Agentic Control Plane

Trust, identity, and governance for LLM & agentic apps

The Agentic Control Plane is the layer that turns raw LLM runtimes and tools into user-scoped, policy-aware systems. Built on the Gatewaystack project, it sits between ChatGPT Apps SDK / MCP and your backend, handling authentication, per-tool scopes, and governance.

View Gatewaystack on GitHub

While wiring my app Inner into ChatGPT through the OpenAI Apps SDK, I hit a familiar wall: there was no clear place for user identity, scopes, and data-access policy to live.

I could get an LLM to call tools. I could talk to Firestore and other backends. But there was no shared layer that said: Who is this user? What are they allowed to do? Which tools may run against which data?

Gatewaystack started as a way to solve that problem for one app. The vision for the Agentic Control Plane is to turn those building blocks into a reusable, open-source layer for identity, trust, and governance across LLM and agentic systems.

User

consent · scopes

LLM runtime

ChatGPT Apps SDK · Anthropic MCP

OIDC · JWT (RS256)

3
Agentic Control Plane
Gatewaystack · trust & policy gateway

API calls · verified audience

Your backend & data

Cloud Run · Firestore · APIs

Four-party trust: User → LLM runtime → Agentic Control Plane (Gatewaystack) → Your backend. The control plane handles identity, OIDC / JWT validation (aud, scope), per-tool scopes, and user-scoped calls into your infrastructure.

What the Agentic Control Plane covers

OIDC / OAuth2 integration
RS256 JWT validation
Per-tool scopes & consent
User-scoped data access
Apps SDK / MCP aware
LLM tool governance
Routing & policy hooks
Cloud Run / Firestore ready