How to start

Two weeks.
Your cloud account.
terraform destroy
if it does not deliver.

The pilot deploys one Overwatch tenant on Cloud Run (GCP) or ECS Fargate (AWS) in your account. SSO via Jackson. Operator seats from your IdP. BYO-laptop installer per developer. Day 14: extend, expand, or unwind.

A working tenant
with the full integration surface lit up.

Hosted Overwatch tenant

One Cloud Run service (GCP) or ECS service (AWS) provisioned in your cloud account via Terraform. Or evaluate first in our demo.tetherconnect.app sandbox before bringing it inside.

deploy/README.md

Custom hostname

<customer>.overwatch.example.com with DNS + managed TLS, via the Terraform custom_domain variable.

SSO via Jackson

Upload your IdP metadata. SAML or OIDC. WorkOS alternative supported.

jackson.js

SCIM directory sync

Operator seats auto-provisioned from your IdP. Group → role mapping (admin / operator / viewer). Every provision and deprovision lands in the audit trail.

jackson.js:205-291

Two operator seats + one admin seat

More on request. Tokens come from per-tenant Secret Manager (GCP) / Secrets Manager (AWS). Never on a Tether-hosted credential store.

BYO-laptop installer

One-liner per developer machine. Connect proxy + workspace daemon register with the tenant and the activity flows into Events / Devices / AccessRequests.

SIEM, posture export, audit log

Splunk HEC, Sentinel Log Analytics, syslog UDP — all live. GET /api/v1/policy/audit for append-only JSONL of every policy change. Posture export in Tether-native / Okta / Entra / CSV.

siem-adapters.js:36

HMAC-signed webhooks

Outbound webhooks at /api/v1/webhooks for anything else downstream. X-Tether-Signature: sha256=<hex> over timestamp + "." + body.

webhook-store.js:174-240

What you exercise in pilot week one.

Five beats — the same ones the production loop runs every day. Reproduce them in your console; the headless smoke at scripts/demo-dry-run.js posts the same beats against a live Overwatch and asserts every surface renders.

01

Developer hits Claude Code / Cursor / Copilot

Agent dials 127.0.0.1:11435 via HTTP_PROXY. The proxy classifies the request.
02

Connect proxy applies the deterministic floor

Compiled regex over the embedded floor plus your operator-promoted patterns. Optionally a sampled judge review.
03

JIT control fires

If the request triggers a JIT-mode control (clipboard paste, download, external link), the workspace daemon pauses and posts an access request to Overwatch.
04

Operator decides in /access-requests

Approve or deny in the console. Decision is audited and returned to the developer.
05

Developer unblocks. Decision is auditable.

Event lands in your SIEM with policyVersion. Append-only policy-audit.jsonl retains the policy publish that authored the decision.

14 days. Concrete activity per day.

Day-by-day pilot activity over 14 days.
DayActivity
Day 1Tether provisions the tenant. Customer adds DNS records. Customer uploads IdP metadata.
Day 2Customer admin mints invite codes. Two operators sign in via SSO. First developer connects via BYO installer.
Day 3-4Customer authors three regexes for sensitive patterns specific to the org. Publishes policy. Verifies audit entry.
Day 5-7Real developer traffic flows. Operators triage judge reviews. At least one promote-to-blocklist.
Day 8-10JIT loop tested: a developer asks to paste credentials, operator denies, audit entry recorded.
Day 11-12Customer reviews /policy/audit export. Verifies posture heartbeats from every connected machine.
Day 13-14Debrief against success criteria. Decision: extend, expand, or unwind.

Concrete, observable, two-week.

If we cannot hit these by day 14, the pilot has not delivered. Mark the box; do not move the goalposts.

  • At least 3 developer machines connect via BYO installer, each posting a posture heartbeat at startup.
  • At least one JIT request reaches Overwatch and the operator resolves it inside the SLA target (default 5 min TTL).
  • At least one judge review is promoted to the deterministic blocklist via POST /api/v1/judge-reviews/:id/promote.
  • Policy publish + revert round-trip is visible in /api/v1/policy/audit.
  • An ALLOWED → BLOCKED transition is auditable when a developer's prompt contains a customer-specific regex you've added.

Five things the pilot does not include.
By design — not by omission.

These are documented limits of the pilot build, not bugs. If any of them is a hard gate for your environment, tell us before we provision the tenant.

1. Multi-tenant on a single instance

The pilot model is one Overwatch per customer. Cross-tenant isolation lives at the deploy boundary. Multi-tenant SaaS is post-GA.

2. Per-machine tokens

All proxy and daemon installs on this tenant share the operator token. The invite handshake gates redemption; rotating the token rotates everyone at once.

3. Branded VSCodium artifact

Order is captured during pilot. The signed IDE artifact is not produced by this build. Workspace-tier enforcement is advisory-only today.

4. Production SLA

Best-effort SLA during pilot. Production SLA post-GA.

5. MDM-distributed installer

Pilot installer is curl | bash / iwr | iex. Production deployments should pin to a known digest or distribute through your MDM.

Design Partner Program

First 5 paid customers in any vertical: 50% off list for 12 months in exchange for a public case study and reference calls. The Workspace tier in pilot is available to design partners only — per-deal terms; a Tether engineer assists installation.

"Don't we already have this?"

Security teams already have at least three of EDR / CASB / IdP-SSO / DLP. Tether does not replace any of them — it covers the AI-egress gap each one misses. The honest answer to set expectations with the people asking:

Coexistence between Tether and EDR, CASB, IdP / SSO, and DLP across 13 capabilities on the developer machine.
Capability Tether EDR CASB IdP / SSO DLP
Sees prompts / completions before they leave the IDE
Attributes activity to a specific coding agentpartial
Inline JIT prompt approval (clipboard / download / external link)
Policy distributed straight to the developer machine (no MITM)dependsdepends
Operator console scoped to developer / AI-tool activity
On-device payload inspection before TLSpartialpartial
Air-gap / no-cloud-dep pilotdependsdependsdepends
Cross-IDE policy (VS Code, Cursor, JetBrains, CLI agents)
Process-level egress blockpartial (proxy-based)
Endpoint malware / behavioral threat detection
SaaS shadow-IT discovery and posture
User identity and SSO federationpartial (via Jackson)
File-level content classification across the org

On-device payload inspection before TLS: Tether reads request bodies on the configured-upstream HTTP path. TLS-tunneled traffic is host-classified on the CONNECT path, not body-inspected — see How it works · Honest scope.

Read this honestly: Tether is the AI-egress layer of the developer machine. The other four still do the jobs you bought them for. If your EDR / CASB / IdP / DLP vendor adds a credible AI-tool-aware story later, that's real competitive pressure — and we'd rather you ask us about it directly than read an analyst note.

One terraform destroy
and the tenant is gone.

Pilot tenant is one terraform destroy. Customer data lives in the customer's own Secret Manager / GCS / EFS scope; deleting the tenant deletes its state. No Tether-hosted data to expunge — the deploy is in your account.

# Day 14: pilot did not deliver. Unwind cleanly.
$ cd deploy/gcp/terraform
$ terraform destroy -auto-approve
# Cloud Run service, GCS bucket, Secret Manager secrets — gone.
# Uninstall the proxy and daemon on each developer machine.
$ tether-proxy uninstall && tether-workspace uninstall

Two weeks, one decision.

Tell us your cloud (GCP or AWS), your IdP, your SIEM, and the AI tools in scope. We bring a tenant ready to provision.

Book a 30-min walkthrough ↗