Running code-writing agents has quickly moved beyond “pick a model and start prompting.” In “The Software Agent Control Plane”, OpenHands’ Robert Brennan argues the tooling stack for software agents is settling into three pillars: the harness (the agentic loop over one or more LLMs), the orchestrator (the environment agents run in), and an emerging third pillar: the control plane—a centralized way to observe and manage many agents at once.
A third pillar for agent stacks
Brennan frames the control plane as the place where guardrails and oversight finally get first-class treatment. The post positions today’s ecosystem as fragmented: different tools can handle pieces like budgeting, routing, security, or observability, but a dedicated control plane attempts to unify those concerns under a single “pane of glass.”
For teams thinking about moving beyond a handful of ad hoc agent runs, the useful question becomes less “can an agent open a PR?” and more who is allowed to run what, with which permissions, and at what cost.
Why laptops don’t scale as an agent runtime
A central theme is that local-first agent workflows (Brennan name-checks tools like Claude Code or Cursor) are a great on-ramp, but they don’t translate cleanly to organizational use. Laptops are described as inherently sensitive and limited: they contain secrets an agent doesn’t need, are hard to run at higher parallelism without contention, and make it difficult to trigger work on schedules or external events.
The alternative advocated here is Kubernetes-based runtimes, with each agent running inside a container in cloud infrastructure—making event-driven triggers (Slack, GitHub, Jira) and centralized governance more practical.
The reasons Brennan thinks control planes will matter
Rather than treating “control” as a vague enterprise requirement, the post calls out three concrete motivations:
- Cost control: token spend tracked and attributed not just to a user, but to sessions, repos, and even labeled use cases—enabling budget enforcement and ROI-style analysis.
- Security: policy enforcement around access (including secrets scoping), plus an audit trail of agent actions and hooks for analyzing behavior for prompt injection and other risks.
- Productivity: instrumentation of skills/plugins/workflows with feedback loops—Brennan cites measuring acceptance and rejection rates for automated code review suggestions.
Build vs. buy, with real examples
Brennan nods to in-house efforts like Stripe’s Minions and Coinbase’s Forge as evidence that some companies have already felt the pain of scaling agents without a shared management layer.
The full post is worth a read for the framing—and for how clearly it separates the runtime/orchestration problem from the governance/observability one.
Original source: https://www.all-hands.dev/blog/agent-control-plane
