Welcome to KLA Control Plane Docs | Developer Docs

The KLA Control Plane is a runtime safety, audit, and governance layer for enterprise AI agents. It exists because AI agents now take real actions (issuing refunds, approving claims, reading sensitive documents) and most teams have no way to govern those actions, prove what happened, or stop a bad decision before it lands. KLA closes that gap without forcing you to rebuild anything.

KLA is govern-in-place: you instrument the agents, APIs, and frameworks you already run, whether LangChain, FastAPI, or a custom workflow, instead of moving them onto a new platform. Once instrumented, KLA evaluates each agent action against your policies in real time, pauses risky actions for human review, captures a tamper-evident record of everything, and packages that record into audit-ready evidence. The result is audit-grade trust: every action is governed, observed, measured, and provable.

Who these docs are for

These docs serve three audiences. Find yourself below and start where it says.

You are	You want to	Start at
Developer or integrator	Wire an agent to KLA via SDK or API	Quickstart
Compliance, risk, or audit officer	Evaluate governance, controls, and evidence	Core Concepts
Platform operator or technical buyer	Understand the modules and deployment fit	Product Modules

💡 Tip

New to KLA entirely? Read this page, then do the Quickstart. You can export your first **Sealed Evidence Bundle**, a cryptographically signed, tamper-evident record of an agent run, in under ten minutes.

The four pillars

KLA's product story has four pillars, and every module maps to one of them. Together they produce audit-grade trust.

flowchart LR
  G["Govern"] --> T["Audit-grade trust"]
  O["Operate"] --> T
  A["Assure"] --> T
  P["Prove"] --> T

Govern. Author policies as declarative YAML, simulate them before publishing, then compile them into signed Control Packs that decide every action at runtime. A policy returns one of four outcomes (allow, warn, require_approval, or block), and a require_approval decision pauses execution and routes an Escalation to the Decision Desk for a human to approve or reject. You build policies in Policy Builder.
Operate. Register every agent in the Agent Registry, govern the tools they can call through the Tool Catalog, ship new agent versions as a Release, deploy them as a Rollout, and Rollback instantly when something goes wrong. Command is the dashboard that shows live status across all of it.
Assure. Track quality and cost over time, watch for drift, bias, and regressions, and turn problems into action. When KLA detects a problem it raises an Assurance Alert, which you resolve with a Remediation Plan, all in the Assurance Center.
Prove. Every action emits telemetry that flows into a cryptographic ledger, anchoring a Merkle proof: a hash chain that makes any later tampering detectable. From that ledger you generate Sealed Evidence Bundles and compliance exports in the Evidence Room.

How an action flows through KLA

When an instrumented agent attempts an action, the policy engine decides what happens next. Every outcome is recorded as a Lineage Record: the full, replayable trace of a single agent run, viewable in the Lineage Explorer.

flowchart TD
  A["Agent attempts action"] --> B{"Policy decision"}
  B -->|allow| C["Execute"]
  B -->|warn| D["Execute and flag"]
  B -->|require_approval| E["Pause and route to Decision Desk"]
  B -->|block| F["Stop action"]
  C --> L["Lineage Record"]
  D --> L
  E --> L
  F --> L
  L --> M["Sealed Evidence Bundle"]

ℹ️ Note

KLA evaluates policies with the KLA Policy Engine at the application layer. Every check resolves to the same four-outcome model (`allow`, `warn`, `require_approval`, `block`), so you can warn or escalate, not just permit or deny.

Two ways to connect

You choose how agent actions reach KLA:

Govern in Place. Instrument your agent with the OpenTelemetry SDK. Spans stream asynchronously to KLA, and in-process gates enforce policy decisions inside your own runtime. Lowest-friction; keeps execution on your side.
Run through KLA. Route execution through KLA's managed proxy using the Executions API. KLA mediates each call directly. Best when you want enforcement at a single chokepoint.

Both patterns produce the same evidence and the same governance guarantees. See Deployment Patterns to choose.

Where to go next

Quickstart: instrument an agent, register it, and export a Sealed Evidence Bundle in minutes.
Authentication: get a token, then call the API with Authorization: Bearer <token> and x-tenant-id: <tenant> against https://api.kla.digital.
Core Concepts: how policy-gated execution and evidence-by-default actually work.
Product Modules: a tour of Command, Policy Builder, Decision Desk, Agents, Lineage Explorer, Assurance Center, and the Evidence Room.