Skip to content
Agentic Control Plane

Getting started with ACP

ACP gives every AI agent in your stack identity-verified, policy-enforced, audit-logged tool calls. Three steps from zero to first audit row.

1. Open the ACP console

Sign in at cloud.agenticcontrolplane.com. A workspace is provisioned automatically and your API key is generated on the spot.

Free tier: 50,000 tool calls / month, 30-day audit retention, full identity + policy + audit. No credit card.

2. Install for your stack

Two install paths. Pick the one that matches what your team uses today.

Path A — AI coding clients (Claude Code, Cursor, Codex CLI)

One command:

curl -sf https://agenticcontrolplane.com/install.sh | bash

The installer detects your runtime, registers PreToolUse and PostToolUse hooks, and verifies the connection. Works with Claude Code, Cursor, Codex CLI, and OpenClaw out of the box.

Windows: irm https://agenticcontrolplane.com/install.ps1 | iex

Path B — Agent frameworks (CrewAI, LangGraph, OpenAI Agents SDK, Anthropic SDK, etc.)

One package per framework, then wrap your tool handlers:

pip install acp-crewai

from crewai import tool
from acp_crewai import governed

@tool("send_email")
@governed("send_email")
def send_email(to: str, subject: str, body: str):
    ...  # your code, your creds

ACP intercepts every wrapped tool call, applies your policies, logs the audit row, and returns control to your agent — typically in 5-15ms. Same @governed decorator pattern across CrewAI, LangGraph, OpenAI Agents SDK, Anthropic SDK, Google ADK, Vercel AI SDK, Mastra, Pydantic AI, and AutoGen.

See all integration guides →

3. See your first audit row

Run any tool call from your AI client or agent. Open the activity log at cloud.agenticcontrolplane.com/activity.

Every governed call is logged with:

  • Identity — the verified user from the JWT (or workspace key in dev)
  • Decision — allow / deny / redact / rate-limit + reason
  • Tool — name and parameters
  • Chain — depth, root identity, scope at each hop
  • Cost — latency, dollar attribution, tokens

Set policies when you’re ready, or let audit run on its own for a while. The default policy allows everything and logs it — you tighten it as you understand your traffic.

What governance you get

Every governed call passes through six gates, in order:

  1. Identity — RS256 JWT verified against your IdP’s JWKS on every call
  2. Safety — PII scan and secret redaction on input and output
  3. Policy — runtime authorization, deny-by-default, scopes per call
  4. Usage — per-user rate limits and budgets, agent-runaway detection
  5. Routingx-user-uid propagated to your backend; SSRF guard outbound
  6. Audit — structured, immutable log streamed to the console (or your SIEM)

See the architecture →

Next steps

  • Integration guides — Claude Code, Cursor, Codex CLI, Anthropic SDK, OpenAI SDK, CrewAI, LangGraph, and more
  • AgentGovBench — see how ACP-paired frameworks score on 48 governance scenarios
  • Comparison — when to use ACP vs LLM gateway vs agent framework vs API gateway
  • Pricing — free tier, Pro plan, Enterprise

Want to self-host?

If you’d rather run the control plane on your own infrastructure, the open-source reference implementation is on GitHub.