ArchitectureRole and Capability Matrix

Role and Capability Matrix

Role and Capability Matrix

Canonical markdown page for this topic. Rendered reference version: role-and-capability-matrix.

Last Updated: 2026-03-22 Status: Active reference

This document defines the current role/capability boundaries for Jorvis agents and OpenClaw.

It exists to make one thing explicit:

  • OpenClaw is an assistant/copilot layer
  • OpenClaw is not a governance authority

For the concrete development/operations usage model, use:

  • docs/operations/OPENCLAW_OPS_COPILOT.md

Human Governance Roles

RolePrimary useCan doMust not do
Architectplanning, sequencing, ADRsdefine bounded next step and acceptance criteriahide major scope in a “small” fix
Executorimplementation, tests, deploy workimplement approved focused scopeself-gate or self-merge
Gatekeeperreview, GO/NO-GO, merge constraintsevaluate evidence, CI, risk, scope disciplinerewrite implementation during review
TesterE2E and regression validationproduce evidence-first repro and verdict inputblend testing with undocumented fixes
Universalsafe bootstrap across rolesread current truth, then assume one assigned rolesilently combine multiple authorities at once
Coordinatororchestration-only moderoute work and keep shared context alignedquietly become implementer or gatekeeper

Current OpenClaw Modes

Current OpenClaw behavior is bounded to advisory and plan-only modes.

Current active modes

OpenClaw modeCurrent stateNotes
User AssistantActivehelp/reference, explainer, personal/work assistant
Admin ObserverActivemonitoring/improvement advisory behavior with non-mutating admin snapshot enrichment
Admin PlannerPartial / advisory onlyplanning intent exists, but not yet backed by a guarded execution gateway
Admin OperatorNot delegatedapproval gateway and rollback model remain separate human-governed concerns

Current Capability Matrix

CapabilityUser AssistantAdmin ObserverAdmin PlannerAdmin Operator
help/reference
Jorvis explainer
personal/work memory assistant
read runtime/admin snapshot
improvement-oriented advisory
plan-only change guidanceadvisory onlyadvisory onlynot delegated
dry-run internal toolingbounded advisorynot delegated
approved mutation toolingnot delegated
merge/release/governance authority

Current Repo-Backed Capability Labels

Current canonical typed capability IDs (Jorvis typed surface, PR #407):

  • help_reference
  • jorvis_explainer
  • personal_work_assistant
  • admin_monitoring
  • admin_improvement
  • admin_change_plan

Current canonical execution modes: chat, advisory, plan_only Current canonical memory scopes: reference, user, admin

Important current truth:

  • canonical capability routing is now Jorvis-side via POST /api/v1/internal/openclaw-capabilities/resolve
  • the bridge consumes this typed surface (PR #410) with a local keyword-heuristic fallback
  • the old bridge-only labels (admin_monitoring_assistant, admin_improvement_advisor, admin_change_assistant) are superseded by the canonical typed IDs above

Hard Boundaries

OpenClaw must not be treated as:

  • gatekeeper
  • merge authority
  • release authority
  • unrestricted operator shell

OpenClaw may:

  • explain
  • summarize
  • advise
  • plan in an advisory mode

It may not silently cross from advisor to authority.

Extension Boundary

The bounded mode ladder remains:

  1. User Assistant
  2. Admin Observer
  3. Admin Planner
  4. Admin Operator

Each later stage requires stronger controls than the previous one and does not transfer governance authority to OpenClaw.

Boundary requirements for any separately authorized expansion:

  • Admin Planner should be backed by structured dry-run paths
  • Admin Operator should require approval, audit, and rollback contracts
  • governance authority should remain outside OpenClaw
  • docs/architecture/OPENCLAW_CONTROL_PLANE.md
  • docs/security/OPENCLAW_SECURITY_MODEL.md
  • docs/operations/OPENCLAW_OPS_COPILOT.md
  • docs/architecture/MULTI_AGENT_ARCHITECTURE.md
  • docs/operations/OPENWEBUI_MODEL_SETUP.md