ICMD — Agent Readiness & Rollout Checklist (30 Days)

Use this to ship one agent workflow safely and measurably.

1) Choose the Workflow (Day 1–2)
- Pick ONE workflow with high repetition (target: 100+ runs/week) and clear owner.
- Define the System of Record (SoR): where truth lives (e.g., Zendesk, Salesforce, Jira).
- Write a one-sentence outcome: “Agent resolves billing tickets under $50 refund threshold.”
- Establish baseline metrics: current cycle time, error rate, and weekly volume.

2) Define “Done” + Verification (Day 3–5)
- Define objective success checks (API state change, test pass, explicit approval).
- Define non-goals (what the agent must not do).
- Create a failure taxonomy: retrieval miss, policy violation, tool error, ambiguous request.
- Decide escalation path: when to ask a human, who owns the queue.

3) Instrumentation (Week 1)
- Log at 3 levels: session (intent), plan (steps), execution (tool calls + diffs).
- Track: verified outcome rate, cost per verified outcome, rollback rate, p95 completion time.
- Add spend controls NOW: per-task cap and daily workspace budget.

4) Ship Autonomy Levels (Weeks 2–4)
- Week 2: Suggest mode only (drafts). Measure acceptance rate and edit distance.
- Week 3: Queue mode (preview + approve). Add citations and diff views.
- Week 4: Constrained execute for low-risk actions (threshold-based, e.g., refunds < $50).

5) Governance & Admin (Parallel)
- Permissions: least privilege; read-only by default; time-bound tokens.
- Audit logs: who triggered, what tools were called, what changed, timestamps.
- Policy controls: thresholds, approvals, and environment separation (prod vs staging).
- Rollback/quarantine: ability to revert changes and pause the agent.

6) Promotion Criteria (End of Month)
- Promote autonomy only if ALL are true for 30 days (suggested targets):
  - Verified outcome rate ≥ 97%
  - Rollback coverage ≥ 90% of write actions
  - p95 task cost within your margin target
  - No severity-1 incident without a documented fix + regression test

7) Enterprise Expansion Readiness
- SSO (Okta/Entra/Google), RBAC, retention controls, and admin dashboards.
- Document security posture (SOC 2 plan, encryption, incident response).
- Create an internal “agent runbook”: kill switch, on-call, and postmortem template.

If you can’t verify outcomes, you can’t automate responsibly. Start narrow, measure relentlessly, and scale autonomy only when reliability and governance are real—not implied.