The Agent Control Plane Arrived: Omnigent, GitLab, and the $2K/month User

Uber burned through its entire 2026 AI budget in four months. Roughly 5,000 engineers ran Claude Code sessions with no spending caps, and individual heavy users reached $500 to $2,000 per month. One unnamed enterprise spent $500 million on a single month of AI usage before finance teams intervened.

These numbers come from TechTimes analysis published June 15, coinciding with the Data + AI Summit in San Francisco. They describe a market that is cracking under its own weight. Engineers juggle four or five agents at once, copy-pasting context between Claude Code, Codex, Gemini, Slack, and documentation tabs. Each agent runs in its own silo. No shared context. No shared audit trail. No cost guardrails.

Databricks and GitLab each shipped a different piece of the answer this week. Databricks open-sourced Omnigent, a meta-harness that sits above individual agents. GitLab announced four capabilities designed to make agent-driven development work at enterprise scale.

What Databricks built

Omnigent is a layer above the agents you already use: Claude Code, Codex, Pi, and custom agents defined in YAML. Instead of replacing any of them, it wraps each one in a sandboxed session with a uniform API and adds capabilities that individual harnesses cannot provide alone.

The Databricks blog post frames the project around composition, control, and collaboration. Composition means combining multiple agents and swapping harnesses with one-line YAML changes. Control means stateful policies that enforce cost budgets and permissions at the infrastructure layer. Collaboration means sharing live agent sessions by URL so teammates can watch, comment, and steer agents in real time.

The control piece deserves attention. Every major AI coding agent today enforces its guardrails through system prompts. A prompt says "ask before deleting files" or "don't push without approval." Prompt-based constraints break when a long session pushes early instructions out of the context window. They break when a model update changes how the system message is weighted. They cannot track dynamic state. A prompt instruction cannot know that an agent just installed an unreviewed npm package and should therefore require human approval before its next git push.

Omnigent moves policy enforcement to the infrastructure layer. A cost-budget policy pauses a session after every $100 spent and asks for confirmation before continuing. A permission policy intercepts any git push that follows a package installation, regardless of what the model does. The OS-level sandbox, called Omnibox, locks down filesystem access and intercepts outbound network requests at the kernel level: bubblewrap and seccomp on Linux, Seatbelt on macOS. An agent running under Omnigent never sees a GitHub security token directly. The token is injected into the proxy only on approved requests.

The repo ships with two reference implementations. Polly is a multi-agent orchestrator that writes no code itself. It plans, then delegates work to Claude Code, Codex, or Pi sub-agents running in parallel git worktrees. Each completed diff gets routed to a reviewer from a different vendor than the one that wrote it. Debby is a brainstorming interface with two simultaneous heads: one Claude, one GPT, answering every query in parallel and debating each other on command.

Omnigent ships under Apache 2.0 and is in alpha. It is available on GitHub and PyPI.

What GitLab shipped

On June 10, GitLab announced four capabilities at its Transcend conference that approach the same problem from the infrastructure side.

Next Generation Source Code Management replaces repository clones with structured API access. Agents query the repository server-side for exactly what each task requires. Git was designed for human-speed operations. Agents cloning entire repositories create a bottleneck that compounds at scale. GitLab reports agents complete tasks up to 50x faster, consume 2x fewer tokens, and generate 1000x less network traffic.

GitLab Orbit is a context graph for the entire software lifecycle. It maps code, work items, pipelines, deployments, and production signals into a single graph that agents and engineers query from the same source of truth. In large monorepos, agents without full lifecycle context over-iterate, burn tokens reconstructing what they cannot see, and produce changes teams end up reverting. GitLab's internal testing shows agents using Orbit responded up to 11x faster, used up to 4.5x fewer tokens, and produced up to 45x fewer hallucinations.

Compare the Market's head of AI engineering, Ryan Harvey, said RAG "ended up performing worse than no context at all" when they tested it against Orbit across real merge requests. The context graph produced better comment placement and better change summaries.

Governance for Agents adds identity, policy, audit, and approval around every agent action, with real-time visibility into inputs, reasoning, tool calls, and high-risk activity across the organization.

Do you need a meta-harness yet?

If your team runs a single agent for a single workflow, probably not. The signal that you do need one is operational friction: engineers maintaining separate configuration files for each agent, transferring context by copy-pasting between windows, discovering cost overruns only when the monthly invoice arrives.

The Gravitee state-of-security survey found that only 14.4% of AI agents went live with full security and IT approval. More than 85% were deployed without security review. Meanwhile, 82% of executives feel confident their existing policies protect against unauthorized agent actions. Unit 42 researchers documented nine attack scenarios against production agent frameworks, finding that credential theft, tool exploitation, and remote code execution all arise from insecure design patterns at the harness level.

The gap between executive confidence (82%) and operational reality (14.4% with security review) is where infrastructure-layer enforcement matters. Prompt-based guardrails cannot close that gap because they live inside the agent's context window. Infrastructure-layer policies fire before the action happens, not after.

Gartner forecasts that more than 40% of AI agent projects will be canceled by 2027 due to escalating costs and inadequate risk controls. Whether that number proves accurate or not, the direction is clear. Databricks built Omnigent for the problems it observed across its 5,000-plus engineering team. GitLab built its agent capabilities because teams running hundreds of agents on overlapping codebases need governance, speed, and cost control that Git alone cannot provide. Both are betting that the next frontier is not building better agents but governing the ones already running.