Agentic Control Plane (ACP) — Governance for AI agents and the agents they call

6 min read Original article ↗

governance for ai agents

Claude Code · Anthropic SDK · OpenAI Agents SDK · CrewAI · LangGraph · MCP

Control your AI.
Including the agents it calls.

Every tool call — across every agent in the chain — logged, governed, and auditable. Install in 30 seconds.

activity · acme-corp · live LIVE

No code changes Works with your existing AI clients One hook Uninstall anytime

/ GET STARTED

Thirty seconds to your first audit row.

Pick your path. Coding agents install with one curl. Agent frameworks install with one pip install + decorator. Same governance either way. Remove any time.

$curl -sf https://agenticcontrolplane.com/install.sh | bash
→ detecting runtime... claude-code
→ writing ~/.claude/hooks/acp.sh
→ registering PreToolUse + PostToolUse hooks
→ verifying connection... ok
→ first call: ALLOW

Works with Claude Code, Cursor, Codex CLI, OpenClaw. Windows? irm https://agenticcontrolplane.com/install.ps1 | iex

$pip install acp-crewai

# Wrap any tool. ACP decides allow/deny/redact
# before your code runs.
from acp_crewai import governed

@tool("send_email")
@governed("send_email")
def send_email(to, subject, body):
...  # your code, your creds

Same pattern across CrewAI, LangGraph, OpenAI Agents SDK, Anthropic SDK, Google ADK, and MCP clients.

01

Install

One curl for AI clients. One pip install + decorator for agent frameworks. No code changes to your agent, no SDK integration.

02

Sign in

Your browser opens to the ACP console. A workspace is provisioned and an API key is saved to ~/.acp/credentials.

03

Your AI is governed

The next tool call your AI makes shows up in your audit log. Set policies when you're ready — or just let audit run for a while.

/ INTEGRATIONS

ACP runs everywhere your AI does.

Cross-cloud, cross-framework, cross-environment. Same audit log, same identity, same policy — whether your agents run in your IDE, in your code, or inside a hyperscaler's managed runtime. One control plane above all of them.

/ 01 — THE PROBLEM

Your AI doesn't make calls.
It makes chains of calls.

A user asks. An orchestrator plans. Subagents delegate to subagents. At depth three or four, tools get called — and nothing is governing the chain end-to-end. Identity drops. Scopes widen. Audit fragments. The agent frameworks on the market weren't designed to be governed across the whole chain.

Useridentified

Orchestratoridentity preserved

↓ identity lost

Subagentunknown caller

Subagentunknown caller

Toolunknown caller

Who called? On whose behalf? With what scope? Was it allowed? Most agent systems can't answer past the first hop.

/ 02 — GOVERNANCE ACROSS THE GRAPH

Root identity preserved.
Scopes narrowed at every hop.

An example agentic delegation chain, governed end-to-end. A user asks an AI agent to do something. That agent delegates to a subagent. The subagent calls a tool. Each hop inherits a narrower slice of the root user's permission. Every call carries verified root identity all the way to the tool. Audit reconstructs the whole chain.

Agentic delegation chain · 4 hops deep

● HUMAN USER

Alice

github.* · slack.* · jira.*

budget $5.00

◆ AI AGENT

PR Reviewer

github.pr.*

budget $5.00 (narrowed)

◆ AI SUBAGENT

Security Scanner

secrets.scan

budget $1.00 (narrowed)

■ TOOL

sast.run

x-user-uid: alice

ALLOW · 2.3s · $0.14

CHAIN · d=3 · root=auth0|alice · tool=sast.run SCOPE NARROWED 3× · ROOT IDENTITY PRESERVED

/ 03 — THE PIPELINE

Every call in the chain, six gates.

Every call in the delegation chain — no matter how deep the chain goes — passes through all six governance gates, in order. No call skips them.

/ 01

Identity

RS256 JWT verified against your IdP's JWKS on every call.

/ 02

Safety

PII scan and secret redaction on input and output.

/ 03

Policy

Runtime authorization, deny-by-default. Scopes, rate limits, and ABAC applied per call.

/ 04

Usage

Rate and budget caps per user, per workspace, per tier.

/ 05

Routing

x-user-uid propagated. SSRF guard on outbound calls.

/ 06

Audit

Structured, immutable log. Streams to your SIEM or ours.

/ 04 — WHAT YOU GET

Every call in the chain, three axes of governance.

Identity · policy · observability. The same primitives you expect from a modern devtool, applied across the whole agent call chain.

/ IDENTITY

Every call, attributable.

Propagate user identity from SSO all the way to the tool. x-user-uid in every header. SELECT * WHERE user_id works again.

Supports: Auth0 · Okta · Google · Azure AD
Claims: sub · scope · org · custom ABAC

/ POLICY

Deny by default, scoped.

Write rules once, applied across every agent tier. Narrow scopes per delegation hop. Test before deploy, diff before merge.

Layers: scope · ABAC · rate · plan · content
Backends: OPA · Cedar · native rules

/ OBSERVABILITY

Structured logs, auditable.

Every call emits a signed, immutable row. Decision, timing, cost, chain depth, root identity. Streams to your SIEM or ours.

Sinks: Datadog · Splunk · S3 · Webhook
Retention: 90d included · unlimited on enterprise

/ 05 — ONE PLACE TO SEE IT

Every call in the chain, one console.

Activity, policies, and audit for every tool call — surfaced in one dashboard. Click any screenshot to expand.

ACP dashboard overview — governed agents, identities, policies at a glance
Overview Every tenant sees the same starting view — governed agents, tool-call volume, identities, active policies.
Activity log — every tool call with decision, reason, chain provenance
Activity log Every governed call logged with identity, decision, reason, PII findings, delegation chain. Filter by user, tool, decision, or session.
Policies — per-tool, per-tier, per-user rules with mode toggle
Policies Workspace-wide tool policies, per-agent-tier rules, per-user overrides. Most-restrictive-wins resolution, audit-mode and enforce-mode per rule.

/ 06 — PRICING

Start free. Pay for what you use.

Metered by tool call — scales with your agents, not your seat count. Full feature set on every tier.

Free

Individuals and small teams

$0/ mo

  • 50,000 tool calls / month
  • Full identity, policy, PII detection, audit
  • Unlimited seats & API keys
  • 30-day audit retention
  • Community support

Open the console →

Most teams

Pro

Teams shipping agents to production

$49/ mo

  • 100,000 calls included · $0.30/1K thereafter
  • Everything in Free
  • 90-day audit retention
  • Per-user rate limits & budgets
  • Custom PII patterns
  • Email support

Upgrade to Pro →

Enterprise

Compliance, scale, and SLA

Custom

  • Annual commit with volume discount
  • Unlimited audit retention
  • SSO (SAML / OIDC) & DPA
  • Compliance evidence: audit exports for SOC 2, HIPAA, ISO 27001 workflows
  • SIEM forwarding (Datadog, Splunk, S3)
  • Multi-region deployment
  • Dedicated support & custom SLA

Book a call →

See full pricing details, FAQ, and examples at /pricing →

Thirty seconds to your first audit row.

One curl. No credit card. 50,000 calls/month free.

install · macOS / Linux

$curl -sf https://agenticcontrolplane.com/install.sh | bash
→ detecting runtime... claude-code
→ writing ~/.claude/hooks/acp.sh
→ verifying connection... ok
→ first call: ALLOW