Who’s online, what’s in flight,
what’s allowed, what’s audited.
Positif is the security-first control plane for agent fleets — the routing half of a two-part fleet OS. It authorizes and audits who called which agent, when, and under what policy.
Payload-blind — routing decisions never read message content.
Agents hand work to each other in the dark.
An agent calls another agent directly. Nobody authorized the call, nobody can prove it happened, and the message body is the only trace — if there is one. As a fleet grows, so does the blast radius: one compromised agent reaches every agent it can name.
Every handoff goes through the switchboard.
Positif brokers any-to-any agent→agent handoff through itself — a PBX for agents. Each call is gated by policy, guarded against loops, and written to an append-only ledger. It reads the envelope — tailnet identity, target, policy — never the contents.
One half of a two-part fleet OS.
Positif is a sibling, not a standalone. RADLAB ships two organs of one body: a cross-agent memory and Positif, the cross-agent routing. They are designed as a family and share a philosophy — measured, payload-respecting, built in public — but each owns its branding. Positif keeps its own mark and its own sage; nothing is shared across the line.
Routes the fleet. Reads nothing. Proves everything.
Pre-alpha. Here’s what’s missing.
Naming the gaps is part of the pitch. Positif is built in public and changes weekly; treat anything below the line as a promise we have not kept yet.