Section navigation
Protocol Custody Gap Analysis
The agent interoperability ecosystem now includes protocols for connection, coordination, commerce, payment, authorization, rendering, streaming, and value exchange. Each protocol solves a distinct operational problem. None governs the lifecycle of the records created when those protocols operate.
This page maps representative protocols against ARCS control families, identifies the artifact classes each protocol generates, and describes the governance gap that persists at each protocol boundary.
Scope Boundary
ARCS does not govern the operational semantics of any protocol listed below. It governs the records those protocols create as a byproduct of ordinary operation: session logs, tool invocation traces, inter-agent conversation records, transaction artifacts, authorization chains, rendering event logs, and payment authorization traces.
The organizing principle is:
- Action protocols (MCP, A2A, A2UI, AG-UI) govern what agents do and how they coordinate.
- Commerce and payment protocols (UCP, AP2, x402) govern how agents transact value.
- ARCS governs the records created at both boundaries.
ARCS is outside scope for payment execution semantics, settlement mechanics, blockchain finality, facilitator economics, and payment network design. ARCS is inside scope for the mutable, operator-governed records created around those infrastructure-fixed events: payment authorization traces, facilitator verification records, delegation and spend-authority records, session-correlation records, and received-data context records tied to paid access.
Protocol Table
| Protocol | Layer | What It Governs | Artifact Classes Created | What It Does Not Govern |
|---|---|---|---|---|
| MCP | Connection | Agent-to-tool connectivity, resource access, prompt handling, session lifecycle | Tool invocation request-response pairs, session metadata, resource read logs, prompt artifacts, stderr server logs | Retention of request-response records; lifecycle controls for session metadata; deletion verification across tool providers |
| A2A | Coordination | Agent-to-agent discovery, message exchange, task delegation | Inter-agent conversation records, Agent Card discovery logs, task delegation chains, streaming event logs | Which party retains conversation records; whether retention is symmetric; lifecycle controls across organizational boundaries |
| UCP | Commerce | Shopping lifecycle: catalog discovery, checkout, order completion | Checkout sessions, line item records, payment references, order confirmations | Retention periods for transaction records; lifecycle controls for agent-generated order records; production obligations |
| AP2 | Payment authorization | Cryptographic mandate chains: IntentMandate, PaymentMandate, PaymentReceipt | Authorization attestations, intent mandates, cart mandates, orchestration graph records | Lifecycle governance for mandate chain records; retention of pre-authorization deliberative records; cross-party custody allocation |
| x402 | Value exchange | Payments embedded in HTTP requests; agent-native payment over standard web infrastructure | Payment intent records, facilitator verification records, transaction authorization records, merchant-side receipts, processor intermediary copies, declined/failed transaction records | Lifecycle governance for off-chain explanatory records; retention of payment authorization traces across facilitators; custody of session-correlation records linking paid access to interaction context |
| A2UI | Rendering | Agent-to-user interface rendering, widget composition | Widget render events, user interaction logs, UI state records | Retention of interaction logs; lifecycle of rendered-content records; user-session correlation persistence |
| AG-UI | Streaming | Real-time agent-user event streaming | Streaming event logs, lifecycle event records, tool execution traces | Retention of streaming event history; lifecycle controls for real-time event records |
Cross-Cutting Record Class: Governance-Layer Records
The protocols listed above generate records as a direct consequence of agent workflow execution. A distinct and increasingly consequential record class arises when governance controls are deployed around those protocols.
Runtime governance infrastructure, including validators, mutators, observability interceptors, confidence-gated autonomy controls, and content filters, creates its own record surfaces during ordinary operation. These governance-layer records are structurally different from the workflow records they govern:
- Validator decision records document that a check occurred, what the check found, and whether the message was accepted or blocked.
- Mutator transformation records document the original content before transformation and the modified content after transformation, including pre-redaction payloads that may constitute the highest-sensitivity record class in the system.
- Observability audit logs capture the full payload of every operation, including timing, principal identity, trace identifiers, and session metadata.
- Attestation artifacts provide cryptographic proof that a governance event occurred, without governing the lifecycle of the record that event produced.
