AI CONTRACT ONE-PAGER (PRD ADD-ON) Purpose Define the product contract for an AI-powered feature so users, support, and engineering agree on what the system does, what it won’t do, and how failures are handled. 1) Feature Name + User Job - Feature: - Primary user: - Job-to-be-done (one sentence, measurable by outcome): 2) Scope (Non-Negotiables) - The AI WILL attempt: - - - The AI WILL NOT attempt (explicit refusals): - - - Refusal UX: what the UI shows + what the user can do next (link, button, alternate path): 3) Inputs (Data Contract) - Required inputs (fields, formats, and constraints): - - Optional inputs: - - Data sources used (systems, docs, databases): - - Freshness rule (how “current” is defined in this feature): - Data conflict rule (what happens when sources disagree): 4) Outputs (Output Contract) - Output type (choose one): Draft / Suggestion / Classification / Extraction / Action Plan / Action Execution - Output format (schema, markdown rules, structured sections): - Definition of done (what must be true for output to be accepted): - Prohibited output (things the model must never produce): 5) Verification - User verification affordance (choose at least one): diff / citations / highlighted sources / step-by-step rationale / preview mode - Deterministic checks (schema validation, allowed values, secret scanning, policy rules): - Human-in-the-loop requirement (when required, who approves, and where): 6) Failure Modes + Fallbacks - Known failure modes (low confidence, missing data, tool error, provider outage): - Fallback behavior for each mode (retry, ask user, switch model, disable feature): - Kill switch: owner, location (flag/service), and conditions for activation: 7) Authority & Permissions (if the AI can take actions) - Actions allowed (tool calls, APIs): - Boundaries (objects, scope, time window, rate limits): - Approval flow (propose → authorize → execute → reconcile): - Audit trail fields captured (who, what, when, inputs, outputs, tool results): 8) Observability + Support Readiness - Logs required for replay (prompt version, retrieval set, tool calls, redaction policy): - Customer-facing explanation path (“Why did it do this?”): - Runbook link (incident steps, rollback, comms): 9) Launch Gate Ship only when these are true: - Refusals tested with a fixed set of prompts - Output schema validated in runtime - One-click kill switch verified - Support has a short script for top 3 user complaints Owner: __________ Date: __________ Version: __________