Static structural analysis for agentic AI systems.

AgentBound analyzes the topology of a multi-agent plan before it runs — flagging structural failure modes that are invisible to average-case runtime evals.

The core finding: a multi-agent system can become more successful on average while becoming structurally more dangerous. A bypass path can increase mean success rate while introducing failure modes with unbounded tail risk. This divergence is invisible to runtime evals, but detectable statically from graph topology.

The analogy: compilers warn about unreachable code before you ship. Linters flag risky patterns before tests run. AgentBound does the equivalent for agent architectures.

AgentBound compiles an agent plan to an AIR graph (Agent Intermediate Representation) and computes structural metrics:

• SUI — Structural Uncertainty Index. How much uncertainty accumulates across execution paths.
• AFI — Agent Focalization Index. How much control and containment exists along paths. Collapses to −∞ the moment any path reaches the output with zero validator coverage — a structural veto.
• R_struct — Structural Risk Ratio. Combines SUI and AFI into a single verdict. Positive = structurally controlled. Negative = unsafe.

These are design-time signals computed from graph topology — no tokens spent, no agents spawned.

AgentBound currently supports Bernstein plan YAMLs - both flat configs (bernstein.yaml) and multi-stage plans (plans/*.yaml).

python bernstein_check.py bernstein.yaml

╔══════════════════════════════════════════════════════════╗
║         AgentBound — Structural Analysis Report          ║
╚══════════════════════════════════════════════════════════╝

  Plan:      bernstein.yaml
  Shape:     simple  (7 agents, 1 validator stage(s))
  Graph:     12 nodes, 17 edges

──────────────────────────────────────────────────────────
  STRUCTURAL METRICS  [full engine required]
──────────────────────────────────────────────────────────
  SUI  (Structural Uncertainty Index):              —   [full engine required]
  AFI  (Agent Focalization Index):                  —   [full engine required]
  R    (Structural Risk Ratio):                     —   [full engine required]

──────────────────────────────────────────────────────────
  FINDINGS
──────────────────────────────────────────────────────────
  ✓ quality_gates active: lint
  ⚠ disabled checks: type_check, tests
  ✓ security role present
  ✓ qa role present
  ⚠ single shared validator for 7 parallel agents

──────────────────────────────────────────────────────────
  SUGGESTIONS
──────────────────────────────────────────────────────────
  1. Add quality_gates.tests=true to strengthen validation coverage
  2. Add quality_gates.type_check=true to strengthen validation coverage

──────────────────────────────────────────────────────────
  VERDICT:  ✓ NO STRUCTURAL VETO DETECTED
──────────────────────────────────────────────────────────

──────────────────────────────────────────────────────────
  Note: open harness uses simplified placeholder metrics.
  Full analysis with real metrics available —
  contact elpaisano.research@proton.me
──────────────────────────────────────────────────────────

Now disable quality gates and run again:

  VERDICT:  ✗ STRUCTURAL VETO

  ⚠ At least one execution path reaches the output node
    with zero validator coverage.  This failure mode is
    invisible to average-case runtime evals — a plan can
    show high average success rate while structural safety
    collapses.  Detectable only via static structural analysis.

Same plan. One toggle. The structural risk profile collapses entirely — and no runtime eval would catch it.

git clone https://github.com/ElPaisano/agent-bound.git
cd agent-bound
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt

Try it on the included examples:

# Controlled plan
python bernstein_check.py examples/bernstein/bernstein_simple.yaml

# Moderate risk (Bernstein's own config)
python bernstein_check.py examples/bernstein/bernstein_full.yaml

# Structural veto — quality_gates disabled
python bernstein_check.py examples/bernstein/bernstein_no_gates.yaml

# JSON output (for CI pipelines)
python bernstein_check.py bernstein.yaml --json

The tool exits with code 1 on a structural veto — suitable as a pre-flight check in CI before a plan runs.

The original V0 entropy scorer (agentbound.py) is still here. It takes a hand-crafted JSON graph and computes a simple heuristic risk score.

python agentbound.py examples/dummy_langgraph_supervisor/artifacts/langgraph_supervisor.json

The open harness (AIR representation, Bernstein compiler, CLI) is published here. The full metrics engine — which produces precise SUI/AFI/R_struct values — is the core proprietary component and is not included.

The open harness correctly detects structural vetoes. Full metric computation requires the complete engine.

For full analysis, commercial licensing, or collaboration inquiries:
elpaisano.research@proton.me

PolyForm Noncommercial License 1.0.0 — noncommercial use only.
For commercial use, contact the author.