Decision Guide
You have decided your agents need governance: identity, permissions, an audit trail. The next question is whether to build that layer yourself or adopt one. This is an honest framework, including the cases where building it yourself is the right call.
This is a real decision, not a rhetorical one. Plenty of capable teams build their own governance layer and are right to. The mistake is making the call on the initial build effort alone, because that is the part that looks small and is not where the cost lives. We build Pinchy, an open-source governance layer, so we are not neutral. We have tried to make the framework below useful even if you end up building.
So the comparison is concrete: governance for AI agents is four layers and the plumbing around them (the full version is in The State of AI Agent Governance):
You can build a first version of all four layers in a few weeks. That estimate is also the trap. The cost that matters is what comes after: keeping it correct as the agent runtime underneath you moves. Runtimes like OpenClaw ship changes regularly, and your governance layer wraps them. Every change is a chance for a permission to leak, a session to cross, or an audit gap to open. You are now maintaining a security-critical layer against a moving target, indefinitely, and that maintenance competes with the work that is actually yours.
There is also a quieter cost: getting the security details right. A signed audit trail sounds simple until you hit canonical serialization, lawful-deletion handling, and the difference between tamper-evident and tamper-proof. None of it is exotic, and all of it is easy to get subtly wrong in a way you only discover during an incident or an audit.
The build-vs-buy framing has a false assumption baked in: that "buy" means lock-in. With a proprietary product it does. With an open-source layer it does not. Adopting an open-source (for example AGPL) governance layer means you stop maintaining undifferentiated governance code yourself, but you keep the ability to read it, audit it, extend it, and fork it if the project ever goes somewhere you dislike. For a control whose entire job is trust, being able to inspect the implementation is not a nice-to-have. It is the point. So the honest options are not two but three: build, buy-and-be-locked-in, or adopt-open-source-and-keep-control.
This also answers the worry that adopting from a small project is its own risk. It is, if the project is closed. If it is open and you self-host, the project being small, or even abandoned, does not stop your deployment: the code already runs on your infrastructure, your data and audit trail are in your own database, and you can keep patching the source or pay someone to. You lose the project's future updates, not your running system. Adopting open source is the version of buy where the vendor outliving you is not a precondition for you to keep operating.
If you answer those honestly and still want to build, you should, and the four-layer breakdown and our public architecture notes are there to help. If you would rather not maintain it, adopt something open.
This is the part about our own product. Pinchy is the open-source (AGPL-3.0) version of "adopt without the lock-in": a self-hosted governance layer on top of the OpenClaw runtime, with per-user identity, allow-list permissions, and a signed audit trail across all four layers. You get the maintained implementation and the code, so you can run it, read it, extend it, or fork it. If you are weighing building your own permission-and-audit layer for OpenClaw, that is exactly the build-vs-buy decision this page is about, and it is the one we built Pinchy to resolve.
FAQ
Build it yourself only if governance is a differentiator for you or your requirements genuinely diverge from any existing layer, and you have the engineering capacity to maintain it against a fast-moving runtime. Adopt a layer if governance is undifferentiated heavy lifting that stands between you and your actual use case. The decisive factor is usually maintenance cost, not the initial build: identity, permissions, signed audit, and session isolation are a few weeks to build and an ongoing burden to keep correct as the underlying agent runtime changes.
Four layers and the unglamorous plumbing around them: per-user accounts and roles (identity), per-agent allow-list tool permissions enforced in code, a tamper-evident and ideally signed audit trail, and isolation so users do not see each other's sessions. Plus an admin UI, secret handling, and keeping all of it working as the agent runtime underneath you ships changes. The first version is a few weeks; the maintenance is indefinite.
No. With a proprietary product, buy means lock-in. With an open-source (for example AGPL) layer, you adopt the maintained implementation but keep the ability to read it, extend it, and fork it if the project ever goes a direction you dislike. That is the middle path: you stop maintaining undifferentiated governance code yourself without handing control to a vendor.
If it is open and self-hosted, abandonment does not stop your deployment. The code already runs on your own infrastructure and your data and audit trail are in your own database, so the system keeps operating. Because the source is public, you or a contractor can keep maintaining it. You lose the project's future updates, not your running system. That is the difference from a proprietary product, where the vendor going away is an outage and a data-extraction problem at once. It is also why adopting an open-source layer is a smaller continuity bet than building the same security-critical code yourself and owning its maintenance forever.
Pinchy is the open-source governance layer for OpenClaw: identity, allow-list permissions, and a signed audit trail. Adopt it, read it, fork it. Free to self-host.
Or email us: info@heypinchy.com