complier — contract enforcement for AI agents

a compiled DSL that enforces workflow contracts
on tool-using AI agents — at runtime

↓

the problem

AI agents with tool access can do anything — and that's the problem. A prompt says "only search then summarize", but nothing enforces it. The agent can call any tool, in any order, at any time. You only find out it went wrong after the damage is done.

what you wrote

"Search the web for the topic,
 then summarize the results.
 Do NOT send any emails."

what it did

# searched web ✓
# summarized ✓
send_email(to="boss@work.com")
# ...oops

natural language directives are suggestions — not guarantees

the solution

Write a contract in complier's DSL. It compiles into a runtime graph that sits alongside your agent. Every tool call is checked against the graph — allowed calls pass through, disallowed calls are blocked with structured remediation.

◇

define

write a .cpl contract

→

▷

compile

parse → AST → graph

→

◈

enforce

intercept every tool call

runtime enforcement

blocks bad calls before they execute — not after

framework agnostic

wraps your tools, doesn't replace your agent framework

HATEOAS-inspired

the agent always knows what it can do next

the language

A purpose-built DSL for defining agent workflows. Supports tool calls, branching, loops, parallel execution, contract checks, and reusable guarantees — all compiled into a directed runtime graph.

guarantee safe [no_harmful_content:halt]

workflow "research" @always safe
    | @human "What topic?"
    | search_web
    | summarize style=([relevant:3] && [concise:halt])
    | @branch
        -when "technical"
            | @llm "Write detailed analysis"
        -else
            | @llm "Write brief summary"
    | @call send_report

constructs

@branch @loop @unordered @fork/@join @call @use @inline @llm @human

checks

[model:policy] model-evaluated
{human:policy} human-approved
#{learned:policy} memory-backed

how it works

Wrap your existing tools. The session checks every call against the compiled graph and either lets it through or returns remediation info.

from complier import Contract, wrap_function

# compile the contract
contract = Contract.from_file("workflow.cpl")
session = contract.create_session()

# wrap your tools — enforcement is transparent
safe_search = wrap_function(session, search_web)
safe_summarize = wrap_function(session, summarize)

# if the agent calls a tool out of order:
# → BlockedToolResponse with remediation info
# if the call is allowed:
# → executes normally, session advances

agent calls wrapped tool

your agent framework calls search_web() as usual

session checks the graph

is this tool allowed at this point in the workflow?

guards are evaluated

model checks, human checks, learned checks — all run

allow or block

allowed → tool executes. blocked → remediation info returned to the agent