A deterministic, configurable control policy for agent workflows.
Project description
Agents that know when good enough is enough.
BOUND
The deterministic control harness for AI agents.
Coding agents are good at continuing. They are less good at knowing when to stop.
BOUND sits between execution and the agent's next decision, turning observable evidence into a deterministic control signal:
ACCEPT · RETRY · REPLAN · ROLLBACK
Put BOUND in your agent
Install in ChatGPT / OpenAI Skills
- Download
BOUND-agent-skill.zip. - In ChatGPT, open Profile → Skills → Create → Upload from your computer.
- Select the ZIP, review the scan result, and install the skill.
- Start a new chat and invoke it with
@BOUND, or let ChatGPT select it when your request matches the skill description.
The Skills menu must be available for your ChatGPT account or workspace. Personal Skills may need to be installed separately in ChatGPT on the web and in the desktop app because those installations do not automatically sync.
Install with skills.sh-compatible agents
BOUND includes an open SKILL.md skill for Codex, Claude Code, Cline, Kilo
Code, and other compatible coding agents:
npx skills add Danny-de-bree/bound --skill bound
To install only for Codex without interactive selection:
npx skills add Danny-de-bree/bound --skill bound --agent codex -y
The skill lives in skills/bound/ and teaches the agent to
install BOUND, establish meaningful evaluation boundaries, collect real
evidence, report the numeric A/I/R/C/S/T calculation, and react to
ACCEPT / RETRY / REPLAN / ROLLBACK.
Or use a paste-ready integration prompt
Choose your agent, open its integration prompt, and paste it into a new session:
That's it.
The prompt tells the agent to install BOUND, inspect its workflow, identify meaningful evaluation boundaries, and wire the harness into its control loop.
For the initial setup, use your agent's strongest architecture or planning mode — or a stronger model if available. This first pass should focus on defining the plan, meaningful step boundaries, acceptance criteria, risks, budgets, and observable evidence.
Paste integration prompt into agent
↓
Agent installs BOUND
↓
Agent inspects project + workflow
↓
Agent defines goals, contracts, and evidence
↓
You review the integration plan
↓
Agent wires BOUND into the workflow
↓
Run your agent with BOUND
Once configured, the normal execution loop can use BOUND deterministically. No LLM judge is required for observable criteria.
The control loop
BOUND belongs after a meaningful execution step and before the agent decides whether to keep optimizing the same objective.
Agent executes
↓
Observable evidence
↓
BOUND evaluates
↓
ACCEPT / RETRY / REPLAN / ROLLBACK
↓
Agent changes its next action
Conceptually:
result = workflow.evaluate_step(
contract=contract,
evidence=evidence,
criteria=criteria,
)
match result.decision:
case "ACCEPT":
continue_to_next_step()
case "RETRY":
retry_current_approach()
case "REPLAN":
choose_new_strategy()
case "ROLLBACK":
rollback()
The agent still owns planning, reasoning, tool use, code changes, and execution.
BOUND decides whether the current result is good enough to move on.
Four decisions
| Decision | Meaning |
|---|---|
| ACCEPT | Good enough. Stop optimizing this step and continue. |
| RETRY | Keep the current approach and make one focused correction. |
| REPLAN | Stop iterating on the current strategy and choose another approach. |
| ROLLBACK | A hard risk boundary was exceeded. Return to a safe state. |
BOUND can use observable evidence such as tests, lint and type checks, acceptance checks, expected changes, retries, tool calls, token usage, runtime, and rollback availability.
Good enough is enough. Keep progressing.
Why BOUND?
Without an explicit stopping policy, an agent can continue working after the task is already satisfactory:
task solved
↓
tests pass
↓
more refinement
↓
more calls and changes
↓
possible regression
BOUND adds an explicit control point:
task solved
↓
evidence collected
↓
BOUND evaluates
↓
ACCEPT
↓
continue to the next goal
BOUND does not replace the agent. It is a thin control harness around the agent's execution loop.
How it works
BOUND is the control harness.
Under the hood:
Contracts + evidence → evaluation layer
BoundPolicy → deterministic decision engine
BOUND → control harness
Integration prompts → adoption layer
The scoring model, evidence mapping, thresholds, weights, calculations, and exact decision rules live in the technical documentation:
Read the architecture and scoring model →
Manual installation
If you want to integrate BOUND directly:
pip install bound-policy
Or:
uv add bound-policy
The PyPI distribution is bound-policy; the Python import and CLI are bound.
Current status
BOUND is experimental.
The scoring heuristics, weights, thresholds, and integration patterns still need broader validation on real agent workloads.
The next milestone is dogfooding BOUND inside real coding agents and measuring whether it reduces unnecessary post-solution work, calls, tokens, retries, and regressions without reducing task success.
Development
git clone https://github.com/Danny-de-bree/bound.git
cd bound
uv sync
uv run pytest
uv run ruff check .
License
MIT © Danny de Bree
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bound_policy-0.6.0.tar.gz.
File metadata
- Download URL: bound_policy-0.6.0.tar.gz
- Upload date:
- Size: 1.6 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0157924c506559c24c3df10c575bb6ab747d8f4b4f7dc345b197c360d45b498e
|
|
| MD5 |
668a44ae84372a40c5578a53f5907f64
|
|
| BLAKE2b-256 |
c7c588930966a5db04f39b582153f50ee1d03f935d5bd5a2c671f6d151a403ed
|
Provenance
The following attestation bundles were made for bound_policy-0.6.0.tar.gz:
Publisher:
publish.yml on Danny-de-bree/bound
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
bound_policy-0.6.0.tar.gz -
Subject digest:
0157924c506559c24c3df10c575bb6ab747d8f4b4f7dc345b197c360d45b498e - Sigstore transparency entry: 2191847673
- Sigstore integration time:
-
Permalink:
Danny-de-bree/bound@f0029a252c14b85f8393a653aba506ce12d24ec2 -
Branch / Tag:
refs/tags/v0.6.0 - Owner: https://github.com/Danny-de-bree
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@f0029a252c14b85f8393a653aba506ce12d24ec2 -
Trigger Event:
push
-
Statement type:
File details
Details for the file bound_policy-0.6.0-py3-none-any.whl.
File metadata
- Download URL: bound_policy-0.6.0-py3-none-any.whl
- Upload date:
- Size: 77.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cbc7c7cbcddbe6d435f61e0bdd7187ffa771910535bb4e3748642356b28a676d
|
|
| MD5 |
4da5e6940d704dfbe6564eb458cebffd
|
|
| BLAKE2b-256 |
11f38dbf6d323f0b5afe1f7c4b46816ce127a19042318f1d7c49d3028cb6443b
|
Provenance
The following attestation bundles were made for bound_policy-0.6.0-py3-none-any.whl:
Publisher:
publish.yml on Danny-de-bree/bound
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
bound_policy-0.6.0-py3-none-any.whl -
Subject digest:
cbc7c7cbcddbe6d435f61e0bdd7187ffa771910535bb4e3748642356b28a676d - Sigstore transparency entry: 2191847691
- Sigstore integration time:
-
Permalink:
Danny-de-bree/bound@f0029a252c14b85f8393a653aba506ce12d24ec2 -
Branch / Tag:
refs/tags/v0.6.0 - Owner: https://github.com/Danny-de-bree
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@f0029a252c14b85f8393a653aba506ce12d24ec2 -
Trigger Event:
push
-
Statement type: