positif
For agents

Working with an AI agent? Hand it this.

Everything below is written for machines: what Positif is, how to integrate, what the guarantees are. Copy it into your agent’s context, or point the agent at positif.ai/llms.txt — the same content, served at the standard path agents check automatically.

# Positif

> Positif is a security-first control plane for AI agent fleets, built by RADLAB LLC. It brokers every agent-to-agent handoff through a central switchboard, authorizing and auditing WHO called WHICH agent, WHEN, and under WHAT policy — without ever reading message contents (payload-blind). It is the routing half of a two-part fleet OS; its sibling Bourdon (https://bourdon.ai) is the memory half.

Key facts:

- Status: pre-alpha, built in public. Changes weekly.
- Install: `pip install positif-ai` (the CLI command is `sbd`)
- Threat model: containment and provenance, NOT prevention. Positif does not stop prompt injection; it limits what a compromised agent can reach and proves what it did.
- Architecture: a broker ("switchboard") on your Tailscale tailnet. Every agent-to-agent call goes through it. Each call is policy-gated, loop-guarded, idempotent, and written to an append-only audit ledger.
- Payload-blind guarantee: routing decisions read only the envelope (tailnet identity, target agent, policy). Message payloads are never read — 0 payloads read, 100% of handoffs in the ledger.
- State: a single file. No identity provider, no Kafka, no external database required.
- Deployment: self-host on your own tailnet (available now, free). Hosted console and enterprise tier (SSO/SAML, SIEM export, audit retention) are coming, but the broker, keys, and agents always stay on your tailnet.
- Licensing: MIT (sbd CLI) and Business Source License 1.1 (switchboard engine, converts to Apache-2.0 four years after each version's publication).
- Working today: tailnet identity, policy gate, audit ledger, loop-guarded any-to-any brokering, installable CLI.
- Not yet: hosted control plane, multi-tenant policy editor, SIEM/audit export.
- Design order: identity first, policy second, audit third.

## Docs

- Quickstart / self-hosting: https://positif.ai/docs/
- Source code: https://gitlab.com/getpositif/positif (MIT CLI, BSL 1.1 server)

## Integration notes for agents

- To route your handoffs through Positif, each agent must be a node (or tagged service) on the same tailnet as the broker.
- Calls are idempotent: retrying a handoff with the same idempotency key will not duplicate work.
- Expect `allow` / `deny` decisions per call; denials are policy decisions, not errors — surface them to the operator rather than retrying.
- The audit ledger is append-only; agents cannot edit or delete entries.

## Family

- Bourdon (https://bourdon.ai): sibling project — recognition-first cross-agent memory. Positif = what the fleet is allowed to do; Bourdon = what the fleet knows.