Workflow Orchestrator Escalation Policy

Problem/Feature Description

An internal workflow orchestration platform runs long-running automation jobs that touch three kinds of external systems: a file storage backend, an in-memory state store, and several REST APIs. When something goes wrong, the platform currently tries the job three times and then marks it as failed — no distinction is made between transient glitches and fundamental data integrity failures that could corrupt downstream state.

The platform team wants to introduce differentiated escalation policies. Some failures should trigger a retry; others should cause the orchestrator to halt the entire run and page on-call; others should force a re-computation of cached state before retrying. They need a documented policy that covers what to do at each type of boundary in their jobs, with enough specificity that the orchestrator developers can implement it as code.

Output Specification

Produce the following files:

1. contract.md — A detectability contract document with a boundary table covering at least three boundary types: file storage handoff, in-memory state resume, and REST API tool call. For each boundary, the escalation trigger column must specify a precise action policy, not just "escalate" or "alert". The contract should include the invariants and failure classes that feed into each escalation decision.