AControlLayerAControlLayer
Enterprise AI agent governance

Agents without
governance
are a liability.

ACL is the control plane for production AI agents. Cryptographic identity, policy-gated execution, immutable audit — built on open standards, ready for HIPAA from day one. The kind of governance your auditor will actually trust.

Talk to the team →Read the spec
Compliant withHIPAASOC 2ISO 27001GDPRNIST
🚀Mission Control
Healthy
Last 24h ▾
Compliance Status
HIPAA · SOC 2 · ISO 27001 — all checks passing
100%
System Health
92/100
↑ 4
Workflow Runs
1,247
↑ 12%
Active Agents
6
all up
Cost (24h)
$8.40
$0.04/run
Activity feed
View all →
09:42Sales BDR — meeting booked with Acme Corp
09:38Account Hunter — 12 prospects researched
09:21Receptionist — approval needed: $4,200 quote
09:14Sentry blocked outreach over budget cap
The three pillars

What ACL is, in three sentences.

01 · Identity · AIP-1
Agents are principals, not API calls.
Every ACL agent carries its own short-lived X.509 certificate with the role, tenant, and capabilities baked into custom OIDs — replacing the long-lived API keys that every "agent platform" still relies on.
02 · Policy · PVS-1
Every action checked. Both ways.
The Gatekeeper validates every tool call before it runs. The Sentry validates every output before it leaves. Prompt injection, runaway budgets, unauthorized actions — caught at policy, not at apology.
03 · Audit · ADP-1
The audit log is the audit log.
WORM-enforced at the database layer. HMAC-SHA256 chained. Per-tenant sequence numbers detect deletions. Versioned key rotation. The kind of audit trail compliance teams ask for.
The objection we hear most

“We already have an
agent platform.”

Most “agent platforms” treat agents like API calls — static keys, no identity, no enforcement. That's not governance. Here's the difference.

Dimension
Other platforms
ACL
Agent identity
API key — static, long-lived, shared across agents
Short-lived X.509 cert (≤15 min), fresh per session, mutual TLS
Capability enforcement
None — agent can attempt any tool it knows about
Gatekeeper reads cert OIDs and blocks unauthorized tool calls before they run
Audit log
Application log — mutable, no chain, no attribution
WORM ledger, HMAC-SHA256 chained, tamper-evident, permanent
Cross-platform collaboration
Requires platform-specific integration for every partner
Open AIP-1 standard — any platform can verify an ACL cert without calling home
Prompt injection defense
None or regex only
Three-layer: pattern scoring → LLM analysis (The Bouncer) → output validation (The Sentry)
Workflows

Orchestrate any process with AI agents.

Multi-agent workflows with typed contracts between agents, human gates at every meaningful decision, and an immutable audit trail of every step.

Multi-agent
Orchestrate teams of agents.
Sequential and parallel execution with typed data contracts. One agent's broken output can't corrupt the next.
Human-in-the-loop
Pause for human review.
Configurable approval gates at any step. Workflows wait until you approve, reject, or escalate. SLA-tracked.
Governance
Charters every agent obeys.
Each workflow defines permitted actions, data scopes, escalation triggers. Agents cannot override their charter.
Shadow mode
Test in production safely.
Run a new agent version alongside live, without affecting customers. Compare outputs before promoting.
Self-healing
Auto-retry and self-correct.
Malformed outputs, parsing errors, transient tool failures auto-corrected. The Medic agent diagnoses and repairs automatically.
WorkflowSmith
AI builds your workflows.
Describe a process in plain English. WorkflowSmith generates a deployable workflow with agents, gates, and audit hooks.
Inside the platform

A clean control surface for the people who run it.

No CLI. No learning curve. Operators get a single page with what they manage, how things are going, and what needs their attention — and the compliance number their auditor will ask about.

