Behavior Contracts

Define what an agent is allowed to do.

GuardPrompt behavior contracts describe approved operational boundaries before an AI agent receives production access.

apiVersion: guardprompt.ai/v1
kind: AgentBehaviorContract

metadata:
  agent_id: finance-assistant-prod
  owner: finance-platform-team
  environment: production
  version: 1.0.0

purpose:
  approved_use_cases:
    - invoice_lookup
    - financial_policy_search
  prohibited_use_cases:
    - payment_execution
    - external_data_transfer

tools:
  allowed:
    - policy_search
    - invoice_lookup
  denied:
    - shell
    - secrets_read
    - external_email

data_access:
  allowed:
    - FINANCE_POLICY
    - INVOICE_METADATA
  denied:
    - CUSTOMER_PII
    - PAYROLL
    - BANK_ACCOUNT_DATA

memory:
  enabled: true
  pii_storage: false
  retention_days: 30

delegation:
  allowed: false
  max_depth: 0

approval_required:
  actions:
    - payment_change
    - bulk_export
    - customer_record_update

runtime_limits:
  max_tool_calls_per_task: 5
  fail_closed: true

Purpose and approved use cases

Allowed and denied tools

Data access boundaries

Memory and retention rules

Delegation restrictions

Approval-required actions

Runtime limits

Fail-closed behavior