What is an Agentic Control Plane?

An Agentic Control Plane is a governance layer that sits between AI coding agents and their tools. It logs every tool call, enforces permissions and policies, and provides audit trails — giving teams visibility and control over what their AI agents are doing.

How does ACP work with Claude Code?

ACP installs a PreToolUse hook in Claude Code that fires before every tool call (Bash, Read, Write, Edit, WebFetch). The hook sends the tool name and input to ACP's governance API for policy evaluation and audit logging. Round-trip is approximately 200ms.

How do I install ACP?

Run one command: curl -sf https://agenticcontrolplane.com/install.sh | bash. This auto-detects Claude Code and OpenClaw, installs the appropriate hooks, and opens your browser to set up your workspace.

43% of MCP servers have security vulnerabilities

Is your MCP server secure?

Click an example to see exactly which lines of a tool schema create real vulnerabilities — and which ones prevent them.

Check your own server

Paste the tools array from your MCP server's tools/list response. — 100% client-side, nothing leaves your browser.

What MCP security vulnerabilities look like

MCP servers expose tools that AI agents call autonomously. Every tool parameter is an attack surface — if the schema doesn't constrain it, the agent (or an attacker manipulating the agent) can exploit it.

Path Traversal

A path parameter with no pattern constraint lets an agent read ../../etc/passwd or overwrite system files.

SSRF

A url parameter without validation can target http://169.254.169.254 (cloud metadata) or internal services.

Injection

Parameters named query or command that accept arbitrary strings are injection vectors. Use enums and parameterized queries.

Destructive Ops

Tools named delete or drop without authorization controls let any agent permanently erase data.

How to get your tools/list response

curl (Streamable HTTP servers)

curl -s -X POST https://your-mcp-server/endpoint \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' \
  | jq '.result.tools'

MCP Inspector — connect to any server, click "List Tools", copy the JSON.

Client logs — Claude Desktop, Cursor, and Cline all log tools/list responses.

Don't fix schemas. Fix the architecture.

An Agentic Control Plane sits between your MCP client and your servers — adding identity verification, input validation, PII detection, rate limiting, and audit logging without changing a single line of server code.

Try ACP free Read the security checklist