How It Works

Validate. Evaluate. Execute. Export evidence.

Gvner sits between agent intent and production execution. Agents propose actions, Gvner validates structure, evaluates policy centrally, then returns ALLOW or DENY with evidence.

Quickstart Integration Hub Unified Adapter Policy Rules Evidence Model

Book enterprise pilot Continue to Docs Back to Home

Canonical flow

1. Agent generates intent

The agent emits a structured intent with actor, action, target, and context. See Agent Inventory and Tool Policy.

2. Validate intent

The runtime calls Gvner before side effects happen: use /adapters/http/intent for generic integrations, or /openclaw/intent and /temporal/intent on compatibility paths. Execution is blocked until a signed decision is returned.

3. Evaluate policy

Gvner checks policy, identity authority, risk, budget, and compliance constraints. Related docs: Policies, Role Mapping, Identity Changes, Control Mapping.

4. Return ALLOW or DENY

The decision is deterministic, time-bound, and tied to policy basis. Every result is written to evidence and can be exported.

5. Execute only if allowed

ALLOW permits execution for the defined scope and time window. DENY blocks execution and records reason codes for review.

6. Export evidence

Decision and execution traces are packaged into evidence suitable for release, security review, and compliance conversations.

What a pilot proves

Technical proof

Intent validation before side effects

Explicit allow or deny

Approval-required branch

Buyer proof

Execution traceability

Evidence export for internal review

Repeatable onboarding for chosen workflow

Example flow

Below is a representative example showing the intent → decision → audit cycle.

Intent Submission

{
  "agent_id": "agent_7f3a21",
  "action": "database.update",
  "target": "customers.email",
  "parameters": {
    "customer_id": "cust_8492",
    "new_email": "updated@example.com"
  },
  "context": {
    "user_request": "Update customer email",
    "timestamp": "2026-02-27T14:32:11Z"
  }
}

Gvner Decision

{
  "decision": "ALLOW",
  "basis": {
    "policy": "COMPLIANT - customer_data_update_v2",
    "permits": "AUTHORIZED - agent_7f3a21 has UPDATE_CUSTOMER",
    "budget": "AVAILABLE - 847 operations remaining",
    "regulation": "COMPLIANT - GDPR Article 16"
  },
  "audit_id": "aud_9f2e4c1a8b7d6f3e",
  "timestamp": "2026-02-27T14:32:11.247Z",
  "expires_at": "2026-02-27T14:32:16.247Z"
}

Audit Record

{
  "audit_id": "aud_9f2e4c1a8b7d6f3e",
  "work_id": "work_4e7f2a9c",
  "agent_id": "agent_7f3a21",
  "action": "database.update",
  "decision": "ALLOW",
  "executed": true,
  "execution_timestamp": "2026-02-27T14:32:11.891Z",
  "evidence_hash": "sha256:7f3e9a2c1d8b4f6e...",
  "immutable": true
}

Key guarantees

Every decision is logged with complete context

Decisions are deterministic and reproducible

No execution can bypass Gvner evaluation

Audit trails are immutable and cryptographically verifiable

Fail-Closed Design Audit Trail Receipts Regulator Packet

Call to Action

Use Gvner to move from agent experimentation to controlled production execution.

Book enterprise pilot Talk to sales Continue to Docs Integration Hub Start Generic Adapter

Validate. Evaluate. Execute. Export evidence.

Canonical flow

1. Agent generates intent

2. Validate intent

3. Evaluate policy

4. Return ALLOW or DENY

5. Execute only if allowed

6. Export evidence

What a pilot proves

Technical proof

Buyer proof

Integration surfaces

Unified adapter (recommended)

OpenClaw compatibility

Temporal compatibility

Full integration hub

What gets evaluated

Policy constraints

Identity authority

Operational limits

Security/compliance controls

Governance OS layers

Execution authority

Identity governance

Evidence exports

Operational oversight

Example flow

Operate this in production

Observe

Harden

Recover

Scale

Key guarantees

Call to Action