Skip to main content
Jira progress: loading…

APC

Agent Control Plane Specification

ACP is the operational brain that sits between:

HNC (Needs)

ZIR (Interfaces)

ZCT (Contracts)

ZTS (Technology Standards)

ACP

Agents

GitHub

WTE

Humans

Production

1. Purpose

ACP is the authoritative governance and orchestration platform for all autonomous and semi-autonomous agents operating within ZAYAZ.

ACP ensures:

  • Controlled autonomy
  • Traceability
  • Compliance
  • Security
  • Architectural consistency
  • Safe scaling to thousands of engineering tasks

2. Core Principle

Humans define intent
Hecate resolves architecture
ACP governs execution
Agents implement
Humans approve

3. ACP Responsibilities

ACP SHALL govern:

responsibilities:
- agent_registry
- capability_management
- permission_management
- routing
- execution_tracking
- audit_logging
- quality_scoring
- trust_management
- deployment_authorization
- human_approval_enforcement

4. Agent Registry (AAR)

Agent Authority Registry

Every agent must exist in AAR.

aar_id: AAR-000001
agent_id: ACP-CODEX-001
name: Codex
class: coding
status: active
version: 5.2
owner:
platform-engineering
trust_level:
controlled
capabilities:
- code_generation
- unit_test_generation

5. Agent Classes

classes:
intake:
- Hecate
architecture:
- ZARA
coding:
- Codex
- Claude Code
validation:
- WTE
governance:
- FAGF
assurance:
- TrustGate
analytics:
- Computation Hub
deployment:
- Release Agents

6. Agent Capability Model

Capabilities are granular.

capabilities:
read_component
read_contract
read_schema
read_ruleset
create_code
modify_code
create_tests
create_docs
create_pr
request_review
deploy_non_prod

Capabilities are never implied.


7. Agent Permission Model

Permissions are environment-specific.

permissions:
development
testing
staging
production

Example:

Codex:
development:
create_code
staging:
create_pr
production:
none

8. Agent Trust Levels

trust_levels:
sandbox
restricted
controlled
elevated
strategic

Sandbox

Experiments only

Restricted

Documentation
Analysis

Controlled

Code generation
PR generation

Elevated

Cross-component orchestration

Strategic

ACP
Hecate
ZARA

9. Agent Routing Engine

ACP selects agents based on:

routing_inputs:
change_type
component_classification
blast_radius
security_level
required_capabilities

Example:

Bug Fix

Codex
Schema Change

Codex
+
WTE
Contract Change

ZARA
+
Codex
+
Human

10. Agent Context Pack Specification

Generated by Hecate.

context_pack:
component:
interfaces:
contracts:
schemas:
rulesets:
acceptance_criteria:
test_plan_ref:
rollback_plan_ref:
blast_radius:

Agents must not operate without a context pack.


11. Multi-Agent Collaboration

Supported patterns:

patterns:
sequential
parallel
hierarchical
swarm

Sequential

ZARA

Codex

WTE

Parallel

Codex
Claude

Comparison

Best Result

Hierarchical

ACP

Supervisor Agent

Worker Agents

12. Agent Lifecycle

states:
registered
active
suspended
quarantined
deprecated
retired

13. Execution Lifecycle

execution:
queued
assigned
executing
validating
awaiting_approval
approved
rejected
deployed

14. Agent Audit & ALTD Integration

Every action emits:

events:
AgentAssigned
AgentStarted
AgentCompleted
AgentFailed
AgentApproved
AgentRejected

Event structure:

event:
event_id:
agent_id:
timestamp:
need_id:
artifact_refs:
hash:

15. GitHub Integration

ACP may:

allowed:
create_branch
create_code
create_pr
update_pr
request_review

ACP may not:

prohibited:
force_push_main
bypass_protection
direct_prod_merge

16. Jira Integration

ACP consumes:

jira:
issue_id
component_id
affected_contracts
affected_rulesets
affected_schemas
blast_radius
approvals_required

17. Hecate Integration

Hecate supplies:

hecate_output:
context_pack
blast_radius
test_plan
rollback_plan
governance_requirements

ACP refuses execution if Hecate resolution is incomplete.


18. ZIR Integration

ACP uses ZIR for:

interface_resolution:
producer
consumers
schemas
workflows

19. ZCT Integration

ACP uses ZCT to validate:

contracts:
compatibility
semver
breaking_changes
approval_requirements

20. Workflow Test Engine Integration

Before merge:

required:
unit
integration
workflow
contract
replay
regression

Results:

test_results:
passed
failed
blocked

21. Blast Radius Integration

ACP consumes:

blast_radius:
score:
level:
affected_components:
affected_workflows:

Rules:

critical:
requires_cto: true
high:
requires_architecture_review: true

22. Deployment Governance

Deployment path:

Need

Hecate

ACP

Agent

PR

Validation

Approval

Deployment

ACP authorizes deployment progression.

ACP never bypasses approvals.


