ProductAtlasVisionSolutionsPricingDemosBlog
Start for freeLog in

What We've Shipped

Clarm has been live since December 2025, built by a two-person team backed by Y Combinator (X25). This is a transparent log of every milestone, what we shipped, what we learned, and what we retired.

We publish this because we believe prospects evaluating a product deserve to see the full picture, not just a curated highlight reel.

Where we are headed

We started in December 2025 with the simplest version of the product: a chat widget that answered visitors with the source attached. Six months in, we have spent every shipping cycle turning the engine underneath that widget into the substrate enterprises need to ship AI agents at scale safely. Memory, governance, audit, approval queue, tenant isolation, bring-your-own LLM.

The 2026 agent-security crisis made the bet legible. 88% of organizations that shipped agents in the last year reported a security incident. Only about 14% of agents reach production with full security review. The gap between executive confidence in agent controls and the controls actually in place is the canonical 2026 enterprise problem, and the OpenClaw incident in early 2026 turned the abstract worry into named CVEs.

The timeline below is the arc. Chat first. Then scale. Then integrations. Then platform hardening. Then Atlas. Read it in order.

May 2026

Atlas v0.5. Substrate, Approval Queue, and Audit

  • Atlas memory layer shipped: vector retrieval, structured entity graph, and a compiled-truth wiki, with retrieval routing per agent and per tenant. The same memory powers the live Clarm chat widget and any scheduled agent on top of it. One substrate, two consumption modes.
  • Approval queue shipped: every agent action that touches a customer or external system queues for human review with a one-click approve, reject with a reason, or rewrite. Rejection reasons capture into the audit trail; an operator can later promote a reason into a permanent rule, but never automatically (rushed rejections do not become forever rules).
  • Source-receipt enforcement: every answer Atlas returns points to the document, section, and version it came from. If the answer is not in the approved data, Atlas says so rather than guess.
  • Bring-your-own-LLM wired end-to-end: agent calls route through a model-portable caller layer. Claude, OpenAI, Azure OpenAI, AWS Bedrock, GCP Vertex, and self-hosted inference are configuration, not engineering.
  • Audit log writer: every retrieval, every draft, every approval click, every model call lands in a structured audit log per tenant. Compliance and internal audit teams can replay any moment in the system.
  • Audit export generators for SOC 2, GDPR, and FINMA. Read the audit log, render the format the regulator or internal auditor expects, ship.
  • Per-customer entity schema: the same Atlas substrate runs across heterogeneous data (banking, healthcare, supply chain, aviation) without per-corpus engineering. The schema for what entities matter to your business is configuration, not code.
May 2026

Live-Verified Retrieval

  • Reciprocal-rank-fusion retrieval (BM25 + dense vector) rolled out behind a per-organization allowlist so we can A/B retrieval architecture against one customer at a time without flipping every tenant.
  • Live verified on a Swiss-regulatory corpus (FINMA circulars) with measurable, audited uplift over the prior bag-of-words baseline. Numbers are tracked against real questions with real expected answers from the source documents, not synthetic benchmarks.
  • Coverage-gated pass rate adopted as the canonical retrieval KPI. Pass rate alone is a vibes metric on lenient LLM judges; coverage measures whether the retrieved snippets actually contain the answer the model should be quoting.
  • Eval-blocks-merge CI gate: a code change that regresses recall on a real corpus does not land. Catches the failure mode where a refactor looks clean but the retriever quietly stops finding the right page.
May 2026

Per-Pilot Drop-In Pattern

  • Customer-specific workflow templates ship as YAML configuration plus a handful of driver functions, not as engineering sprints. The substrate is built once; a new pilot adds the connectors, the entity schema, the workflow templates, and the deployment recipe on top.
  • First pilots running on the pattern: a Swiss private bank for client-review work, a European fresh-produce importer for weekly allocations, and a Swiss airline for cabin-crew onboarding answers. Each is days to a few weeks of pilot-side work, not months.
  • Atlas Quarterly: a readable artifact every customer keeps. Workflow inventory, people map, vendor map, decision history. Whatever the substrate has learned about your team and your data, written down in a form a human can read on a Monday morning.
  • Operator-built agents: an internal-only canvas editor for building, editing, and inspecting workflow agents without writing code. Currently behind a super-admin gate during pilot phase; rolling out to customer operators on a per-account basis.
April 2026

