OpenClaw

OpenClaw Secure Launch

Start a governed OpenClaw trial instantly. Gvner evaluates every tool intent before execution, fails closed on errors, and records immutable evidence by default.

Integration Hub Unified Adapter Integration Guide 7-Day Launch Runbook Tool Policy Fail-Closed Model Evidence Receipts

Start Self-Serve Trial 7-Day Launch Guide

Launch kits (governance limits)

All tiers include fail-closed controls, immutable evidence, and integration support. Scale by governance limits, not infrastructure specs.

Lite

Fast pilot scope

For one secure trial tenant and focused workflow gating.

1 tenant
3 agents
100k governed intents / month
Weekly evidence exports
Email support

Start Lite Trial

Team rollout scope

For multi-team rollout and daily governance operations.

3 tenants
15 agents
500k governed intents / month
Daily evidence exports
Priority support

Start Pro Trial

Max

Production scale scope

For high-volume governance with launch support coverage.

10 tenants
50 agents
2M governed intents / month
Hourly evidence exports
Priority + launch support

Start Max Trial

Start Self-Serve Trial Full pricing Enterprise/custom scope

Start self-serve trial

Submit this form to provision a governed trial tenant instantly. Credentials are shown once and sent to your email.

Full name

Work email

Company

Role

Use case

Current stack

Plan tier

Timeline

Budget band

What you get immediately

Governed trial tenant + token

Default OpenClaw trial baseline agent profile

7-day secure launch runbook

Evidence-export path for first audit packet

Launch promise

Secure OpenClaw bot live in 7 days with fail-closed controls and auditable decision evidence.

Read launch runbook

How Gvner governs OpenClaw

1. Agent emits a tool intent

The agent generates a normal OpenClaw tool call with parameters and context.

2. Adapter sends intent to Gvner

The governance adapter intercepts the call and sends it to Gvner before any side effects occur.

3. Gvner evaluates policy + authority

Checks include tool policy, actor permissions, session state, budget, and control mappings.

4. Decision returns ALLOW or DENY

ALLOW permits execution in scope. DENY blocks execution and returns reason codes.

5. Evidence is written automatically

Every decision is recorded to immutable audit storage and available for export.

External runtimes do not execute tools directly. All OpenClaw actions are governed by Gvner.

This is the OpenClaw compatibility surface. New runtime families should use the unified adapter contract at /adapters/http/*.

What to configure first

Tool policy

Define allowed tools and denied scopes by agent class.

Role mapping

Map actor groups and session claims to execution capabilities.

Approval gates

Require explicit approvals for sensitive tool categories.

Control map

Map policy behavior to your framework controls for audit.

Example: denied tool call

Below is a representative example of an OpenClaw tool call that was denied by Gvner.

OpenClaw Tool Call Intent

{
  "tool": "file_system.delete",
  "parameters": {
    "path": "/company/financial/q4_2024_earnings.xlsx",
    "recursive": false
  },
  "agent_id": "agent_3c8f21",
  "session_id": "sess_9a4e7f2b",
  "timestamp": "2026-02-27T09:23:47Z"
}

Gvner Decision

{
  "decision": "DENY",
  "basis": {
    "policy": "VIOLATION - deletion of financial records requires CFO approval",
    "permits": "UNAUTHORIZED - agent_3c8f21 lacks DELETE_FINANCIAL",
    "budget": "AVAILABLE",
    "regulation": "VIOLATION - SOX retention requirements (7 years minimum)"
  },
  "audit_id": "aud_2f9e7a4c1b3d8e6f",
  "timestamp": "2026-02-27T09:23:47.184Z",
  "expires_at": null
}

Evidence Block
Work ID: work_8f3e2a9c Audit ID: aud_2f9e7a4c1b3d8e6f
Decision: DENY Executed: FALSE
Evidence Hash: sha256:a4f7e2c9d1b8f3e6a9c2f7e4b1d8a3c9...
Regulatory Citations: SOX §802, Policy REF‑FIN‑002

Integration architecture

Gvner integrates with OpenClaw runtimes through a governance adapter layer.

Intercepts all tool calls before execution
Transmits intent to Gvner for policy evaluation
Blocks execution until a signed decision is received
Records complete decision lineage and audit IDs
Fails closed on any error condition

The agent interface stays the same. Governance enforcement is transparent to calling logic but strict in execution behavior.

Technical guarantees

Every OpenClaw tool call requires explicit Gvner approval.

Denied actions are never executed under any circumstances.

Complete audit trail maintained for every decision.

Fail‑closed behavior prevents unauthorized execution.

No bypass mechanisms or override capabilities exist.

Observability SLA Tracking Incidents Support Pack

Call to Action

Keep OpenClaw developer velocity while adding deterministic execution governance.

OpenClaw Docs Integration Hub See Temporal Path