positif
pre-alpha · built in public

Positif documentation

Positif is a security-first control plane for agent fleets — a switchboard that authorizes and audits every agent→agent handoff, on your own tailnet, without ever reading the payload. Start by self-hosting it in about five minutes.

Honest status
The self-host path below is real and installable today (pip install positif-ai — the CLI is source-available, MIT for the sbd client). Hosted and enterprise tiers are on the roadmap, not shipped.
Quickstart · ~5 minutes

Self-host Positif on your tailnet.

You need a machine on your Tailscale tailnet (the always-on box that will run the switchboard) and Python 3.12+. Positif keeps all of its state in one SQLite file and binds to your tailnet IP, so the tailnet does the hard identity work.

  1. Install the CLI
    # the sbd CLI (MIT) + switchboard engine (BUSL-1.1)
    pip install positif-ai
  2. Initialize the state + seed policy

    Creates the SQLite store and seeds the caller→target policy and agent cards.

    sbd init --db /opt/positif-data/positif.db
  3. Serve on your tailnet IP

    Bind to your tailnet address so whois auth is real — the caller’s identity comes from the live request, resolved by tailscaled.

    sbd serve --transport http \
      --host 100.x.y.z --port 7600 \
      --db /opt/positif-data/positif.db
  4. Register an agent as a node

    Drop an A2A card describing the agent (transport, endpoint, sensitivity) and a trusted-only policy row, then re-init. See the fleet-node kit for the safe-by-default template.

  5. Dispatch through the switchboard

    Call the dispatch MCP tool from any tailnet caller. Positif checks the policy on metadata only, dedupes, forwards over the card’s transport, and writes the decision to the audit ledger.

  6. Confirm it’s healthy
    sbd doctor   # WAL sidecars, code tree, secret perms, worker tokens
    sbd events   # tail the append-only audit ledger
What you get
whois identity · metadata-only policy gate · idempotency · per-caller rate limits · loop-guarded any-to-any handoff · an append-only audit ledger — all on one box you own, with zero payloads stored.
Self-hostavailable nowFree · MIT CLI

The full control plane, on your infrastructure.

Self-hosting is the default and it is the whole product — nothing is held back. The broker, your agents, and your keys all run on your tailnet. Positif never leaves your network and never reads a payload.

The dispatch model

Every call runs the same fail-closed pipeline:

whois caller  provenance  metadata policy  idempotency  forward  audit

Routing decisions are made on the envelope — tailnet identity, target, policy — never the message body. A tainted (less-trusted) caller is denied from sensitive targets before anything is forwarded.

Transports

A node is reached over the mechanism its runtime supports: acp (agent-client protocol), cli (headless CLI agents), or http (worker endpoints). Any-to-any handoff is brokered through Positif — never agent-to-agent direct — with a depth + cycle loop guard.

Add a fleet node safely

The fleet-node kit ships a hardened HTTP-worker template: fail-closed shared-bearer auth (localhost is not an auth boundary), request validation, and a locked-down systemd unit — so a new node is safe by default. Copy it, implement one function, mint a token, drop a card.

Never locked in
Self-host is not a lesser tier — it is the sovereign one. If you later choose a managed option, you can always bring it back in-house. No export dance, no hostage data.
Hosted consolecomingManaged

Let us run the console — you keep sovereignty.

When you would rather not operate the control plane yourself, the hosted option runs the pieces that are pure operations: the operator console, audit-retention, and SSO. Your broker, your keys, and your agents still run on your tailnet. Positif is designed so the hosted layer never sits in the payload path and never holds your provider keys — the opposite of a hosted proxy.

Join the hosting list →  — we’ll email when it opens.

EnterprisecomingSSO · SLA

For fleets under compliance.

SAML / SCIM single sign-on, long audit-retention windows, SIEM export, private tailnet peering, and a direct support line. Built on the same self-hostable core — so an audit can always run against infrastructure you control.

Talk to us →

Concepts & family

Positif is half of a fleet OS.

Positif governs what the fleet is allowed to do. Its sibling, Bourdon, is what the fleet knows — cross-agent memory federation. They are designed as a family, share a philosophy, and each keep their own brand. Together: memory + governed routing for self-sovereign agent fleets.

Bourdon docs →  ·  Positif source →