Protocol Architecture

ACP is the admission control layer between agent intent and system state mutation. Its architecture is layered: each level builds on the guarantees of those below, and every layer maps directly to implemented Go packages and published specifications.

The Admission Control Flow

Before any agent action reaches execution, it passes through a sequential admission check. Every check corresponds to a real ACP package.

agent intent
    ↓
[1] Identity check       →  pkg/agent + pkg/hp       (ACP-AGENT-1.0, ACP-HP-1.0)
    ↓
[2] Capability check     →  pkg/tokens + pkg/delegation (ACP-CT-1.0, ACP-DCMA-1.1)
    ↓
[3] Policy check         →  pkg/risk + pkg/psn        (ACP-RISK-1.0, ACP-PSN-1.0)
    ↓
[4] ADMIT / DENY / ESCALATE
    ↓  (if ADMIT)
[5] Execution token      →  pkg/exec                  (ACP-EXEC-1.0)
    ↓
[6] Ledger record        →  pkg/ledger                (ACP-LEDGER-1.3)
    ↓
system state mutation

ACP Layer Stack

Each layer maps to one or more ACP specifications and corresponding Go packages in the reference implementation.

Trust & Extended Layer — L4

Cross-organization bundles, service discovery, notifications, bulk operations, payment governance.

pkg/crossorg · pkg/disc · pkg/notify · pkg/bulk · pkg/pay

Verification & Audit Layer — L3

Immutable hash-chained event ledger, execution tokens, liability attribution, history queries.

pkg/ledger · pkg/exec · pkg/lia · pkg/hist

Policy & Risk Layer — L2

Risk scoring engine (approve / escalate / deny), policy snapshots with atomic transitions. Answers: is this risk acceptable under current policy?

pkg/risk · pkg/psn

Identity & Capability Layer — L1

Ed25519 agent identity, scoped capability tokens, handshake protocol, multi-agent delegation chains. The foundation. Answers: who is this agent and what are they authorized to do?

pkg/agent · pkg/ct · pkg/hp · pkg/dcma

Conformance Levels

ACP defines four conformance levels. Adoption can start at L1 and progress incrementally.

Level	Name	What it guarantees	Packages
L1	Core	Cryptographic identity, capability tokens, delegation chain, handshake	`agent, ct, hp, dcma`
L2	Security	Risk scoring, policy snapshots, atomic policy transitions	`risk, psn`
L3	Full	Hash-chained ledger, execution tokens, liability attribution, history	`ledger, exec, lia, hist`
L4	Extended	Notifications, discovery, bulk ops, cross-org bundles, payment governance	`notify, disc, bulk, crossorg, pay`