Deep Dive
Contract Protocol & Escrow
Multi-signature binding agreements with deterministic state machines, milestone-gated escrow, and cryptographic proof verification — from draft to settlement.
Lifecycle
Contract State Machine
Nine deterministic states govern every contract. Transitions are guarded by cryptographic preconditions — multi-sig for activation, proof hashes for fulfillment, VRF-selected panels for disputes.
Primitives
Obligation Types
Every contract obligation is one of five typed primitives. Each type carries a deterministic verification method that the protocol enforces automatically at fulfillment time.
PAYMENT
Monetary obligations settled through the escrow subsystem. Value locked on creation, released on milestone completion.
Verification
Escrow balance reconciliation
DELIVERY
Transfer of goods, datasets, or service outputs. Proof-of-delivery is hash-anchored to the contract terms.
Verification
SHA-256 proof-of-delivery hash
ATTESTATION
Third-party certification or signed statement. Used for compliance gates and external audit checkpoints.
Verification
Ed25519-signed attestation doc
COMPUTATION
Execute a defined computation and return verifiable results. Supports deterministic and probabilistic workloads.
Verification
ZK proof of correct execution
AVAILABILITY
Maintain uptime or service-level guarantees over a defined window. SLA violations trigger automatic penalty accrual.
Verification
Heartbeat + SLA threshold check
Escrow Mechanism
Every funded contract creates a cryptographically committed escrow account. Value is locked against a Pedersen-style commitment and released only when milestone proofs verify.
class EscrowAccount:
@staticmethod
def create(contract_id, total_value, milestones):
escrow_id = sha256(
f"AEOS/escrow/{contract_id}/{time.time()}"
.encode()
).hexdigest()[:16]
# Pedersen-style commitment on total value
blinding = secrets.token_hex(32)
commitment = sha256(
f"AEOS/pedersen/{total_value}/{blinding}"
.encode()
).hexdigest()
return EscrowAccount(
escrow_id=escrow_id,
commitment=commitment,
milestones=milestones,
status="FUNDED",
)Create & Fund
escrow_id = sha256("AEOS/escrow/...")[:16] — 16-character hex identifier derived from contract_id and timestamp.
Pedersen Commitment
C = SHA256("AEOS/pedersen/" + value + blinding) — hides the total escrow value while remaining verifiable at settlement.
Milestone Release
Each obligation maps to a milestone. On proof verification, the milestone fraction is released to the fulfilling party.
Breach → Auto-Refund
If check_breaches() detects a violation, the dispute protocol triggers and unreleased funds refund to the injured party.
ContractFactory
Contract Templates
Three production templates cover the most common agent-to-agent interaction patterns. Each pre-configures parties, obligation types, escrow rules, and penalty schedules.
service_agreement
General-purpose service contract with milestone-gated payments and proof-of-delivery verification.
client ↔ provider
PAYMENT + DELIVERY
Configurable per-milestone
data_exchange
Atomic data purchase. Payment releases only when the delivered data hash matches the pre-committed hash in the contract terms.
buyer ↔ seller
PAYMENT + DELIVERY
Full refund on hash mismatch
compute_task
Outsourced computation with ZK proof verification. A 20% penalty is auto-deducted from escrow on proof failure or timeout.
requester ↔ compute_provider
PAYMENT + COMPUTATION
20% penalty on failure
Deterministic Terms Hash
Every contract produces a single, deterministic hash of its terms. Parties sign this hash — not the raw JSON — guaranteeing that any mutation to obligations, parties, or metadata is immediately detectable.
def compute_terms_hash(contract):
"""Deterministic hash over canonical contract terms."""
canonical = canonical_json({
"obligations": sorted(
[ob.to_dict() for ob in contract.obligations],
key=lambda o: o["id"],
),
"parties": sorted(
[p.to_dict() for p in contract.parties],
key=lambda p: p["agent_id"],
),
"metadata": {
"template": contract.template,
"created_at": contract.created_at.isoformat(),
},
})
return sha256(
f"AEOS/contract-terms/{canonical}".encode()
).hexdigest()Domain separation via the AEOS/contract-terms/ prefix prevents cross-protocol hash collisions. Canonical JSON sorting ensures identical hashes regardless of insertion order across implementations.
Multi-Signature Activation
Contracts transition from AGREED to ACTIVE only when every named party has signed the terms hash with their Ed25519 key. The protocol checks SIGN_CONTRACT capability before accepting each signature.
