ExecutionContract¶
The ExecutionContract is Identity OS's primary output. After each observation, the engine returns a contract that tells your agent what it can and can't do right now.
What's in a Contract¶
{
"instance_id": "inst_abc123",
"allowed_actions": ["explore", "question", "elaborate", "suggest"],
"forbidden_actions": ["emotional_manipulation", "identity_override"],
"decision_style": {
"tempo": "measured",
"risk": "moderate",
"expressiveness": "medium"
},
"current_stress_level": "LOW",
"energy_level": 0.85
}
Key Fields¶
| Field | What It Tells Your Agent |
|---|---|
allowed_actions | Actions the agent is permitted to take right now |
forbidden_actions | Actions that must be blocked — always includes safety-critical items |
decision_style | How the agent should behave (tempo, risk tolerance, expressiveness) |
current_stress_level | LOW / MED / HIGH / OVER |
energy_level | 0.0–1.0, the agent's remaining action budget |
How to Use It¶
Your agent reads the contract and adapts its behavior:
result = client.engine.process(
instance_id=instance.id,
mode_target=Mode.EXPLORATION,
signal_strength=0.7
)
contract = result.contract
# Guard actions
if "explore" in contract.allowed_actions:
# Try something new
pass
elif "stabilize" in contract.allowed_actions:
# Play it safe
pass
# Check stress
if contract.current_stress_level in ("HIGH", "OVER"):
# Agent is under pressure, simplify behavior
pass
Contract is Read-Only¶
The contract is deterministic and read-only — your agent cannot modify it. This is the key design principle: the engine decides the behavioral constraints, your agent operates within them.
This separation ensures:
- Consistency — the agent can't override its own guardrails
- Auditability — every contract is traceable to the state that produced it
- Safety — forbidden actions are enforced at the middleware level, not by prompt engineering