Agent Control Protocol: Admission Control for Agent Actions
Summary: arXiv:2603.18829v5 Announce Type: replace-cross
Abstract: Agent Control Protocol (ACP) is a formal technical specification for admission control governance of autonomous agents in B2B institutional environments. Before any agent action reaches execution, it passes a cryptographic admission check validating identity, capability scope, delegation chain, and policy compliance — an admission control layer between agent intent and system state mutation.
Overview of ACP
The Agent Control Protocol is designed to enhance the governance of autonomous agents, particularly in business-to-business (B2B) settings. It introduces a robust mechanism for ensuring that agent actions are both compliant and secure before execution. This protocol acts as a critical intermediary that assesses and verifies various aspects of an agent’s proposed actions, ensuring that only authorized and appropriate actions are executed within a system.
Key Features of ACP
- Cryptographic Identity: Utilizes Ed25519 and JCS standards to ensure secure identity verification.
- Capability-Based Authorization: Implements a system that grants permissions based on the capabilities of the agent.
- Deterministic Risk Evaluation: Employs integer arithmetic for risk assessment, avoiding machine learning inference for decision-making.
- Chained Delegation: Supports delegation of authority through a secure and auditable chain.
- Transitive Revocation: Ensures that revoked permissions are effectively communicated across all agents.
- Cryptographically-Chained Auditing: Maintains a secure and tamper-proof audit trail of actions and decisions.
Operational Framework
The Agent Control Protocol operates on top of Role-Based Access Control (RBAC) and Zero Trust models. While these frameworks provide foundational security measures, ACP addresses their limitations by offering:
- Deterministic enforcement of governance policies.
- Temporal limits on agent actions, ensuring time-sensitive compliance.
- Full traceability of actions across organizational boundaries, enhancing accountability.
Performance Metrics
ACP is designed to be efficient and responsive. Its decision evaluation costs approximately 820 nanoseconds, allowing for a throughput of 920,000 requests per second. This separation of decision-making and state management allows for backend modifications without altering the core protocol semantics.
Adversarial Evaluation
In rigorous adversarial testing, the enforcement capabilities of ACP-RISK-2.0 have demonstrated impressive resilience. Key findings include:
- 99% of single-agent evasion attempts (495 out of 500) were successfully blocked after just five requests.
- Per-agent isolation was maintained across 100 coordinated agents, underscoring the protocol’s robustness against coordinated attacks.
- Throughput degradation under stress conditions was largely linked to state-backend latency rather than protocol inefficiencies.
Specification and Implementation
The current version 1.19 of the Agent Control Protocol includes:
- 38 technical documents detailing its specifications.
- A Go reference implementation comprising 23 packages.
- 73 signed conformance test vectors to ensure compliance.
- 65 RISK-2.0 vectors for additional risk assessment.
- An OpenAPI 3.1.0 specification with 18 endpoints for integration.
- A TLC-checked TLA+ formal model, confirming 3 invariants with 0 violations.
- An ACR-1.0 sequence compliance runner for sequence validation.
- Adversarial evaluation scripts organized into compliance and adversarial categories.
In conclusion, the Agent Control Protocol represents a significant advancement in the management and governance of autonomous agents, providing a structured and secure approach to admission control while ensuring compliance, traceability, and performance efficiency.