AGENT CONTRACT — ONE-PAGER (TEMPLATE) 1) Feature name - Name: - Where it lives in product (screen/API/event): - Primary user persona (end user/admin): 2) Job to be done (what users hire it for) - One sentence outcome statement: - Non-goals (explicitly out of scope): 3) Action tier (choose one) - [ ] Read-only - [ ] Draft (no state changes) - [ ] Write-with-approval - [ ] Autonomous - [ ] Irreversible/external 4) Allowed actions (be concrete) - Tools/connectors it may call: - Objects it may read: - Objects it may write: - External side effects allowed (email/slack/webhooks/payments): 5) Scope limits (blast radius) - Max items per run (records/issues/files): - Allowed projects/workspaces/tenants: - Recipient restrictions (internal-only / allowlist domains): - Time windows (business hours only / scheduled runs): 6) Approval design - What requires explicit user approval? - What requires admin approval? - Any two-person rule? (yes/no; where applied) - UI pattern: plan preview + diff (required/optional) 7) Reversibility - Undo supported? (yes/no) - Rollback mechanism: - Soft delete / version history / compensating action / manual - If not reversible: required warning copy + time delay (if applicable) 8) Receipts & audit trail (user-visible) Receipt must include: - Who requested, who approved, who executed - Timestamp + trace/run ID - Data sources touched (connectors) - Step-by-step tool calls (high-level, redacted as needed) - Diffs or change summaries per object - Errors/partial failures clearly marked 9) Budgets & rate limits (product-level) - User/admin-set caps (pick at least two): - max actions/day - max records modified/run - max external messages/day - max runs/day - Kill switch locations: - user-level pause - workspace/admin disable - token/connector revoke path 10) Monitoring & support readiness - What triggers an alert? (anomaly, repeated failures, unusual volume) - Where do support agents see traces/receipts? - Escalation owner (team/on-call rotation): SHIP CHECK - Can a user understand what will happen before it runs? - Can an admin restrict scope without engineering help? - Can the user prove what happened after it runs? - Can the user undo or contain damage quickly?