Agentic Control Plane is a control plane built for AI Agent systems. It leverages Terraform's plan/apply workflow and Kubernetes' resource model, using declarative YAML to manage agents, tools, workflows, and policies, enabling version-controlled, auditable, and observable Agent operations.

Agentic Control Plane: Managing AI Agent Systems in a Terraform-Style

Background: Operational Challenges of Agent Systems

With the rapid development of AI Agent technology, more and more teams are building complex Agent systems. However, current Agent frameworks generally have a fundamental problem: configuration and logic are deeply coupled in application code. Key configurations such as prompts, tool bindings, and permission controls are buried deep in the code, making it difficult for teams to answer basic operational questions:

• Is this configuration valid?
• What changed in the last deployment?
• What are we about to deploy?
• What actually ran?
• Does the policy allow this execution?

This "black-box" Agent development runs counter to DevOps best practices. In the infrastructure field, Terraform solved similar problems through declarative configuration and the plan/apply workflow. Now, Agentic Control Plane introduces this concept to the AI Agent domain.

Core Design Philosophy

Agentic Control Plane has a clear positioning: This is not another opaque Agent framework, but a control plane. It draws on core ideas from multiple mature technologies:

Concept	Analogous Technology
Desired Resources in Git	GitOps
plan/apply/drift detection	Terraform
Typed Resources (Project, Workflow, Policy, etc.)	Kubernetes-style API
Tools and IO Contracts	OpenAPI-style explicit definition

By integrating these ideas, Agentic Control Plane achieves:

1. Change Review: Review differences and plans before configuration is implemented
2. State Separation: Separate management of deployment state and runtime tracking
3. Policy Enforcement: Enforce policies such as budget, approval, and tool rules during execution
4. Local-First: Currently uses local SQLite for state storage, with architecture预留 space for remote control plane expansion

Architecture Overview

Agentic Control Plane uses a layered architecture with core components including:

1. Declarative Resource Model (YAML)

All configurations are expressed in YAML and support version control. Main resource types include:

• Project: Root resource of the project, defining imported files, default configurations, and provider settings
• Workflow: Workflow definition, orchestrating multiple steps
• Tool: Tool definition, supporting MCP protocol and HTTP tools
• Policy: Policy definition, controlling execution permissions and budgets
• Agent: Agent definition, binding models, tools, and policies

2. CLI Tool (agentctl)

agentctl is the main interaction interface, providing full lifecycle management:

• agentctl init: Scaffolds project.yaml, policies, tools, and sample workflows
• agentctl validate: Loads the project, applies defaults/environment overrides, validates graphs, schemas, and references
• agentctl plan: Compares the desired graph with SQLite deployment state, provides risk prompts
• agentctl apply: Persists the plan (supports TTY confirmation or --auto-approve)
• agentctl run: Executes workflows locally, supports JSON Schema input validation and policy gating
• agentctl logs: Reads tracking events from SQLite

3. Local-First State Management

State is stored by default in the .agentic/state.db SQLite file in the project root directory, including:

• Deployment state table (comparison between desired configuration and actual state)
• Runtime tracking table (execution history, input/output, policy decisions)

This design ensures data sovereignty and offline work capability, while supporting storage location override via the --state parameter.

Quick Start

Installing Agentic Control Plane is simple, supporting source code build or precompiled binary download:

Build from Source

 git clone https://github.com/LAA-Software-Engineering/agentic-control-plane.git
 cd agentic-control-plane
 make build  # Generates bin/agentctl

Use Precompiled Binaries

GitHub Releases provides multi-platform binaries (Linux, macOS, Windows). Download the compressed package for your platform and extract it to PATH.

Basic Workflow

# Initialize the project
agentctl init my-agent-system

# Validate configuration
agentctl validate --project my-agent-system

# Generate execution plan
agentctl plan --project my-agent-system

# Apply configuration
agentctl apply --project my-agent-system --auto-approve

# Run workflow
agentctl run workflow/hello --project my-agent-system

# View logs
agentctl logs --project my-agent-system --workflow hello

Configuration Example

The initialized project.yaml shows the core configuration structure:

apiVersion: agentic.dev/v0
kind: Project
metadata:
  name: my-agent-system
spec:
  imports:
    - ./policies/default.yaml
    - ./tools/helper.yaml
    - ./workflows/hello.yaml
  defaults:
    policy: default
    model: openai/gpt-4o-mini
  providers:
    models:
      openai:
        type: openai
        apiKeyFrom: env:OPENAI_API_KEY
      # anthropic:
      #   type: anthropic
      #   apiKeyFrom: env:ANTHROPIC_API_KEY

This structure clearly separates resource definitions, environment configurations, and provider settings, supporting multi-environment management and external storage of sensitive information.

Policy and Governance

Agentic Control Plane has a built-in policy engine that enforces multiple rules during execution:

Budget Control

Limits resource consumption (e.g., API call count, token usage) for a single run or time window.

Tool Permissions

Fine-grained control over which workflows can use which tools to prevent unauthorized tool calls.