🔒app.acontrollayer.com/dashboard
Dashboard
ADMIN

Tenant Dashboard

Overview of your users, models, agents, and workflows for this tenant.
Agents
🤖
6
Configure prompts and capabilities.
Knowledge
📖
12
Upload and manage docs.
Models
🗄
364
Connected LLM catalog.
Users
👥
8
Invite and manage roles.
Workflows
🔗
14
Build orchestration flows.
Compliance Status
Click to view details and generate reports
100%
Quick actions
One screen for the team.
Agents, knowledge, models, users, and workflows — five things, one page. Operators stop hunting through menus.
The compliance number, on display.
Live compliance status — clickable for the underlying evidence. The first thing your auditor will ask about.
Built for actual work.
Quick actions for the things people do every day. Light + dark mode. White-label-ready for MSP customers.
It's working in production

A six-agent sales pipeline,
running today with full audit.

Our flagship BDR workflow takes a campaign brief and produces personalized outbound, with human review at every meaningful decision. Every prospect scored, every email drafted, every approval granted — permanently recorded.

70M+
B2B contacts
6
Coordinated agents
2
Human approval gates
1
ICP Strategist
Defines targeting + rubric
2
Account Hunter
Searches 70M+ contacts
3
Account Intelligence
Per-prospect research
4
Lead Qualifier
BANT scoring + classification
HUMAN GATE
5
Outreach Copywriter
Personalized email drafts
6
Outreach Sender
Domain reputation + reply tracking
HUMAN GATE
Open standards

The five specs the industry needs. We wrote them.

Other platforms run on proprietary APIs. We publish the protocol so any platform can implement it — your agents are never locked in. Specs at github.com/acontrollayer/agent-control-specs.

SPEC-0
Specification Process
The meta-standard. Governance, lifecycle, and shape rules for every other ACL spec.
AIP-1
Agent Identity Protocol
X.509 certs with custom OIDs for role, tenant, and capabilities. mTLS. Zero Trust.
ADP-1
Agent Data Protocol
Universal adapter — every agent run as Action → Observation → Reflection.
PVS-1
Policy Verdict Schema
Structured JSON verdicts — approved/denied + reason + severity.
CTX-1
Capability eXtensions
Stable capability strings used in certs — perm:workflows:read, budget:usd:100.
For agencies + MSPs

Run ACL as your own product.

Custom domain, logo, and brand colors. Hierarchical tenants with full data isolation between clients. Per-client billing and break-glass support — every entry logged.

White-label everything
Custom domain · logo · colors · report exports
Hierarchical tenants
170+ row-level security policies isolate every client
Break-glass with audit
Time-limited support access — every action recorded
Per-client billing
Detailed cost breakdown per workflow + agent
Hierarchical multi-tenancy
MSP · PARENT
Your Agency
Governance · branding · billing
CLIENT
Acme Health
CLIENT
Bevel Legal
CLIENT
Coleman Wealth
↔ no cross-tenant data leakage · Postgres-enforced
Spend Control

Hard limits.
Not suggestions.

Every workflow run can carry a cost ceiling. When the next tool call would exceed it, the agent stops — or escalates to a human for approval.

Agent budgets are enforced at the tool call level — before the tool executes. If the estimated cost of the next action would push the run over its ceiling, the tool doesn't run and the workflow halts.

Budgets can also be configured to pause and route to a human-in-the-loop gate rather than stopping cold — giving operators the choice between hard stops and supervised continuation.

⛔ SENTRY · BLOCKED2026-05-14 · 09:21 UTC
Outreach Sender attempted to send 47 emails
Budget cap exceeded — action not executed
Budget ceiling........................................$25.00 / run
Spent so far..........................................$23.87
Next action cost........................................$41.30
↑ would exceed ceiling by $39.17
Status:HARD STOPor route toHITL APPROVAL
Logged to audit trail · Agent suspended
Integrations

70+ integrations. Every one governed.

Every integration is available to every agent as a type-safe tool call — governed by the same Gatekeeper, recorded in the same audit trail.

