v0.2.0

Declare what your coding agent may read, write, run, and spend

v0.2.0 repositions agent-contracts as repo-local, fail-closed guardrails for autonomous coding/build agents. One YAML file declares the boundaries. One verdict artifact proves the run honored them. One CI gate refuses to merge if it didn't.

pip install aicontracts==0.2.0
aicontracts init --template coding -o AGENT_CONTRACT.yaml
aicontracts validate AGENT_CONTRACT.yaml

What's new since v0.1.1

Core

• Filesystem read/write authorization scopes (glob-based, default-deny when configured)
• Shell command authorization scopes with strict metacharacter rejection — commands containing ;, &, |, <, >, `, $(, or newline are denied outright, closing a bypass where fnmatch's * would consume shell operators
• Shell-command budgets (max_shell_commands)
• Durable verdict artifact emission (verdict.json) with outcome semantics: pass | warn | blocked | fail
• CLI verdict gating: aicontracts check-verdict exits non-zero on blocked or fail
• Coding-agent trace bootstrap improvements (aicontracts init --from-trace)

Framework adapters (optional, pinned, real-SDK tested in CI)

Framework	Extra	Pinned SDK
Claude Agent SDK	aicontracts[claude]	claude-agent-sdk==0.1.56
OpenAI Agents SDK	aicontracts[openai]	openai-agents==0.13.5
LangChain	aicontracts[langchain]	langchain-core==1.2.26

All three require Python 3.10+. Core supports 3.9+. Each adapter is tested against the real installed SDK base class in CI — not stub fallbacks.

Fixed

• OpenAI adapter import path (from agents import RunHooks, not from openai_agents)

Removed

• CrewAI adapter and [crewai] extra
• Pydantic AI adapter and [pydantic-ai] extra

Security

• Shell command matcher now strict-rejects metacharacters. New ShellMetacharacterError (subclass of EffectDeniedError) with 13 regression tests covering ;, &&, ||, |, >, <, >>, $(, backtick, newline, and trailing &.

Design stance

The contract, CLI, verdict artifact, and GitHub Action are framework-agnostic and provider-agnostic. The CI verdict gate is the source of truth — in-runtime adapters are convenience. Works with Claude Code, Codex, Cursor, and any agent runtime.

v0.3.0 roadmap

A companion @aicontracts/* TypeScript package with adapters for Vercel AI SDK, Claude TypeScript SDK, and OpenAI Agents JS.

---

Full Changelog: v0.1.1...v0.2.0

v0.1.1

What's New

• Precondition Evaluation — inputs.preconditions[] evaluated on input BEFORE agent runs. PreconditionError blocks execution before tokens are spent.
• OpenAI Agents SDK Adapter — ContractRunHooks(RunHooks) for effect gating, token tracking, postcondition evaluation. pip install aicontracts[openai]
• Claude Agent SDK Adapter — ContractHooks with structured deny via PreToolUse. Cost/token extraction from ResultMessage. pip install aicontracts[claude]
• GitHub Action — pyyush/agentcontracts@v0.1.1 composite action for CI contract validation
• README Badges — PyPI version and CI status
• 35 new tests (188 total)

Full Changelog: v0.1.0...v0.1.1

v0.1.0 — YAML spec + Python SDK for production agent reliability

First release. YAML spec + Python SDK for production agent reliability.

Install

pip install aicontracts

Highlights

• 3-tier graduated spec — Tier 0 (4 fields) → Tier 1 (cost control, tool gating) → Tier 2 (multi-agent composition, SLOs)
• Default-deny effect authorization — allowlist at SDK layer, not prompts
• Budget circuit breaker — thread-safe limits on cost, tokens, tool calls, duration
• Safe postcondition evaluator — CEL-like expressions, no eval()
• OTel-compatible violation events — structured audit trail
• Runtime enforcer — decorator, context manager, or explicit API
• Composition checker — Contract Differential for multi-agent pipelines
• CLI — aicontracts validate, check-compat, init --from-trace, test
• Framework adapters — LangChain, CrewAI, Pydantic AI (3-line integration)
• 153 tests, ~90% coverage

Full docs: https://github.com/pyyush/agentcontracts/tree/main/spec