positif
statuslive
tailnetconnected
payloads read0
build0.1.0
pre-alpha · built in public

Know what your AI agents are doing. Prove it later.

Run more than one AI agent and they start talking to each other, with nobody watching. Positif is the switchboard in the middle: every request permission-checked, logged, and loop-protected before it goes through. It never reads the messages. It’s a phone bill, not a wiretap.

Start self-hosting pip install positif-ai
the problem · agent mesh

Your agents talk behind your back.

One AI agent asks another to do something. No one approved it, no record exists, and if something goes wrong you can’t reconstruct what happened. Every agent is wired to every other, so one hijacked agent can reach them all. Positif puts one governed relay in the middle: every message routes through it, is checked on identity and policy, then logged. Watch the dangerous call get stopped.

planner-1trusted writer-4trusted scraper-9web-facing indexer-2normal mailer-1sensitive paymentssensitive positif sealed
Every message routes through one relay, checked on identity and policy, then logged.
What Positif promises, and what it doesn’t
Positif won’t stop someone from tricking an agent with a malicious prompt. Nothing reliably does that today. What it does is limit the damage , a tricked agent can only reach what policy allows, and keep receipts: a permanent record of everything it tried.
audit ledger live
who → whompayload sealed
alpha-7 indexer-2allow14:02:09
planner-1 writer-4in flight14:02:11
scraper-9 paymentsdenied14:02:12
writer-4 mailer-1allow14:02:14
outcomes
guarantees
0
message payloads read
100%
of requests in the ledger
1 file
to run it, no extra infra
policy sandbox · try it

Pick a caller and a target, then place the call. Watch it move through the pipeline and land in the ledger above. Try a web-facing agent reaching something sensitive.

who’s calling policy check loop guard forward ledger
The policy here is the real default: web-facing callers can’t reach sensitive targets.
run it your way · pricing

Self-host on your network. Or let us run it.

Positif is yours to run, on your own private network (via Tailscale), where your keys and agents never leave. Free forever. A managed option is coming; either way you’re never locked in.

The line we won’t cross
Positif never becomes the thing that holds your keys or reads your traffic. Self-host is the default and stays real. Hosting is a convenience, not a cage.
Read the quickstart get notified about hosting →
the family · fleet OS

Positif is one organ of a two-part fleet OS. Its sibling Bourdon is the cross-agent memory; Positif is the cross-agent routing. What the fleet knows, and what it’s allowed to do.

positif
positif
routing · this site
bourdon
memory · bourdon.ai ↗
Routes the fleet. Reads nothing. Proves everything.
system status · pre-alpha

Built in public, changes weekly. Treat anything below the line as a promise we haven’t kept yet.

Identity · policy gate · audit ledgerworking
Loop-guarded any-to-any brokeringworking
Installable CLI (pip install positif-ai)working
Multi-tenant policy editorin flight
SIEM / audit exportin flight
Hosted control plane (self-host only today)not yet
get in touch

Stay tuned ♪♫

The hosted console and new checks, the moment they land. No noise, just Positif.

We’ll only email about Positif. Unsubscribe any time.

Partner with us

Building on agent infra, reselling, or already running a tailnet? Let’s talk.

get started

Run the whole switchboard in one command.

pip install positif-ai
Start self-hosting · free see hosting plans & pricing →