Security
One clever prompt shouldn't undo your security.
Four layers, stacked
Each layer is independent. An attacker has to defeat all of them, in order, to do real damage, and any one of them firing stops the chain.
Containment
Agents start with zero standing access and authenticate to Clawvisor, not to your tools. Tools are granted per-task and revoked when the task ends, so the blast radius of any compromise is the task, never the account.
Credential isolation
Real secrets never reach the agent. They stay encrypted in the vault and are swapped in at call time, so a leaked context or transcript exposes a dead handle, not a production key.
Policy & risk gating
Every task is scored for blast radius and checked against plain-English policy. High-risk, out-of-policy work stops for a human; routine work flows through. No all-or-nothing approve button.
Full audit logging
Each tool call, argument, and decision is recorded in a complete trail tied to the task and the human who approved it, replayable whenever you need it.
Credential vault
Secrets your agents can use but never see.
Production credentials are stored encrypted in the Clawvisor vault and never leave it. Agents receive opaque, scoped, short-lived handles instead. When a call goes out, the gateway exchanges the handle for the real secret at the edge, so the credential is used without ever entering the model's context, the tool transcript, or your logs. Rotate the underlying secret in the vault and every handle keeps working, with no agent code or config to touch.
Compliance & data handling
Built to be audited, not just trusted.
Clawvisor ships an open-source core you can read, audit, and run yourself. Self-host and every credential, log, and request stays inside your own infrastructure, nothing leaves your network. Every agent action lands in a complete, replayable audit trail tied to the task and the person who approved it.
- Open-source core
- Self-host available
- Encrypted credential vault
- Complete audit trail
Put a gateway in front of your agents.
Start with the open-source core, or talk to us about a managed deployment with the controls your team needs.