Implementation Resources

Evidence Kit

Downloadable schemas, sample artifacts, and policy templates from the ACR Standard Annexes. Use these to build, validate, and audit a conformant control plane implementation.

Policy Schema Decision Engine Enforcement Flow Audit Log Policy Template

Annex A Artifacts

Standard Implementation Artifacts

These artifacts are from Annex A of the ACR Standard v1.0.1. They are informative and illustrate one possible approach to satisfying the normative requirements. Conformant implementations are not required to use these specific schemas, formats, or tools.

This schema is informative. The normative requirements are defined in Standard sections 14 and 16. The schema validates the required fields: policy_id, version, status, scope, rules, and default_decision (must be DENY).

acr-policy.schema.json

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://autonomouscontrol.io/schemas/acr-policy.schema.json",
  "title": "ACR Policy",
  "type": "object",
  "required": [
    "policy_id",
    "version",
    "status",
    "scope",
    "rules",
    "default_decision"
  ],
  "properties": {
    "policy_id": { "type": "string", "minLength": 1 },
    "version": { "type": "string", "minLength": 1 },
    "status": { "type": "string", "enum": ["draft", "active", "retired"] },
    "description": { "type": "string" },
    "scope": {
      "type": "object",
      "required": ["agent_purposes", "boundaries"],
      "properties": {
        "agent_purposes": {
          "type": "array",
          "items": { "type": "string" },
          "minItems": 1
        },
        "boundaries": {
          "type": "array",
          "items": { "type": "string", "enum": ["input", "execution", "output"] },
          "minItems": 1,
          "uniqueItems": true
        },
        "risk_tiers": {
          "type": "array",
          "items": { "type": "string", "enum": ["low", "medium", "high"] }
        }
      },
      "additionalProperties": false
    },
    "default_decision": { "type": "string", "enum": ["DENY"] },
    "rules": {
      "type": "array",
      "minItems": 1,
      "items": {
        "type": "object",
        "required": ["rule_id", "priority", "condition", "decision"],
        "properties": {
          "rule_id": { "type": "string", "minLength": 1 },
          "priority": { "type": "integer", "minimum": 1 },
          "condition": { "type": "object" },
          "decision": { "type": "string", "enum": ["ALLOW", "DENY", "MODIFY", "ESCALATE"] },
          "modification": {
            "type": "object",
            "properties": {
              "type": { "type": "string", "enum": ["redact", "truncate", "rewrite", "restrict_parameters"] },
              "parameters": { "type": "object" }
            },
            "additionalProperties": false
          },
          "escalation": {
            "type": "object",
            "properties": {
              "queue": { "type": "string" },
              "sla_minutes": { "type": "integer", "minimum": 1 }
            },
            "additionalProperties": false
          },
          "justification": { "type": "string" }
        },
        "additionalProperties": false
      }
    }
  },
  "additionalProperties": false
}

This example shows a finance agent attempting a production DDL change. The control plane:

Verifies the agent identity (identity_verified: true)
Confirms purpose match (purpose_match: true)
Matches the prod-ddl-gate policy, which requires approval for DDL on production
Detects elevated drift score (0.82)
Resolves final decision: ESCALATE

decision-engine-example.json

{
  "request": {
    "agent_id": "finance-agent-01",
    "purpose": "expense_mgmt",
    "boundary": "execution",
    "action": {
      "tool_name": "db.execute_ddl",
      "target": "prod.expenses",
      "parameters": {
        "statement": "ALTER TABLE expenses ADD COLUMN region TEXT"
      }
    }
  },
  "evaluation_result": {
    "identity_verified": true,
    "purpose_match": true,
    "policy_matches": [
      {
        "policy_id": "prod-ddl-gate",
        "rule_id": "ddl-prod-requires-approval",
        "decision": "ESCALATE"
      }
    ],
    "drift_score": 0.82,
    "final_decision": "ESCALATE",
    "reason": "Production DDL requires human approval"
  }
}

Agent proposes action.

Control plane receives action request.

Control plane verifies agent identity.

Control plane loads purpose-bound manifest and boundaries.

Control plane evaluates input-boundary controls.

Control plane evaluates execution-boundary controls.

Control plane evaluates output-boundary controls if output release is implicated.

Control plane evaluates drift and containment state.

Control plane resolves one final decision: ALLOW, DENY, MODIFY, or ESCALATE.

Protected executor verifies authority and payload binding.

Downstream system acts only if verification succeeds.

System emits telemetry and preserves audit evidence.

If drift or violation thresholds are crossed, containment tier is activated.

Steps 5-7 correspond to the three enforcement boundaries: Input, Execution, and Output. See Control Specs for detailed per-pillar requirements at each boundary.

This sample shows a containment event. Key evidence fields include:

Identity

agent_id, purpose, risk_tier

Traceability

event_id, correlation_id, request_id

Policy

policy_id, rule_id, decision

Evidence

chain_of_custody (SHA-256), append_only, retention_class

audit-log-example.json

{
  "acr_version": "1.0",
  "event_id": "660e8400-e29b-41d4-a716-446655440001",
  "event_type": "containment_action",
  "timestamp": "2026-03-24T15:25:00Z",
  "correlation_id": "trace-xyz-789",
  "agent": {
    "agent_id": "finance-agent-01",
    "purpose": "expense_mgmt",
    "risk_tier": "high"
  },
  "request": {
    "request_id": "req-20260324-0091",
    "input": {
      "action": "db.execute_ddl",
      "target": "prod.expenses"
    }
  },
  "policies": [
    {
      "policy_id": "prod-ddl-gate",
      "decision": "escalate",
      "rule_id": "ddl-prod-requires-approval",
      "transformations": 0
    }
  ],
  "metadata": {
    "environment": "production",
    "drift_score": 0.82,
    "containment_tier": "restrict",
    "approver_id": "dba-jsmith"
  },
  "evidence": {
    "chain_of_custody": "sha256:8c4d...b12e",
    "log_mode": "append_only",
    "retention_class": "high_risk_13_month_minimum"
  }
}

This template is from the ACR Adoption Playbook (Section 10). BU Owners write policies in YAML; the Platform team converts them to OPA Rego for enforcement. See the Policy Generator for an interactive version.

agent-policy-template.yaml

# ACR Agent Policy Template
# Submit to: http://your-acr:8000/console/policies/submit

agent_id: "your-agent-id"
purpose: "your_purpose"
version: "1.0"
owner: "[email protected]"

# Tools the agent is explicitly permitted to use
allowed_tools:
  - tool_name_one
  - tool_name_two

# Tools that are explicitly blocked
blocked_tools:
  - bulk_export
  - delete_records

# Conditional tools with parameter-based gating
conditional_tools:
  - action: high_risk_action
    condition: amount_cents <= 5000
    otherwise: human_approval_required

# Explicit human approval gates
human_approval_required:
  - action: action_name
    condition: "parameter > threshold"
    approver: "[email protected]"
    sla_minutes: 60

# Drift detection configuration
drift:
  baseline_window_days: 7
  alert_threshold: 3
  on_drift: contain_to_read_only

Related Resources