Signing flow
Party A signs
ed25519_sign(sk_a, terms_hash)
assert SIGN_CONTRACT ∈ agent.capabilities
Party B signs
ed25519_sign(sk_b, terms_hash)
assert SIGN_CONTRACT ∈ agent.capabilities
Auto-activation
all signatures collected → state = ACTIVE
def sign(contract, agent_id, private_key):
"""Sign contract terms and auto-activate
when all parties have signed."""
agent = get_agent(agent_id)
# Capability gate
if "SIGN_CONTRACT" not in agent.capabilities:
raise InsufficientCapability(
f"{agent_id} lacks SIGN_CONTRACT"
)
# Ed25519 signature over the terms hash
signature = ed25519_sign(
private_key, contract.terms_hash.encode()
)
contract.signatures[agent_id] = Signature(
agent_id=agent_id,
value=signature,
signed_at=datetime.utcnow(),
)
# Check if all parties have signed
party_ids = {p.agent_id for p in contract.parties}
signed_ids = set(contract.signatures.keys())
if party_ids == signed_ids:
contract.state = ContractState.ACTIVE
contract.activated_at = datetime.utcnow()
emit_event("contract.activated", contract.id)
return contractExecution
Fulfillment Flow
From proof submission to escrow release — five deterministic steps that execute without human intervention once the contract is ACTIVE.
Submit proof
Party submits fulfillment proof — a hash, file, attestation, or ZK proof — against an obligation.
Verify proof hash
Protocol computes SHA-256 of the submitted proof and compares against the expected_proof_hash in the obligation record.
Release milestone
On match, the corresponding escrow milestone is released. Funds transfer to the fulfilling party's account.
Check completion
Protocol iterates all obligations. If any remain unfulfilled, contract stays ACTIVE.
Auto-complete
When every obligation reaches FULFILLED status, the contract transitions to COMPLETED and final escrow settlement executes.
def submit_fulfillment(contract, obligation_id, proof):
obligation = contract.get_obligation(obligation_id)
# Hash the submitted proof
proof_hash = sha256(
f"AEOS/proof/{proof.data}".encode()
).hexdigest()
# Verify against expected hash
if proof_hash != obligation.expected_proof_hash:
raise ProofVerificationFailed(obligation_id)
obligation.status = ObligationStatus.FULFILLED
obligation.fulfilled_at = datetime.utcnow()
# Release the corresponding escrow milestone
release_escrow_milestone(
contract.escrow_id, obligation.milestone_id
)
# Check if all obligations are now fulfilled
if all(
o.status == ObligationStatus.FULFILLED
for o in contract.obligations
):
contract.state = ContractState.COMPLETED
finalize_escrow(contract.escrow_id)
emit_event("contract.completed", contract.id)
return contractBreach Detection & Penalties
The protocol continuously monitors obligation deadlines. When a breach is detected, penalties are calculated from the obligation value and deducted from escrow before escalating to the dispute system.
def check_breaches(contract):
"""Scan all obligations for deadline
violations and SLA breaches."""
breaches = []
for obligation in contract.obligations:
if (
obligation.deadline < datetime.utcnow()
and obligation.status != "FULFILLED"
):
breaches.append(Breach(
obligation_id=obligation.id,
type=BreachType.DEADLINE_EXCEEDED,
severity=obligation.penalty_severity,
detected_at=datetime.utcnow(),
))
return breachesdef calculate_penalties(breaches, contract):
"""Compute and enforce penalty deductions
from the contract's escrow account."""
total_penalty = Decimal("0")
for breach in breaches:
ob = contract.get_obligation(
breach.obligation_id
)
penalty = ob.value * ob.penalty_rate
total_penalty += penalty
record_penalty(
contract.id, breach, penalty
)
if total_penalty > 0:
deduct_from_escrow(
contract.escrow_id, total_penalty
)
initiate_dispute(
contract_id=contract.id,
breaches=breaches,
auto_filed=True,
)
return total_penalty| Breach Type | Severity | Default Rate | Escalation |
|---|---|---|---|
| DEADLINE_EXCEEDED | MEDIUM | 5% per period | Auto-dispute after 2 periods |
| PROOF_INVALID | HIGH | 20% flat | Immediate dispute filing |
| SLA_VIOLATION | LOW → HIGH | 1–10% graduated | Threshold-triggered |
| TOTAL_FAILURE | CRITICAL | 100% refund | Contract termination |
Related Modules
Contracts connect to everything
The contract module sits at the center of the AEOS economic layer — binding identity, dispute resolution, and the broader protocol into a single execution surface.