutable history:** All attestations
    stored permanently on-chain via ICRC-3
  </Card>

  <Card title="ICRC-127: Bounty System" href="https://forum.dfinity.org/t/icrc-127-generic-bounty-system/42594" icon="gift">
    **The Economic Engine.** This standard powers the decentralized bounty
    system that incentivizes both automated build verification and human
    security audits. **Key Features:** - **Bounty creation:** Developers fund
    verification work with USDC rewards - **Staking mechanism:** Verifiers stake
    collateral (0.30 USDC) to reserve bounties - **Slashing protection:** Stakes
    are burned if verifiers abandon work (1-hour timeout) - **Automated
    payouts:** Smart contracts transfer rewards upon successful verification -
    **Multiple verifiers:** Each bounty can be claimed by one verifier, enabling
    parallel verification - **Divergence reporting:** Verifiers earn rewards
    even for failed builds (honest reporting) - **Consensus-based
    finalization:** Majority of verifiers must agree for WASM approval
  </Card>
</CardGroup>

***

### Token & Identity Standards

These standards provide the foundation for payments, credentials, and on-chain proof of quality.

<CardGroup cols={1}>
  <Card title="ICRC-1 & ICRC-2: Fungible Tokens" href="https://github.com/dfinity/ICRC-1" icon="dollar-sign">
    **The Bank.** These standards are the foundation of the **Direct Payments**
    pillar. ICRC-1 is used for all token transfers, while ICRC-2 powers the
    user-controlled allowance system.
  </Card>

  <Card title="Auditor Credentials (Custom)" href="#" icon="key">
    **The Identity Layer.** While not a formal ICRC standard, this is a critical
    component. It issues non-transferable, credential-like tokens to vetted
    auditors, ensuring that only qualified experts can perform specific types of
    audits.
  </Card>
</CardGroup>

By composing these standards, the Prometheus Protocol creates a transparent, end-to-end system for verifiable software, from code submission to secure deployment.

### How They Work Together

The standards form an integrated workflow:

1. **ICRC-118 (WASM Registry):** Developer registers a new WASM version with Git commit hash and expected hash
2. **ICRC-127 (Bounty System):** Developer creates verification bounties (\~\$2.25 per version) to incentivize verifiers
3. **Verifier Network:** Automated bots detect pending verifications and reserve bounties by staking USDC
4. **Reproducible Builds:** Verifiers rebuild WASM from source in deterministic Docker environments
5. **ICRC-126 (Attestations):** Verifiers file cryptographic attestations with build results and metadata
6. **Consensus:** System requires 5 of 9 independent verifiers to agree on the same WASM hash
7. **ICRC-127 (Rewards):** Successful verifiers claim bounties and receive USDC + returned stake
8. **ICRC-120 (Deployment):** Once verified, the WASM can be deployed to mainnet via canister orchestration

This creates a **trustless, automated verification ecosystem** with economic incentives ensuring integrity at every step.
