Agent Control Protocol: Admission Control for Agent Actions

Agent Control Protocol (ACP) v1.15 is a formal governance specification for autonomous AI agents operating in institutional environments. ACP defines cryptographically verifiable structures for agent identity, capability declaration, execution logging, policy enforcement, cross-organization coordination, and reputation portability.

The v1.15 specification comprises 36 technical documents organized across five compliance levels (L1–L5), 73 signed conformance test vectors (22 positive / 51 negative) covering all major fault scenarios, and an OpenAPI 3.1.0 specification with 17 HTTP endpoints across 10 groups — including endpoints for conformance reporting, policy context snapshots, and reputation snapshot portability.

This release introduces a complete multi-organization interoperability demo (examples/multi-org-demo/) in which Org-A issues a signed execution request and Org-B validates it through the full ACP pipeline: VerifySig → VerifyCaptureFreshness → Validate → VerifySig → CheckDivergence → ACCEPT/DENY. The demo demonstrates ACP's institutional sovereignty principle: divergence is detected and reported (REP-WARN-002, non-blocking), but never resolved unilaterally by the protocol. ACP reports divergence. ACP does not resolve divergence.

All cryptographic operations use Ed25519 + JCS canonicalization. The specification is language-agnostic; the reference implementation is provided in Go.

Preprint: arXiv:2603.18829