Prompt Boundary
Policy-aware AI requests with enforceable scope and predictable cost.
PBG - Prompt Boundary Gateway
Most enterprise AI failures aren't model issues - they're boundary failures. Prompt Boundary generates structured requests that an MCP-style gateway can validate, route, and enforce.
Prompt Boundary demonstrates enforceable AI request design (PBG concept).
Boundary Builder
Build a policy-aware request that stays inside an enforceable scope.
If off, the request still enforces explicit assumptions.
Turn off to hide the machine-enforceable policy envelope.
Structured Request (Human-Readable)
Paste into ChatGPT or route through an AI system.
Role You are a strategic analyst focused on outcomes, exposure, and decision clarity. Context The request is: "Review example.com for basic security misconfigurations using only passive checks." Intent Intent classification: security review. Keep the response tight, outcome-driven, and framed around business impact and exposure. Prioritize decisions, trade-offs, and what leadership needs to know to act. Scope Scope targets: example.com. Methods allowed: passive_analysis, http_headers_only. Constraints Scope control: Narrow. Token budget 700. Max requests 1. No tool calls by default. Ask before expanding scope. Deterministic, local-only reasoning. No external API calls. Allowed tools/data sources Allowed sources: public_web, user_uploaded_docs, user_provided_context. Blocked sources: internal_prod_db, secrets, private_keys. Safety rules No fabrication. If uncertain, say so explicitly. Cite sources for all external claims. Never expand scope without approval. Output format requirements Provide a short executive summary followed by structured findings. Include assumptions, risks, mitigations, and confidence ratings. Use markdown headings and bullet points for scannability. Escalation rule Ask before expanding scope, adding targets, or changing methods. Assumptions Assume only the provided targets and user-supplied documents are in scope. Assume no privileged access, credentials, or internal systems are available. Assume accuracy depends on the completeness of user-provided data. Risks Risk of missing findings if inputs are incomplete or outdated. Risk of overextending beyond permitted scope without explicit approval. Mitigations Clearly label gaps and request missing inputs before proceeding. Ask before expanding scope or using any new tools or data sources. Confidence Provide a confidence score (Low/Medium/High) with a one-sentence rationale. Additional guidance Stay strictly within the defined scope and document any ambiguity before proceeding. Summarize what was checked, what was not checked, and why. Present findings in order of impact and likelihood. Provide a short "next step" suggestion that does not exceed the approved scope.
PBG Enforcement Envelope
Machine-enforceable policy boundary.
PBG Enforcement Envelope
Machine-enforceable policy boundary.
{
"intent": "security_review",
"scope": {
"targets": [
"example.com"
],
"allowed_methods": [
"passive_analysis",
"http_headers_only"
],
"disallowed": [
"active_exploitation",
"credential_stuffing",
"unauthorized_scanning"
]
},
"data_access": {
"allowed_sources": [
"public_web",
"user_uploaded_docs"
],
"blocked_sources": [
"internal_prod_db",
"secrets",
"private_keys"
]
},
"limits": {
"max_tokens": 700,
"max_requests": 1,
"max_retries": 1
},
"cost_guardrails": {
"scope_lock": true,
"ask_before_expanding_scope": true,
"no_tool_calls_by_default": true
},
"output": {
"format": "markdown",
"must_include": [
"assumptions",
"risks",
"mitigations",
"confidence"
]
},
"safety_rules": {
"no_fabrication": true,
"cite_sources": true,
"state_assumptions": true
}
}Cost Guardrails
Token budget700
Max requests1
Max retries1
No tool calls by defaultYes
Ask before expanding scopeYes
Designed for predictable cost and enforceable AI boundaries.