Agent Control Protocol: Admission Control for Agent Actions

from arxiv, v1.17: TLC-runnable TLA+ formal model (4 invariants, 0 violations); ACR-1.0 sequence compliance runner; 5 stateful sequence test vectors; ACP-SIGN-2.0 HYBRID stub (Ed25519+ML-DSA-65). Incorporates v1.16: ACP-RISK-2.0 (F_anom+cooldown), 65 RISK-2.0 vectors, 18 API endpoints. v1=v1.13, v2=v1.14, v3=v1.15

Agent Control Protocol (ACP) is a formal technical specification for admission control governance of autonomous agents in B2B institutional environments. Before any agent action reaches execution, it must pass a cryptographic admission check that simultaneously validates identity, capability scope, delegation chain, and policy compliance -- functioning as an admission control layer between agent intent and system state mutation. ACP defines mechanisms for cryptographic identity (Ed25519, JCS canonicalization), capability-based authorization, deterministic risk evaluation (integer arithmetic, no external ML inference), verifiable chained delegation, transitive revocation, and immutable cryptographically-chained auditing. It operates on top of RBAC and Zero Trust without replacing them, addressing the gap neither model solves: governing what autonomous agents can do, under what conditions, with what limits, and with full traceability across organizational boundaries. The v1.17 specification comprises 38 technical documents across five conformance levels (L1-L5), a Go reference implementation (23 packages, all L1-L4 capabilities), 73 signed conformance test vectors plus 65 unsigned RISK-2.0 vectors, an OpenAPI 3.1.0 specification (18 endpoints), a TLC-runnable TLA+ formal model (4 invariants, 0 violations), and an ACR-1.0 sequence compliance runner that validates stateful multi-step behaviors in library mode and HTTP mode. Five sequence test vectors cover cooldown activation, anomaly pattern accumulation (F_anom Rule 3), threshold boundaries, privilege jumps, and benign flow. An ACP-SIGN-2.0 stub provides the Ed25519 to ML-DSA-65 post-quantum migration path.

翻译：智能体控制协议（ACP）是一项针对B2B机构环境中自主智能体准入控制治理的形式化技术规范。任何智能体行为在执行为前，必须通过一道密码学准入检查，该检查同时验证身份、能力范围、委托链与策略合规性——在智能体意图与系统状态变更之间充当准入控制层。ACP定义了以下机制：密码学身份（Ed25519、JCS规范化）、基于能力的授权、确定性风险评估（整数运算，无外部机器学习推理）、可验证的链式委托、传递性撤销以及不可变的密码学链式审计。它在RBAC与零信任模型之上运作而不取代它们，填补了两种模型均未解决的空白：自主智能体在何种条件下、以何种限制、并可跨组织边界实现全链路追踪的条件下能够执行何种行为。v1.17规范包含五个符合性等级（L1-L5）下的38份技术文档、一个Go参考实现（23个包，涵盖所有L1-L4能力）、73个带签名的符合性测试向量及65个未签名的RISK-2.0向量、一个OpenAPI 3.1.0规范（18个端点）、一个可运行于TLC的TLA+形式化模型（4个不变量，0次违反），以及一个ACP-SIGN-1.0序列合规运行器（支持库模式与HTTP模式下对带状态多步行为的验证）。五个序列测试向量涵盖冷却激活、异常模式累积（F_anom规则3）、阈值边界、权限跃迁及良性流程。ACP-SIGN-2.0存根提供了从Ed25519向ML-DSA-65的后量子迁移路径。