Impact Boundary Labs

ROADMAP

Expand to more systems without weakening the Core.

The goal is not to turn the Core into a larger, looser platform. The goal is to keep the same trust split while more systems sit behind the boundary.

Agents propose work. The Core decides what may continue. Adapters materialize only admitted work.

The Core is in continuous development. This roadmap is directional, not a release schedule.

Constants

What should not change

New adapters and hosted paths should expand the surface area without changing the trust model.

01

Agents own neither the write path nor an unrestricted read path

Agents may prepare work, but write authority and broad target-system read access stay behind the boundary.

02

The Core decides admission

Policy, state, scope, evidence, and next action stay in the boundary.

03

Adapters stay limited

Adapters materialize admitted work. They do not decide admission.

Current foundation

The boundary model is visible.

The current public foundation shows the central split: agents can prepare work, but real impact must pass through the Core and an adapter.

  • local and self-hosted first
  • no direct agent authority over write impact
  • GitHub Gateway as first reference adapter
  • Impact Room and Boundary Learning Score as lab surfaces

Coming next

Boundary Evaluation

Before a request reaches admission, the system should understand what kind of decision it needs: Is the state fresh? Does the request fit policy? Is evidence missing? Does a human operator need to look?

  • evaluate policy fit
  • inspect state freshness
  • route missing evidence or operator attention

Planned

Orchestrator Gate

Control multi-step agent workflows before they reach impact admission. A pre-Core gate can classify and route workflow steps before any of them becomes an impact request.

  • classify workflow intent earlier
  • route required_next_action
  • keep multi-step agents without direct authority over impact

Expansion

More target systems behind the boundary

GitHub is the first reference adapter, but the same pattern should work for other systems where agents can prepare work without receiving direct write authority.

  • local workspaces
  • database operations
  • APIs and internal tools

Hardening

Evidence and replay

Operators should be able to understand why a boundary decision happened. Replay should explain the decision path without recreating the external impact.

  • replayable decision paths
  • stronger operator evidence
  • replay explains decisions, not impact recreation

Later / demand-driven

Cloud Gateway

Hosted convenience only makes sense after the trust boundary is ready for it: tenant isolation, token handling, data boundaries, and operational review all need to be strong first.

  • tenant isolation
  • hosted decision handling
  • cloud dashboard later

Have a system where agents should help, but not directly change things?

The most useful roadmap input is a real boundary: what system should an agent work with, what should it be allowed to propose, and what should it never change directly?

Discuss an adapter