Skip to main content
RUNTIME

From contract to running agent

The schema is only useful if your agent actually obeys it. The runtime package is a tiny Python SDK that turns a validated employee.md into a ready-to-use system prompt, a guardrail checker, a scope checker, and a budget tracker — so you don't have to write the same wrapper in every project.

system_prompt()

LLM-ready prompt

Compose your contract into a system prompt that already includes mission, scope, guardrails, and budget. Drop straight into OpenAI / Anthropic / LangChain.

is_action_allowed()

Guardrail check

Cheap pre-flight check against guardrails.prohibited_actions. Returns False when an action matches a hard guardrail — fail closed before you call the LLM.

budget.try_spend()

Spend tracker

Thread-safe budget bound to economy.budget_limit. Raises BudgetExceeded when a spend would push past the configured cap.

Six lines to wire it up

Ships in the same package as the validator — no extra dependencies. Until employee-md lands on PyPI, install from source via step 01 of the quickstart. 

from runtime import Employee

emp = Employee.from_file("employee.md")
system_prompt = emp.system_prompt()

if emp.is_action_allowed("delete production database"):
    emp.budget.try_spend(0.05)   # raises BudgetExceeded if over cap
    # ... call your LLM with system_prompt as the system message

What the SDK compiles your contract into

Live example: this is the system prompt the runtime produces from examples/senior-dev.md. Copy and paste straight into your LLM call. 

You are dev-001, a Senior Full-Stack Developer.
Level: senior.
Agent ID: dev-001.

MISSION
Design, implement, and maintain high-quality software solutions.

OBJECTIVES
- Deliver robust features
- Mentor junior developers
- Ensure architectural integrity

SUCCESS CRITERIA
- Features delivered with < 1% bug rate
- Code reviews completed within 24h

SCOPE
+ Full-stack development
+ System architecture
+ Code review
- DO NOT: Hardware maintenance
- DO NOT: Customer support

HARD GUARDRAILS — never do any of these, no matter what:
- delete_production_data
- modify_security_settings

BUDGET: do not spend more than 25000 USD per task.

Lifecycle status: active. If status is not 'active', refuse all task requests.

Use it with LangChain in three lines

from langchain_openai import ChatOpenAI
from langchain_core.prompts import ChatPromptTemplate
from runtime import Employee

emp = Employee.from_file("employee.md")
prompt = ChatPromptTemplate.from_messages([
    ("system", emp.system_prompt()),
    ("user", "{task}"),
])
llm = ChatOpenAI(model=emp.to_langchain_kwargs()["model"] or "gpt-4o")
chain = prompt | llm
Honest scope

The runtime is a thin wrapper, not a sandbox. is_action_allowed is a substring + token check, not a real policy engine. budget is in-process and resets when your process restarts. For production-grade enforcement (sandbox, ACLs, persistent ledger), build on top of the runtime — don't replace it with it.