SPECIFICATION

ACC v1 defines a portable capability declaration model.

The specification describes which business capabilities may be exposed to agents, how risk and approval intent are declared, and what runtime metadata should be preserved.

01 / SCOPE

What ACC defines.

ACC v1 defines declaration metadata for business operations that may be exposed to agents. It covers exposure, stable permission scope, runtime risk, acting subject requirements, approval intent, audit sensitivity, execution hints, and model-readable guidance.

Expose or hide a capability Declare stable permission scope Mark risk and approval intent Require an acting subject Preserve audit and trace metadata Provide execution hints

02 / PRINCIPLES

Reach and authority stay separate.

ACC controls reach: which business capabilities an agent-facing runtime may expose in a route, product surface, or scenario. The business system controls authority: whether the acting subject may actually perform the action at call time.

ACC controls reach
Business system controls authority

03 / FIELD MODEL

Small core, explicit runtime meaning.

Field Meaning Runtime role
version ACC schema version. Reject or skip unsupported major versions.
enabled Whether this operation is agent-callable. Hide disabled capabilities.
scope Stable capability scope such as order.read. Route allowlists and governance policies.
risk Low, medium, or high operation consequence. Policy, diagnostics, approval defaults.
subject Whether a real acting subject is required. Do not expose subject-bound tools without a trusted subject.
approval Human approval intent and parameter-level rules. Create approval intent before execution when required.
audit Sensitive data and traceability hints. Redact, summarize, and preserve invocation records.
execution Readonly, idempotent, timeout, and rate-limit hints. Retry, throttle, timeout, and safety behavior.
guidance Model-readable when-to-use, returns, and examples. Improve agent tool selection without changing authority.

04 / NON-GOALS

ACC is not the runtime.

ACC does not define final business authorization, user identity format, runtime storage schema, approval workflow ownership, tool invocation transport, model provider behavior, or user interface requirements.

This separation is intentional. It keeps ACC portable while allowing runtimes to implement governance, diagnostics, and audit in their own architecture.

Read normative spec