Approval Workflow

Implements manual or automatic approval for high-risk operations (e.g., tool calls involving sensitive data).

Audit Tracking

All executions are recorded as structured traces, supporting post-audit and compliance checks.

Observability and Debugging

The project provides full observability support:

Structured Logs

All runs generate detailed trace records, including:

• Input parameters and validation results
• Execution status and output of each step
• Policy decisions and rejection reasons
• Error stack traces and recovery attempts

Data Retention

Automatically clean up old data via spec.traces.retentionDays configuration to balance storage costs and audit needs.

Multi-Format Output

The CLI supports three output formats: table, JSON, YAML, facilitating script integration and human reading.

Comparison with Existing Solutions

Feature	Agentic Control Plane	Traditional Agent Frameworks
Configuration Method	Declarative YAML	Embedded in Code
Version Control	Natively Supported	Requires Extra Work
Change Review	Plan/Apply Workflow	Usually Not Supported
Policy Execution	Built-in Policy Engine	Requires Custom Implementation
Observability	Structured Traces	Depends on External Tools
State Management	Local SQLite	Usually Stateless

Practical Application Scenarios

Agentic Control Plane is suitable for multiple scenarios:

Enterprise-Level Agent Deployment

Enterprise environments requiring strict change management, audit tracking, and policy compliance.

Multi-Environment Management

Separation and synchronization of configurations across development, testing, and production environments.

Team Collaboration

Configuration review and version control via Git workflows.

Compliance Requirements

Meeting the auditability requirements of AI systems in industries like finance and healthcare.

Technical Implementation Details

The project is developed in Go with a clear code structure:

• cmd/agentctl: CLI entry point
• internal/cli: Cobra commands, flags, golden tests
• internal/spec: YAML types, normalization, validation
• internal/project: Project loading and import parsing
• internal/plan: Plan generation and risk summary
• internal/apply: Plan application to deployment storage
• internal/engine: Workflow execution engine
• internal/policy: Policy evaluation
• internal/state/sqlite: SQLite deployment and runtime/trace tables

This modular design facilitates expansion and maintenance, and provides clear access points for community contributions.

Summary and Outlook

Agentic Control Plane represents a new paradigm for Agent system management: introducing operational best practices from the infrastructure domain to the AI field. Through declarative configuration, version control, policy enforcement, and observability, it provides teams with a complete set of Agent lifecycle management tools.

The current version (v0.1.x) has implemented core features, including a full CLI workflow, SQLite state management, policy engine, and structured tracing. The future roadmap includes remote control plane, richer policy types, and broader tool ecosystem integration.

For teams building production-grade Agent systems, Agentic Control Plane provides a pragmatic and implementable governance solution worth exploring in depth.

Agentic Control Plane: Managing AI Agent Systems in a Terraform-Style

Background: Operational Challenges of Agent Systems

With the rapid development of AI Agent technology, more and more teams are building complex Agent systems. However, current Agent frameworks generally have a fundamental problem: configuration and logic are deeply coupled in application code. Key configurations such as prompts, tool bindings, and permission controls are buried deep in the code, making it difficult for teams to answer basic operational questions:

• Is this configuration valid?
• What changed in the last deployment?
• What are we about to deploy?
• What actually ran?
• Does the policy allow this execution?

This "black-box" Agent development runs counter to DevOps best practices. In the infrastructure field, Terraform solved similar problems through declarative configuration and the plan/apply workflow. Now, Agentic Control Plane introduces this concept to the AI Agent domain.

Core Design Philosophy

Agentic Control Plane has a clear positioning: This is not another opaque Agent framework, but a control plane. It draws on core ideas from multiple mature technologies:

Concept	Analogous Technology
Desired Resources in Git	GitOps
plan/apply/drift detection	Terraform
Typed Resources (Project, Workflow, Policy, etc.)	Kubernetes-style API
Tools and IO Contracts	OpenAPI-style explicit definition

By integrating these ideas, Agentic Control Plane achieves:

1. Change Review: Review differences and plans before configuration is implemented
2. State Separation: Separate management of deployment state and runtime tracking
3. Policy Enforcement: Enforce policies such as budget, approval, and tool rules during execution
4. Local-First: Currently uses local SQLite for state storage, with architecture预留 space for remote control plane expansion

Architecture Overview

Agentic Control Plane uses a layered architecture with core components including:

1. Declarative Resource Model (YAML)

All configurations are expressed in YAML and support version control. Main resource types include:

• Project: Root resource of the project, defining imported files, default configurations, and provider settings
• Workflow: Workflow definition, orchestrating multiple steps
• Tool: Tool definition, supporting MCP protocol and HTTP tools
• Policy: Policy definition, controlling execution permissions and budgets
• Agent: Agent definition, binding models, tools, and policies

1. CLI Tool (agentctl)

agentctl is the main interaction interface, providing full lifecycle management:

• agentctl init: Scaffolds project.yaml, policies, tools, and sample workflows
• agentctl validate: Loads the project, applies defaults/environment overrides, validates graphs, schemas, and references
• agentctl plan: Compares the desired graph with SQLite deployment state, provides risk prompts
• agentctl apply: Persists the plan (supports TTY confirmation or --auto-approve)
• agentctl run: Executes workflows locally, supports JSON Schema input validation and policy gating
• agentctl logs: Reads tracking events from SQLite

1. Local-First State Management

State is stored by default in the .agentic/state.db SQLite file in the project root directory, including:

• Deployment state table (comparison between desired configuration and actual state)
• Runtime tracking table (execution history, input/output, policy decisions)

This design ensures data sovereignty and offline work capability, while supporting storage location override via the --state parameter.

