Runtime Contract

10-Second overview

The Runtime Contract defines the behavioral guarantees provided by the Context Layer runtime during execution. These guarantees describe how execution is validated, enforced, and verified.

Why the runtime contract exists

Without a formal contract, execution guarantees are implicit and inconsistent. Rules differ across deployments. Workflow ordering can be violated. Provider misconfiguration can go undetected. Runtime traces can be missing. Context construction can vary.

The Runtime Contract centralizes these guarantees. Developers receive consistent enforcement behavior regardless of deployment. The contract version binds execution semantics.

Scope

The contract applies to both execution modes: Flow Mode and Pulse Mode. See Execution Authority for execution mode definitions.

Runtime guarantees

The following guarantees are defined by the runtime.

Execution Mode Enforcement

Execution mode (Flow or Pulse) is bound to the API key at creation and enforced throughout execution.

Session Ownership Enforcement

The runtime enforces session lifecycle. Flow sessions require atomic termination. Pulse sessions follow conversational lifecycle rules. Cross-project state access is not permitted.

Consistent Flow Execution

Repeated execution of the same workflow step returns the same runtime response for identical inputs and runtime state.

Sequential Flow Execution

Flow workflows enforce strict step ordering. Only one step executes at a time for a workflow session. Concurrent requests for the same session are rejected.

Session-Level Enforcement

Constraints accumulate across workflow steps within a session. The runtime enforces each active constraint at every subsequent step, not as passive context, but as a verified requirement. When a constraint is violated, the runtime detects it and corrects it before the response returns. Constraints established at any point in the workflow apply to the final output. When canonical context has drifted from its source constraints, the runtime degrades the trust signal and records the staleness in the execution receipt.

Context Construction

Context Layer constructs invocation context from declared inputs, session state, and active constraints. Context assembly is version-bound and reproducible given identical inputs.

Byte-stable serialization

Context assembly produces byte-identical output for identical inputs. Chunk ordering follows a fixed priority sequence. Constraints are sorted deterministically before rendering. This guarantee ensures that identical session state and inputs produce identical prompts across executions.

Decision Traceability

Runtime decisions that affect execution are recorded and exposed within the execution scope.

Invocation Idempotency

The runtime enforces idempotent execution behavior for repeated invocation requests.

Provider Retry Reliability

The runtime enforces consistent retry behavior for provider invocation failures according to configured retry policy.

Provider Invocation Boundary Enforcement

All model provider invocations occur through the Context Layer runtime. Applications do not call model providers directly when operating under the runtime contract.

Verifiable Workflow Completion

Flow workflows produce an Authority Report upon session termination. Reports are retrievable via the runtime API and provide evidence of execution behavior under the runtime contract.

Output Verification

The runtime verifies every execution against owned context. Violations are reported authoritatively. Verification results are included in every response.

See Verification for full details.

Reasoning Contamination Detection

The runtime evaluates every Flow step for reasoning contamination. Outputs are re-verified against owned constraints and canonical context with prior session history excluded. Contamination is detected and reported by the runtime. Entanglement reports are included in the response when triggers fire.

Agent-Compatible Continuous Execution

Flow mode supports continuous multi-step execution without explicit termination when the API key is configured with agent usage type. Sessions persist across calls and accumulate constraint and execution state. Lifecycle is managed by the runtime. See Usage Type.

Automatic Session Finalization

Agent sessions that go inactive for approximately two hours are finalized automatically by the runtime. An Authority Report is generated and the session is terminated without developer intervention.

Determinism clarification

Context Layer v2.2 guarantees consistent execution behavior, not deterministic model output. Workflow ordering is enforced. Runtime enforcement rules are applied consistently. Model generation itself remains nondeterministic.

Flow and Pulse mode differences

Flow mode

Sequential workflow step execution. Authority Report generation on session termination.

Pulse mode

Conversational session lifecycle. No Authority Report generation.

Non-claims

The Runtime Contract does not guarantee model correctness, semantic accuracy, provider-level guarantees beyond enforcement boundaries, or model reasoning quality. The runtime governs execution behavior, not how models generate responses.

Versioning

The Runtime Contract is versioned. Execution behavior is bound to the contract version active at session creation.

Related runtime documentation

Architecture

Defines system-level component boundaries and the Context Layer runtime structure.

System Boundary

Explains the separation of responsibilities between applications, Context Layer, and LLM providers. Describes what Context Layer controls and what lies outside its authority.