Two weeks.
Your cloud account.
terraform destroy
if it does not deliver.
The pilot deploys one Overwatch tenant on Cloud Run (GCP) or ECS Fargate (AWS) in your account. SSO via Jackson. Operator seats from your IdP. BYO-laptop installer per developer. Day 14: extend, expand, or unwind.
A working tenant
with the full integration surface lit up.
Hosted Overwatch tenant
One Cloud Run service (GCP) or ECS service (AWS) provisioned in your cloud account via Terraform. Or evaluate first in our demo.tetherconnect.app sandbox before bringing it inside.
Custom hostname
<customer>.overwatch.example.com with DNS + managed TLS, via the Terraform custom_domain variable.
SCIM directory sync
Operator seats auto-provisioned from your IdP. Group → role mapping (admin / operator / viewer). Every provision and deprovision lands in the audit trail.
jackson.js:205-291Two operator seats + one admin seat
More on request. Tokens come from per-tenant Secret Manager (GCP) / Secrets Manager (AWS). Never on a Tether-hosted credential store.
BYO-laptop installer
One-liner per developer machine. Connect proxy + workspace daemon register with the tenant and the activity flows into Events / Devices / AccessRequests.
SIEM, posture export, audit log
Splunk HEC, Sentinel Log Analytics, syslog UDP — all live. GET /api/v1/policy/audit for append-only JSONL of every policy change. Posture export in Tether-native / Okta / Entra / CSV.
HMAC-signed webhooks
Outbound webhooks at /api/v1/webhooks for anything else downstream. X-Tether-Signature: sha256=<hex> over timestamp + "." + body.
What you exercise in pilot week one.
Five beats — the same ones the production loop runs every day. Reproduce them in your console; the headless smoke at scripts/demo-dry-run.js posts the same beats against a live Overwatch and asserts every surface renders.
Developer hits Claude Code / Cursor / Copilot
127.0.0.1:11435 via HTTP_PROXY. The proxy classifies the request.Connect proxy applies the deterministic floor
JIT control fires
Operator decides in /access-requests
Developer unblocks. Decision is auditable.
policyVersion. Append-only policy-audit.jsonl retains the policy publish that authored the decision.14 days. Concrete activity per day.
| Day | Activity |
|---|---|
| Day 1 | Tether provisions the tenant. Customer adds DNS records. Customer uploads IdP metadata. |
| Day 2 | Customer admin mints invite codes. Two operators sign in via SSO. First developer connects via BYO installer. |
| Day 3-4 | Customer authors three regexes for sensitive patterns specific to the org. Publishes policy. Verifies audit entry. |
| Day 5-7 | Real developer traffic flows. Operators triage judge reviews. At least one promote-to-blocklist. |
| Day 8-10 | JIT loop tested: a developer asks to paste credentials, operator denies, audit entry recorded. |
| Day 11-12 | Customer reviews /policy/audit export. Verifies posture heartbeats from every connected machine. |
| Day 13-14 | Debrief against success criteria. Decision: extend, expand, or unwind. |
Concrete, observable, two-week.
If we cannot hit these by day 14, the pilot has not delivered. Mark the box; do not move the goalposts.
- At least 3 developer machines connect via BYO installer, each posting a posture heartbeat at startup.
- At least one JIT request reaches Overwatch and the operator resolves it inside the SLA target (default 5 min TTL).
- At least one judge review is promoted to the deterministic blocklist via
POST /api/v1/judge-reviews/:id/promote. - Policy publish + revert round-trip is visible in
/api/v1/policy/audit. - An ALLOWED → BLOCKED transition is auditable when a developer's prompt contains a customer-specific regex you've added.
Five things the pilot does not include.
By design — not by omission.
These are documented limits of the pilot build, not bugs. If any of them is a hard gate for your environment, tell us before we provision the tenant.
1. Multi-tenant on a single instance
The pilot model is one Overwatch per customer. Cross-tenant isolation lives at the deploy boundary. Multi-tenant SaaS is post-GA.
2. Per-machine tokens
All proxy and daemon installs on this tenant share the operator token. The invite handshake gates redemption; rotating the token rotates everyone at once.
3. Branded VSCodium artifact
Order is captured during pilot. The signed IDE artifact is not produced by this build. Workspace-tier enforcement is advisory-only today.
4. Production SLA
Best-effort SLA during pilot. Production SLA post-GA.
5. MDM-distributed installer
Pilot installer is curl | bash / iwr | iex. Production deployments should pin to a known digest or distribute through your MDM.
Design Partner Program
First 5 paid customers in any vertical: 50% off list for 12 months in exchange for a public case study and reference calls. The Workspace tier in pilot is available to design partners only — per-deal terms; a Tether engineer assists installation.
"Don't we already have this?"
Security teams already have at least three of EDR / CASB / IdP-SSO / DLP. Tether does not replace any of them — it covers the AI-egress gap each one misses. The honest answer to set expectations with the people asking:
| Capability | Tether | EDR | CASB | IdP / SSO | DLP |
|---|---|---|---|---|---|
| Sees prompts / completions before they leave the IDE | ✓ | — | — | — | — |
| Attributes activity to a specific coding agent | ✓ | partial | — | — | — |
| Inline JIT prompt approval (clipboard / download / external link) | ✓ | — | — | — | — |
| Policy distributed straight to the developer machine (no MITM) | ✓ | ✓ | depends | — | depends |
| Operator console scoped to developer / AI-tool activity | ✓ | — | — | — | — |
| On-device payload inspection before TLS† | partial | ✓ | — | — | partial |
| Air-gap / no-cloud-dep pilot | ✓ | depends | — | depends | depends |
| Cross-IDE policy (VS Code, Cursor, JetBrains, CLI agents) | ✓ | — | — | — | — |
| Process-level egress block | partial (proxy-based) | ✓ | — | — | — |
| Endpoint malware / behavioral threat detection | — | ✓ | — | — | — |
| SaaS shadow-IT discovery and posture | — | — | ✓ | — | — |
| User identity and SSO federation | partial (via Jackson) | — | — | ✓ | — |
| File-level content classification across the org | — | — | — | — | ✓ |
† On-device payload inspection before TLS: Tether reads request bodies on the configured-upstream HTTP path. TLS-tunneled traffic is host-classified on the CONNECT path, not body-inspected — see How it works · Honest scope.
Read this honestly: Tether is the AI-egress layer of the developer machine. The other four still do the jobs you bought them for. If your EDR / CASB / IdP / DLP vendor adds a credible AI-tool-aware story later, that's real competitive pressure — and we'd rather you ask us about it directly than read an analyst note.
One terraform destroy
and the tenant is gone.
Pilot tenant is one terraform destroy. Customer data lives in the customer's own Secret Manager / GCS / EFS scope; deleting the tenant deletes its state. No Tether-hosted data to expunge — the deploy is in your account.
$ cd deploy/gcp/terraform
$ terraform destroy -auto-approve
# Cloud Run service, GCS bucket, Secret Manager secrets — gone.
# Uninstall the proxy and daemon on each developer machine.
$ tether-proxy uninstall && tether-workspace uninstall
Two weeks, one decision.
Tell us your cloud (GCP or AWS), your IdP, your SIEM, and the AI tools in scope. We bring a tenant ready to provision.