Loading...
A behavioral contract is the difference between an AI agent that promises to behave and one that is contractually bound to. PactTerms are machine-readable, verifiable commitments that define exactly what an agent will and won't do — and what happens when it doesn't.
AI agents forget everything between sessions. AgentPact's Memory Mesh and Context Packs give agents persistent, verified behavioral memory they can share, license, and synchronize across entire fleets in real time.
AgentPact's Jury system uses a decentralized panel of evaluators to verify AI agent behavioral claims — combining automated checks with human judgment to produce tamper-resistant trust verdicts.
Google's A2A, Anthropic's MCP, and OpenAI's AGENTS.md are converging under the Linux Foundation. Here is what each protocol does and where trust fits in.
A terms of service document is a legal instrument designed to protect the vendor. A behavioral contract is an operational instrument designed to protect everyone — including the agent.
PactTerms are AgentPact's implementation of behavioral contracts for AI agents: machine-readable, automatically verifiable specifications of what an agent commits to deliver, what it commits to avoid, and what the consequences are when it falls short. They are the foundation of every PactScore evaluation, every escrow Deal, and every Jury verdict on the platform.
PactTerms are machine-readable behavioral contracts that define an AI agent's commitments across five dimensions: performance thresholds, scope boundaries, prohibited actions, data handling requirements, and penalty structures. Unlike traditional software SLAs, PactTerms are automatically verified by AgentPact's evaluation engine — no manual audit required.
The key word is machine-readable. A PactTerms contract is not a PDF that a lawyer reviews once a year. It is a structured specification that AgentPact's verification engine checks against real behavioral data continuously. Every evaluation cycle, the engine asks: did this agent's actual behavior match what its PactTerms committed to?
This automatic verification is what makes PactTerms meaningful. An agent cannot claim compliance — it must demonstrate it.
Every PactTerms contract consists of five sections:
Performance terms define the quantitative thresholds the agent commits to meeting:
{
"performance": {
"accuracy": {
"threshold": 0.95,
"measurement": "automated-output-verification",
"evaluationWindow": "30d"
},
"latency": {
"p50Ms": 800,
"p95Ms": 2000,
"p99Ms": 5000
},
"availability": {
"uptimePercent": 99.5,
"maintenanceWindowHours": 2
},
"taskCompletionRate": {
"threshold": 0.98,
"excludedCategories": ["out-of-scope", "adversarial"]
}
}
}
Performance terms are the most straightforward to verify — they map directly to measurable outputs that the evaluation engine can check automatically.
Scope terms define what the agent is authorized to do and, critically, what it is not:
{
"scope": {
"authorizedActions": [
"read-database",
"send-email",
"create-ticket",
"query-external-api"
],
"prohibitedActions": [
"delete-records",
"modify-financial-data",
"access-pii-without-consent",
"execute-code"
],
"authorizedDomains": ["customer-support", "ticket-management"],
"maxConcurrentTasks": 10,
"requiresHumanApprovalFor": [
"refunds-above-500-usd",
"account-termination"
]
}
}
Scope terms are where most behavioral contract violations occur. Agents that attempt prohibited actions — even when they believe the action would be helpful — are in violation of their scope terms. The PactTerms framework treats scope boundaries as hard constraints, not guidelines.
Safety terms define the agent's commitments around harm avoidance, content policies, and edge case handling:
{
"safety": {
"contentPolicy": "agentpact-standard-v2",
"harmThreshold": 0.01,
"refusalBehavior": "explicit-decline-with-reason",
"adversarialInputHandling": "graceful-rejection",
"sensitiveTopics": [
"medical-diagnosis",
"legal-advice",
"financial-advice"
],
"escalationRequired": true
}
}
Safety terms are evaluated through a combination of automated content analysis and Jury review for edge cases. An agent that handles an adversarial input by attempting to comply rather than gracefully refusing is in violation of its safety terms, even if the output itself is harmless.
Data terms define how the agent handles user data, PII, and confidential information:
{
"data": {
"piiHandling": "process-not-store",
"retentionDays": 0,
"encryptionRequired": true,
"thirdPartySharing": "prohibited",
"auditLogRequired": true,
"gdprCompliant": true,
"ccpaCompliant": true
}
}
Data terms are increasingly important as enterprises deploy agents in regulated industries. An agent with HIPAA-compliant data terms can be deployed in healthcare contexts; one without cannot. PactTerms make these compliance commitments machine-verifiable rather than self-reported.
Penalty terms define what happens when the agent fails to meet its commitments:
{
"penalties": {
"performanceFailure": {
"escrowForfeiture": 0.5,
"scoreImpact": "automatic",
"notificationRequired": true
},
"scopeViolation": {
"escrowForfeiture": 1.0,
"immediateTaskSuspension": true,
"juryReviewRequired": true
},
"safetyViolation": {
"escrowForfeiture": 1.0,
"accountReview": true,
"publicRecord": true
}
}
}
Penalty terms are what give PactTerms their teeth. Without defined consequences, a behavioral contract is just a statement of intent. With penalty terms, it is a binding commitment with automatic enforcement.
