Gavrun sits between your agents and the systems they touch. Every tool call gets a verdict in milliseconds — and the dangerous ones wait for a human.
No card · no redeploy · wraps one call
Sits in front of the frameworks your agents already use
Onboard agents, author policies, clear approvals, and read the activity trail — from a single developer control plane. Metering and risk on the front page, decision history one click away.
One decision engine, three phases — preflight before the call runs, inflight while it runs, and postflight after it returns. A single verdict covers what actually happens, not just what was asked.
Match every call against policy before a byte executes. Allow it, block it, or pause it for a person.
Track token spend and streamed output in flight — and cut any call that drifts out of bounds.
Inspect the result, redact or roll back if needed, then write an entry that can't be edited.
Scope a policy to a tenant, a set of agents, and an environment — tool allow-lists, approval-gated actions, model and token ceilings, and built-in defaults for PII handling, prompt injection, and data externalization.
Register each agent and generate scoped SDK credentials in minutes. Every key is tied to an identity, so you always know which agent acted.
Set rules per tool for models, approvals, token budgets, and safety actions. Allow, block, or require review — with conditions and thresholds.
High-impact calls pause and wait for a teammate to approve or reject — before anything executes. Nothing irreversible happens without sign-off.
Review approval history and activity by decision ID. Every allow, block, and approval is on the record — searchable and exportable.
When a rejected agent tries again, you see it. Follow the full retry chain on a single timeline to spot agents probing their limits.
Get your team in fast. Sign up with email verification or Google federation, then pick up right where you left off across sessions.
One searchable trail of registrations, decisions, guardrail hits, and policy changes — keyed by decision ID, metered by tokens, and flagged for risk. From the first call your agent ever makes.
Register an agent, pull its scoped credentials, and configure once. Gavrun intercepts each tool call — deciding, recording, and routing for approval whenever your policy says so.
One install, then Gavrun.from_config() with a scoped agent_id and client secret — set once per agent.
Every tool call is intercepted automatically — no changes to your agent loop, no redeployment.
Configure rules per tool — thresholds, token budgets, and human-approval requirements. Changes take effect immediately.
from gavrun import Gavrun, GavrunDecisionDenied
gavrun = Gavrun.from_config(
config_path="~/.gavrun/gavrun-governance.yaml",
agent_id="agent_76f70164eb79",
)
# Wrap any tool or model call — Gavrun
# decides before it ever runs.
try:
result = gavrun.guard_execution(
action_type="tool",
action_name="stripe.issue_refund",
payload={"amount": 3180, "customer": "cus_5521"},
callback=lambda: issue_refund(amount=3180),
)
except GavrunDecisionDenied as e:
logger.warning("Denied: %s", e.reasons)
# → allow · block · held for a human
Block transactions over a threshold. Route high-value refunds to a reviewer before money moves.
require approvalGuard against destructive deletes and schema changes. Sensitive records can't be removed without sign-off.
block by defaultKeep agents from touching production. Resource deletes and config changes pause for an operator.
operator reviewStop messages to external or unverified recipients. Enforce tone, pricing, and content rules before send.
policy-gatedOpen a preview workspace, point your agents at Gavrun, and watch the first decisions land in minutes. Sign in to pick up where you left off, or start fresh — no card, no redeploy.
Preview access · no card, no redeploy