Agent Governance Visual

Jorvis Agent Ops Architecture

Current human-role model, SSOT flow, onboarding path, memory guardrails, and Hermes control loops. This visual is an architecture aid, not the live governance ledger.

Current Historical Planned
Last reviewed: 2026-03-11

Architecture View Only

Public supporting references live in Runtime Overview, Agent Workflow Overview, and Operations Overview.

1. Current Role Model

Current
Architect

Stage 0 specs, sequencing, ADR framing, phase and release recommendations.

Executor

Implementation, test execution, PR preparation, deploy work inside approved scope.

Gatekeeper

Evidence review, GO/NO-GO, merge constraints, scope-discipline checks.

Tester

Autonomous repro, E2E/regression evidence, no undocumented fixes.

Universal

Bootstrap/read-only entry role. May assume one active role at a time under least-authority rules.

Coordinator

Optional orchestration mode. Routes work and syncs context. Not the default implementer.

2. Hard Boundaries

Current
  • Architect does not self-merge by default.
  • Executor does not self-gate or self-merge.
  • Gatekeeper does not silently rewrite implementation scope.
  • Tester produces evidence first and does not slip fixes into a test pass.
  • Universal must assume one role, not combine authorities.
  • Coordinator must not quietly become the executor or gatekeeper.
OpenClaw boundary: OpenClaw is a bounded assistant/copilot layer. Hermes is the self-evolving layer that accumulates memory, skills, delegation, and browser work; it does not replace human governance. It is never the final gatekeeper, merge authority, or release authority.

3. Onboarding and SSOT Flow

Current
flowchart LR A["CLAUDE.md"] --> B["AGENTS.md"] B --> C["Project-local KG verification"] C --> D["HANDOFF_TO_NEXT_AGENT.md"] D --> E["CHECKPOINT.md"] E --> F["TASK_BOARD.md"] F --> G["GO_NO_GO.md"] G --> H["shared_prologue / role prompt"] H --> I["Role-specific work"] I --> J["OUTBOX evidence"] G --> K["GO consumed / closed"] K --> L["SSOT refresh cycle"] L --> E
Bootstrap

Start from project-local KG and current repo truth, not from stale session memory.

State Sync

Use handoff plus SSOT docs to determine current work, not historical phase docs.

Evidence

OUTBOX is required for meaningful task closeout, especially after blockers or rework.

GO Lifecycle

GO entries are consumed and closed after merge. SSOT docs refresh to reflect the new runtime baseline.

Hash Recursion Policy

SSOT hashes track the last runtime-affecting commit. Docs-only lineage above does not trigger a new hash update cycle.

4. Shared Memory Guardrail

Current
  • Canonical KG store: .aim/memory-jorvis.jsonl with location="project", context="jorvis".
  • Agents must read project-local KG at session start and update it after major decisions or closeout.
  • Worktree launches need explicit verification that the worktree still resolves the canonical project memory files and bootstrap note.
  • If project detection fails, the agent must stop and escalate instead of silently falling back to global memory.

5. Human Roles vs OpenClaw

Current
flowchart TB H["Human governance roles"] --> A["Architect"] H --> E["Executor"] H --> G["Gatekeeper"] H --> T["Tester"] H --> U["Universal"] H --> C["Coordinator"] O["OpenClaw assistant layer"] --> OA["User Assistant"] O --> OB["Admin Observer"] O --> OP["Admin Planner (partial)"] O -. planned .-> OO["Admin Operator"] G -. never .-> O O -. advisory only .-> H

OpenClaw may explain, summarize, recommend, and eventually dry-run or approved-apply narrow operations. Hermes should be understood as the layer that turns repeated operator work into reusable capability. It must not become the gatekeeper or release approver.

Ops use today: OpenClaw fits the agent flow as a non-mutating / advisory copilot for onboarding, diagnostics, smoke planning, and evidence summarization. It is not the orchestrator of record.

6. Related Canonical Docs

Current
Agent Workflow Overview
Public-safe role model, workflow shape, and approval boundaries.
Role and Capability Matrix
Human governance roles and OpenClaw mode boundaries.
Operations Overview
Public-safe summary of runtime operations, smoke checks, and bridge sync behavior.
Runtime Overview
Public-safe replacement for internal runtime and status ledgers.
OpenClaw Control Plane Visual
Dedicated assistant/copilot architecture view.
Jorvis Architecture Visual
System topology, request paths, and subsystem boundaries.
Docs and RAG Pipeline Visual
Documentation sources, publishing, KB ingest, and CI validation.
Jorvis Product Overview
Enterprise capabilities, safety gates, and engineering metrics.