control before action

kiff is the
air traffic control
protocol for AI agents.

Agents can fly. KIFF provides shared clearance before anything touches production. The agent can say no. The system says when, where, and on whose authority.

Get started View on GitHub
Coordinated
by design
Safe by
default
Observable
& auditable
Built for
production
Night airport operations: KIFF as air traffic control for AI agents
clearance tower issues clearance
taxi route policy-driven routing
gate check validates intent
takeoff execute with confidence
live · 12 proposals / min
  • clearance tower issues clearance
  • taxi route policy-driven routing
  • gate check validates intent
  • takeoff execute with confidence
why kiff
KIFF control tower silhouette

One tower.
Shared clearance.
Safe outcomes.

KIFF acts as the coordination layer for all agent actions: resolving intent, enforcing policy, and keeping a verifiable record of what happened and why.

The agent can say no. The system says when, where, and on whose authority.

Clearance authority

Signed approvals from the right humans and policies.

Timing & sequencing

Prevent collisions with ordering, locks, rate caps.

Routing & resolution

Deterministic path from intent to safe action.

Context & state

Real-time state, history, dependencies in one place.

Reconstruction

Tamper-evident audit. Replayable months later.

Separation

Isolated runtimes prevent cross-impact.

mechanics

A protocol for safe movement.

Every action follows the same six-phase clearance path. Same vocabulary across humans, agents, services.

Runway with the six-phase clearance path glowing diagonally
  1. 01EVENT
    Something happens.

    Source. Actor. Time.

  2. 02STATE
    Current state read.

    What is true now.

  3. 03DECISION
    Policy evaluates.

    Permissions, contracts, risk.

  4. 04ACTION
    Change is prepared.

    Validated. Not executed yet.

  5. 05APPROVAL
    Authority signs.

    High-risk waits for human.

  6. 06AUDIT
    Logged, replayable.

    Append-only chain.

propose → reconstruct
  • 01 event something happens
  • 02 state current state read
  • 03 decision policy evaluates
  • 04 action change prepared
  • 05 approval authority signs
  • 06 audit logged for replay
roles / interventions

The team that keeps agents safe and efficient.

Each role plays a part in moving requests from intent to impact. KIFF gives every actor the same protocol — humans, agents, services, integrations.

Apron with ground crew, vehicles, and aircraft
Agent
pilot
declares intent
Human approver
ground crew
signs clearance
Adapter
ground crew
moves the workload
Runtime
aircraft
executes within guardrails
Policy
air traffic control
routing & rules
Audit
black box
records everything
six roles · one protocol
  • agent declares intent
  • approver signs clearance
  • adapter moves the workload
  • runtime executes
  • policy rules & routing
  • audit records
checkpoint · clearance prevents collisions

No clearance, no movement.

A plane and a truck on the same runway is how you crash. Two actors on the same state is how you corrupt it. KIFF holds every action at the gate until policy, authority, and timing all clear.

The gate is the same for every actor. The record is the same for every gate.

rejected pending cleared
Checkpoint at the runway gate, plane awaiting clearance
kiff checkpoint · intent → policy → clearance CLEARANCE REQUIRED
gate · 1 awaiting
  1. 01 Validate intent — request complete & well-formed
  2. 02 Evaluate policy — rules, guardrails, organization constraints
  3. 03 Assess impact — state, conflicts, risk, safety
  4. 04 Grant clearance — signed approval with conditions and TTL
  5. 05 Execute & record — append to the immutable log
studio · author the flight plan

Watch a domain take shape.

Studio grows the same domain in four stages — from a bare entity to a complete, scaffold-ready plan. Blocks on the left, the live kiff.yaml on the right. Click a stage to see it fill in.

Open Studio View framework
builder
entity
Orderentity
actions
REFUND_ORDERaction
+ add action
entity
Orderentity
state machine
CREATED → PAID → REFUNDED3 states
actions
MARK_PAIDin CREATED
REFUND_ORDERin PAID
+ add action
entity + states
3 states · 3 eventsstate
action contracts
MARK_PAIDlow
AUTO_REFUNDmedium
REFUND_ORDERhigh · approval
policy · roles
admin · ops_agent2 roles
entity + states
3 states · 3 eventsstate
action contracts
REFUND_ORDERhigh · approval
audit & adapter
Audit · in-memoryaudit
stripe-webhookadapter
kiff.yamllive
# Stage 1 — minimum viable domain.
# One entity. One action. Enough to start.
domain: refund-agno
entity: Order

actions:
  - name: REFUND_ORDER
    executor: refund.issue_refund

# missing: states → 2 · rules → 3 · audit → 4
# Stage 2 — state machine added.
# Events and transitions give it a spine.
domain: refund-agno
entity: Order

events:  [ORDER_PLACED, ORDER_PAID, ORDER_REFUNDED]
states:  [CREATED, PAID, REFUNDED]

transitions:
  - on: ORDER_PLACED   to: CREATED
  - on: ORDER_PAID     from: CREATED  to: PAID
  - on: ORDER_REFUNDED from: PAID     to: REFUNDED

actions:
  - name: MARK_PAID
    allowed_states: [CREATED]
  - name: REFUND_ORDER
    allowed_states: [PAID]
# Stage 3 — full action contracts.
# Risk, approval, permissions made explicit.
actions:
  - name: AUTO_REFUND
    allowed_states: [PAID]
    required_parameters: [amount, reason]
    required_permissions: [orders.refund]
    risk: medium
    approval: never

  - name: REFUND_ORDER
    allowed_states: [PAID]
    required_parameters: [amount, reason]
    required_permissions: [orders.refund]
    risk: high
    approval: required

permissions:
  roles:
    ops_agent: [orders.mark_paid, orders.refund]
    admin:     [orders.refund, orders.approve]
# proposer ≠ approver — the trust boundary holds.
# Stage 4 — complete domain.
# Audit + adapter close the loop. Scaffold-ready.
actions:
  - name: REFUND_ORDER
    risk: high
    approval: required
    executor: refund.issue_refund

audit:
  store: in-memory
  trace_propagation: true

adapters:
  - name: stripe-webhook
    source: stripe
    kind: webhook

# kiff scaffold → domain.go · actions.go
#                 policy.go · domain_test.go
departures · pick a gate

Four gates.

A1 · framework open source, MIT — embed the protocol in your Go backend A2 · studio author a domain into a kiff.yaml and scaffold the code A3 · cloud hosted runtime — start a workspace or continue onboarding A4 · pricing developer-first plans, paid activation, private beta