Skip to main content

The silent failure

Your AI agent decides the next action: 
{
  "action": "close_ticket",
  "status": "needs_review",
  "note": null
}
Valid JSON. Your agent framework accepts it and executes the action. But you can’t close a ticket that’s still in review. The agent made a logically impossible decision. No schema can catch this — the types are all correct. The combination is wrong. Or worse: 
{
  "action": "refund_user",
  "amount": 5000,
  "approved": true
}
The user was only eligible for a 50refund.Theagentjustauthorizeda50 refund. The agent just authorized a 5,000 refund because the model hallucinated the amount. Valid JSON. Correct types. Catastrophically wrong values.

With Boundary

Attempt 1 → { action: "close_ticket", status: "needs_review" }
             ✕ cannot close a ticket with status "needs_review"
             ↻ violations sent back to model

Attempt 2 → { action: "escalate", status: "needs_review", note: "Requires senior review" }
             ✔ all rules pass
             ✔ ACCEPTED — valid action
The agent can only take actions that are logically consistent with the current state.

The contract

import { z } from "zod";
import { defineContract } from "@boundary/contract";

const schema = z.object({
  action: z.enum(["close_ticket", "escalate", "respond", "refund_user", "reassign"]),
  status: z.enum(["open", "needs_review", "in_progress", "resolved"]),
  note: z.string().nullable(),
  amount: z.number().optional(),
});

const actionContract = defineContract({
  schema,
  rules: [
    // can't close a ticket that's still in review
    (action) =>
      !(action.action === "close_ticket" && action.status === "needs_review")
        || 'cannot close a ticket with status "needs_review"',

    // escalation requires a note explaining why
    (action) =>
      action.action !== "escalate" || (action.note && action.note.length > 0)
        || "escalation requires a note",

    // refunds must be within the allowed limit
    (action) =>
      action.action !== "refund_user" || (action.amount !== undefined && action.amount <= 100)
        || `refund amount ${action.amount} exceeds limit of $100`,

    // resolved tickets can only be closed or reopened
    (action) =>
      action.status !== "resolved" || ["close_ticket", "respond"].includes(action.action)
        || `status is "resolved" but action is "${action.action}" — can only close or reopen`,
  ],
});

Full example

const result = await actionContract.accept(async (attempt) => {
  const res = await openai.responses.create({
    model: "gpt-4.1",
    input: [
      {
        role: "system",
        content: `You are a support agent. Current ticket status: ${ticket.status}. Decide the next action.`,
      },
      {
        role: "user",
        content: ticket.latestMessage,
      },
      ...attempt.repairs,
    ],
    text: {
      format: {
        type: "json_schema",
        name: "agent_action",
        schema: { /* your JSON schema */ },
      },
    },
  });
  return res.output_text;
});

if (result.ok) {
  // ✔ valid action
  await agent.execute(result.data);
}

Result: valid actionEvery action your agent takes has been validated against your business rules. No impossible state transitions. No unauthorized refunds. No closing tickets that need review. The model proposes — the boundary decides what’s safe to execute.