Docs Product

Reusable operational domains

A domain is the thing you build once with KIFF: the state, the valid actions, the authority and approvals, the outcomes, and the evidence that an agentic system would otherwise rebuild around every new agent. A domain is the operational contract your software runs against — and the unit you reuse.

That is the apex idea. The decision boundary, the controls, the receipts, and Govern are all things a domain has. Start here, and the rest of these pages are detail.

What a domain holds

A domain gathers, in one place, the operational facts about a slice of your business:

  • State — what counts as the current status of an entity (an invoice is PENDING or PAID; a refund is REQUESTED or SETTLED), derived from the events KIFF has seen.
  • Actions — the consequential operations that can be taken (ISSUE_REFUND, CREATE_PAYOUT, PAY_INVOICE) and the states each is allowed in.
  • Authority and approvals — who may propose what, what needs a human sign-off, and the thresholds that trigger it.
  • Outcomes and evidence — the terminal result of each proposal and the signed receipt that proves what was decided, before execution.

A Protected Control is how you express one consequential action inside a domain. It is the natural starting point — pick the one action you’d least like taken unsupervised — but it is a part of the domain, not the foundation everything sits on. The domain is.

Reuse is the point

The reason a domain is worth building is that it outlives any single agent. Once the operational contract exists, you can:

  • connect a new agent, or replace the one you have, without rewriting what “a legitimate refund” means;
  • put a human, a scheduled job, or a service through the same boundary the agent uses;
  • change the framework underneath without changing the contract above.

You build the refund domain, the payout domain, the access-change domain once. The agents that act through them are interchangeable. That is the difference between governing an agent and owning an operational domain.

How you build one

You don’t start from a blank file. Attach the guard to an agent you already run, in observe mode, and it derives a starter domain from real traffic — the actions your agent actually calls, ready to review. You activate the domain in the dashboard, then point the guard at it in enforce mode. See the quickstart and how the guard works.

The Cloud unit: a governed operation

When you run a domain on KIFF Cloud, the thing that’s counted is a governed operation: one unique authenticated proposal that KIFF evaluates against current state and the active domain contract and records with a terminal outcome. Idempotent retries of the same proposal do not create another governed operation — the duplicate that state refuses is not a second billed event.

Domains, actions, agents, integrations, and development environments are not metered. They expand what the platform is worth; only governed operations are counted. See the pricing page for how Cloud operation is bought.

Honest boundaries

  • A domain is yours. KIFF decides whether a proposed action conforms to the contract you declared; it does not invent authority you didn’t set, and it never becomes your executor.
  • Reuse is a property you build toward, not a marketplace claim. KIFF does not yet offer a public exchange of domains authored by other customers; reuse here means reuse across your own agents, humans, and services.

Next