23. Agent Security Model

Mandatory controls:

controls:
least_privilege
zero_trust
signed_actions
immutable_logs
environment_isolation
secret_redaction

24. Agent Reputation System

ACP tracks quality.

metrics:
successful_prs
failed_prs
rollback_rate
validation_failures
defect_rate

Score:

reputation:
0-20: probation
21-50: limited
51-80: trusted
81-100: strategic

25. Agent Quality Scoring

Per execution:

quality_score:
correctness
maintainability
test_coverage
architectural_compliance
security

26. Human Approval Matrix

Change TypeApproval
DocsComponent Owner
CodeComponent Owner
SchemaArchitecture + Data Owner
RulesetGovernance Owner
Contract MinorArchitecture
Contract MajorArchitecture + CTO
Critical Blast RadiusCTO

27. Production Safeguards

ACP SHALL block:

blocking_conditions:
missing_tests
failed_tests
missing_rollback
unresolved_contract_conflicts
unresolved_schema_conflicts
missing_approvals

28. Hecate Governance Drift Integration

Hecate is the institutional truth sentinel for ZAYAZ.

Hecate monitors alignment between canonical documentation, Jira execution records, Confluence engineering narratives, HubSpot RFC metadata, GitHub branches, pull requests, and agent outputs.

Hecate does not approve, modify, block, merge, deploy, or enforce authority. Instead, Hecate emits Hecate Governance Reports (HGRs) that describe detected drift. ACP consumes HGRs and applies execution policy.

28.1. Hecate Governance Report

hgr_id: HGR-2026-000001
source: hecate
status: open
severity: warning | high | critical
drift_score: 0-100
scope:
component_id:
semantic_id:
jira_issue:
github_pr:
affected_interfaces:
affected_contracts:
affected_schemas:
affected_rulesets:
findings:
- finding_id:
type:
- jira_mdx_drift
- contract_reference_missing
- undocumented_schema_change
- ruleset_linkage_missing
- consumer_impact_omitted
- implementation_doc_mismatch
canonical_source:
compared_source:
description:
evidence:
recommendation:
resolution:
required: true
resolved_by:
resolved_at:
resolution_note:
linked_change:

28.2. ACP Policy for HGRs

ACP SHALL pause agent execution when an unresolved HGR reaches blocking severity.

hgr_execution_policy:
warning:
action: annotate
coding_allowed: true
high:
action: pause_before_merge
coding_allowed: true
merge_allowed: false
critical:
action: pause_coding
coding_allowed: false
merge_allowed: false
requires_resolution: true

Normative Rule

Hecate reports drift.

ACP enforces execution pause.

No coding agent may continue execution when ACP receives an unresolved critical HGR linked to the same component, Jira ticket, branch, PR, interface, contract, schema, or ruleset.

28.3. Update Hecate operating model

Move Hecate from scheduled email-only runs to continuous drift monitoring.

Current:
Fixed scheduled scan
→ Email report

New:
Continuous event-driven monitoring
→ HGR generated
→ ACP receives HGR
→ Agent execution paused if needed
→ Human resolves drift
→ ACP resumes coding

Event sources Hecate should watch

hecate_event_sources:
- docusaurus_mdx_change
- jira_issue_created
- jira_issue_updated
- confluence_page_updated
- hubspot_rfc_updated
- github_pr_created
- github_pr_updated
- github_commit_pushed
- ruleset_registered
- schema_registered
- contract_registered
- interface_registered

Continuous Hecate pipeline

Source event

Fetch canonical MDX

Fetch compared artifact

Resolve component / interface / contract / schema / ruleset

Run drift checks

Generate HGR

Publish HGR event

ACP evaluates execution policy

Warn / pause merge / pause coding

Hecate = detects truth drift ACP = controls execution Human = resolves authority


29. Agent Swarm Architecture

Future capability.

ACP

Coordinator

Architecture Agent
Coding Agent A
Coding Agent B
Coding Agent C
Validation Agent
Governance Agent

30. Agent Marketplace

Future capability.

Agents become registered platform resources.

agent_catalog:
strategic
approved
experimental
prohibited

31. ACP Data Model

Core tables:

aar_agents
agent_capabilities
agent_permissions
agent_reputation
agent_executions
agent_events
agent_reviews
agent_context_packs
agent_deployments

32. ACP APIs

POST /api/acp/execute
POST /api/acp/validate
POST /api/acp/approve
POST /api/acp/deploy
GET /api/acp/executions/{id}

33. Relationship to Other Specifications

CIAS

Defines governance
ZIR

Defines interfaces
ZCT

Defines contracts
HNC

Defines needs
ZTS

Defines technologies
ACP

Executes safely

34. Normative Statement

ACP is the authoritative orchestration, governance, and control platform for all autonomous and semi-autonomous agents operating within ZAYAZ.

No agent may create, modify, approve, deploy, or govern ZAYAZ artifacts outside ACP supervision once ACP is adopted.


One additional recommendation

Before freezing ACP, I would create AAR — Agent Authority Registry Specification as a standalone canonical document (similar to ZIR and ZCT).

Right now AAR is embedded inside ACP. Given where ZAYAZ is heading (potentially hundreds of agents), AAR will eventually become its own registry specification with:

AAR Agent Authority Registry ACP Agent Control Plane HNC Need Creation ZIR Interface Registry ZCT Contract Taxonomy

That separation will scale much better when you reach thousands of autonomous executions per day.




GitHub RepoRequest for Change (RFC)