Skip to main content

A deterministic, configurable control policy for agent workflows.

Project description

Agents that know when good enough is enough.

CI PyPI version Python versions License

BOUND

The deterministic control harness for AI agents.

Coding agents are good at continuing. They are less good at knowing when to stop.

BOUND sits between execution and the agent's next decision, turning observable evidence into a deterministic control signal:

ACCEPT · RETRY · REPLAN · ROLLBACK

BOUND deterministic control harness for AI agent workflows

Put BOUND in your agent

Install in ChatGPT / OpenAI Skills

  1. Download BOUND-agent-skill.zip.
  2. In ChatGPT, open Profile → Skills → Create → Upload from your computer.
  3. Select the ZIP, review the scan result, and install the skill.
  4. Start a new chat and invoke it with @BOUND, or let ChatGPT select it when your request matches the skill description.

The Skills menu must be available for your ChatGPT account or workspace. Personal Skills may need to be installed separately in ChatGPT on the web and in the desktop app because those installations do not automatically sync.

Install with skills.sh-compatible agents

BOUND includes an open SKILL.md skill for Codex, Claude Code, Cline, Kilo Code, and other compatible coding agents:

npx skills add Danny-de-bree/bound --skill bound

To install only for Codex without interactive selection:

npx skills add Danny-de-bree/bound --skill bound --agent codex -y

The skill lives in skills/bound/ and teaches the agent to install BOUND, establish meaningful evaluation boundaries, collect real evidence, report the numeric A/I/R/C/S/T calculation, and react to ACCEPT / RETRY / REPLAN / ROLLBACK.

Or use a paste-ready integration prompt

Choose your agent, open its integration prompt, and paste it into a new session:

That's it.

The prompt tells the agent to install BOUND, inspect its workflow, identify meaningful evaluation boundaries, and wire the harness into its control loop.

For the initial setup, use your agent's strongest architecture or planning mode — or a stronger model if available. This first pass should focus on defining the plan, meaningful step boundaries, acceptance criteria, risks, budgets, and observable evidence.

Paste integration prompt into agent
              ↓
Agent installs BOUND
              ↓
Agent inspects project + workflow
              ↓
Agent defines goals, contracts, and evidence
              ↓
You review the integration plan
              ↓
Agent wires BOUND into the workflow
              ↓
Run your agent with BOUND

Once configured, the normal execution loop can use BOUND deterministically. No LLM judge is required for observable criteria.

The control loop

BOUND belongs after a meaningful execution step and before the agent decides whether to keep optimizing the same objective.

Agent executes
      ↓
Observable evidence
      ↓
BOUND evaluates
      ↓
ACCEPT / RETRY / REPLAN / ROLLBACK
      ↓
Agent changes its next action

Conceptually:

result = workflow.evaluate_step(
    contract=contract,
    evidence=evidence,
    criteria=criteria,
)

match result.decision:
    case "ACCEPT":
        continue_to_next_step()
    case "RETRY":
        retry_current_approach()
    case "REPLAN":
        choose_new_strategy()
    case "ROLLBACK":
        rollback()

The agent still owns planning, reasoning, tool use, code changes, and execution.

BOUND decides whether the current result is good enough to move on.

Four decisions

Decision Meaning
ACCEPT Good enough. Stop optimizing this step and continue.
RETRY Keep the current approach and make one focused correction.
REPLAN Stop iterating on the current strategy and choose another approach.
ROLLBACK A hard risk boundary was exceeded. Return to a safe state.

BOUND can use observable evidence such as tests, lint and type checks, acceptance checks, expected changes, retries, tool calls, token usage, runtime, and rollback availability.

Good enough is enough. Keep progressing.

Why BOUND?

Without an explicit stopping policy, an agent can continue working after the task is already satisfactory:

task solved
    ↓
tests pass
    ↓
more refinement
    ↓
more calls and changes
    ↓
possible regression

BOUND adds an explicit control point:

task solved
    ↓
evidence collected
    ↓
BOUND evaluates
    ↓
ACCEPT
    ↓
continue to the next goal

BOUND does not replace the agent. It is a thin control harness around the agent's execution loop.

How it works

BOUND is the control harness.

Under the hood:

Contracts + evidence  → evaluation layer
BoundPolicy           → deterministic decision engine
BOUND                 → control harness
Integration prompts   → adoption layer

The scoring model, evidence mapping, thresholds, weights, calculations, and exact decision rules live in the technical documentation:

Read the architecture and scoring model →

Manual installation

If you want to integrate BOUND directly:

pip install bound-policy

Or:

uv add bound-policy

The PyPI distribution is bound-policy; the Python import and CLI are bound.

Current status

BOUND is experimental.

The scoring heuristics, weights, thresholds, and integration patterns still need broader validation on real agent workloads.

The next milestone is dogfooding BOUND inside real coding agents and measuring whether it reduces unnecessary post-solution work, calls, tokens, retries, and regressions without reducing task success.

Development

git clone https://github.com/Danny-de-bree/bound.git
cd bound

uv sync
uv run pytest
uv run ruff check .

License

MIT © Danny de Bree

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bound_policy-0.6.0.tar.gz (1.6 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

bound_policy-0.6.0-py3-none-any.whl (77.4 kB view details)

Uploaded Python 3

File details

Details for the file bound_policy-0.6.0.tar.gz.

File metadata

  • Download URL: bound_policy-0.6.0.tar.gz
  • Upload date:
  • Size: 1.6 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for bound_policy-0.6.0.tar.gz
Algorithm Hash digest
SHA256 0157924c506559c24c3df10c575bb6ab747d8f4b4f7dc345b197c360d45b498e
MD5 668a44ae84372a40c5578a53f5907f64
BLAKE2b-256 c7c588930966a5db04f39b582153f50ee1d03f935d5bd5a2c671f6d151a403ed

See more details on using hashes here.

Provenance

The following attestation bundles were made for bound_policy-0.6.0.tar.gz:

Publisher: publish.yml on Danny-de-bree/bound

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file bound_policy-0.6.0-py3-none-any.whl.

File metadata

  • Download URL: bound_policy-0.6.0-py3-none-any.whl
  • Upload date:
  • Size: 77.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for bound_policy-0.6.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cbc7c7cbcddbe6d435f61e0bdd7187ffa771910535bb4e3748642356b28a676d
MD5 4da5e6940d704dfbe6564eb458cebffd
BLAKE2b-256 11f38dbf6d323f0b5afe1f7c4b46816ce127a19042318f1d7c49d3028cb6443b

See more details on using hashes here.

Provenance

The following attestation bundles were made for bound_policy-0.6.0-py3-none-any.whl:

Publisher: publish.yml on Danny-de-bree/bound

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page