Skip to main content

A deterministic, configurable control policy for agent workflows.

Project description

Agents that know when good enough is enough.

CI PyPI version Python versions License

BOUND

The deterministic control harness for AI agents.

Coding agents are good at continuing. They are less good at knowing when to stop.

BOUND sits between execution and the agent's next decision, turning observable evidence into a deterministic control signal:

ACCEPT · RETRY · REPLAN · ROLLBACK

BOUND deterministic control harness for AI agent workflows

Put BOUND in your agent

Choose your agent, open its integration prompt, and paste it into a new session:

That's it.

The prompt tells the agent to install BOUND, inspect its workflow, identify meaningful evaluation boundaries, and wire the harness into its control loop.

For the initial setup, use your agent's strongest architecture or planning mode — or a stronger model if available. This first pass should focus on defining the plan, meaningful step boundaries, acceptance criteria, risks, budgets, and observable evidence.

Paste integration prompt into agent
              ↓
Agent installs BOUND
              ↓
Agent inspects project + workflow
              ↓
Agent defines goals, contracts, and evidence
              ↓
You review the integration plan
              ↓
Agent wires BOUND into the workflow
              ↓
Run your agent with BOUND

Once configured, the normal execution loop can use BOUND deterministically. No LLM judge is required for observable criteria.

The control loop

BOUND belongs after a meaningful execution step and before the agent decides whether to keep optimizing the same objective.

Agent executes
      ↓
Observable evidence
      ↓
BOUND evaluates
      ↓
ACCEPT / RETRY / REPLAN / ROLLBACK
      ↓
Agent changes its next action

Conceptually:

result = workflow.evaluate_step(
    contract=contract,
    evidence=evidence,
    criteria=criteria,
)

match result.decision:
    case "ACCEPT":
        continue_to_next_step()
    case "RETRY":
        retry_current_approach()
    case "REPLAN":
        choose_new_strategy()
    case "ROLLBACK":
        rollback()

The agent still owns planning, reasoning, tool use, code changes, and execution.

BOUND decides whether the current result is good enough to move on.

Four decisions

Decision Meaning
ACCEPT Good enough. Stop optimizing this step and continue.
RETRY Keep the current approach and make one focused correction.
REPLAN Stop iterating on the current strategy and choose another approach.
ROLLBACK A hard risk boundary was exceeded. Return to a safe state.

BOUND can use observable evidence such as tests, lint and type checks, acceptance checks, expected changes, retries, tool calls, token usage, runtime, and rollback availability.

Good enough is enough. Keep progressing.

Why BOUND?

Without an explicit stopping policy, an agent can continue working after the task is already satisfactory:

task solved
    ↓
tests pass
    ↓
more refinement
    ↓
more calls and changes
    ↓
possible regression

BOUND adds an explicit control point:

task solved
    ↓
evidence collected
    ↓
BOUND evaluates
    ↓
ACCEPT
    ↓
continue to the next goal

BOUND does not replace the agent. It is a thin control harness around the agent's execution loop.

How it works

BOUND is the control harness.

Under the hood:

Contracts + evidence  → evaluation layer
BoundPolicy           → deterministic decision engine
BOUND                 → control harness
Integration prompts   → adoption layer

The scoring model, evidence mapping, thresholds, weights, calculations, and exact decision rules live in the technical documentation:

Read the architecture and scoring model →

Manual installation

If you want to integrate BOUND directly:

pip install bound-policy

Or:

uv add bound-policy

The PyPI distribution is bound-policy; the Python import and CLI are bound.

Current status

BOUND is experimental.

The scoring heuristics, weights, thresholds, and integration patterns still need broader validation on real agent workloads.

The next milestone is dogfooding BOUND inside real coding agents and measuring whether it reduces unnecessary post-solution work, calls, tokens, retries, and regressions without reducing task success.

Development

git clone https://github.com/Danny-de-bree/bound.git
cd bound

uv sync
uv run pytest
uv run ruff check .

License

MIT © Danny de Bree

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bound_policy-0.5.0.tar.gz (1.5 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

bound_policy-0.5.0-py3-none-any.whl (71.9 kB view details)

Uploaded Python 3

File details

Details for the file bound_policy-0.5.0.tar.gz.

File metadata

  • Download URL: bound_policy-0.5.0.tar.gz
  • Upload date:
  • Size: 1.5 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for bound_policy-0.5.0.tar.gz
Algorithm Hash digest
SHA256 c98c7e9006f36785bb84c0d275547941e17f34903d8d1bfb167150fe3fa47c71
MD5 958de2a54e9e784760bef78804e8845d
BLAKE2b-256 2c2db64efea632623854f9db276f0d530b6ada5c9ce2d2a5cbc57128b1318598

See more details on using hashes here.

Provenance

The following attestation bundles were made for bound_policy-0.5.0.tar.gz:

Publisher: publish.yml on Danny-de-bree/bound

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file bound_policy-0.5.0-py3-none-any.whl.

File metadata

  • Download URL: bound_policy-0.5.0-py3-none-any.whl
  • Upload date:
  • Size: 71.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for bound_policy-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c59ae64cb7d33372c6b47f5c885d7a3fb2fc613fe64b3ad50945862b411c1a37
MD5 627bc4277545f67c0f1995552c73472f
BLAKE2b-256 1ca8ff3a504073b7524e4fe7e9bf367a756cada11d2ad1443cd86ac29f11d802

See more details on using hashes here.

Provenance

The following attestation bundles were made for bound_policy-0.5.0-py3-none-any.whl:

Publisher: publish.yml on Danny-de-bree/bound

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page