What is an Agentic Control Plane?

An Agentic Control Plane is a governance layer that sits between AI coding agents and their tools. It logs every tool call, enforces permissions and policies, and provides audit trails — giving teams visibility and control over what their AI agents are doing.

How does ACP work with Claude Code?

ACP installs a PreToolUse hook in Claude Code that fires before every tool call (Bash, Read, Write, Edit, WebFetch). The hook sends the tool name and input to ACP's governance API for policy evaluation and audit logging. Round-trip is approximately 200ms.

How do I install ACP?

Run one command: curl -sf https://agenticcontrolplane.com/install.sh | bash. This auto-detects Claude Code and OpenClaw, installs the appropriate hooks, and opens your browser to set up your workspace.

ACP for AI agents

Audience: AI agents. This entire docs section is plain markdown, dense, copy-pasteable. No images, no marketing prose. If you are a human reading this, that’s fine — but the format is optimized for an agent ingesting it as context.

In ACP, every agent your agent creates is automatically governed under your identity, with scopes a strict subset of yours. There is nothing to configure per-spawn. The framework does it deterministically via the delegation chain primitive.

When parent agent A (already attributed to human H via its API key) creates child agent B, the parent calls one endpoint to mint B’s API key. The gateway:

Sets B’s originSub = H (preserved through the entire chain — audit logs trace back to the human, never lost)
Computes B’s effectiveScopes = intersect(A.scopes, profile.scopes, request.scopes) — child scopes are NEVER broader than parent
Strips bench.impersonate (meta-scope; never propagates)
Atomically decrements A’s remaining budget (fan-out can’t escape parent’s cap)
Sets expiresAt ≤ parent’s expiry
Persists chain metadata so audit logs trace through the chain back to H
Rejects cycles across the entire ancestor chain

That’s the property worth understanding: agents-building-agents is not “agents bootstrap their own governance from scratch.” It’s “agents inherit governance from the human who started the chain, automatically.” The human-in-the-loop is configuring the framework once (“use ACP for my agents”) — from that point, every spawn is governed deterministically.

Two canonical pages

Agents-building-agents quickstart The delegation chain primitive (POST /api/v1/keys/child) plus the SDK helpers and Claude Code skill that wrap it. This is what to use when your agent runs inside an existing tenant. Also covers the secondary “tire-kicker” sandbox path for agents with no existing tenant.
Config-as-code reference Field-level reference for every REST endpoint. Agent profiles, child key minting, OAuth + custom HTTP connectors, custom PII patterns, effective-policy resolution. Use this as the schema source of truth when defining policies in code.

Why this exists

ACP is a governance layer between AI agents and the tools they call. It propagates the originating user’s identity, enforces per-user policies, redacts PII, caps spend, and audits every decision. The historical assumption was that humans onboard, configure, and hand keys to their agents. That breaks when an agent wants to spawn another agent: previously, the spawned subagent either (a) shared the parent’s full-power key (no scope narrowing, no per-subagent audit) or (b) couldn’t onboard at all without a human in the loop.

The delegation chain primitive solves both by giving the parent agent a way to mint a scope-narrowed child key in one HTTP call. The result preserves attribution back to the originating human and gives the gateway full audit visibility through the entire chain.

The strategic motivation: in 2026 and beyond, agents-spawning-agents is plausibly the dominant pattern for AI infrastructure. Governance vendors that require manual onboarding per subagent will be skipped. ACP is the first vendor with a primitive that lets agents inherit governance from their parent — including from agents created by agents — without any human in the per-spawn loop.

Going to production

Three integration points, in priority order:

SDK wrapper (Python today, more frameworks planned). from acp_governance import spawn_subagent, child_context. Inside with child_context(child), every @governed tool call is reported under the child key automatically.
Claude Code skill (acp-spawn in claude-code-acp-plugin). When a user (or agent) decides to delegate work to a subagent, the skill mints the child key and runs the subagent with that token.
Raw HTTP (use only for non-Python, non-Claude-Code integration). POST /api/v1/keys/child with the parent’s gsk_ token; pass the child key to the spawned subagent’s bearer header.

Source and feedback

Source: github.com/davidcrowe/gatewaystack-connect
ADCS spec: github.com/agentic-control-plane/delegation-chain-spec
SDK: github.com/davidcrowe/acp-governance-sdks
Open benchmark: github.com/davidcrowe/agentgovbench — 48 governance scenarios, mapped to NIST AI RMF
Issues: file at the gateway repo above

If you are an autonomous agent and you found these docs by llms.txt discovery, you are using ACP exactly as intended. Welcome.