positif
statuslive
tailnetconnected
payloads read0
build0.1.0
pre-alpha · built in public

Know what your AI agents are doing. Prove it later.

Run more than one AI agent and they start talking to each other — with nobody watching. Positif is the switchboard in the middle: every request permission-checked, logged, and loop-protected before it goes through. It never reads the messages — a phone bill, not a wiretap.

Start self-hosting pip install positif-ai
the problem · agent mesh

Your agents talk behind your back.

One AI agent asks another to do something. No one approved it, no record exists, and if something goes wrong you can’t reconstruct what happened — every agent wired to every other, one hijacked agent able to reach them all. Positif replaces that tangle with a single governed relay. Drag to see it.

positif AUDIT · APPEND-ONLY
tangled meshone relay
N agents → N² possible paths. Positif → one governed relay, every hop on the record.
What Positif promises — and what it doesn’t
Positif won’t stop someone from tricking an agent with a malicious prompt. Nothing reliably does that today. What it does is limit the damage — a tricked agent can only reach what policy allows — and keep receipts: a permanent record of everything it tried.
audit ledger live
who → whompayload sealed
alpha-7 indexer-2allow14:02:09
planner-1 writer-4in flight14:02:11
scraper-9 paymentsdenied14:02:12
writer-4 mailer-1allow14:02:14
outcomes
guarantees
0
message payloads read
100%
of requests in the ledger
1 file
to run it — no extra infra
policy sandbox · try it

Pick a caller and a target, then place the call. Watch it move through the pipeline and land in the ledger above. Try a web-facing agent reaching something sensitive.

who’s calling policy check loop guard forward ledger
The policy here is the real default: web-facing callers can’t reach sensitive targets.
run it your way

Self-host on your network. Or let us run it.

Positif is yours to run — on your own private network (via Tailscale), where your keys and agents never leave. Free forever. A managed option is coming; either way you’re never locked in.

available now
Self-host
Free · MIT CLI
The full switchboard on your network: identity, policy, loop guard, append-only audit. One file of state.
coming
Hosted console
Managed · you keep sovereignty
We run the dashboard, log retention, and sign-on. Your switchboard, keys, and agents stay on your network.
coming
Enterprise
SSO · SLA · private support
SAML/SCIM, long log-retention, SIEM export, private peering, and a direct line. For fleets under compliance.
The line we won’t cross
Positif never becomes the thing that holds your keys or reads your traffic. Self-host is the default and stays real. Hosting is a convenience, not a cage.
Read the quickstart get notified about hosting →
the family · fleet OS

Positif is one organ of a two-part fleet OS. Its sibling Bourdon is the cross-agent memory; Positif is the cross-agent routing. What the fleet knows, and what it’s allowed to do.

positif
positif
routing · this site
bourdon
memory · bourdon.ai →
Routes the fleet. Reads nothing. Proves everything.
system status · pre-alpha

Built in public, changes weekly. Treat anything below the line as a promise we haven’t kept yet.

Identity · policy gate · audit ledgerworking
Loop-guarded any-to-any brokeringworking
Installable CLI (pip install positif-ai)working
Multi-tenant policy editorin flight
SIEM / audit exportin flight
Hosted control plane (self-host only today)not yet