Gamut Claw
Secure execution for governed agentic workflows.
Gamut Claw is the bounded execution worker in the Gamut operating stack. It executes approved tasks, but does not directly access Gamut records, databases, credentials, customer tools or model providers.
Discuss secure agent executionNo direct secrets
Claw does not receive customer credentials or model-provider keys. Runtime access is mediated through Gateway and environment-backed references.
Gateway-only action
Every model, context or tool action is routed through Gateway for policy decision, enforcement, audit and response control.
Bounded execution
Tasks are constrained by runtime, step count, allowed tools, priority, lease duration, retries, data class and output limits.
Supported governed task modes
- Governed context summary
- Governed reasoning through Gateway-mediated model invocation
- Tool planning without direct tool execution
- Evidence gap analysis
- Control recommendation
- Gateway tool task execution
- Task scheduling and pause/resume controls
- Task cancellation and retry
- Task leasing and fail-closed runtime behaviour
- Runtime result redaction and bounded output
Runtime evidence
| Evidence | Why it matters |
|---|---|
| Task history | Shows what was requested, by whom, under which tenant and assessment context. |
| Step status | Shows whether each governed task is queued, running, succeeded, failed, cancelled or blocked. |
| Gateway decision details | Shows what Gateway allowed, blocked, logged or escalated before execution. |
| Journal verification | Supports tamper-evident event history for Claw runtime activity. |
| Redacted result summaries | Gives users useful outputs without persisting raw prompts, raw context or secrets. |
How Claw fits into Gamut
Gamut AI remains the governance system of record. Workflow Studio designs the governed plan. Gateway decides whether runtime action is allowed. Claw executes only the bounded task it has been authorised to perform.
This separation is the security advantage: the worker can execute tasks without becoming the policy authority, database owner, secret holder or direct connector client.