Documentation for setup and production operations.
Use this hub to move from initial integration to enforced execution control, with identity governance, evidence exports, and operational runbooks.
Docs index
Search every topic or filter by tag.
Start here
Recommended adoption path for new teams:
1. Define authority and policy
Set execution scopes, approvals, and role mappings. Start with Policy Model and Role Mapping.
2. Integrate runtime
Prefer the unified adapter contract (HTTP/Webhook) for new runtimes. OpenClaw and Temporal remain compatibility paths. For the production Top 20 set, use Adapter Directory.
3. Run observe-only validation
Simulate decisions, review DENY reasons, and tune policy before blocking execution.
4. Enforce and operate
Enable ALLOW/DENY gates, evidence exports, and ongoing ops checks.
Setup Any Agent Runtime
Use this path for any agent framework or automation system.
1. Connect tenant + auth
Set API base, tenant ID, and token in Console setup.
2. Implement runtime adapter
Use HTTP/Webhook adapter: register runtime, call intent before side effects, send heartbeat.
3. Pick your framework mapping
Use targeted guides for LangGraph, Semantic Kernel, Bedrock, Vertex ADK, Automation, or Worker Queue. Keep OpenClaw and Temporal compatibility paths if already deployed.
4. Validate fail-closed behavior
Use fail-closed requirements and API contract checks before rollout.
5. Turn on operations + evidence
Run deployment checks, monitor via integration runtimes page, and enable evidence exports.
Core concepts
Execution authority
Agents may plan; Gvner alone approves or denies execution.
Policy schema
Rules define scope, approvals, budgets, and control constraints.
Evidence ledger
Immutable decision records with policy basis and verification hashes.
Control mapping
Map governance behavior to framework controls and audit needs.
Identity governance
SSO, SCIM, sessions, and change approvals for access control.
Agent governance
Inventory, baselines, anomalies, enforcement, and attestations.
Operational integrity
Readiness, resilience, SLA tracking, and incident handling.
Approvals and change control
Approval gates, diffs, rollback, and immutable change receipts.
How to use
Runbook-style guides for the most common governance operations.
Integration hub
All supported runtime families and adapter patterns in one place.
Generic HTTP/Webhook adapter
Canonical contract for LangGraph, Semantic Kernel, Bedrock, Vertex ADK, automation, and worker queues.
10‑minute quickstart
Connect, register, approve, and export evidence end‑to‑end.
OpenClaw secure launch
Start self-serve trial, run fail-closed checks, and promote to production through explicit gates.
OpenClaw + Temporal quickstart
Gate tool calls and workflow activities through Gvner.
SSO setup
Register a provider, validate metadata, and issue governed sessions.
SCIM sync
Provision users/groups and reconcile identity drift.
Change approvals
Request, review diffs, approve, and apply with evidence capture.
Regulator packets
Generate signed, hashed evidence exports for audits and regulators.
High-value operations
Deployment and rollout
Deploy checks, version validation, and canary rollout controls.
Observability and performance
SLO burn, perf targets, and observability snapshots.
Maintenance and readiness
Readiness checks, env validation, and restart advisories.
Support and launch packs
Generate support packs and launch readiness artifacts.
Identity change controls
Queue, SLA, approvals, bundles, and lifecycle controls.
Agent KPIs and reporting
KPIs, trends, alerts, and reporting links for stakeholders.
Documentation library
Getting started
Connect a runtime, run observe-only, then enforce.
Console usage
Connect your tenant, review evidence, approve changes, export packs.
Policy model
Scopes, approvals, budgets, and lifecycle.
Evidence model
Decision records, audit IDs, and lineage.
Identity governance
SSO, SCIM, session policy, and change queue.
SSO setup
Provider registration, metadata validation, and session issuance.
SCIM sync
User/group provisioning and drift reconciliation.
Google Workspace setup
Configure Google OIDC, map roles, and sync users/groups into Gvner.
Agent governance
Inventory, baselines, anomalies, enforcement, and bundles.
Operational integrity
Health alerts, integrity checks, SLA reporting, incidents.
Change approval workflow
Request, diff, approve, apply, and evidence capture.
API reference
Intents, decisions, audits, and exports.
OpenClaw integration
Intercept tool calls and gate execution through Gvner.
Temporal integration
Govern activity execution in deterministic workflows.
HTTP/Webhook adapter
Single contract for non-native runtimes.
LangGraph integration
Gate side-effect nodes through Gvner decisions.
Semantic Kernel integration
Use execution filters with fail-closed governance checks.
Bedrock integration
Govern action group invocation paths with one adapter contract.
Vertex ADK integration
Map intent hooks to Gvner checks before tool execution.
Automation integration
n8n/Make/Zapier fail-closed pre-step guard pattern.
Worker queue integration
Pre-handler guard for Kafka/SQS/Celery style workers.
Exports
Regulator-ready packs and integrity receipts.
Regulator packet
Signed, hashed evidence packets for external reviews.
Security model
Guarantees, controls, and threat coverage.
Full doc tree
Every public control and claim maps to a concrete doc page.
Getting started
Integration families
Governance model
Identity governance
Agent governance
Operational integrity
Security controls
Enterprise trust layer
Public, regulator‑facing materials that make Gvner adoption audit‑ready.
Policy schema (example)
Policies define who can execute, which scopes apply, and the regulatory basis for enforcement.
Evidence model
Decision record
Every decision produces a deterministic record that includes policy basis and evidence hash.
Export formats
Evidence can be exported in structured formats for auditors and regulators.