What is an Agentic Control Plane?

An Agentic Control Plane is a governance layer that sits between AI coding agents and their tools. It logs every tool call, enforces permissions and policies, and provides audit trails — giving teams visibility and control over what their AI agents are doing.

How does ACP work with Claude Code?

ACP installs a PreToolUse hook in Claude Code that fires before every tool call (Bash, Read, Write, Edit, WebFetch). The hook sends the tool name and input to ACP's governance API for policy evaluation and audit logging. Round-trip is approximately 200ms.

How do I install ACP?

Run one command: curl -sf https://agenticcontrolplane.com/install.sh | bash. This auto-detects Claude Code and OpenClaw, installs the appropriate hooks, and opens your browser to set up your workspace.

The ACP API

Everything you can do in the console, you can do from code. Provision an agent, set the policy that governs it, run it, and read back every tool call it made — over plain HTTP, authenticated with an API key.

The console is for managing your workspace. The API is for managing your agents. If you operate agents at any scale — a fleet of scheduled scouts, a CI pipeline that spins up reviewers, a product that runs an agent per customer — you’ll live in the API.

curl https://api.agenticcontrolplane.com/api/v1/agents \
  -H "Authorization: Bearer $ACP_KEY"

Base URL

https://api.agenticcontrolplane.com

All requests are HTTPS. There is no separate sandbox host — scope a key to a test workspace instead.

The two surfaces

ACP governs two things, so the API has two surfaces:

Surface	Path	What it manages
Agents	`/api/v1/agents`	Agent profiles — create, configure, run, delete. Tenant is resolved from the key, so no workspace slug in the path.
Governance	`/<workspace>/admin/…`	The policy that governs every agent and the audit trail of what they did. Workspace slug is in the path.

Both authenticate with the same gsk_ API key. Your workspace slug is embedded in the key itself (gsk_<workspace>_…), so the two surfaces are always talking about the same workspace.

Resources

Agents

Create, configure, run, and delete agent profiles. Set per-agent budget, tool, and delegation limits.

Policies

Read and write the four-layer governance policy — workspace, role, agent type, and user.

Logs

Query the audit trail — every tool call, its decision, and the identity behind it.

Run triggers

Invoke a governed agent over HTTP — from n8n, Zapier, cron, or your own backend.

Machine-readable spec

The whole API is described by an OpenAPI 3.1 spec — paste it into Postman, generate a client, or browse it as a rendered reference. The spec is the source of truth; these pages are the guided tour.

Conventions

JSON in, JSON out. Send Content-Type: application/json on every request with a body.
Success. Agent endpoints return { "ok": true, … }. Read endpoints return the resource directly.
Errors. Any non-2xx response carries { "error": "<human-readable reason>" }. See Errors.
Stable shapes. New fields may be added to responses; existing fields won’t change meaning under /api/v1. Don’t fail on unknown keys.

Quickstart → Authentication →