Policies define desired state and evidence as structured data, not scripts. They’re compiled into constrained contracts that execution engines must follow, producing attestations instead of free-form output.

The contract model limits what execution can do, preventing policy logic from turning into ad-hoc tooling, while allowing the same policy to run across different environments and backends.

ESP focuses on portable intent, constrained execution, and verifiable outcomes — not embedding policy into tools.