Agent Control Protocol: Admission Control for Agent Actions

from arxiv, v2: adds ACP-REP-PORTABILITY-1.1 (Reputation Snapshot Portability with temporal validity and score divergence); 73 signed conformance test vectors (up from 64)

Agent Control Protocol (ACP) is a formal technical specification for governance of autonomous agents in B2B institutional environments. ACP is the admission control layer between agent intent and system state mutation: before any agent action reaches execution, it must pass a cryptographic admission check that validates identity, capability scope, delegation chain, and policy compliance simultaneously. ACP defines the mechanisms of cryptographic identity, capability-based authorization, deterministic risk evaluation, verifiable chained delegation, transitive revocation, and immutable auditing that a system must implement for autonomous agents to operate under explicit institutional control. ACP operates as an additional layer on top of RBAC and Zero Trust, without replacing them. It is designed specifically for the problem that neither model solves: governing what an autonomous agent can do, under what conditions, with what limits, and with complete traceability for external auditing -- including across organizational boundaries. The v1.14 specification comprises 36 technical documents organized into five conformance levels (L1-L5). It includes a Go reference implementation of 22 packages covering all L1-L4 capabilities, 73 signed conformance test vectors (Ed25519 + SHA-256), and an OpenAPI 3.1.0 specification for all HTTP endpoints. It defines more than 62 verifiable requirements, 12 prohibited behaviors, and the mechanisms for interoperability between institutions. Specification and implementation: https://github.com/chelof100/acp-framework-en

翻译：Agent Control Protocol (ACP) 是一套针对B2B机构环境中自主智能体治理的正式技术规范。ACP是位于智能体意图与系统状态变更之间的准入控制层：任何智能体操作在执行前，必须通过同时验证身份、能力范围、委托链及策略合规性的加密准入检查。ACP定义了系统为实现自主智能体在明确机构控制下运行所必须实现的机制，包括加密身份、基于能力的授权、确定性风险评估、可验证链式委托、传递性撤销与不可篡改审计。ACP作为RBAC与零信任架构的补充层运行，而非取代两者。其专门针对二者均未解决的问题而设计：规范自主智能体在何种条件下、在何种限制内、以及以何种方式执行哪些操作，并实现对跨组织边界的完全可追踪外部审计。v1.14规范包含36份技术文档，划分为五个一致性等级（L1-L5）。其配套实现包括覆盖L1-L4所有能力的22个Go语言参考实现包、73项基于Ed25519+SHA-256的签名一致性测试向量，以及面向所有HTTP端点的OpenAPI 3.1.0规范。该规范定义了超过62项可验证需求、12类禁止行为，并确立了机构间互操作机制。规范与实现：https://github.com/chelof100/acp-framework-en