Platform Hardening and Compliance

  • Conversation analysis module: AI-powered conversation analysis with admin dashboard for surfacing patterns, intent signals, and engagement quality across all sessions
  • GDPR, Swiss FADP, and UK GDPR compliance: cookie consent banner on clarm.com, widget loader respects GPC and DNT signals, tracking suppression via data attribute or global flag — no third-party audit required (self-declared, same as HIPAA)
  • Booking endpoint security: widget token verification, dual rate limiting (5/min per IP, 20/hour per widget), recipient email validation, and input sanitization — closes the email-relay abuse path
  • Widget API cleanup: deleted 12 tech debt endpoints with zero auth or hardcoded secrets, hardened middleware to require session or API key on all admin/dashboard/debug routes
  • Provisioning consolidated: single canonical provisioning module with 7 composable steps — both quick-setup and onboard-customer now share the same code path, fixing a bug where agents were created with no knowledge base
  • Invariant chain enforced end-to-end: Python agent creation rejects empty document sets, BFF rejects empty connectors on document sets, widget save validates agent has knowledge before allowing creation
  • Supply-chain security: CI workflow runs npm audit on every PR and weekly cron, Cursor rule prevents AI from installing unverified packages
April 2026

Engagement Engine

  • Teaser bubble: a configurable preview message appears next to the widget icon before visitors click — with custom delay, notification dot, and session-once controls to drive first engagement
  • Returning visitor personalization: the widget recognizes returning visitors with a custom welcome-back message, last-topic recall, and different quick replies — no forms required
  • Agentic automations: describe what you want in plain English and AI generates the engagement campaign — pricing page triggers, exit-intent offers, enterprise signal alerts, and returning visitor re-engagement, all without manual condition trees
  • HubSpot CRM integration: connect HubSpot from the Integrations page with a Private App Access Token to auto-sync contacts and deals when visitors show buying intent
March — April 2026

Billing and Canonical Widget Delivery

  • Stripe billing integration: Free tier (10 conversations/month, no CC) and Growth tier ($200/month, 1,000 conversations, $0.85/extra) with self-serve checkout and portal — billing gates on chat, indexing, and enrichment
  • Canonical widget delivery: one path for all customers — loader.js with data-widget-id fetches config, injects the widget, and runs all engagement behaviors (popup, teaser, returning visitor personalization). Deleted the npm SDK, legacy embed code, and all demo-specific widget code
  • Enterprise self-hosted bootstrapper: download a single script that points the widget at your own infrastructure
March 2026

Agentic Browsing and Live Calls

  • Agentic deep browsing: the chat widget autonomously navigates visitors to the relevant page on the site when they ask about a topic — real-time page navigation, not just link drops
  • Live Slack video calls: founders receive real-time Slack alerts when high-intent visitors land, with one-click join to start a live video call directly from Slack
  • Visitor deanonymization: IP-to-company resolution surfaces which companies are browsing the site before any form fill, delivered alongside Slack alerts and in the dashboard
March 2026

Live Integrations and Enrichment

  • Real-time event infrastructure with webhooks and server-sent events, built on a transactional outbox pattern for guaranteed delivery
  • Slack delivery with threaded, agent-scoped message streaming — conversations stay organized per agent
  • HubSpot sync scaffold for CRM-connected lead routing
  • Shared enrichment cache with configurable providers and bring-your-own-key support (PeopleDataLabs, Clearbit, IPinfo)
  • One-click customer onboarding tool: provision org, agent, and widget from the admin dashboard in a single action
February — March 2026

Revenue Intelligence

  • Visitor enrichment: IP-to-company resolution using IPinfo, PeopleDataLabs, and Clearbit with BYOK support
  • Intent scoring and buyer-signal detection across all conversations
  • Leads page with AI scoring, CSV import/export, and advanced filtering
  • CTA analytics: full tracking pipeline for every widget action click-through
  • Analytics dashboard overhaul — conversation drill-downs, per-agent filtering, flexible date ranges, and performance improvements
February — March 2026

Widget Polish and Mobile

  • Full mobile responsiveness for the chat widget across all variants
  • Voice dictation with Whisper fallback for hands-free input
  • Auto-expanding textarea and follow-up suggestion chips
  • Smooth CTA transitions, exit animations, and smart scroll that locks during streaming and resumes on send
  • XSS and CSS injection hardening across all widget types
February 2026

Live Demos Across Industries

  • 47 branded demo pages across 9 industries — finance, healthcare, developer tools, legal, ESG, enterprise SaaS, retail, gaming, and insurtech
  • One-command demo creator using Puppeteer-based automation for rapid prospect demos
  • Industry-specific widget configurations with tailored knowledge bases, CTAs, and guardrails
  • Terminal widget variant for developer-tool prospects (CLI-style chat)
February 2026

Multi-Tenant Platform

  • Per-organization agent isolation — every customer gets a dedicated agent with no shared state
  • Multi-tenant vector store sharding for knowledge base separation
  • API key provisioning per customer with scoped permissions
  • Dynamic widget loader, fully configurable per customer from the admin dashboard
  • 30+ knowledge connectors: Slack, Discord, GitHub, Google Drive, Notion, Confluence, Zendesk, Linear, HubSpot, and more
  • Document scanning with real-time indexing status
February 2026

