How it works
One gateway between your agents and everything they touch.
The request path
Point your agent at Clawvisor. Everything else falls out of that.
Your agent
Clawvisor
verify · scope · log
LLM
The lifecycle of a single task
The agent declares a task
Instead of asking for tools one call at a time, the agent states a task: a purpose plus the tools it expects to need. Clawvisor sits in the request path, so this happens with no SDK and no agent rewrite.
Clawvisor scores the blast radius
Every task is assessed for how much damage it could do if it went wrong: reversibility, scope, and the sensitivity of the tools requested. The result is a low / medium / high risk rating on the request.
Policy decides: pass or hold
Plain-English policy decides what happens next. In-policy, low-risk work is auto-approved and flows straight through. Anything outside the rules pauses and waits for a named human to approve or deny.
Scoped execution, then revocation
On approval, the gateway swaps vaulted credentials in at call time and grants exactly the scopes the task declared, nothing adjacent. Every call is logged and tied to the task. When the task ends, the grant is revoked.
Fix the failing CI check on billing-api and open a PR.
- read
github.read
repo: billing-api
- write
github.write
branch: fix/ci
- write
shell.exec
npm test
Approve the task, and six power-ups come with it.
Let your agents fly. Safely.
Free to start for solo developers. Sign up and put a gateway in front of your agents in minutes. No credit card required.