Computer-use candidate rubric
Use this rubric to evaluate which no-API legacy applications in your tech stack belong in the computer-use pilot queue. Score each criterion, total the row, then read the band recommendation below.
Part 1 — Score each criterion (0 / 1 / 2)
0 = not true | 1 = partly true | 2 = clearly true
| Criterion | What to look for | App A ______ | App B ______ | App C ______ |
|---|---|---|---|---|
| No API available | No usable integration layer, webhook, or data export exists. Human is the only interface. | |||
| Stable UI | Vendor does not update the interface frequently. Layout and controls are predictable month to month. | |||
| Bounded, repetitive task | The task follows the same sequence most of the time. Inputs are predictable. A human doing it would call it boring. | |||
| Meaningful time cost | A person spends 2+ hours per week on this task in this application, across your team. | |||
| Low blast radius | If the agent makes an error, a human can catch and correct it before it causes serious downstream harm. Errors are recoverable. | |||
| Audit trail feasible | You can log every action the agent takes — every field entered, every click — for review and compliance purposes. | |||
| Least-privilege access possible | You can limit the agent to exactly the credentials and permissions the task requires, nothing broader. | |||
| Total (max 14) |
Part 2 — Banded recommendation
| Score | Recommendation |
|---|---|
| 11–14 | Strong candidate. Prioritize for your first pilot. Confirm governance architecture (HITL gate, audit log, scoped credentials) before starting. |
| 7–10 | Possible candidate. One or two criteria are weak. Identify which and decide if you can mitigate before piloting. If blast radius is the weakness, tighten the HITL gate before proceeding. |
| Under 7 | Not ready. Either the task is too unpredictable, the error consequence is too severe without a clear correction path, or the time savings don't justify the build. Revisit in 6 months or after the application changes. |
Part 3 — Your three legacy apps
List the no-API applications in your current tech stack, score them above, and identify the pilot order.
| Application name | Task performed manually | Hrs/week | Score | Pilot order |
|---|---|---|---|---|
Part 4 — Governance checklist for the top-scored app
Before piloting your highest-scoring candidate, confirm each governance requirement is designed — not assumed.
- ☐ Human-in-the-loop approval gate identified for every irreversible action (form submission, record modification, message sent).
- ☐ Full audit logging designed: every click, every field entered, every screen state captured.
- ☐ Agent credentials scoped to this task only — no admin access, no write access outside the workflow.
- ☐ Daily review assigned: named person, 10-minute daily summary check, anomaly escalation path defined.
- ☐ 90-day pilot scope documented with a specific metric and a kill-criterion.
Want a second set of eyes on this in your firm? The no-sell promise applies — if it isn't a fit, I'll tell you in the first ten minutes.
Book a 30-Minute Call →