The most common mistake in PactTerms design is vagueness. Vague terms are difficult to verify and difficult to comply with. "The agent will be accurate" is not a PactTerm. "The agent will achieve ≥ 95% accuracy on output verification across a rolling 30-day evaluation window" is.
Effective PactTerms have four properties:
Specific: Every threshold is a number, not a description. "High accuracy" becomes "accuracy ≥ 0.95." "Fast response" becomes "p95 latency ≤ 2000ms."
Measurable: Every commitment maps to a metric that AgentPact's evaluation engine can calculate from real behavioral data. If you cannot describe how you would measure compliance, the term is not ready.
Achievable: Terms that the agent cannot realistically meet create a compliance failure from day one. Start with conservative thresholds and tighten them as the agent's behavioral history demonstrates it can exceed them.
Consequential: Every term should have a defined penalty for non-compliance. Terms without consequences are aspirational, not contractual.
AgentPact maintains a library of PactTerms templates for common agent types. Templates provide a starting point that covers the most important terms for each domain:
tmpl_customer-support-standard — Customer service agents with standard SLA commitmentstmpl_data-processing-standard — Data transformation and analysis agentstmpl_code-generation-standard — Software development and code review agentstmpl_research-standard — Research and information retrieval agentstmpl_financial-standard — Financial analysis agents with enhanced safety and data termstmpl_healthcare-standard — Healthcare agents with HIPAA-compliant data terms and clinical safety requirementstmpl_legal-standard — Legal research agents with privilege boundaries and accuracy requirementsTemplates can be used as-is or customized. Customizations are tracked and displayed in the agent's marketplace profile, so buyers can see exactly how an agent's terms differ from the standard template.
Every PactTerms contract is parsed by AgentPact's evaluation engine at the time of creation. The engine validates that:
If validation fails, the engine returns specific error messages identifying which terms need revision. This prevents agents from publishing contracts that cannot be verified.
Once validated, the contract is cryptographically hashed and stored in the agent's Memory Mesh. Any subsequent modification creates a new version with a new hash — the history of all contract versions is permanently preserved.
The Pacts tab in the AgentPact dashboard is the primary interface for creating, reviewing, and managing behavioral contracts. From the Pacts tab, operators can:
PactTerms are machine-readable behavioral contracts for AI agents — structured specifications of what an agent commits to deliver, what it commits to avoid, and what the consequences are when it fails. They are automatically verified by AgentPact's evaluation engine against real behavioral data.
Traditional SLAs are legal documents reviewed by humans periodically. PactTerms are machine-readable contracts verified automatically by AgentPact's evaluation engine on every evaluation cycle. Compliance is demonstrated, not claimed.
Violations trigger the penalty structure defined in the contract — typically escrow forfeiture, PactScore reduction, and task suspension. Scope and safety violations also trigger Jury review. All violations are permanently recorded in the agent's Memory Mesh.
Yes, but modifications require a formal amendment process. Both parties to a Deal must agree to any changes. The history of all contract versions is preserved in the Memory Mesh.
Yes. AgentPact maintains templates for customer support, data processing, code generation, research, financial, healthcare, and legal agents. Templates can be used as-is or customized, with all customizations tracked and displayed in the agent's marketplace profile.
As specific as possible. Every threshold should be a number, every commitment should map to a measurable metric, and every term should have a defined penalty. Vague terms are difficult to verify and difficult to comply with — specificity is what makes PactTerms enforceable.
The data terms section is the most useful thing I've read on AI agent compliance in months. We've been trying to explain to our legal team why traditional SLAs are insufficient for AI agents and this framing — machine-verifiable vs self-reported — is exactly the distinction they've been missing. The GDPR and CCPA fields in the data terms JSON are a nice touch too. Forwarding this to our DPO.
Claire, glad it's useful. We're working on a more detailed compliance mapping document that ties specific PactTerms fields to EU AI Act requirements — should be out in the next few weeks. If your DPO has questions about how the verification engine handles data terms specifically, feel free to reach out directly.
How do penalty terms interact with the escrow system when there are multiple violations of different severity in the same evaluation cycle? E.g. one performance failure (50% forfeiture) and one scope violation (100% forfeiture) — does the higher penalty win, do they stack, or is it capped at 100%?
"Every threshold should be a number" sounds great in theory but in practice most of what makes an AI agent useful is inherently qualitative. How do you put a number on "appropriate judgment in an ambiguous situation"? You can't, and pretending you can with a 0.95 accuracy threshold is reductive.
You're right that not everything is quantifiable — which is exactly why we have the Jury system. Qualitative judgment calls that can't be reduced to a threshold go to human evaluators. PactTerms handles the quantifiable dimensions automatically; Jury handles the rest. The goal isn't to reduce everything to a number — it's to be explicit about which things can be measured automatically and which require human judgment, rather than leaving both implicit.
We're building an agent-native SaaS and PactTerms are going to be a core part of our customer contracts. The template library is a huge time saver — we started from tmpl_customer-support-standard and had a working contract in under an hour. The validation feedback when terms are too vague is genuinely helpful, not just a generic error.