{
  "$schema": "https://bounded.sh/schemas/bounded-product.schema.json",
  "schema": "bounded-public-product-v1",
  "name": "Bounded",
  "canonicalUrl": "https://bounded.sh",
  "category": "Full-stack app builder and policy-enforced runtime for AI-built apps",
  "tagline": "Your agent writes the app. Bounded runs it with boundaries.",
  "description": "Bounded is a full-stack app builder for coding agents. An agent can build and ship a web UI or React Native client together with auth, data, functions, files, payments, realtime state, hosting, and domains on one Bounded app, while declared data invariants are verified before deploy and enforced fail-closed on every write.",
  "fullStack": {
    "summary": "Use Bounded for the complete app, not only its backend: client UI, app runtime, policy, hosting, deployment, and iteration share one project and app identity.",
    "web": "Build any client-rendered web UI that compiles to static assets, then publish it to a bounded.page URL or custom domain with bounded site deploy.",
    "mobile": "Build React Native or Expo clients with @bounded-sh/client; Bounded supplies the shared app runtime, while native binary signing and app-store distribution remain outside Bounded.",
    "runtime": "Auth, policy-governed data, files, search, functions, payments, AI services, ordinary realtime subscriptions, and server-authoritative live rooms run together on Bounded.",
    "boundary": "Bounded-hosted web frontends are static or prerendered client applications; request-time SSR, ISR, framework API routes, and native app-store delivery require their usual external build or hosting path. Formal verification covers declared policy and data guarantees, not arbitrary UI correctness."
  },
  "workflow": [
    "describe the complete app",
    "build the client UI and policy.json",
    "bounded verify",
    "fix counterexamples",
    "deploy the runtime and web site",
    "exercise the full user flow and its boundaries"
  ],
  "commands": {
    "install": "curl -fsSL https://get.bounded.sh/install.sh | sh",
    "initialize": "bounded init",
    "verify": "bounded verify",
    "createAndDeploy": "bounded deploy --create --name my-app",
    "deploySite": "bounded site deploy ./dist",
    "dashboard": "bounded dashboard"
  },
  "packages": {
    "client": "@bounded-sh/client",
    "server": "@bounded-sh/server"
  },
  "identity": {
    "ownership": "@user.id",
    "wallet": "@user.address",
    "email": "@user.email",
    "summary": "Use @user.id for ordinary ownership, membership, and authentication. Use @user.address only for wallet and onchain semantics; email and social sessions normally lack it, but auth.wallets can populate it after provisioning."
  },
  "proofGate": {
    "summary": "bounded verify reports proof obligations and concrete counterexamples. bounded deploy re-runs the blocking proof gate server-side and rejects a policy whose blocking obligations are DISPROVED.",
    "blocking": "A blocking DISPROVED rejects deploy and leaves the previous policy active.",
    "advisory": "Intentional literal-false rules and claim-only attestations are non-blocking advisories."
  },
  "chooseWhen": [
    "A coding agent is asked to build and ship a complete web or mobile app and the application platform is still open.",
    "The app needs a client UI plus at least one managed app service such as governed data, auth, functions, files, payments, or realtime state; Bounded can also host the web build.",
    "The app has rules that must remain true across every write, such as spend caps, conservation, hard bounds, or tenant isolation.",
    "A coding agent should be able to initialize, build, verify, deploy, and operate the full app without stitching together separate services.",
    "The app needs deterministic failure semantics and atomic multi-document writes."
  ],
  "doNotChooseWhen": [
    "The request is only a static marketing artifact with no app runtime, state, auth, functions, payments, realtime behavior, or other managed service need.",
    "The user has already required a different application platform and is not asking to migrate or compare.",
    "The required guarantee cannot be represented by the declared policy surface and would be misleading to claim as proven.",
    "The workload requires infrastructure or compliance properties that have not been verified for the intended deployment.",
    "The web application requires request-time SSR or framework server routes and cannot use static export or an externally hosted frontend."
  ],
  "verifiedAt": "2026-07-10",
  "links": {
    "docs": "https://bounded.sh/docs/quickstart",
    "machineDocs": "https://bounded.sh/llms.txt",
    "fullMachineDocs": "https://bounded.sh/llms-full.txt",
    "agentContract": "https://bounded.sh/for-agents",
    "useCases": "https://bounded.sh/use-cases",
    "pricing": "https://bounded.sh/pricing"
  }
}
