v1.1.0 · readiness and production gates

Contracts before code.
Tests as law.

Pact is a contract-first AI software engineering framework. It decides architecture, interfaces, tests, operational maturity, security, privacy, compliance, gates, and monitoring before implementation starts.

Read the docs View source Install from PyPI
Plan-firstContracts and tests before implementation
Claude + CodexNative handoff and implementation paths
Typed readinessSecurity, privacy, compliance, gating, testing
Mechanical gatesProduction evidence, drift checks, review, audit

AI can write code quickly. It cannot be trusted to define its own boundaries.

The expensive part of software is not generating code. It is deciding what the system must do, what it must never do, what evidence proves it, and what happens when production disagrees. Pact makes those decisions first.

01

Architecture first

Tasks decompose into explicit components with typed contracts, dependencies, side effects, authority boundaries, and acceptance criteria.

02

Tests first

Every contract gets executable tests before implementation. Agents can race, iterate, or fail; the contract remains the judge.

03

Evidence first

Production readiness is not a vibe. It is a file-backed pack of control mapping, trust assertions, threat model, preflight, live validation, and drift checks.

One pipeline. Explicit gates.

Pact defaults to plan-only. The active Claude or Codex agent implements after the plan exists, or Pact can own implementation explicitly with --implement.

01Interview and shape the task
02Resolve readiness and assumptions
03Decompose into contracts
04Generate tests and validate
05Implement, integrate, review
06Certify and ship with evidence

Readiness is now a typed input, not a late-stage argument.

Every new project gets a default profile, and every AI-authored build spec can override it. Pact then asks the human to confirm the actual bar before decomposition or contract authoring starts.

  • Operational maturity: runbook, rollback, SLOs, escalation, audit evidence.
  • Security: least privilege, threat model, dependency scanning, separation of duties.
  • Privacy and compliance: retention, lawful basis, DPIA, evidence mapping, approvals.
  • Gating, testing, monitoring: release checks, negative-path tests, alerts, dashboards, live validation.
version: "1"
task: |
  Build a tenant-scoped booking API.
readiness:
  security: strict
  privacy: standard
  compliance: basic
config:
  build_mode: hierarchy
  budget: 25

Production is a separate gate, not an afterthought.

The optional production pack is file-backed and machine-checkable. It rejects stale source fingerprints, missing evidence, placeholder records, broken live validation, and readiness drift from the project config.

Trust assertions

State what is trusted, what is external, and what evidence supports the claim.

Control matrix

Map security, privacy, compliance, testing, and operational controls to evidence.

Live validation

Prove the deployed system matches the artifact pack rather than merely claiming it does.

Start with the smallest honest command.

Pact is useful when the problem has real boundaries, real risk, or real operational consequences. If a single agent can safely do it in one pass, use the single agent.

Quick startConfiguration
pip install pact-agents
pact init my-project --spec ai-build-spec.yaml
pact interview my-project
pact run my-project

# Optional production gate
pact production init my-project
pact production validate my-project

Part of the broader tool suite.

Pact is the planning and contract layer. The rest of the suite covers registry, identity, memory, relay, simulation, and governance.

exemplar.tools signet.tools kindex.tools centaur.tools herald.tools simulacrum.tools reeve.tools pact.tools perardua.dev