Reference Architectures
Control Plane
Centralized Control Plane interposes a central layer between agent clients and tool servers. The control plane handles authentication, authorization, routing, and observability for all communications.
Architecture diagram
Agent Client ---> Control Plane ---> Tool Server
Agent Client ---> (AuthN/AuthZ) ---> Tool Server
Agent Client ---> (Routing) ---> Tool Server
(Observability)
Multiple clients access multiple servers through a centralized control layer. The control plane mediates all communications and enforces policy consistently.
Characteristics
Centralized Control Plane suits deployments at scale where consistent policy enforcement and unified observability are requirements. The architecture introduces operational complexity in exchange for centralized control.
The control plane becomes a critical system component. Its availability determines agent functionality. Its security posture affects all agent operations. Defense in depth requires protecting the control plane while also implementing controls at client and server layers.
Control implementation centralizes at the control plane for authentication, authorization, routing, and observability. Clients and servers implement complementary controls for defense in depth.
Priority controls
| Component | Applicable Controls |
|---|---|
| Client Authentication | IDN-01, IDN-02 |
| Credential Management | IDN-03, IDN-04, DAT-04 |
| Routing and Authorization | AZN-01, AZN-02, AZN-04 |
| Policy Enforcement | GOV-04, INT-01, INT-02 |
| Unified Observability | OBS-01, OBS-02, OBS-03, OBS-05 |
Client authentication verifies agent identity at the control plane. Each agent possesses a unique cryptographically verifiable identity. Server authentication occurs between control plane and tool servers.
Credential management centralizes at the control plane. Agents do not hold credentials for tool servers directly. The control plane injects credentials after authorization decisions.
Routing and authorization evaluate each request against policy. Action filtering enables fine-grained control. Resource scope limitation contains blast radius.
Policy enforcement implements human oversight and intervention capabilities. Approval workflows route through the control plane. Pause capability halts operations centrally.
Unified observability aggregates logs from all agents and correlates sessions end-to-end. Confluence monitoring evaluates capability combinations across the agent population.
Typical certification profile
Centralized Control Plane deployments typically certify at Elevated or Critical profiles. The architecture suits production systems with significant scope, sensitive data, and regulatory requirements.
The centralized nature of controls facilitates evidence collection and audit. Consistent policy enforcement simplifies compliance demonstration.
Implementation guidance
Implement the control plane as a high-availability service with appropriate redundancy. Control plane outages disrupt all agent operations.
Centralize authentication so agents authenticate to the control plane rather than directly to tool servers. The control plane manages credentials for downstream services.
Implement per-action authorization at the control plane. Every request receives policy evaluation before routing to tool servers.
Aggregate logs at the control plane with session correlation. Enable end-to-end tracing from user initiation through agent actions to tool server responses.
Deploy confluence monitoring at the control plane where capability visibility is comprehensive. The control plane observes all agent capabilities across all sessions.