Need Explicit Agent Boundaries
Repositories need to explicitly declare what AI agents are allowed to change and what is off-limits.
Take Control Of Your Signals — Become a Naftiko Design Partner Today!
Persona Story:
Morgan, the security & compliance lead, needs repositories to explicitly declare what AI agents are allowed to change (and what is off-limits).
Problem Context
- Agents can propose edits across code, configs, pipelines, and dependencies
- Current docs rarely specify boundaries: prohibited directories, sensitive files, credential handling
- “Allowed to change” differs by repo maturity but rules aren’t encoded
Problem Impact
- Higher risk of unsafe or non-compliant changes introduced via AI assistance
- More time spent in review because scope must be re-decided every PR
- Difficulty auditing whether agent actions complied with organizational policies
Naftiko Today
- outputParameters acts as a normalization and governance layer, ensuring raw API payloads never reach the LLM and agents only see explicitly declared fields
- Executable YAML specs define exactly which API operations an agent can invoke, creating an explicit allowlist of permitted actions
- External bindings for secrets/tokens/env vars keep credentials out of agent-accessible context, enforcing credential handling boundaries by design
- JSON Schema validation and Spectral ruleset enforce structural constraints on what capabilities expose, preventing accidental scope creep
Naftiko Tomorrow
- Tool annotations for readOnly/destructive/idempotent (Second Alpha) would let capabilities explicitly declare the safety profile of each operation agents can invoke
- MCP auth (Second Alpha) would add authentication boundaries so agents must prove authorization before accessing capabilities
- Conditional steps with if/for-each logic (Second Alpha) would allow boundary enforcement within orchestration flows, gating destructive operations
- Enterprise security with Keycloak and OpenFGA (v1.1) would provide fine-grained, policy-based access control over what agents can do