APC
Agent Control Plane Specification
ACP is the operational brain that sits between:
HNC (Needs)
↓
ZIR (Interfaces)
↓
ZCT (Contracts)
↓
ZTS (Technology Standards)
↓
ACP
↓
Agents
↓
GitHub
↓
WTE
↓
Humans
↓
Production
1. Purpose
ACP is the authoritative governance and orchestration platform for all autonomous and semi-autonomous agents operating within ZAYAZ.
ACP ensures:
- Controlled autonomy
- Traceability
- Compliance
- Security
- Architectural consistency
- Safe scaling to thousands of engineering tasks
2. Core Principle
Humans define intent
Hecate resolves architecture
ACP governs execution
Agents implement
Humans approve
3. ACP Responsibilities
ACP SHALL govern:
responsibilities:
- agent_registry
- capability_management
- permission_management
- routing
- execution_tracking
- audit_logging
- quality_scoring
- trust_management
- deployment_authorization
- human_approval_enforcement
4. Agent Registry (AAR)
Agent Authority Registry
Every agent must exist in AAR.
aar_id: AAR-000001
agent_id: ACP-CODEX-001
name: Codex
class: coding
status: active
version: 5.2
owner:
platform-engineering
trust_level:
controlled
capabilities:
- code_generation
- unit_test_generation
5. Agent Classes
classes:
intake:
- Hecate
architecture:
- ZARA
coding:
- Codex
- Claude Code
validation:
- WTE
governance:
- FAGF
assurance:
- TrustGate
analytics:
- Computation Hub
deployment:
- Release Agents
6. Agent Capability Model
Capabilities are granular.
capabilities:
read_component
read_contract
read_schema
read_ruleset
create_code
modify_code
create_tests
create_docs
create_pr
request_review
deploy_non_prod
Capabilities are never implied.
7. Agent Permission Model
Permissions are environment-specific.
permissions:
development
testing
staging
production
Example:
Codex:
development:
create_code
staging:
create_pr
production:
none
8. Agent Trust Levels
trust_levels:
sandbox
restricted
controlled
elevated
strategic
Sandbox
Experiments only
Restricted
Documentation
Analysis
Controlled
Code generation
PR generation
Elevated
Cross-component orchestration
Strategic
ACP
Hecate
ZARA
9. Agent Routing Engine
ACP selects agents based on:
routing_inputs:
change_type
component_classification
blast_radius
security_level
required_capabilities
Example:
Bug Fix
↓
Codex
Schema Change
↓
Codex
+
WTE
Contract Change
↓
ZARA
+
Codex
+
Human
10. Agent Context Pack Specification
Generated by Hecate.
context_pack:
component:
interfaces:
contracts:
schemas:
rulesets:
acceptance_criteria:
test_plan_ref:
rollback_plan_ref:
blast_radius:
Agents must not operate without a context pack.
11. Multi-Agent Collaboration
Supported patterns:
patterns:
sequential
parallel
hierarchical
swarm
Sequential
ZARA
↓
Codex
↓
WTE
Parallel
Codex
Claude
↓
Comparison
↓
Best Result
Hierarchical
ACP
↓
Supervisor Agent
↓
Worker Agents
12. Agent Lifecycle
states:
registered
active
suspended
quarantined
deprecated
retired
13. Execution Lifecycle
execution:
queued
assigned
executing
validating
awaiting_approval
approved
rejected
deployed
14. Agent Audit & ALTD Integration
Every action emits:
events:
AgentAssigned
AgentStarted
AgentCompleted
AgentFailed
AgentApproved
AgentRejected
Event structure:
event:
event_id:
agent_id:
timestamp:
need_id:
artifact_refs:
hash:
15. GitHub Integration
ACP may:
allowed:
create_branch
create_code
create_pr
update_pr
request_review
ACP may not:
prohibited:
force_push_main
bypass_protection
direct_prod_merge
16. Jira Integration
ACP consumes:
jira:
issue_id
component_id
affected_contracts
affected_rulesets
affected_schemas
blast_radius
approvals_required
17. Hecate Integration
Hecate supplies:
hecate_output:
context_pack
blast_radius
test_plan
rollback_plan
governance_requirements
ACP refuses execution if Hecate resolution is incomplete.
18. ZIR Integration
ACP uses ZIR for:
interface_resolution:
producer
consumers
schemas
workflows
19. ZCT Integration
ACP uses ZCT to validate:
contracts:
compatibility
semver
breaking_changes
approval_requirements
20. Workflow Test Engine Integration
Before merge:
required:
unit
integration
workflow
contract
replay
regression
Results:
test_results:
passed
failed
blocked
21. Blast Radius Integration
ACP consumes:
blast_radius:
score:
level:
affected_components:
affected_workflows:
Rules:
critical:
requires_cto: true
high:
requires_architecture_review: true
22. Deployment Governance
Deployment path:
Need
↓
Hecate
↓
ACP
↓
Agent
↓
PR
↓
Validation
↓
Approval
↓
Deployment
ACP authorizes deployment progression.
ACP never bypasses approvals.
