Agent Control: how it works

What Agent Control does

Agent Control governs the actions your agent takes, beyond the text it generates. Every time an agent runs a tool (a shell command, a file write, an API call through a tool server), the gateway checks that call before it runs and decides whether to allow it, block it, ask a human or rate-limit it.

This guide is for developers connecting their own agent to the gateway. If you just want to use the screens, see the end-user AI Gateway articles instead.

Terms used in this guide

• Agent key: A secret token (starts with sk-mcp-) that identifies your agent to the gateway. You create it in the UI and send it on every request.
• Tool call: A single action the agent takes, like running a Bash command or writing a file.
• Hook: A small script your agent runs before each tool call to ask the gateway for a decision.
• Run: One agent turn, grouping the model calls (the conversation) and the tool calls (the actions) that belong together.

Two ways to connect

There are two entry paths. Most coding agents use the first.

• Native hook: Your agent runs its own built-in tools (like Bash). Before each call, a hook asks the gateway POST /v1/mcp/hook for a decision. The gateway never runs the tool itself; it only says yes or no.
• MCP proxy: Your agent calls a tool through the gateway at POST /v1/mcp using JSON-RPC. The gateway checks the call and forwards it to the registered tool server.