Contract Patterns¶
This section contains reusable contract recipes organized by enforcement concern. Each pattern includes both a YAML contract bundle and the equivalent Python decorator version, an explanation of when and why to use it, and common gotchas. Use the tabs on each code block to switch between YAML and Python.
All YAML examples use the edictum/v1 ContractBundle format and compile with Edictum.from_yaml(). All Python examples use the @precondition, @postcondition, and @session_contract decorator APIs.
Patterns¶
| Pattern | Description |
|---|---|
| Access Control | Role-based gates, environment restrictions, attribute-based access, and role escalation prevention. |
| Data Protection | PII detection, secret scanning, sensitive file denial, and output size monitoring. |
| Change Control | Ticket requirements, approval gates, blast radius limits, dry-run enforcement, and SQL safety. |
| Rate Limiting | Session-wide limits, per-tool caps, burst protection, and failure escalation detection. |
| Compliance and Audit | Regulatory tags, contract bundle versioning, dual-mode deployment, and tag-based filtering. |
| Advanced Patterns | Nested boolean logic, regex composition, principal claims, template composition, wildcards, and dynamic messages. |
How to Use These Patterns¶
Each pattern page provides one or more complete YAML contract bundles. To use a pattern:
- Copy the YAML block into a
.yamlfile. - Adjust the
metadata.name, contractidvalues, and selectors to match your tools. - Load with
Edictum.from_yaml("your-file.yaml").
Patterns can be combined by merging contracts from multiple bundles into a single file under one contracts: array, or by loading multiple bundles into separate Edictum instances.
For the full YAML schema, see the YAML Contract Reference. For operator details, see the Operator Reference.