AI Plugin - Control Plane

Install

Claude Code
Codex
Gemini CLI

Add the marketplace, install the plugin, then reload:

/plugin marketplace add controlplane-com/ai-plugin
/plugin install cpln@controlplane
/reload-plugins

Update. Third-party Claude Code marketplaces have auto-update disabled by default. Run these when a new release is published:

/plugin marketplace update controlplane
/reload-plugins

To enable auto-update once and forget it, run /plugin, open the Marketplaces tab, select Control Plane, and choose Enable auto-update.

Add the plugin marketplace:

codex plugin marketplace add controlplane-com/ai-plugin

Adding the marketplace does not install the plugin. Start Codex, open /plugins, use the arrow keys to navigate to Control Plane, then select and install the cpln plugin.

Update. Codex does not auto-update plugin marketplaces. Run the upgrade command when a new release is published, then restart Codex:

codex plugin marketplace upgrade controlplane

Enable plugin hooks for guardrail injection (recommended). Codex ships with the plugin_hooks feature off by default, which gates plugin-bundled hooks. The Control Plane plugin uses a SessionStart hook to inject the cli-conventions and cpln-guardrails rules into every Codex session so the assistant respects production write-guardrails (typed confirmations on destructive ops, org/GVC sanity checks, no invented cpln flags). To enable, add this block to ~/.codex/config.toml and restart Codex:

[features]
plugins = true
plugin_hooks = true

After the restart, /plugins → Control Plane → Hooks should show SessionStart. Without this, Codex still loads skills and MCP tools, but the guardrails are not injected automatically and the Hooks row reads “No plugin hooks.”

Codex’s plugin format supports skills, MCP, and hooks (the latter behind the feature flag above). Agents and slash commands defined in the plugin are not loaded by Codex.

Install the extension from GitHub with auto-update enabled so future releases pull automatically:

gemini extensions install https://github.com/controlplane-com/ai-plugin.git --auto-update

Prefer to control when updates land?

Install without the --auto-update flag:

gemini extensions install https://github.com/controlplane-com/ai-plugin.git

Then update manually when a new release is published:

gemini extensions update cpln
# or update every installed extension
gemini extensions update --all

In Gemini, commands drop the cpln: prefix — use /troubleshoot instead of /cpln:troubleshoot.

Authenticate the MCP server

The MCP server needs a service account token to act on your behalf. Skills, agents, commands, and guardrails work without it — the token is only required for live operations (creating workloads, managing secrets, applying manifests).

export CPLN_TOKEN="<your-service-account-token>"

Create a service account with the Create a Service Account guide. Add it to the superusers group for full access, or viewers for read-only exploration. Gemini CLI prompts for the token at install time and stores it in your system keychain.

What it includes

Component	What it does	When it activates
23 Skills	Platform knowledge — workload types, CLI, autoscaling, secrets, networking, observability, IaC, mk8s, BYOK, templates	Loaded on demand based on your prompt
8 Agents + 8 Commands	Multi-step workflows — troubleshoot a failing workload, set up secret access, configure a domain, migrate from Kubernetes, set up cloud identity	Triggered by your prompt or by `/cpln:<command>`
8 Guardrail Rules	Always-on enforcement — confirm destructive ops, surface constraint conflicts, validate manifest fields	Loaded into every session

The plugin also pre-configures the Control Plane MCP Server (80+ tools) so the assistant can read and mutate your infrastructure directly.

Try it

/cpln:troubleshoot my-api --gvc production

MCP-only setup

If your client doesn’t support plugins (Cursor, Amp, OpenCode, and others), add the cpln MCP server directly:

{
  "mcpServers": {
    "cpln": {
      "type": "http",
      "url": "https://mcp.cpln.io/mcp",
      "headers": {
        "Authorization": "Bearer ${CPLN_TOKEN}"
      }
    }
  }
}

MCP-only gives you the 80+ live tools but not the skills, agents, commands, or guardrails. For per-tool setup instructions, see Compatible tools.

Next steps

MCP Server

The 80+ tools the plugin uses to act on your infrastructure

Usage Examples

Concrete prompts for common Control Plane workflows

Create a Service Account

Generate the token the MCP server needs to authenticate

Plugin source

Source, full inventory, and contribution guide

MCP Server

Tool Setup

Documentation Index

​Install

​Authenticate the MCP server

​What it includes

​Try it

​MCP-only setup

​Next steps

MCP Server

Usage Examples

Create a Service Account

Plugin source

Install

Authenticate the MCP server

What it includes

Try it

MCP-only setup

Next steps