AI-NATIVE LEADERSHIP ROLLOUT KIT (30 DAYS)

GOAL
Adopt AI agents (coding, docs, analysis) while keeping incident rate flat or improving, and improving delivery cycle time by >=10%.

1) GOVERNANCE (Days 1–7)
- Pick approved tools (enterprise tier if possible) and ban unapproved usage for work repos.
- Enforce SSO + MFA + SCIM (where available). Require named accounts; no shared logins.
- Write a one-page data policy:
  * Never paste secrets (API keys, tokens), customer PII, or unreleased financials into prompts.
  * Define what is allowed (public code, synthetic data, internal docs classified “non-sensitive”).
  * Define escalation path for violations.
- Turn on audit logging for AI tools and source control.

2) ACCOUNTABILITY STACK (Days 5–10)
- Assign owners for: Intent, Implementation, Evidence, Operations.
- Update your PR policy: AI can draft; a human must assert correctness.
- Add a required “Safety Plan” field for material changes:
  * Blast radius
  * Rollback steps
  * Monitoring signals (metrics/logs/traces)

3) QUALITY GATES (Days 8–18)
- Add CI gates (start soft, then enforce):
  * Secrets scanning (e.g., gitleaks)
  * Dependency scanning (SCA)
  * Lint/format
  * Required tests updated/added
- Create a “changed-lines coverage delta” rule (even a lightweight threshold helps).
- Require contract tests for APIs that have external consumers.

4) RITUALS THAT REDUCE MEETINGS (Days 10–20)
- Replace 1–2 status meetings with async updates:
  * Proof of progress: demo links, merged PRs, KPI movement.
- Introduce decision records (ADRs) for high-risk changes.
- Timebox objections: 48 hours async, then decide.

5) METRICS & DASHBOARD (Days 1–30)
Track weekly, per team:
- Cycle time (ticket start -> deploy)
- Defect escape rate (bugs found in prod / total)
- On-call pages per engineer
- MTTR (mean time to recovery)
- Cloud spend deltas for touched services

Success criteria by Day 30:
- >=10% improvement in cycle time in pilot teams
- Incident rate not worse (sev-2+ flat or down)
- 100% of pilot PRs include evidence notes (tests/metrics) and safety plan when applicable

6) SCALE DECISION (Day 30)
If metrics are positive:
- Expand to 50% of engineering with the same gates and governance.
If metrics are negative:
- Do NOT roll back AI usage blindly. Identify the bottleneck:
  * Review capacity? Add evidence gates and smaller PRs.
  * Test quality? Standardize test patterns and improve fixtures.
  * Operational risk? Strengthen canaries, feature flags, and runbooks.

ONE-PAGE MANAGER SCRIPT
“We’re adopting agents to draft faster, but humans own correctness. Every change must come with evidence and a safety plan. Our target is speed with stable reliability—if incidents rise, we tighten gates, not blame individuals.”