Three boundaries. One policy and proof schema.
The articles are still grouped by boundary, but the product point is the shared control plane: dangerous tool calls, governed Postgres branches, and protected GPU work all carry policy context, evidence, caveats, and proof artifacts into the same buyer packet.
Agent action enforcement
The action side of the shared constitution: model-selected tool calls, native tools, adversarial plans, halt state, and normalized evidence before dangerous function bodies run.
Governed database branching
The data side of the same proof model: governed Postgres branches, isolated writes, cleanup, and evidence that source data stayed untouched.
Protected compute execution
The compute side of the shared evidence schema: third-party GPU execution with attestation, encrypted package release, runtime evidence, and zeroized cleanup.
More articles should come from measured runs, not claims.
The next useful public piece should be one measured cross-boundary run: a single agent under one constitution, with a blocked dangerous tool call, governed database branch, protected compute run, and one buyer proof packet.