What an ACP is not
An Agentic Control Plane occupies a distinct layer in the AI stack. It complements — not replaces — your existing infrastructure.
Not an LLM routing gateway
Tools like Portkey, LiteLLM, and OpenRouter focus on model selection and load balancing — routing prompts to the cheapest or fastest LLM provider.
An ACP doesn't choose which model to use. It sits between the LLM and your backend to enforce who can use it, what they're allowed to do, and whether the request complies with your policies. LLM gateways optimize cost and latency. An ACP enforces trust and governance.
Use both: Route through your LLM gateway for model selection, then through your ACP for identity, policy, and audit.
Not an agent framework
LangChain, CrewAI, AutoGen, and similar frameworks help you build agents — defining tool chains, memory, reasoning loops, and orchestration.
An ACP doesn't build agents. It governs them. When your LangChain agent calls a tool, the ACP verifies the user's identity, checks authorization policies, enforces rate limits, and logs the action. The agent framework decides what to do. The ACP decides whether it's allowed.
Use both: Build your agent with any framework. Route its tool calls through your ACP for governance.
Not a traditional API gateway
Kong, Apigee, and AWS API Gateway handle HTTP traffic management — routing, rate limiting, TLS termination, and basic auth.
Traditional API gateways don't understand the three-party problem. They can verify a token, but they can't bind LLM-forwarded requests to the originating user. They can rate-limit by IP, but not by verified user identity. They can log requests, but not attribute AI actions to specific people with policy context.
Use both: Your API gateway handles TLS, global rate limits, and routing. Your ACP handles identity binding, per-user policies, and AI-specific governance.
DIY OAuth vs. purpose-built control plane
You can build identity and governance yourself. Here's what that looks like compared to using your IdP's built-in features or adopting an Agentic Control Plane.
| Capability | DIY (roll your own) | IdP only (Auth0 Actions, etc.) | Agentic Control Plane |
|---|---|---|---|
| JWT verification | Manual JWKS setup | Built-in | Built-in |
| Per-tool scope enforcement | Custom middleware | Limited | Declarative allowlists |
| User context injection | Manual header mapping | Not available | Automatic |
| PII detection & redaction | Not included | Not included | Built-in |
| Budget & rate limiting | DIY Redis | Not included | Per-user, cost-aware |
| Audit trail | Custom logging | Auth logs only | Structured, per-request |
| Time to production | Days to weeks | Hours | Minutes |
How an ACP fits in your stack
Feature comparison
| Capability | LLM gateway | Agent framework | API gateway | Agentic Control Plane |
|---|---|---|---|---|
| Model routing & fallback | Yes | No | No | No |
| Agent orchestration | No | Yes | No | No |
| TLS & global rate limiting | Some | No | Yes | No |
| Three-party identity binding | No | No | No | Yes |
| Per-user policy enforcement | No | No | Limited | Yes |
| PII detection & redaction | No | No | No | Yes |
| Per-user budget & spend caps | No | No | No | Yes |
| Agent runaway prevention | No | Some | No | Yes |
| Identity-attributed audit trails | No | No | Generic logs | Yes |
| MCP / Apps SDK native support | No | Partial | No | Yes |
See the reference implementation
GatewayStack implements the Agentic Control Plane as six composable npm modules. Open source, MIT licensed.