SPECIFICATION
ACC v1 defines a portable capability declaration model.
The specification describes which business capabilities may be exposed to agents, how risk and approval intent are declared, and what runtime metadata should be preserved.
01 / SCOPE
What ACC defines.
ACC v1 defines declaration metadata for business operations that may be exposed to agents. It covers exposure, stable permission scope, runtime risk, acting subject requirements, approval intent, audit sensitivity, execution hints, and model-readable guidance.
02 / PRINCIPLES
Reach and authority stay separate.
ACC controls reach: which business capabilities an agent-facing runtime may expose in a route, product surface, or scenario. The business system controls authority: whether the acting subject may actually perform the action at call time.
03 / FIELD MODEL
Small core, explicit runtime meaning.
version
ACC schema version.
Reject or skip unsupported major versions.
enabled
Whether this operation is agent-callable.
Hide disabled capabilities.
scope
Stable capability scope such as order.read.
Route allowlists and governance policies.
risk
Low, medium, or high operation consequence.
Policy, diagnostics, approval defaults.
subject
Whether a real acting subject is required.
Do not expose subject-bound tools without a trusted subject.
approval
Human approval intent and parameter-level rules.
Create approval intent before execution when required.
audit
Sensitive data and traceability hints.
Redact, summarize, and preserve invocation records.
execution
Readonly, idempotent, timeout, and rate-limit hints.
Retry, throttle, timeout, and safety behavior.
guidance
Model-readable when-to-use, returns, and examples.
Improve agent tool selection without changing authority.
04 / NON-GOALS
ACC is not the runtime.
ACC does not define final business authorization, user identity format, runtime storage schema, approval workflow ownership, tool invocation transport, model provider behavior, or user interface requirements.
This separation is intentional. It keeps ACC portable while allowing runtimes to implement governance, diagnostics, and audit in their own architecture.
Read normative spec