positif
pre-alpha · built in public

Know what your AI agents are doing. Prove it later.

When you run more than one AI agent, they start talking to each other — and today, nobody’s watching. Positif sits in the middle like a switchboard operator: every request between agents is permission-checked, logged, and loop-protected before it goes through. It never reads the messages — a phone bill, not a wiretap.

Start self-hosting pip install positif-ai
The problem

Your agents talk behind your back.

One AI agent asks another to do something. No one approved it, no record exists, and if something goes wrong you can’t reconstruct what happened. The more agents you add, the worse it gets — every agent wired to every other agent, one hijacked agent able to reach them all. Positif replaces that tangle with a single governed relay. Drag to see it.

positif AUDIT · APPEND-ONLY
tangled meshone relay
N agents → N² possible paths. Positif → one governed relay, every hop on the record.
What Positif promises — and what it doesn’t
Positif won’t stop someone from tricking an agent with a malicious prompt. Nothing reliably does that today, and we won’t pretend otherwise. What Positif does is limit the damage — a tricked agent can only reach what policy allows — and keep receipts: a permanent record of everything it tried.
The switchboard

Every request goes through the switchboard.

Positif checks each call is allowed, makes sure agents aren’t stuck in a loop calling each other, and writes it in a log that can’t be edited afterward. It reads only the outside of the envelope — who’s sending, who’s receiving — never the letter inside.

audit ledger payload sealed
alpha-7 indexer-2 allow 14:02:09
planner-1 writer-4 in flight 14:02:11
scraper-9 payments denied 14:02:12
writer-4 mailer-1 allow 14:02:14
0
message payloads read
100%
of requests in the ledger
1 file
to run it — no extra infrastructure
Try it yourself

Place a call through the switchboard.

Pick a caller and a target. Watch the envelope move through the pipeline — and watch the ledger above catch the outcome. Notice what happens when a web-facing agent tries to reach something sensitive.

who’s calling policy check loop guard forward ledger
The policy here is the real default: web-facing callers can’t reach sensitive targets.
Run it your way

Runs on your own private network. Or let us run it.

Positif is yours to run — on your own private network (via Tailscale), where your keys and agents never leave. That is the whole point, and it is free forever. When you would rather not operate the control plane yourself, a managed option is coming. Either way you are never locked in: take it in-house any time, no export dance.

The line we won’t cross
Positif never becomes the thing that holds your keys or reads your traffic. Self-host is the default and stays real. Hosting is a convenience, not a cage.
available now
Self-host
Free · MIT CLI
The full switchboard on your network: identity, policy, loop guard, append-only audit log. One file of state.
coming
Hosted console
Managed · you keep sovereignty
We run the dashboard, log retention, and sign-on. Your switchboard, keys, and agents stay on your network — we never sit in the message path.
coming
Enterprise
SSO · SLA · private support
SAML/SCIM, long log-retention windows, SIEM export, private network peering, and a direct line. For fleets under compliance.
Read the quickstart get notified about hosting →
The family

One half of a two-part fleet OS.

Positif is a sibling, not a standalone. RADLAB ships two organs of one body: Bourdon, the cross-agent memory, and Positif, the cross-agent routing. Together they are a fleet OS: what the fleet knows, and what the fleet is allowed to do. They share a philosophy — measured, payload-respecting, built in public — but each owns its branding. Positif keeps its own mark and its own sage; nothing is shared across the line.

positif
positif
routing · this site
bourdon
memory · bourdon.ai →
Routes the fleet. Reads nothing. Proves everything.
Honest status

Pre-alpha. Here’s what’s missing.

Naming the gaps is part of the pitch. Positif is built in public and changes weekly; treat anything below the line as a promise we have not kept yet.

Identity · policy gate · audit ledgerworking
Loop-guarded any-to-any brokeringworking
Installable CLI (pip install positif-ai)working
Multi-tenant policy editorin flight
SIEM / audit exportin flight
Hosted control plane (self-host only today)not yet
The order
Identity first. Policy second. Audit third.