Capability Scope
Declare what operation an agent may see and which scenario may use it.
A2B STANDARD CONTRACT
ACC gives APIs a common way to describe agent-visible operations, acting subjects, risk levels, approval intent, rate limits, sensitive fields, examples, and audit metadata.
ACC controls reach. The business system controls authority.
x-agent-capability
x-agent-capability:
version: 1
enabled: true
scope: refund.create
subject:
required: true
risk:
level: high
approval:
required: true
ACC is not a chatbot framework, workflow product, or runtime. It is a portable declaration contract that different gateways, SDKs, control planes, and agent runtimes can implement.
SPECIFICATION
ACC keeps capability metadata next to the API contract, while authorization and final business decisions stay inside the business system.
Declare what operation an agent may see and which scenario may use it.
Mark operations that require a real user, employee, tenant, or business actor.
Expose risk level and human approval intent without replacing business authority.
Preserve examples, sensitive fields, confirmation rules, and extension metadata.
EXAMPLES
The first ACC binding is the OpenAPI extension field. It is readable by humans, verifiable by tools, and portable across control planes.
paths:
/refunds:
post:
x-agent-capability:
version: 1
enabled: true
scope: refund.create
risk:
level: high
approval:
required: true
when:
- field: amount
op: gt
value: 1000
subject:
required: true
IMPLEMENTATIONS
ACC can be implemented by control planes, API gateways, SDK generators, MCP gateways, policy engines, and audit tools.
The first open-source A2B control plane implementing ACC across routes, tools, approval intent, HMAC-signed calls, traceability, diagnostics, SDKs, and console workflows.