Meet the Hounds · toggle theme, then print
COVENANT crest
MEET THE HOUNDS

COVENANT

AI Contract
Covenant Hound · Category: Autonomy
“Turn the pack loose — safely — on your schedule.”

The Contract — autonomy with a safety switch. Nothing runs on its own until you explicitly arm it.

THE PROBLEM

Manual tagging and ACR upkeep don't scale across dozens of agents. The pack can find, prioritize, and propose all day — but if a human has to click “approve” on every cycle forever, the estate drifts stale between reviews. Teams need automation they can trust, not automation they have to hope about.

WHAT IT DOES

Covenant lets you enable agents, set a schedule, and arm the Contract — the explicit switch that lets the gated tag/ACR plan run on a loop. Every cycle is recorded in durable run-history with a “what changed since last cycle” diff, and a scheduled morning digest tells you what the pack did while you slept. Nothing is autonomous until you arm it.

KEY CAPABILITIES

  • Agent enablement + scheduling — choose which hounds run and when, from a nightly full sweep to a weekly tag refresh. The pack's upkeep becomes a schedule instead of a chore.
  • The armed switch — autonomy is opt-in and explicit: disarmed means propose-only, exactly like manual mode; armed means the gated plan runs on its loop. Nothing acts on its own until you flip it.
  • Durable run-history — every cycle's actions preserved, so “what did the automation do on the 14th?” has an exact, timestamped answer.
  • “What changed since last cycle” diff — review the delta, not the dump. Each cycle reports precisely what moved since the last one.
  • Natural-language ACR-rule authoring — describe a criticality rule in plain English and Covenant writes it into the plan. No rule syntax to learn.
  • Scheduled morning digest — the pack's overnight work, summarized and delivered before your first coffee.

HOW IT WORKS

Covenant orchestrates the gated tag and ACR plans that other agents expose, running them on your schedule against the local navi.db. Armed or not, every change is logged — the Contract adds a schedule, never removes the audit trail.

WHY IT'S DIFFERENT

  • Autonomy with a safety switch — “armed vs. not” is a first-class state, not a buried setting; no agent acts on its own until you flip it.
  • Full auditability — run-history plus per-cycle diffs mean you can answer “what did the automation do?” for any date, exactly.
  • Orchestrates the whole pack — one Contract covers every agent that exposes a plan, instead of a dozen separate schedulers.

PROOF POINTS

  • In a reference environment of 268 assets, Covenant keeps the pack's tag and ACR estate current on a loop — the tags behind Laelaps's 2,631 KEV findings and Fenrir's 63 attack paths stay fresh without a human re-clicking each cycle.

Illustrative demo-lab context — not a guarantee. Covenant automates the pack's gated plans; it doesn't patch, block, or prevent — and it never acts until explicitly armed.

WORKS BETTER WITH

Covenant orchestrates every agent that exposes a contract plan — the producers' tags, Anubis's ACR rules, Garmr's removal policy — turning the pack's one-time findings into a maintained state.

WHO IT'S FOR

Vulnerability management program owners who need upkeep to survive staff churn, and security automation engineers who want autonomy their auditors will sign off on.

CALL TO ACTION

Write your Contract, arm it when you're ready — and read the digest, not the backlog.

THE HOUNDS — a human-in-the-loop security agent pack for Tenable VM / Tenable One.Gated writes · Evidence-first · Honest about coverage