Champion track · 2 of 3

Run a two‑week pilot.

Pilots that try to cover every agent and every tool fail because they take three months and convince nobody. A useful Clavenar pilot is small, time‑boxed, and produces a demo you can show your VP. Here’s the scope that works.

Scope

  • One agent. Pick the loudest one — the one your team already worries about. Don’t pilot on the safe agent.
  • One tool surface. A single class of calls (e.g. “send email,” “create ticket,” “wire transfer”). Twenty tools is post‑pilot.
  • HIL on for Yellow tier. The Slack approval flow is the point.
  • Observe‑then‑enforce. First week observes and records; second week flips the verdicts to enforcing.

Success metrics

  • Verdict latency p95. Set the acceptance target after an observe‑mode baseline; measure cache hits, misses, and live semantic-provider calls separately.
  • Blocked attacks. Run the chaos catalog at the pilot agent; count the verdicts.
  • HIL median approval time. A signal that the approval flow is sustainable, not a bottleneck.
  • Ledger chain verification. Tampering a row should break /verify. The chain should pass without it.
Week by week

What the two weeks look like.

  1. W1

    Observe

    Deploy Clavenar in front of the pilot agent. All verdicts run; none enforce. The ledger fills with what the agent would have been blocked on. By Friday you have a baseline: how often the agent tries something risky, what shape those attempts take, and which policies are noisy.

  2. W2

    Enforce

    Flip the pilot to enforcing. Yellow‑tier calls go to HIL; Red‑tier calls hard‑deny. Your security team runs the chaos catalog against the pilot. By Friday you have: a verdict counter, a HIL approval log, a verifiable hash chain, and concrete numbers for the deck.

What you’ll be able to say in week 3

The outcome story.

“Last week our finance agent tried 47 things that would have moved money. Our policies blocked 38 of them outright, parked 7 in human approval (and a person approved 6, denied 1), and let 2 through as expected. The audit trail is a single hash‑chained file we can hand to compliance.”