Automation Control Plane

FastAPI control layer for governing AI and automation workflow execution in multi-tenant products.

Overview

Most automation demos stop at "the workflow runs." Real products need a control plane that decides whether a workflow is allowed, whether it requires human approval, and how the decision should be recorded.

This project models that layer as a focused Python backend with:

• tenant-scoped API key auth
• workflow catalog and plan enforcement
• approval routing for sensitive executions
• usage counters and overage handling
• audit-friendly execution logs
• lightweight operator dashboard

What This Project Proves

• backend domain modeling for AI and automation products
• deterministic policy enforcement instead of prompt-only orchestration
• multi-tenant access scoping
• approval and audit primitives for higher-risk workflows
• persistent state and testable service boundaries

Core Capabilities

• organization and workflow registry
• entitlement and plan checks
• automatic versus manual approval routing
• usage-based execution limits
• approval queue for sensitive workflows
• execution decision logs
• tenant-scoped API key auth
• persistent SQLite-backed state
• browser dashboard for operators and owners

Example Seeded Workflows

• Lead Triage Agent
• Proposal Sender
• Brand Insight Report
• Market Watch Report

API Surface

• GET /health
• GET /me
• GET /organizations
• GET /workflows
• POST /workflows/{workflow_id}/execute
• GET /approvals
• POST /approvals/{approval_id}/decision
• GET /executions

Quickstart

python -m venv .venv
.venv\Scripts\activate
pip install -e .
pip install pytest httpx
uvicorn automation_control_plane.main:app --reload

Open:

• http://127.0.0.1:8000/docs
• http://127.0.0.1:8000/dashboard

Environment

Copy .env.example if you want to override the default SQLite location:

copy .env.example .env

Supported variable:

• ACP_DB_PATH: override the SQLite database path used by the app

Default state is stored in data/control_plane.db.

Demo API Keys

• platform admin: acp-admin-demo
• agency owner: acp-agency-demo
• ops operator: acp-ops-demo

Example Request

curl -X POST http://127.0.0.1:8000/workflows/wf_proposal_send/execute `
  -H "X-API-Key: acp-agency-demo" `
  -H "Content-Type: application/json" `
  -d "{\"payload_summary\":\"Send proposal to ACME after legal review\"}"

Expected behavior:

• wf_lead_triage auto-approves for the starter tenant
• wf_proposal_send enters the approval queue
• wf_market_watch is denied on the starter plan

Testing

Run local tests:

python -m pytest -q

Coverage includes:

• service-level policy decisions
• API authentication behavior
• approval flow through the FastAPI layer
• tenant scope enforcement

Architecture

• API layer: main.py
• policy engine: services.py
• persistence layer: repository.py
• architecture notes: ARCHITECTURE.md
• case study: CASE_STUDY.md

Next Production Steps

• replace demo API keys with stronger auth
• add queue-backed execution adapters
• add schema migrations
• add richer RBAC and audit filters
• add billing-backed plan enforcement