Bring-your-own runtime
The BYO agent runtime lets you run external agent frameworks while keeping Gamut as the trust and enforcement plane. You are not required to adopt Gamut Claw to benefit from governed agentic AI. Your agent keeps its own orchestration logic; Gamut governs what it is allowed to do.
The operating rule
Section titled “The operating rule”Think anywhere. Act through Gateway.
External agents may plan and reason locally, in whatever framework you prefer. But context, model calls, tools, connectors, approvals, run events and governed writeback must go through Gamut Gateway. Planning is unconstrained; action is always governed.
The SDK and its three governed actions
Section titled “The SDK and its three governed actions”Gamut ships a BYO agent SDK (Node and Python) that an external runtime embeds. It exposes exactly three governed actions, and nothing else reaches a provider:
| Action | What it does |
|---|---|
| context | Retrieve a bounded, tenant-scoped Gamut workspace context pack through Gateway. |
| model | Run a governed model inference over an approved context pack, with provider keys held by Gateway. |
| invokeTool | Invoke a named, permitted connector through Gateway, optionally carrying an approval warrant. |
Each call is signed and tenant-scoped, and carries the agent’s registered identity. The runtime receives only a single Gamut runtime secret. It is given no model-provider, SaaS, database, payment, email, SIEM, SOAR, shell or browser credentials, and the SDK actively rejects any attempt to pass direct provider configuration or secret material in a payload.
Configuration
Section titled “Configuration”An external runtime is wired with just its Gamut coordinates and one secret:
GAMUT_BASE_URL=https://your-gamut-host.exampleGAMUT_TENANT_SLUG=mainGAMUT_WORKSPACE_ID=12GAMUT_AGENT_ID=14GAMUT_BYO_AGENT_SECRET=...The GAMUT_AGENT_ID must correspond to an agent already registered in
Agentic CISO. Registration is the precondition for the secret to
authorise anything.
Fails closed, always
Section titled “Fails closed, always”The SDK fails closed, the action does not proceed, on any of:
- a non-2xx response from Gamut,
- Gateway returning
invoked: false(policy denial), - a request timeout,
- a stale or revoked credential,
- an identity mismatch,
- any policy denial.
Safety never depends on a call succeeding. A failed governance check is a stop, not a warning.
Supported frameworks
Section titled “Supported frameworks”The SDK ships bridges that keep popular frameworks inside the trust boundary, plus a minimal base client for custom Node or Python agents:
- LangGraph and CrewAI wrapper tools, so graph and crew steps act through Gateway.
- Hermes Agent chat, responses and toolset wrappers, backed by Gateway.
- OpenClaw run, stream, cancel, model and tool helpers, backed by Gateway.
- Custom agents via the base Node and Python clients.
These bridges must not receive model-provider keys, direct tool credentials or alternate provider base URLs; the SDK rejects direct provider configuration and continues to require signed Gamut runtime credentials for every governed action.
The security model
Section titled “The security model”The BYO runtime preserves the same zero-trust posture as Claw:
- No credentials to the agent. Provider credentials remain on the Gateway side.
- Registered identity. Each external agent is registered in the Agentic CISO agent register, with an owner, scope and ATF level.
- Governance parity. A BYO agent passes the same Gateway controls, ATF boundary, tool permissions, approval gates, data flows, as any other governed agent before any action.
- Enforced at runtime. Gateway enforces tool permissions, action types, data classes, rate limits, approval gates and policy on every request.
- Fully logged. Gamut and Gateway record every action, giving the same runtime evidence as any other governed agent.
Tool brokers
Section titled “Tool brokers”External tool brokers (such as MCP-based brokers) are supported only as governed Gateway tool connections, with declared profiles and explicit per-tool scopes. External agents never receive a broker credential or a direct broker URL; they request the tool through Gateway like any other connector. See the connector catalog.
Delegation
Section titled “Delegation”For frameworks that spawn sub-agents or delegate work, Gamut can issue short-lived, governed child identities so delegated work stays inside the same trust and enforcement model rather than escaping it. A delegated sub-agent is no less governed than its parent.
- Gamut Gateway: the enforcement plane BYO agents act through.
- Connector catalog: the governed tools available to agents.
- Agentic CISO: where external agents are registered and governed.