Quick Start

Installing Agentic Control Plane is simple, supporting source code build or precompiled binary download:

Build from Source

 git clone https://github.com/LAA-Software-Engineering/agentic-control-plane.git
 cd agentic-control-plane
 make build # Generates bin/agentctl

Use Precompiled Binaries

GitHub Releases provides multi-platform binaries (Linux, macOS, Windows). Download the compressed package for your platform and extract it to PATH.

Basic Workflow

# Initialize the project
agentctl init my-agent-system

# Validate configuration
agentctl validate --project my-agent-system

# Generate execution plan
agentctl plan --project my-agent-system

# Apply configuration
agentctl apply --project my-agent-system --auto-approve

# Run workflow
agentctl run workflow/hello --project my-agent-system

# View logs
agentctl logs --project my-agent-system --workflow hello

Configuration Example

The initialized project.yaml shows the core configuration structure:

apiVersion: agentic.dev/v0
kind: Project
metadata:
  name: my-agent-system
spec:
  imports:
    - ./policies/default.yaml
    - ./tools/helper.yaml
    - ./workflows/hello.yaml
  defaults:
    policy: default
    model: openai/gpt-4o-mini
  providers:
    models:
      openai:
        type: openai
        apiKeyFrom: env:OPENAI_API_KEY
      anthropic:
        type: anthropic
        apiKeyFrom: env:ANTHROPIC_API_KEY

This structure clearly separates resource definitions, environment configurations, and provider settings, supporting multi-environment management and external storage of sensitive information.

Policy and Governance

Agentic Control Plane has a built-in policy engine that enforces multiple rules during execution:

Budget Control Limits resource consumption (e.g., API call count, token usage) for a single run or time window.

Tool Permissions Fine-grained control over which workflows can use which tools to prevent unauthorized tool calls.

Approval Workflow Implements manual or automatic approval for high-risk operations (e.g., tool calls involving sensitive data).

Audit Tracking All executions are recorded as structured traces, supporting post-audit and compliance checks.

Observability and Debugging

The project provides full observability support:

Structured Logs All runs generate detailed trace records, including:

• Input parameters and validation results
• Execution status and output of each step
• Policy decisions and rejection reasons
• Error stack traces and recovery attempts

Data Retention Automatically clean up old data via spec.traces.retentionDays configuration to balance storage costs and audit needs.

Multi-Format Output The CLI supports three output formats: table, JSON, YAML, facilitating script integration and human reading.

Comparison with Existing Solutions

Feature	Agentic Control Plane	Traditional Agent Frameworks
Configuration Method	Declarative YAML	Embedded in Code
Version Control	Natively Supported	Requires Extra Work
Change Review	Plan/Apply Workflow	Usually Not Supported
Policy Execution	Built-in Policy Engine	Requires Custom Implementation
Observability	Structured Traces	Depends on External Tools
State Management	Local SQLite	Usually Stateless

Practical Application Scenarios

Agentic Control Plane is suitable for multiple scenarios:

Enterprise-Level Agent Deployment Enterprise environments requiring strict change management, audit tracking, and policy compliance.

Multi-Environment Management Separation and synchronization of configurations across development, testing, and production environments.

Team Collaboration Configuration review and version control via Git workflows.

Compliance Requirements Meeting the auditability requirements of AI systems in industries like finance and healthcare.

Technical Implementation Details

The project is developed in Go with a clear code structure:

• cmd/agentctl: CLI entry point
• internal/cli: Cobra commands, flags, golden tests
• internal/spec: YAML types, normalization, validation
• internal/project: Project loading and import parsing
• internal/plan: Plan generation and risk summary
• internal/apply: Plan application to deployment storage
• internal/engine: Workflow execution engine
• internal/policy: Policy evaluation
• internal/state/sqlite: SQLite deployment and runtime/trace tables

This modular design facilitates expansion and maintenance, and provides clear access points for community contributions.

Summary and Outlook

Agentic Control Plane represents a new paradigm for Agent system management: introducing operational best practices from the infrastructure domain to the AI field. Through declarative configuration, version control, policy enforcement, and observability, it provides teams with a complete set of Agent lifecycle management tools.

The current version (v0.1.x) has implemented core features, including a full CLI workflow, SQLite state management, policy engine, and structured tracing. The future roadmap includes remote control plane, richer policy types, and broader tool ecosystem integration.

For teams building production-grade Agent systems, Agentic Control Plane provides a pragmatic and implementable governance solution worth exploring in depth.