23. Agent Security Model
Mandatory controls:
controls:
least_privilege
zero_trust
signed_actions
immutable_logs
environment_isolation
secret_redaction
24. Agent Reputation System
ACP tracks quality.
metrics:
successful_prs
failed_prs
rollback_rate
validation_failures
defect_rate
Score:
reputation:
0-20: probation
21-50: limited
51-80: trusted
81-100: strategic
25. Agent Quality Scoring
Per execution:
quality_score:
correctness
maintainability
test_coverage
architectural_compliance
security
26. Human Approval Matrix
| Change Type | Approval |
|---|---|
| Docs | Component Owner |
| Code | Component Owner |
| Schema | Architecture + Data Owner |
| Ruleset | Governance Owner |
| Contract Minor | Architecture |
| Contract Major | Architecture + CTO |
| Critical Blast Radius | CTO |
27. Production Safeguards
ACP SHALL block:
blocking_conditions:
missing_tests
failed_tests
missing_rollback
unresolved_contract_conflicts
unresolved_schema_conflicts
missing_approvals
28. Hecate Governance Drift Integration
Hecate is the institutional truth sentinel for ZAYAZ.
Hecate monitors alignment between canonical documentation, Jira execution records, Confluence engineering narratives, HubSpot RFC metadata, GitHub branches, pull requests, and agent outputs.
Hecate does not approve, modify, block, merge, deploy, or enforce authority. Instead, Hecate emits Hecate Governance Reports (HGRs) that describe detected drift. ACP consumes HGRs and applies execution policy.
28.1. Hecate Governance Report
hgr_id: HGR-2026-000001
source: hecate
status: open
severity: warning | high | critical
drift_score: 0-100
scope:
component_id:
semantic_id:
jira_issue:
github_pr:
affected_interfaces:
affected_contracts:
affected_schemas:
affected_rulesets:
findings:
- finding_id:
type:
- jira_mdx_drift
- contract_reference_missing
- undocumented_schema_change
- ruleset_linkage_missing
- consumer_impact_omitted
- implementation_doc_mismatch
canonical_source:
compared_source:
description:
evidence:
recommendation:
resolution:
required: true
resolved_by:
resolved_at:
resolution_note:
linked_change:
28.2. ACP Policy for HGRs
ACP SHALL pause agent execution when an unresolved HGR reaches blocking severity.
hgr_execution_policy:
warning:
action: annotate
coding_allowed: true
high:
action: pause_before_merge
coding_allowed: true
merge_allowed: false
critical:
action: pause_coding
coding_allowed: false
merge_allowed: false
requires_resolution: true
Normative Rule
Hecate reports drift.
ACP enforces execution pause.
No coding agent may continue execution when ACP receives an unresolved critical HGR linked to the same component, Jira ticket, branch, PR, interface, contract, schema, or ruleset.
28.3. Update Hecate operating model
Move Hecate from scheduled email-only runs to continuous drift monitoring.
Current:
Fixed scheduled scan
→ Email report
New:
Continuous event-driven monitoring
→ HGR generated
→ ACP receives HGR
→ Agent execution paused if needed
→ Human resolves drift
→ ACP resumes coding
Event sources Hecate should watch
hecate_event_sources:
- docusaurus_mdx_change
- jira_issue_created
- jira_issue_updated
- confluence_page_updated
- hubspot_rfc_updated
- github_pr_created
- github_pr_updated
- github_commit_pushed
- ruleset_registered
- schema_registered
- contract_registered
- interface_registered
Continuous Hecate pipeline
Source event
↓
Fetch canonical MDX
↓
Fetch compared artifact
↓
Resolve component / interface / contract / schema / ruleset
↓
Run drift checks
↓
Generate HGR
↓
Publish HGR event
↓
ACP evaluates execution policy
↓
Warn / pause merge / pause coding
Hecate = detects truth drift ACP = controls execution Human = resolves authority
29. Agent Swarm Architecture
Future capability.
ACP
↓
Coordinator
↓
Architecture Agent
Coding Agent A
Coding Agent B
Coding Agent C
Validation Agent
Governance Agent
30. Agent Marketplace
Future capability.
Agents become registered platform resources.
agent_catalog:
strategic
approved
experimental
prohibited
31. ACP Data Model
Core tables:
aar_agents
agent_capabilities
agent_permissions
agent_reputation
agent_executions
agent_events
agent_reviews
agent_context_packs
agent_deployments
32. ACP APIs
POST /api/acp/execute
POST /api/acp/validate
POST /api/acp/approve
POST /api/acp/deploy
GET /api/acp/executions/{id}
33. Relationship to Other Specifications
CIAS
↓
Defines governance
ZIR
↓
Defines interfaces
ZCT
↓
Defines contracts
HNC
↓
Defines needs
ZTS
↓
Defines technologies
ACP
↓
Executes safely
34. Normative Statement
ACP is the authoritative orchestration, governance, and control platform for all autonomous and semi-autonomous agents operating within ZAYAZ.
No agent may create, modify, approve, deploy, or govern ZAYAZ artifacts outside ACP supervision once ACP is adopted.
One additional recommendation
Before freezing ACP, I would create AAR — Agent Authority Registry Specification as a standalone canonical document (similar to ZIR and ZCT).
Right now AAR is embedded inside ACP. Given where ZAYAZ is heading (potentially hundreds of agents), AAR will eventually become its own registry specification with:
AAR Agent Authority Registry ACP Agent Control Plane HNC Need Creation ZIR Interface Registry ZCT Contract Taxonomy
That separation will scale much better when you reach thousands of autonomous executions per day.