RAVEN. / rolloutRAVEN. / rolloutThe realistic adoption path for serious integrators. Machine-readable (phases, metrics, promotion/rollback criteria): /launchguard-rollout.json.
1 · Shadow: call Raven, block nothing yet — store receipts, track verdict distribution, gap frequency, errors, disagreements; human reviews weekly. 2 · Advisory: surface verdicts and gaps; risk/warning/unknowable need explicit approval; pass still does not mean safe. 3 · Enforced: block risk, escalate warning, never treat unknowable as verified, re-verify stale receipts, store everything for audit. 4 · Tuning: adjust accepted gaps and staleness windows, add eval cases from real misses — and never loosen policy without a documented reason.
Promote on: zero signature failures, acceptable error rate, documented gap handling, operators fluent in the verdict language. Roll back on: unexpected verdict flips, verifier instability, pass/safe confusion, missing receipt storage, policy bypass.