What is an Agentic Control Plane?

An Agentic Control Plane is a governance layer that sits between AI coding agents and their tools. It logs every tool call, enforces permissions and policies, and provides audit trails — giving teams visibility and control over what their AI agents are doing.

How does ACP work with Claude Code?

ACP installs a PreToolUse hook in Claude Code that fires before every tool call (Bash, Read, Write, Edit, WebFetch). The hook sends the tool name and input to ACP's governance API for policy evaluation and audit logging. Round-trip is approximately 200ms.

How do I install ACP?

Run one command: curl -sf https://agenticcontrolplane.com/install.sh | bash. This auto-detects Claude Code and OpenClaw, installs the appropriate hooks, and opens your browser to set up your workspace.

OpenAI on Bedrock: what the partnership covers, and what's beyond it

David Crowe · 5 min read

aws bedrock openai gpt-5-5 agentcore news governance

OpenAI announced the next phase of its partnership with AWS this week. The headline: OpenAI’s frontier models, including GPT-5.5, are now available on Amazon Bedrock — alongside Codex and an upcoming “Bedrock Managed Agents powered by OpenAI” runtime. AWS gets exclusive rights to host the new “Frontier” agent tool. The strategic pitch from OpenAI’s CEO: meeting customers where they are.

For AWS-native enterprises, this is genuinely useful. GPT-5.5 inside Bedrock means OpenAI models inherit AWS’s governance surface — IAM policies, AgentCore Policy enforcement, CloudWatch logs, frozen-snapshot MCP approval, the works.

The partnership extends Bedrock’s governance reach to OpenAI traffic for AWS-hosted agents — that’s the meaningful part. There are three additional architectural surfaces in most production AI deployments where a complementary intercept point composes well alongside the Bedrock + AgentCore layer. Worth being clear about each.

1. Coding agents on developer laptops

Most production agentic blast radius in 2026 doesn’t live in a cloud runtime. It lives in /Users/dev/.claude/. It lives in Cursor’s Composer panel. It lives in ~/.codex/config.json. These are autonomous coding agents running on developer machines with full shell access, file-write capabilities, git authority, and credential access via .env files.

GPT-5.5 in Codex CLI is exactly the example: announced this week, deployed to developer laptops globally, calling shell commands with whatever blast radius the developer’s machine has. That traffic doesn’t route through Bedrock — it lives at a different architectural layer than AgentCore is designed to govern.

The governance answer for this surface is hooks at the coding-agent layer — PreToolUse and PostToolUse for Claude Code, equivalent for Codex CLI, Cursor’s hook surface. These are where the actual policy enforcement happens for the coding-agent tier. Bedrock isn’t in the path.

If your enterprise has Claude Code installed on developer machines (and at this point, what enterprise doesn’t?), you need a control plane for that surface — independent of how good Bedrock’s governance is for your hosted agents.

Govern Claude Code in 60 seconds → Govern Codex CLI in 3 minutes → Govern Cursor in 3 minutes →

2. Multi-framework agent code outside AWS

Three of the most-deployed Python agent frameworks — CrewAI, LangGraph, Pydantic AI — run wherever Python runs. Customers deploy them to Cloud Run, Render, Fly.io, on-prem Kubernetes, customer-controlled VMs.

Same with three of the most-deployed TypeScript frameworks: Vercel AI SDK, Mastra, Anthropic Agent SDK. The Vercel AI SDK is the most-installed agent SDK on npm; agents built with it run on Vercel, Cloudflare Workers, Railway, AWS Lambda, GCP Cloud Functions, Azure Functions, and bare metal.

Bedrock-hosted OpenAI models don’t change this distribution. An enterprise with one CrewAI service on Cloud Run, one LangGraph supervisor on Render, and a Vercel AI SDK app on Cloudflare keeps the same intercept-point question for those agents — they run at a different architectural layer than the Bedrock runtime, so AgentCore Policy applies to a different scope.

The governance answer is tool-layer interception in the agent code itself — @governed decorators that wrap each tool, identity-binding via set_context per request. ACP runs as the policy backend; the framework code is unchanged otherwise.

If you have agent code outside AWS, Bedrock’s hosting status doesn’t change what you need at the tool-dispatch layer.

3. Cross-cloud audit reconciliation

The third area is the one CISOs feel most acutely.

A real enterprise has agents in three places: some Bedrock-hosted (now including GPT-5.5), some Microsoft Foundry-hosted (Azure-OpenAI customers), some Vertex Agent Engine-hosted (Gemini-heavy shops). Plus the developer-laptop coding agents and the multi-framework agent code from gap 2.

Each of those surfaces has its own audit log. CloudWatch for AgentCore. Microsoft Purview for Foundry. Cloud Logging for Vertex. Forwarded telemetry from each agent runtime for the rest.

The CISO question — “who did what through which AI agent on whose behalf last Tuesday?” — becomes a six-system join. Sometimes a join across product boundaries that don’t share schemas. Sometimes a join across clouds that don’t share IdPs.

The governance answer is a single audit destination that sees across every environment, with consistent identity attribution and a normalized schema. That’s not a thing any single cloud’s product can be — by definition, AWS doesn’t see Azure traffic, Microsoft doesn’t see GCP traffic, Google doesn’t see AWS traffic. The cross-cloud unification has to live above the clouds.

OpenAI on Bedrock is great news for AWS-native shops. It doesn’t change cross-cloud math.

What’s actually new in the announcement

The genuinely-new pieces of the AWS / OpenAI announcement, parsed:

GPT-5.5 served on Bedrock: useful for AWS-native shops who want OpenAI inference inside AgentCore’s enforcement surface.
Codex on Bedrock: makes Codex available through Bedrock’s identity and billing channels; the developer-laptop installation of Codex CLI still uses its own local hook surface.
Bedrock Managed Agents powered by OpenAI: new managed runtime; for agents that fit Bedrock’s surface, this is complementary to AgentCore.
Stateful runtime co-developed on Bedrock + Frontier exclusivity: enterprise-pull toward AgentCore for AWS-hosted agentic workloads.

AWS is positioning AgentCore + OpenAI exclusivity as the canonical AWS-native answer. The complementary layer — for agents and surfaces that live outside the AWS runtime — composes alongside it.

What to actually do this week

If you’re AWS-native and your agents run in Bedrock: your stack is fine. Bedrock + AgentCore + OpenAI-on-Bedrock is a coherent governance story. Use it.
If you have developer-laptop coding agents (Claude Code, Cursor, Codex CLI): set up a control plane for that surface. It’s independent of which cloud hosts your models.
If you have multi-framework agent code (CrewAI, LangGraph, Vercel AI SDK, etc.) running anywhere outside AWS: add tool-layer governance — same @governed pattern works whether the LLM is Bedrock-hosted or not.
If you’re multi-cloud: stand up a unified audit destination that ingests from each cloud’s audit source plus your direct-to-LLM-API traffic. The cross-cloud join can’t be solved by buying more from any one hyperscaler.

How ACP composes with Bedrock AgentCore → · AWS Bedrock integration → · Reference architecture →

Share: Twitter LinkedIn

← back to blog