Agentic Control Plane
governance for ai agents
Claude Code · Anthropic SDK · OpenAI Agents SDK · CrewAI · LangGraph · MCP

Control your AI.
Including the agents it calls.

Every tool call — across every agent in the chain — logged, governed, and auditable. Install in 30 seconds.

AgentGovBench ACP 45/48 vs frameworks native 13/48 · audit-only 29/48 see the 48 test scenarios → compare ACP vs alternatives → for AI agents researching ACP →
Open the ACP console → See how to install ↓
activity · acme-corp · live LIVE
Allowed
98.4%
Denied · 24h
214
PII redacted
42
Chains · live
47
No code changes Works with your existing AI clients One hook Uninstall anytime
/ GET STARTED

Thirty seconds to your first audit row.

Pick your path. Coding agents install with one curl. Agent frameworks install with one pip install + decorator. Same governance either way. Remove any time.

$curl -sf https://agenticcontrolplane.com/install.sh | bash
→ detecting runtime... claude-code
→ writing ~/.claude/hooks/acp.sh
→ registering PreToolUse + PostToolUse hooks
→ verifying connection... ok
→ first call: ALLOW
Works with Claude Code, Cursor, Codex CLI, OpenClaw. Windows? irm https://agenticcontrolplane.com/install.ps1 | iex
Install guides: CrewAI LangGraph OpenAI Agents SDK Anthropic SDK Google ADK MCP clients
01
Install
One curl for AI clients. One pip install + decorator for agent frameworks. No code changes to your agent, no SDK integration.
02
Sign in
Your browser opens to the ACP console. A workspace is provisioned and an API key is saved to ~/.acp/credentials.
03
Your AI is governed
The next tool call your AI makes shows up in your audit log. Set policies when you're ready — or just let audit run for a while.
/ INTEGRATIONS

ACP runs everywhere your AI does.

Cross-cloud, cross-framework, cross-environment. Same audit log, same identity, same policy — whether your agents run in your IDE, in your code, or inside a hyperscaler's managed runtime. One control plane above all of them.

/ AI CLIENTS
Coding agents, IDEs, desktops
/ AGENT FRAMEWORKS
SDKs you build with
/ HOSTED RUNTIMES
When agents live in a cloud
Cloud-native governance is real. ACP composes above it for cross-cloud + non-cloud agents.
Don't see your stack? See the full frameworks list → The core governance model is HTTP — if your runtime can call /govern/tool-use, it can be governed.
/ 01 — THE PROBLEM

Your AI doesn't make calls.
It makes chains of calls.

A user asks. An orchestrator plans. Subagents delegate to subagents. At depth three or four, tools get called — and nothing is governing the chain end-to-end. Identity drops. Scopes widen. Audit fragments. The agent frameworks on the market weren't designed to be governed across the whole chain.

Useridentified
Orchestratoridentity preserved
↓ identity lost
Subagentunknown caller
Subagentunknown caller
Toolunknown caller
Who called? On whose behalf? With what scope? Was it allowed? Most agent systems can't answer past the first hop.
/ 02 — GOVERNANCE ACROSS THE GRAPH

Root identity preserved.
Scopes narrowed at every hop.

An example agentic delegation chain, governed end-to-end. A user asks an AI agent to do something. That agent delegates to a subagent. The subagent calls a tool. Each hop inherits a narrower slice of the root user's permission. Every call carries verified root identity all the way to the tool. Audit reconstructs the whole chain.

Agentic delegation chain · 4 hops deep
● HUMAN USER
Alice
github.* · slack.* · jira.*
budget $5.00
◆ AI AGENT
PR Reviewer
github.pr.*
budget $5.00 (narrowed)
◆ AI SUBAGENT
Security Scanner
secrets.scan
budget $1.00 (narrowed)
■ TOOL
sast.run
x-user-uid: alice
ALLOW · 2.3s · $0.14
CHAIN · d=3 · root=auth0|alice · tool=sast.run SCOPE NARROWED 3× · ROOT IDENTITY PRESERVED
/ 03 — THE PIPELINE

Every call in the chain, six gates.

