Codify "What Must Be True"
Turn resilience from engineering best-effort into compliance-ready control specifications. Decision Contracts transform resilience into a measurable, auditable program.
What a Contract Specifies
Available Signals
Enumeration of telemetry sources (KYC provider, device service, behavioral analytics, graph, transaction history). SLA for freshness. Fallback/degradation behavior if signal unavailable.
Required Detectors
Mandatory rule IDs, model names, or graph queries that must execute before a decision is made. Sequencing constraints (e.g., "run identity verification before velocity check").
Allowed Decision Outcomes
Permissible actions (auto-approve, step-up challenge, soft decline, hard block, manual review queue). Control which actor (system, approver, tier-1/tier-2 specialist) can override.
Latency SLAs
Real-time thresholds (e.g., sub-second decision latency) vs. batch (nightly review of high-risk cohorts). Escalation if latency breaches.
Approval Requirements
By risk tier (e.g., "Amount > $50k and decline reason = 'suspicious velocity' requires dual approval from fraud manager + compliance officer"). Escalation to senior specialist if primary approver unavailable.
Rollback & State Constraints
Prohibition on re-running same decision within X minutes (prevents timing-attack abuse). Requirements for state consistency (e.g., "cannot approve onboarding if customer record is flagged as terminated").
Why Contracts Change the Game
Without Contracts
Teams debate outcomes. "That should have been caught." "I thought we already checked that."
With Contracts
You prove: Coverage (which scenarios exercise which contracts?), Gaps (missing signals, absent detectors, insufficient approvals), Compliance readiness (regulatory examiners can walk the contract), Silent failures (decision points with no assigned contract).