Skip to main content

Tansive Overview

Open platform for Policy-driven, Auditable, Secure, AI Agents

Tansive is a developer- and ops-friendly platform for building, executing, and governing AI agents and tools with declarative workflows and fine-grained policies. Whether you are automating tasks that touch sensitive systems, creating AI agents that securely access multiple systems within your company to gather precise context, or building new business workflows on top of existing data, Tansive gives you the platform to deploy and run them safely while meeting compliance requirements.

Tansive is not another agent framework. Tansive is agnostic to both agent frameworks and programming languages. Bring your own agents and tools — written in any language, using any interface — and Tansive will help chain them together, apply fine-grained policy, and manage their execution, control, and lifecycle.

Tansive is open-source. We are currently at 0.1-alpha.1, and the platform is rapidly evolving. You can expect to find rough edges, but we look forward to partnering with you to help support your use-case.

This documentation will help you get started with Tansive and understand how to build powerful, trustworthy automation workflows.

Jump to Getting Started

Why Tansive?

Companies and teams want to adopt AI agents — but they're running into real obstacles:

  • Context is king — Agents need access to data from sprawling enterprise systems to be useful — but integrating securely across APIs, services, and data silos is a hard problem. Data consolidation is a whole new project,and an expensive one.
  • Security is a blocker — More data access means more systems, more tokens, more risk. Without scoped policies and boundaries, agent behavior can produce unintended outcomes.
  • AI agents are non-deterministic actors — They are hard to observe, breaking traditional DevOps models. Current Authn models are designed for systems that behave deterministically, not for Agents. Prompt engineering and using one AI model as a guardrail for another are necessary, but not sufficient.
  • Agent-to-agent and tool chaining amplifies risk — Weak links in a chain of calls become issues with a large blast radius. It is hard to prove process or regulatory compliance when one or more steps are non-deterministic and unconstrained.
  • Existing frameworks focus on building agents — Doesn't solve the problem of taking agents to production.
  • Operational Burden — Playbooks calling for new services and APIs to speak Agent protocols shift complexity and risk elsewhere. New APIs and services means added development and operational burden plus expanded security surface area and compliance scope.

What is Tansive?

Tansive is a platform for running agentic systems that are policy-enforced, operated by teams using their battle-tested CI/CD workflows, and deployed in secure infrastructure — on-prem or multi-cloud.

It helps developers embed agentic workflows into their applications or build new vertical use cases on top of existing data, without needing to learn new languages, complex SDKs, and frameworks.

Ops teams can run agents just like they run APIs and services today: declaratively, securely, and with full observability and compliance.

Tansive enables:

  • Runtime enforcement of declarative policies: Tansive enforces policy rules over access and execution at runtime via policy-bound sessions. Rules can be scoped on any dimension, and every tool call and agent invocation is evaluated against policy rules. Ensure agents only do what they're permitted to do.
  • Immutable constraints per agent session: Sessions can be pinned to immutable values at runtime. User-defined transform functions reject or morph the input to every tool or agent call. This creates a hard boundary against runaway agent calls and prompt injection. Protect sensitive data such as PII, PHI, and PCI. Ensure regulatory compliance.
  • Configure Tansive via declarative specs: Tansive is configured via version controlled, declarative YAML specs reminiscent of cloud-native patterns. Policies are modeled on familar cloud IAM constructs. This fits naturally within existing GitOps workflows. Low cognitive load and operational burden for Ops teams
  • Language and framework agnostic: The most effective tools and AI agents are built by the teams who actually use them. In Tansive, tools can be written as a bash script or in Python, Java, or anything else. And no special SDKs, servers, or frameworks required. Enable faster adoption of AI agents that solve day-to-day problems.
  • Tamper-evident audit logs: Tansive logs every tool call and agent invocation along with inputs and the policy rules that allowed or denied the call. Logs are hash-linked and signed at source to ensure integrity and provenance. This provides a barrier against malicious or unauthorized calls. Enable observability, prove compliance, and support audit.

Fig. 1 Tansive Architecture

Tansive Architecture