🧭 Getting Started with Control Core
Control Core is the policy-driven control plane for protecting APIs, applications, data paths, and AI traffic with one consistent enforcement model. This page is the shortest path to understanding how it fits together, choosing a deployment path, and enforcing your first control without repeating the deep-dive material that already lives elsewhere in the docs.
Guided Onboarding Sequence
Step 1: Stand Up The Platform
Step 2: Connect Enforcement
Step 3: Enforce Your First Control
📌 What Control Core Does
- Centralizes authorization across users, services, workflows, and AI agents
- Keeps enforcement externalized so protected resources stay out of the policy business
- Supports Zero Trust access decisions before a request reaches the target resource
- Produces audit-ready evidence for operational and compliance review
📌 Towards Zero Trust: How Control Core Fits In
The diagram below shows the request path at a glance. A subject sends a request, the Bouncer intercepts it, policy is evaluated using Control Core context, and only an explicit allow reaches the protected resource.
Click to enlarge
Flow: Subject -> Request -> Bouncer / PEP -> Policy decision -> Resource. Denied requests are blocked and logged before the resource is touched.
🏗️ Modern Architecture Flow
Use the interactive component below to inspect the role of each major Control Core component in the request path.
Interactive Architecture Flow
Choose a component to see its role in the request path.
Every request begins with a subject such as a user, service call, workflow, or AI agent. Control Core treats them as policy-evaluated requests before they reach any protected target.
Review the request pathThe Bouncer is the policy enforcement point at the edge. It receives the request, builds the authorization context, checks cache when possible, and blocks or forwards the request.
See bouncer deploymentOperators and policy teams use the Control Plane UI and API to manage policies, connect repositories, register resources, inspect audits, and govern rollout across sandbox and production.
Open the admin guidePolicy Bridge keeps bouncers aligned with the latest enabled policy and integration data, so you do not have to update each enforcement point manually.
Read the architecture guideThe protected resource can be an API, application, data path, or LLM route. It is reached only after Control Core explicitly allows the request.
Explore AI governance
For the full architecture, data flows, sandbox/production model, and deployment patterns, see Architecture Overview.
🚀 Choose Your Deployment Path
Start with the model that matches how much of the platform you want to operate yourself.
| Deployment model | Best for | Start here |
|---|---|---|
| Kickstart | Self-hosted evaluation, lab environments, first proof of value | Kickstart Deployment |
| Pro | Hosted Control Plane with customer-managed enforcement | Pro Deployment |
| Enterprise | Full-scale production with advanced infrastructure patterns | Enterprise Deployment |
Need the broader deployment checklist first? Start with the Deployment Guide.
🚀 First Steps After Deployment
Once the Control Plane and Sandbox Bouncer are up, keep the first run simple:
- Log in, rotate the admin password, and create environment API keys.
- Connect your controls repository and confirm the Sandbox Bouncer is active.
- Verify resource discovery, create a basic sandbox policy, and test it through the Bouncer.
The full operational checklist lives in the Administrator Guide.
🛡️ Create Your First Policy
Treat this as a short starter, not the full authoring manual:
- Go to Policies and create a sandbox policy linked to a resource and bouncer.
- Use the visual builder, code editor, or a template to define a simple allow or deny rule.
- Test it, deploy it to sandbox, and confirm the result in audit logs.
For full policy authoring and lifecycle details, use:
🤖 AI And Advanced Enforcement
Control Core uses the same policy-driven model to govern LLM routes, prompt safety, data protection, and AI-related access decisions.
Start here if AI traffic is part of your rollout:
📌 Where To Go Next
Architecture Overview
Read the full component model, request flow, policy distribution path, and deployment patterns.
View guideDeploymentDeployment Guide
Choose the right deployment model and follow the correct runbook for your environment.
View guideOperationsAdministrator Guide
Run the post-deployment checklist, connect repositories, and verify runtime readiness.
View guidePolicyPolicy Manager Guide
Create, test, deploy, and manage policies without repeating the basics here.
View guideAIAI Governance
See how Control Core extends the same enforcement model to AI and LLM traffic.
View guideSupportTroubleshooting
Jump straight to common operator issues, validation steps, and recovery paths.
View guide📞 Support
If you get blocked during rollout:
- Start with the Administrator Troubleshooting Guide
- Use the Deployment Guide for runbook-level validation
- Contact
support@controlcore.iofor technical support - Contact
info@controlcore.iofor general product and deployment questions