Prospect search
ApolloHunter.ioPeople Data LabsZoomInfoClearbitEnrich.so
Web research
TavilySerperFirecrawlBrave Search
CRM
HubSpotSalesforcePipedriveHigh LevelCloseZoho
Email + SMS
SendGridSMTPTwilio
Voice + phone
TwilioTalkwAIVapiDeepgramElevenLabsCartesia
Calendar
Google CalendarOutlookCalendlyCal.comAcuity
Communication
SlackWhatsAppTelegramDiscordIntercom
Storage
Google DriveOneDriveDropboxBox
LLM providers
AnthropicOpenAIGeminiGroqMistralCohereBedrockVertexAzure OpenAITogetherDeepSeek
Payment
StripePayPal
Automatic LLM failover. When one provider fails, the next in your chain takes over. No code change. No manual intervention.
Common questions

Frequently Asked Questions

An Agent Control Layer is infrastructure that provides governance, identity, and policy enforcement for AI agents in production. It operates as a control plane—owning configuration, permissions, and observability—while execution remains in your existing runtime like LangGraph, CrewAI, or custom code.

A runtime (like LangGraph or CrewAI) handles how agents execute—managing prompts, tool calls, and orchestration logic. A control plane manages what agents are allowed to do, which resources they can access, and how their behavior is audited. This separation mirrors how Kubernetes orchestrates containers without replacing Docker.

Traditional IAM systems handle users (humans) and services (deterministic code). Agents are a new principal type—they make autonomous decisions at machine speed with probabilistic behavior. They need cryptographic identity, granular permissions per agent, and complete audit trails of every action they take.

Human-in-the-Loop is an architectural pattern where agent workflows can pause execution to request human approval before taking sensitive actions. A proper HITL implementation includes approval queues, reviewer routing, state persistence during the pause, and timeout handling.

LangChain and CrewAI are agent frameworks—they help you build and run agents. AControlLayer is a control plane—it governs, secures, and observes agents built with any framework. You use both together: your framework for execution, ACL for enterprise-grade management.

Security architecture

Five layers between the internet and your data.

Defense in depth, the way it's actually supposed to work. No single failure gives up your tenant's data — multiple independent enforcement points have to break at the same time.

INTERNETYOUR DATA
1
Perimeter edge
CDN · rate limits · CSP · IP allowlist
2
Authentication
mTLS for agents · MFA for operators
3
Tenant resolution
One tenant context per request
4
Authorization
RBAC + per-entity permissions
5
Data plane
170+ RLS policies · WORM audit
Every layer enforces independently. The Postgres database itself rejects cross-tenant reads — not just the application code in front of it.
Security Infrastructure

Four guards. Every agent. Every action.

These run on every workflow, cannot be disabled per-agent, and log every decision to the immutable audit trail.

The Gatekeeper
FIRES BEFORE EXECUTION
Evaluates every tool call before it runs. Checks the agent’s capability certificate, blocked-tool list, dangerous patterns, and estimated cost — then calls an LLM for medium/high-risk requests. A call that doesn’t pass doesn’t execute.
Fires on
Every tool call, pre-execution
The Sentry
FIRES AFTER EXECUTION
Reviews every agent output before delivery. Strips protected internal state fields (tenant IDs, workflow internals, circuit breaker state) that an LLM should never be able to write. Returns a PVS-1 structured verdict.
Fires on
Every agent output, pre-delivery
The Bouncer
FIRES ON ALL INPUTS
Two-layer prompt injection firewall. Layer 1 scores inputs against known jailbreak and injection patterns — score above threshold blocks immediately. Layer 2 escalates ambiguous inputs to LLM analysis. Protects every agent automatically.
Fires on
Every inbound input
The Medic
FIRES ON FAILURE
When an agent returns malformed output (bad JSON, schema violations), The Medic intercepts, diagnoses, and regenerates valid output automatically. Self-healing without human intervention.
Fires on
Malformed outputs and schema violations

Every decision made by The Gatekeeper, Sentry, Bouncer, and Medic is recorded in the immutable audit trail — including what was blocked, why, and which agent triggered it.

Live verification

Watch the compliance check run.

acl-trust-verification
_

Want the full technical picture — identity specs, the Five-Layer security model, compliance policies, and every integration?

Read the platform overview →
Design Partner Program

Apply to the Design
Partner Program.

We're opening a small design partner program for our MVP. Founder-level support, half-off pricing for life, and direct roadmap influence. Limited to 5–10 companies.

Or email us at partner@acontrollayer.com