The Contract — autonomy with a safety switch. Nothing runs on its own until you explicitly arm it.
Manual tagging and ACR upkeep don't scale across dozens of agents. The pack can find, prioritize, and propose all day — but if a human has to click “approve” on every cycle forever, the estate drifts stale between reviews. Teams need automation they can trust, not automation they have to hope about.
Covenant lets you enable agents, set a schedule, and arm the Contract — the explicit switch that lets the gated tag/ACR plan run on a loop. Every cycle is recorded in durable run-history with a “what changed since last cycle” diff, and a scheduled morning digest tells you what the pack did while you slept. Nothing is autonomous until you arm it.
Covenant orchestrates the gated tag and ACR plans that other agents expose, running them on your schedule against the local navi.db. Armed or not, every change is logged — the Contract adds a schedule, never removes the audit trail.
Illustrative demo-lab context — not a guarantee. Covenant automates the pack's gated plans; it doesn't patch, block, or prevent — and it never acts until explicitly armed.
Covenant orchestrates every agent that exposes a contract plan — the producers' tags, Anubis's ACR rules, Garmr's removal policy — turning the pack's one-time findings into a maintained state.
Vulnerability management program owners who need upkeep to survive staff churn, and security automation engineers who want autonomy their auditors will sign off on.
Write your Contract, arm it when you're ready — and read the digest, not the backlog.