Governance-layer records are generated independently on both sides of trust boundaries. When governance controls operate at a boundary between systems controlled by different parties, both parties independently produce decision records, transformation records, and audit logs for the same underlying event. This creates a cross-party custody problem that no individual protocol addresses.
The governance-layer record class applies across all protocols in the table above. Any protocol that acquires governance middleware, whether through interceptors (as proposed for MCP via SEP-1763), through confidence-gated autonomy (as implemented in healthcare agent systems), or through content filtering and policy enforcement, will generate governance-layer records with independent lifecycle requirements.
ARCS control families applicable to governance-layer records include LIF (lifecycle boundary identification), CUS (custody allocation across trust boundaries), TAX (classification of governance-layer records as distinct from workflow records), PV (verification that retention policies propagate across interceptor chains), and DEL (deletion verification for governance-layer records that may persist after session termination).
For a detailed worked example of governance-layer record surfaces in an enterprise interceptor workflow, see Annex AO.
Paired Record Environments
Several protocols in the table above create paired record environments: permanent infrastructure-anchored records alongside mutable operator-governed records.
AP2 mandate chains produce cryptographic commitments that are designed to persist indefinitely for dispute resolution and audit. The deliberative records created during the agent's decision process (product comparison, price evaluation, alternative assessment) are mutable, fragmented, and subject to operator retention policies that may differ from the mandate's persistence requirements.
x402 payment events may produce settlement records on public blockchain infrastructure that are permanent and externally verifiable. The off-chain interaction records that explain the transaction context (what was purchased, why, under what delegation authority, what alternatives were considered) remain mutable, operator-governed, and subject to lifecycle drift. ARCS governs the mutable explanatory layer without governing the settlement mechanics.
The paired record environment concept is described in detail on the Paired Record Environments context page.
ARCS Control Family Mapping
Each protocol's artifact classes map against ARCS control families as follows.
| ARCS Family | MCP | A2A | UCP | AP2 | x402 | A2UI | AG-UI | Governance Layer |
|---|---|---|---|---|---|---|---|---|
| LIF (Record Lifecycle) | Tool invocation retention | Conversation record lifecycle | Transaction record retention | Mandate chain lifecycle | Payment trace lifecycle | Widget interaction retention | Event stream retention | Interceptor log lifecycle |
| CUS (Custody Surface) | Tool provider custody | Cross-org conversation custody | Merchant/agent custody split | Mandate chain custody allocation | Facilitator/processor/merchant custody | UI platform custody | Stream platform custody | Trust boundary dual custody |
| TAX (Record Taxonomy) | Request-response classification | Message type classification | Transaction type classification | Mandate type classification | Payment event classification | Render event classification | Event type classification | Governance record classification |
| OPB (Operator Boundary) | Tool provider boundary | Agent operator boundary | Merchant/commerce boundary | Payment processor boundary | Facilitator boundary | UI platform boundary | Stream platform boundary | Interceptor operator boundary |
| DEL (Delegation and Memory) | Agent memory across tools | Agent memory across agents | Agent memory across merchants | Delegation authority chain | Spend authority delegation | User context persistence | Session context persistence | Governance state persistence |
Monitoring
Protocol governance gap convergence should be monitored across several dimensions.
MCP interceptor SEP progression. SEP-1763 is currently an open proposal with 97 comments. If it advances to accepted status without addressing lifecycle governance for interceptor-generated records, that progression constitutes protocol-level evidence of the runtime-lifecycle gap. The SEP's compliance section acknowledges retention as a concern but does not specify governance.
x402 Foundation governance development. The x402 Foundation, announced April 2, 2026, is stewarded by the Linux Foundation with participation from AWS, Google, Microsoft, Stripe, Visa, Mastercard, American Express, Cloudflare, Shopify, Coinbase, and others. Monitor for any lifecycle governance provisions in the protocol specification, particularly for off-chain explanatory records and facilitator-held payment traces.
AP2 and UCP specification evolution. Monitor for retention, custody, or lifecycle governance additions to UCP and AP2 specifications. Current versions do not address these questions.
A2A conversation record governance. Monitor for provisions addressing which party retains inter-agent conversation records and whether retention obligations are symmetric across organizational boundaries.
ARCS v1.0 | Protocol Custody Gap Analysis | arcsstandard.org