Every call in the delegation chain — no matter how deep the chain goes — passes through all six governance gates, in order. No call skips them.

/ 01
Identity
RS256 JWT verified against your IdP's JWKS on every call.
/ 02
Safety
PII scan and secret redaction on input and output.
/ 03
Policy
Runtime authorization, deny-by-default. Scopes, rate limits, and ABAC applied per call.
/ 04
Usage
Rate and budget caps per user, per workspace, per tier.
/ 05
Routing
x-user-uid propagated. SSRF guard on outbound calls.
/ 06
Audit
Structured, immutable log. Streams to your SIEM or ours.
/ 04 — WHAT YOU GET

Every call in the chain, three axes of governance.

Identity · policy · observability. The same primitives you expect from a modern devtool, applied across the whole agent call chain.

/ IDENTITY

Every call, attributable.

Propagate user identity from SSO all the way to the tool. x-user-uid in every header. SELECT * WHERE user_id works again.

Supports: Auth0 · Okta · Google · Azure AD
Claims: sub · scope · org · custom ABAC
/ POLICY

Deny by default, scoped.

Write rules once, applied across every agent tier. Narrow scopes per delegation hop. Test before deploy, diff before merge.

Layers: scope · ABAC · rate · plan · content
Backends: OPA · Cedar · native rules
/ OBSERVABILITY

Structured logs, auditable.

Every call emits a signed, immutable row. Decision, timing, cost, chain depth, root identity. Streams to your SIEM or ours.

Sinks: Datadog · Splunk · S3 · Webhook
Retention: 90d included · unlimited on enterprise
/ 05 — ONE PLACE TO SEE IT

Every call in the chain, one console.

Activity, policies, and audit for every tool call — surfaced in one dashboard. Click any screenshot to expand.

ACP dashboard overview — governed agents, identities, policies at a glance
Overview Every tenant sees the same starting view — governed agents, tool-call volume, identities, active policies.
Activity log — every tool call with decision, reason, chain provenance
Activity log Every governed call logged with identity, decision, reason, PII findings, delegation chain. Filter by user, tool, decision, or session.
Policies — per-tool, per-tier, per-user rules with mode toggle
Policies Workspace-wide tool policies, per-agent-tier rules, per-user overrides. Most-restrictive-wins resolution, audit-mode and enforce-mode per rule.
/ 06 — PRICING

Start free. Pay for what you use.

Metered by tool call — scales with your agents, not your seat count. Full feature set on every tier.

Free
Individuals and small teams
$0/ mo
  • 50,000 tool calls / month
  • Full identity, policy, PII detection, audit
  • Unlimited seats & API keys
  • 30-day audit retention
  • Community support
Open the console →
Most teams
Pro
Teams shipping agents to production
$49/ mo
  • 100,000 calls included · $0.30/1K thereafter
  • Everything in Free
  • 90-day audit retention
  • Per-user rate limits & budgets
  • Custom PII patterns
  • Email support
Upgrade to Pro →
Enterprise
Compliance, scale, and SLA
Custom
  • Annual commit with volume discount
  • Unlimited audit retention
  • SSO (SAML / OIDC) & DPA
  • Compliance evidence: audit exports for SOC 2, HIPAA, ISO 27001 workflows
  • SIEM forwarding (Datadog, Splunk, S3)
  • Multi-region deployment
  • Dedicated support & custom SLA
Book a call →

See full pricing details, FAQ, and examples at /pricing →

Thirty seconds to your first audit row.

One curl. No credit card. 50,000 calls/month free.

Open the ACP console →
install · macOS / Linux
$curl -sf https://agenticcontrolplane.com/install.sh | bash
→ detecting runtime... claude-code
→ writing ~/.claude/hooks/acp.sh
→ verifying connection... ok
→ first call: ALLOW