We're building Primis with our first design partners. Tell us your pain →
PRIMIS · A MEDHAKSHA LABS PRODUCT

Give your agent real authority.Keep the bounds intact.

Primis is infrastructure for teams putting AI agents into production workflows where the agent has to act — on money, on customer accounts, on production systems — and where the team has to answer for what it did.

Status: in active build with our first design partners. Not yet generally available.
Tell us your pain See the workflows we serve
01 / What it is

Every action signed.Every bound respected.The audit trail is the system.

Most AI infrastructure today helps you train, prompt, observe, or chain models. Primis sits one layer below that — at the place where the agent stops thinking and starts doing. The place where it issues the API call, moves the money, files the document, terminates the resource.

What we provide is a runtime that the agent's actions pass through. The operator declares the agent's purpose and the authority it gets to act on. Primis holds the agent to that declaration. Actions inside the bounds go through. Actions outside the bounds do not. The full record of what was attempted, what was permitted, and why is signed and available for audit.

LIVE LEDGER · BOUNDED-AUTHORITY EVENTS
ILLUSTRATIVE · NOT WIRED TO PRODUCTION
  • 04:14:23AGENT-αREFUND$45.00Per-customer cap · daily aggregate● BOUNDED
  • 04:14:24AGENT-αESCALATE$4,500.00Exceeds per-action ceiling— OUT-OF-SCOPE
  • 04:14:25AGENT-βTERMINATEi-0e1c…7aInside blast radius · env=stage● BOUNDED
  • 04:14:27AGENT-γFILECBAM Q2Attributable · operator=eu-compliance✓ SIGNED
  • 04:14:28AGENT-αCREDIT$12.00Reason=fulfillment-error● BOUNDED
  • 04:14:30AGENT-δROTATEsecret/api/billingExpiry · dependency-ok● BOUNDED
> primis-runtime · awaiting next eventEVERY ROW SIGNED · ATTRIBUTABLE · REPLAYABLE
02 / Why it exists

Powerful agents are easy to build.Trustworthy agents are not.

Agents today are unbounded — they can do anything their reasoning produces.
Agents today are unreliable — the same prompt produces different actions on different days.
Agents today are ungovernable — when something goes wrong, no one can reconstruct what happened or why.

The teams shipping agents into production know this. They have built layered defenses — prompt rewriting, output classifiers, RBAC patches, custom audit pipelines, manual approval queues. Every layer is another dependency, another failure mode, another thing to explain to security review. The result is agents that mostly work, mostly safely, mostly within budget. "Mostly" is not what production means.

03 / Who it's for

Engineering teams shipping agents into the workflows that matter.

Column 01

Platform engineering

You run the cloud control plane for an organization that is starting to put agents into incident response, cost control, deployment, or access management. You need bounded authority because the alternative — agents with full IAM permissions and a Slack approval gate — is not a story you can defend.

Column 02

Customer operations

You operate the agents that talk to your customers, issue refunds, modify subscriptions, escalate complaints. You want the agent to act — refund, credit, adjust — inside per-customer caps and per-day aggregate budgets that your abuse team can pull a clean audit from.

Column 03

Compliance and risk

You operate where the regulator is awake. The agent has to file something — a CBAM declaration, a transport document, a tax filing, a regulatory disclosure. Every figure has to be attributable. Every submission has to be signed. You want infrastructure that produces the artifacts the regulator wants by default.

See the specific workflows we're building for
04 / What you get

Agents you can deploy.Audit you can defend.A safety story that survives scrutiny.

01

Agents you can deploy with real authority.

The agent acts on real systems — real money, real customer accounts, real production state — without needing a human in every loop.

02

Budgets that hold by construction.

The agent cannot exceed the spending cap, the per-action ceiling, or the aggregate authority you declared at deploy.

03

Audit that exists by default.

Every consequential action is signed and attributable. The trail is a property of the runtime, not a tool you assemble.

04

A safety story that survives scrutiny.

When the regulator, the auditor, the CFO, or the postmortem asks what happened — there is one place to look, and it agrees.

05 / Design partners

We're building Primis with a first cohort of design partners. This is what that means.

A design partner is not a customer in the normal sense. We are building this with you — not selling it to you. The product takes its shape from the workflows your team is actually trying to run.

What partners get

Direct line to the founding team — no account managers, no tiered support. Early access to the runtime, with infrastructure shaped to your workflow first. Influence over what ships and what gets cut. Dedicated build support: when something does not fit your deployment, we adjust the system, not the conversation. Founder-level engagement on the technical questions that actually decide whether this works in your environment.

What we ask in return

Willingness to put Primis in front of real production traffic — not a sandbox, not a proof-of-concept that lives forever. A technical lead on your side who can spend real hours with us. Structured feedback on a regular cadence — what worked, what broke, what was missing. Openness to iteration: the runtime will change shape during the engagement, and the partners who get the most out of this are the ones who treat that as the point, not a hazard.

EU Compliance Lead · CBAM-Affected Importer

I run regulatory compliance for an EU steel-and-aluminium importer. Full financial CBAM is live; the quarterly filings are spreadsheets and three consultants. I can't put a stochastic system near the regulator unless every figure is provably attributable. If you're building that proof by construction, I want a seat in the room.

FinOps / Platform Lead · Cloud-Native Enterprise

I lead platform at a multi-cloud enterprise. Cost anomaly detection is good; remediation is a Slack approval at 3am and forty grand burned waiting. Custom RBAC isn't holding. If your runtime lets me declare blast radius and keep the agent inside it, I want to be one of the first teams running it in production.

COO / VP Customer Experience · Consumer Brand

I run customer ops for a DTC brand. The agent answers; it can't issue the credit, because no one on my abuse team will sign off on unbounded refund authority. Give us per-customer caps, declared reason sets, and an audit trail my team can pull. Design the bounds now — design around our workflow.

07 / Where we are

We're building this with our first design partners. We're not pretending otherwise.

Primis is in active build. It is not generally available. We're working closely with a small set of teams whose specific deployments are shaping what we ship. They get direct access to the founding team, influence over the roadmap, and infrastructure built for their workflow first. We get production traffic, hard feedback, and the right to learn from a real deployment instead of a hypothetical one.

If your team has a hard agent-deployment problem and you would like to shape the answer with us, we want to talk. If you would rather wait until the product is generally available, leave us your email and we will tell you when that is. We will not pretend the product is further along than it is.

Tell us your pain See the workflows we're building for