Widget System

  • Embeddable chat widget using Shadow DOM isolation — one script tag to install
  • Five widget variants: floating, terminal, inline, dock, and holo
  • Full design customization: colors, logo, position, border, and message transition animations
  • Streaming responses for fast time-to-first-token
  • Citation formatting options: bracket, numbered, domain, full, and hidden
  • CTA injection with staged quick-reply buttons, booking forms, and navigation actions
December 2025 — January 2026

Foundation

  • RAG-powered AI chat engine for knowledge-grounded conversations
  • Dashboard MVP: analytics, agent management, knowledge base, and conversation browser
  • First production deployment for a customer (knowledge-based chatbot for a fintech company)
  • Kubernetes deployment on AWS with auto-scaling
  • Admin panel with impersonation mode for customer support and debugging
February — March 2026

Marketing Site and Content

  • clarm.com launch with light theme, interactive hero demo, and live widget on every page
  • 31 blog articles across 6 languages — founder essays, tactical playbooks for RevOps, growth, healthcare, and finance teams, plus comparison guides against Intercom, Drift, Qualified, and more
  • 7 comparison pages against Intercom, Drift, Plain, HubSpot Chat, Zendesk AI, Intercom Fin, and Atlas
  • Full SEO/GEO optimization: llms.txt for AI agent discoverability, structured data (Organization, Person, Article, FAQ, Breadcrumb), and AI crawler allowance in robots.txt
  • Documentation hub with quickstart, API reference, widget configuration, webhooks, tracking, and platform guides

What We Retired

Not everything we build makes it. These are features we shipped, learned from, and intentionally removed or replaced. We think sharing what didn't work is as important as sharing what did.

Orange theme

Retired Jan 2026

Shipped with YC orange branding. Pivoted to a blue palette after customer feedback that the orange felt too casual for enterprise dashboards.

Iframe widget embed

Retired Feb 2026

Tried embedding the widget via iframe for DOM isolation. Reverted to Shadow DOM because iframes broke streaming responses and cross-page navigation.

Shared agent fallback

Retired Mar 2026

Initially shared a default agent across organizations for faster onboarding. Learned this caused knowledge contamination between customers. Migrated to dedicated agent per org.

Aggressive auto-scroll

Retired Feb 2026

Auto-scrolled the chat window during streaming. Users couldn't read at their own pace. Replaced with smart scroll-lock that pauses when you scroll up.

Social post auto-generator

Retired Jan 2026

Built an auto-changelog pipeline that generated social posts from GitHub PRs via LLM. Deprioritized to focus on core revenue features.

Event lead capture page

Retired Feb 2026

Built a dedicated /event/ page for in-person event lead capture with progressive disclosure flows. Later merged functionality into the main site.

npm SDK widget package

Retired Apr 2026

Published @clarm/widget as an npm package for framework-native embeds. Replaced with the canonical loader.js — one script tag, zero dependencies, same behavior for every customer.

Helix special-casing

Retired Mar 2026

Our first customer had a magic org UUID hardcoded across ~12 files with custom setup routes, auto-provisioning, and auth bypasses. Removed all of it — Helix is now a regular customer using the same code paths as everyone else.

Demo-specific widget code

Retired Apr 2026

Demos had their own fetch interceptor, CSS variable hooks, config files, and API keys. Consolidated so demos use the exact same widget path as production customers — loader.js, config API, widget token auth. Zero demo-specific code in the widget path.

12 tech debt API endpoints

Retired Apr 2026

Deleted endpoints with zero auth, hardcoded secrets, or one-time migration logic: debug-givelegacy (dumped prod data), upload-widget-to-s3 (RCE via shell exec), update-widget-token (hardcoded secret), and 9 others. Tightened middleware so admin/dashboard/debug routes all require auth.

FAQ

How often does Clarm ship new features?

Continuously. As a two-person YC-backed team, we deploy multiple times per day. Major milestones are grouped and published here roughly monthly.

What integrations does Clarm support?

30+ knowledge connectors including Slack, Discord, GitHub, Google Drive, Notion, Confluence, Zendesk, Linear, and HubSpot. For outbound delivery: webhooks, Slack threads, and HubSpot sync.

Does Clarm publish what features it has retired?

Yes. We believe transparency about what didn't work builds more trust than only showing wins. Every retired feature is listed above with context on why we removed it.

Want to see it live?

Book a 15-minute walkthrough and we'll show you what Clarm looks like on your website, with your content.

Book a demoor email marcus@clarm.com