Performance Contracts and Resource Bounds

Determinism is meaningless if runs silently OOM or truncate. Every policy/profile must declare hard limits and predictable failure modes.

Policy surface (recommended fields)

resources.max_memory_gb: per-process memory cap; fail fast before spawning workloads that exceed it.
resources.max_runtime_s: wall-clock budget per run; exceed → abort with timeout status and taint incomplete.
resources.max_nodes / max_workers: parallelism limit to keep schedules deterministic.
resources.max_output_bytes: cap on emitted artifacts/logs; trigger backpressure before truncation.
streaming.max_qps and max_queue_depth: for LiveGraph/streamed outputs; enforce backpressure rather than dropping frames.
backends.allowed: whitelist of backends permitted under the profile; verifier should reject outputs from other backends.

Exceeding any limit must produce a clear, machine-readable status (oom, timeout, backpressure, unsupported_backend) and mark the run as non-deterministic/incomplete.
Partial outputs are preserved only if their hashes are recorded and the manifest labels them partial: true.
Retry policy: deterministic retries must reuse seeds and include retry count in metadata; otherwise treat as a new run.

dev-fast: generous runtime, small memory cap (fits laptop), allows backends {cpu-reference, native-cpu}; warnings on soft caps.
audit-strict: tight caps, explicit backend list, retries disabled unless policy says otherwise; backpressure enforced.

Conformance runner should assert caps are honored using small fixtures (e.g., constrained memory run).
Support bundles must include the policy profile used and the observed peak memory/runtime so auditors can check enforcement.

Prefer deterministic schedulers (fixed worker count, seeded work queues) so caps are repeatable.
For GPU runs, record device name/driver in env_fingerprint and include GPU memory budget in the policy.
CLI/Studio should surface caps before execution (plan preview) to avoid surprise failures mid-run.