Agent Control Protocol (ACP)

Governance infrastructure for autonomous agents.

What is ACP

Agent Control Protocol (ACP) provides verifiable governance for autonomous agents. It defines who authorized an agent, what it executed, and who is accountable for the outcome across systems and institutions.

ACP enables:

Authority verification: Cryptographically prove who authorized an agent's actions.
Execution traceability: Maintain a verifiable log of every operation.
Institutional accountability: Unambiguously map outcomes back to the responsible institution or individual.

Why ACP Exists

Autonomous agents are increasingly interacting with real systems such as APIs, enterprise infrastructure, financial systems, and other agents. When agents operate across organizations, several critical governance questions arise:

Authorization

Who authorized the agent to act on their behalf?

Capabilities

What capabilities does the agent actually possess?

Policy

What policy definitively allowed the specific action?

Verification

Can the execution be independently verified later by third parties?

Most current systems cannot answer these questions reliably. ACP introduces the infrastructure to answer them definitively.

How ACP Works

ACP treats agent interactions as governable operations. Each interaction must successfully pass through a strict sequence to ensure it is traceable, auditable, and attributable.

The Constitutional Invariant

Execute(request) ⇒ ValidIdentity ∧ ValidCapability ∧ ValidDelegationChain ∧ AcceptableRisk

No action Executes unless all conditions are satisfied.

To learn more about how ACP structures these interactions, explore the ACP Architecture or read about our Governance Model.

Example ACP Request

Every governable action begins with an encoded request carrying all necessary cryptographic proofs.

{
  "agent_id": "did:acp:agent-123",
  "capability": "payments.transfer",
  "delegation_chain": [
    "org-root",
    "finance-department"
  ],
  "risk_score": 0.18,
  "timestamp": "2026-03-12T14:32:10Z",
  "signature": "0xabc123..."
}

In this execution request, the agent presents a globally unique agent_id and requests to execute the payments.transfer capability. It brings a delegation_chain tracing back to an authorized institutional root, an evaluated risk_score, and a cryptographic signature binding the request to its root.

Verification Flow

ACP enforces the governance invariant through verifiable runtime execution. The code below demonstrates the invariant checks before any tool access is granted.

def handle_acp_request(request):
    # Enforce the Constitutional Invariant
    if not compute_signature(request) == request.signature:
        raise AuthenticationError("InvalidIdentity")
        
    if not capability_registry.has_permission(request.agent_id, request.capability):
        raise AuthorizationError("InvalidCapability")
        
    if not verify_chain(request.delegation_chain, "org-root"):
        raise DelegationError("InvalidDelegationChain")
        
    if request.risk_score > policy.max_acceptable_risk("payments.transfer"):
        raise PolicyViolationError("UnacceptableRisk")
        
    # All governance checks passed. Deterministic execution proceeds.
    return execute_capability(request)