Skip to main content

A deterministic, configurable control policy for agent workflows.

Project description

Agents that know when good enough is enough.

CI PyPI version Python versions License Install BOUND from skills.sh

BOUND

The deterministic control harness for AI agents.

Coding agents are good at continuing. They are less good at knowing when to stop.

BOUND sits between execution and the agent's next decision, turning observable evidence into a deterministic control signal:

ACCEPT · RETRY · REPLAN · ROLLBACK

BOUND deterministic control harness for AI agent workflows

Put BOUND in your agent

Install in ChatGPT / OpenAI Skills

  1. Download BOUND-agent-skill.zip.
  2. In ChatGPT, open Profile → Skills → Create → Upload from your computer.
  3. Select the ZIP, review the scan result, and install the skill.
  4. Start a new chat and invoke it with @BOUND, or let ChatGPT select it when your request matches the skill description.

The Skills menu must be available for your ChatGPT account or workspace. Personal Skills may need to be installed separately in ChatGPT on the web and in the desktop app because those installations do not automatically sync.

Install with skills.sh-compatible agents

BOUND includes an open SKILL.md skill for Codex, Claude Code, Cline, Kilo Code, and other compatible coding agents:

npx skills add Danny-de-bree/bound --skill bound

To install only for Codex without interactive selection:

npx skills add Danny-de-bree/bound --skill bound --agent codex -y

The skill lives in skills/bound/ and teaches the agent to install BOUND, establish meaningful evaluation boundaries, collect real evidence, report the numeric A/I/R/C/S/T calculation, and react to ACCEPT / RETRY / REPLAN / ROLLBACK.

Or use a paste-ready integration prompt

Choose your agent, open its integration prompt, and paste it into a new session:

That's it.

The prompt tells the agent to install BOUND, inspect its workflow, identify meaningful evaluation boundaries, and wire the harness into its control loop.

For the initial setup, use your agent's strongest architecture or planning mode — or a stronger model if available. This first pass should focus on defining the plan, meaningful step boundaries, acceptance criteria, risks, budgets, and observable evidence.

Paste integration prompt into agent
              ↓
Agent installs BOUND
              ↓
Agent inspects project + workflow
              ↓
Agent defines goals, contracts, and evidence
              ↓
You review the integration plan
              ↓
Agent wires BOUND into the workflow
              ↓
Run your agent with BOUND

Once configured, the normal execution loop can use BOUND deterministically. No LLM judge is required for observable criteria.

The control loop

BOUND belongs after a meaningful execution step and before the agent decides whether to keep optimizing the same objective.

Agent executes
      ↓
Observable evidence
      ↓
BOUND evaluates
      ↓
ACCEPT / RETRY / REPLAN / ROLLBACK
      ↓
Agent changes its next action

Conceptually:

result = workflow.evaluate_step(
    contract=contract,
    evidence=evidence,
    criteria=criteria,
)

match result.decision:
    case "ACCEPT":
        continue_to_next_step()
    case "RETRY":
        retry_current_approach()
    case "REPLAN":
        choose_new_strategy()
    case "ROLLBACK":
        rollback()

The agent still owns planning, reasoning, tool use, code changes, and execution.

BOUND decides whether the current result is good enough to move on.

Four decisions

Decision Meaning
ACCEPT Good enough. Stop optimizing this step and continue.
RETRY Keep the current approach and make one focused correction.
REPLAN Stop iterating on the current strategy and choose another approach.
ROLLBACK A hard risk boundary was exceeded. Return to a safe state.

BOUND can use observable evidence such as tests, lint and type checks, acceptance checks, expected changes, retries, tool calls, token usage, runtime, and rollback availability.

Good enough is enough. Keep progressing.

Why BOUND?

Without an explicit stopping policy, an agent can continue working after the task is already satisfactory:

task solved
    ↓
tests pass
    ↓
more refinement
    ↓
more calls and changes
    ↓
possible regression

BOUND adds an explicit control point:

task solved
    ↓
evidence collected
    ↓
BOUND evaluates
    ↓
ACCEPT
    ↓
continue to the next goal

BOUND does not replace the agent. It is a thin control harness around the agent's execution loop.

How it works

BOUND is the control harness.

Under the hood:

Contracts + evidence  → evaluation layer
BoundPolicy           → deterministic decision engine
BOUND                 → control harness
Integration prompts   → adoption layer

The scoring model, evidence mapping, thresholds, weights, calculations, and exact decision rules live in the technical documentation:

Read the architecture and scoring model →

Manual installation

If you want to integrate BOUND directly:

pip install bound-policy

Or:

uv add bound-policy

The PyPI distribution is bound-policy; the Python import and CLI are bound.

Current status

BOUND is experimental.

The scoring heuristics, weights, thresholds, and integration patterns still need broader validation on real agent workloads.

The next milestone is dogfooding BOUND inside real coding agents and measuring whether it reduces unnecessary post-solution work, calls, tokens, retries, and regressions without reducing task success.

Development

git clone https://github.com/Danny-de-bree/bound.git
cd bound

uv sync
uv run pytest
uv run ruff check .

License

MIT © Danny de Bree

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bound_policy-0.6.1.tar.gz (1.6 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

bound_policy-0.6.1-py3-none-any.whl (77.5 kB view details)

Uploaded Python 3

File details

Details for the file bound_policy-0.6.1.tar.gz.

File metadata

  • Download URL: bound_policy-0.6.1.tar.gz
  • Upload date:
  • Size: 1.6 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for bound_policy-0.6.1.tar.gz
Algorithm Hash digest
SHA256 9084ab21c45f5e677bbd5fd58c2431e7996963359544240947b013267de71643
MD5 1f6ca6bc217dafe1ebc20aa9f2eb179f
BLAKE2b-256 02626b07560869132b117dae3964982f0a4a5f6131465a98167ce91cdfe5f532

See more details on using hashes here.

Provenance

The following attestation bundles were made for bound_policy-0.6.1.tar.gz:

Publisher: publish.yml on Danny-de-bree/bound

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file bound_policy-0.6.1-py3-none-any.whl.

File metadata

  • Download URL: bound_policy-0.6.1-py3-none-any.whl
  • Upload date:
  • Size: 77.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for bound_policy-0.6.1-py3-none-any.whl
Algorithm Hash digest
SHA256 01803298cd96731879f8320adc44cdf0a834b5f7213f5728efd645c5514f7fcf
MD5 170a43121c20373f427279bc7c2d014c
BLAKE2b-256 8d182dcf0456af036ed861051a7c98a577270621432aaf39e0daccc5d67b4f18

See more details on using hashes here.

Provenance

The following attestation bundles were made for bound_policy-0.6.1-py3-none-any.whl:

Publisher: publish.yml on Danny-de-bree/bound

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page