Contract Types
Governance contracts are typed agreements that define what actions one workspace can take toward another. Each contract type has a specific purpose, default permissions, and approval requirements.
Built-in Contract Types
MedicationRequest
For healthcare workspaces that need to query or update medication information across departments.
| Field | Value |
|---|---|
| Allowed Actions | query, delegate, message |
| Approval Required | Yes — physician sign-off |
| Typical Source | Pharmacy |
| Typical Target | ICU, Emergency, Inpatient |
| Compliance | HIPAA, Joint Commission |
ComplianceReview
For workspaces that need to submit actions for compliance review before execution.
| Field | Value |
|---|---|
| Allowed Actions | query, delegate, review |
| Approval Required | Yes — compliance officer |
| Typical Source | Any department |
| Typical Target | Compliance, Legal, Executive |
| Compliance | SOX, MiFID II, SEC |
DataQuery
For workspaces that need read-only access to another workspace's data connections.
| Field | Value |
|---|---|
| Allowed Actions | query, summarize |
| Approval Required | No — auto-approved |
| Typical Source | Executive, Reporting |
| Typical Target | Analytics, Data Engineering |
| Compliance | General — scoped read access |
McpToolAccess
For workspaces that need to call specific tools exposed by an MCP server connected to another workspace.
| Field | Value |
|---|---|
| Allowed Actions | tool_call |
| Approval Required | Configurable |
| Typical Source | Any workspace |
| Typical Target | Workspace hosting the MCP server |
| Compliance | Varies by tool |
AgentDelegation
For workspaces that need to delegate tasks to an external A2A-compatible agent connected to another workspace.
| Field | Value |
|---|---|
| Allowed Actions | delegate, message |
| Approval Required | Configurable |
| Typical Source | Any workspace |
| Typical Target | Workspace hosting the A2A agent |
| Compliance | Varies by agent |
Custom Contract Types
Organizations can define custom contract types that map to their specific governance requirements. Custom types inherit all cryptographic enforcement (HKDF keys, AES-256-GCM encryption, HMAC signing) automatically.
To create a custom contract type, specify the type field when creating a contract in the dashboard:
| Field | Description |
|---|---|
type | A descriptive name (e.g., TradeExecution, PatientTransfer, IncidentEscalation) |
allowedActions | Array of permitted operations |
approvalRequired | Boolean — whether human approval is needed |
prerequisites | Array of conditions (e.g., ["hipaa_trained", "level_3_clearance"]) |
escalationTarget | Workspace ID to route denials and failures to |
expiresAt | ISO 8601 timestamp for automatic expiration |
Contract Lifecycle
Created Pending Active Expired
│ │ │ │
▼ ▼ ▼ ▼
┌────────┐ ┌────────────┐ ┌──────────┐ ┌──────────┐
│ Draft │───▶│ Awaiting │───▶│ Active │───▶│ Expired │
│ │ │ Approval │ │ │ │ │
└────────┘ └────────────┘ └────┬─────┘ └──────────┘
│ │
│ Denied │ Revoked
▼ ▼
┌──────────┐ ┌──────────┐
│ Rejected │ │ Revoked │
└──────────┘ └──────────┘
Key lifecycle events:
- Draft → Pending: Contract submitted for approval by the source workspace admin
- Pending → Active: Approved by the target workspace admin (or auto-approved for some types)
- Active → Expired: Contract reaches its
expiresAttimestamp - Active → Revoked: Manually revoked by either workspace admin or org owner
- Pending → Rejected: Target workspace admin denies the contract
:::warning Revocation Is Immediate When a contract is revoked, its HKDF-derived key is immediately invalidated. Any in-flight requests using the old key will fail authentication. There is no grace period. :::