What an ACP is not
An Agentic Control Plane occupies a distinct layer in the AI stack. It complements — not replaces — your existing infrastructure.
Not an LLM routing gateway
Tools like Portkey, LiteLLM, and OpenRouter focus on model selection and load balancing — routing prompts to the cheapest or fastest LLM provider.
An ACP doesn't choose which model to use. It sits between the LLM and your backend to enforce who can use it, what they're allowed to do, and whether the request complies with your policies. LLM gateways optimize cost and latency. An ACP enforces trust and governance.
Use both: Route through your LLM gateway for model selection, then through your ACP for identity, policy, and audit.
Not an agent framework
LangChain, CrewAI, AutoGen, and similar frameworks help you build agents — defining tool chains, memory, reasoning loops, and orchestration.
An ACP doesn't build agents. It governs them. When your LangChain agent calls a tool, the ACP verifies the user's identity, checks authorization policies, enforces rate limits, and logs the action. The agent framework decides what to do. The ACP decides whether it's allowed.
Use both: Build your agent with any framework. Route its tool calls through your ACP for governance.
Not a traditional API gateway
Kong, Apigee, and AWS API Gateway handle HTTP traffic management — routing, rate limiting, TLS termination, and basic auth.
Traditional API gateways don't understand the three-party problem. They can verify a token, but they can't bind LLM-forwarded requests to the originating user. They can rate-limit by IP, but not by verified user identity. They can log requests, but not attribute AI actions to specific people with policy context.
Use both: Your API gateway handles TLS, global rate limits, and routing. Your ACP handles identity binding, per-user policies, and AI-specific governance.
Governance that works across every model
Some platforms bundle governance into a single model provider's ecosystem — identity, policy, and audit that only work with their models.
An ACP gives you one governance layer for all of them — OpenAI, Anthropic, Google, Mistral, open-source, or your own fine-tune. Same identity binding, same policies, same audit trails, regardless of which model is behind the agent. Deploy in minutes, not months, with no vendor-specific deployment team required.
Why it matters: Your team already uses multiple models. Your governance shouldn't break when you add another one.
DIY OAuth vs. purpose-built control plane
You can build identity and governance yourself. Here's what that looks like compared to using your IdP's built-in features or adopting an Agentic Control Plane.
| Capability | DIY (roll your own) | IdP only (Auth0 Actions, etc.) | Enterprise agent platform | Agentic Control Plane |
|---|---|---|---|---|
| JWT verification | Manual JWKS setup | Built-in | Built-in (single vendor) | Built-in |
| Per-tool scope enforcement | Custom middleware | Limited | Built-in (single vendor) | Declarative allowlists |
| User context injection | Manual header mapping | Not available | Built-in (single vendor) | Automatic |
| PII detection & redaction | Not included | Not included | Varies | Built-in |
| Budget & rate limiting | DIY Redis | Not included | Platform-scoped | Per-user, cost-aware |
| Audit trail | Custom logging | Auth logs only | Built-in (single vendor) | Structured, per-request |
| Time to production | Days to weeks | Hours | Months | Minutes |
How an ACP fits in your stack
Feature comparison
| Capability | LLM gateway | Agent framework | API gateway | Enterprise agent platform | Agentic Control Plane |
|---|---|---|---|---|---|
| Model routing & fallback | Yes | No | No | No | No |
| Agent orchestration | No | Yes | No | Single vendor only | No |
| TLS & global rate limiting | Some | No | Yes | Platform-managed | No |
| Three-party identity binding | No | No | No | Single vendor only | Yes |
| Per-user policy enforcement | No | No | Limited | Single vendor only | Yes |
| PII detection & redaction | No | No | No | Varies | Yes |
| Per-user budget & spend caps | No | No | No | Platform-scoped | Yes |
| Agent runaway prevention | No | Some | No | Single vendor only | Yes |
| Identity-attributed audit trails | No | No | Generic logs | Single vendor only | Yes |
| MCP / Apps SDK native support | No | Partial | No | Proprietary SDK | Yes |
| Model-agnostic governance | No | No | No | No | Yes |
| Self-serve setup | No | Yes | Yes | No | Yes |
See the reference implementation
GatewayStack implements the Agentic Control Plane as six composable npm modules. Open source, MIT licensed.