On April 26, 1956, a converted World War II tanker named the Ideal X sailed from Newark, New Jersey to Houston, Texas carrying 58 aluminum truck bodies on a specially constructed spar deck. Loading loose cargo onto a medium-sized ship cost $5.83 per ton. Loading the Ideal X cost 15.8 cents per ton. A 97% reduction.

Malcom McLean, the North Carolina trucking magnate behind the Ideal X, understood that the value was not in the container itself. It was in the system: containers, ships, trucks, and cranes all agreeing on the same dimensions and fittings. He released his patents royalty-free to the International Organization for Standardization. He chose industry-wide adoption over proprietary control.

ISO 668, published in 1968, defined the contract: 20 feet by 8 feet by 8 feet 6 inches, with twist-lock corner fittings that enable stacking and intermodal transfer. Dimensional tolerance: one-quarter inch. Behind that contract, everything changed. Ships went from converted tankers to purpose-built container vessels. Cranes went from manual to automated. Ports were rebuilt. The entire global logistics infrastructure was replaced multiple times over. The contract has survived since 1968.

The contract is the thing that survives. The implementations behind it are supposed to change.

The pattern

The infrastructure that outlasts its era shares a structural property: a stable interface that implementations can change behind.

USB 1.0 was released in 1996 by a consortium of seven companies (Compaq, DEC, IBM, Intel, Microsoft, NEC, and Nortel) to replace serial ports, parallel ports, PS/2 connectors, and game ports. The contract was the physical connector, the electrical signaling protocol, and the enumeration handshake. Behind that contract, data rates went from 1.5 Mbps to 80 Gbps: a 53,000x improvement. Power delivery went from 2.5W to 240W. The devices connected went from keyboards to external GPUs. The contract survived.

POSIX (named by Richard Stallman, standardized in 1988) says: if you write to these system calls, file operations, and shell behaviors, your code runs everywhere. The implementations behind it (the Linux kernel, Darwin/macOS, FreeBSD, Solaris) share almost no code. They are entirely different operating systems. Applications written to POSIX in 1990 still run on modern systems. The contract survived.

Stripe has maintained backward compatibility with every version of its API since 2011. Over 60 distinct API versions, each one backward-compatible. From the Stripe blog: “Like a connected power grid or water supply, an API should run without interruption for as long as possible.” Fifteen years later, the contract holds.

The AWS S3 API, launched in 2006, became so stable that competitors chose to implement it rather than fight it. Cloudflare R2, Backblaze B2, MinIO, and over 40 S3-compatible providers all speak S3. The contract is more valuable than any individual implementation behind it.

What breaks

The Mars Climate Orbiter offers the clearest example of a contract violation. The Software Interface Specification said: this value is in newton-seconds. Lockheed Martin’s ground software output pound-force seconds. NASA’s trajectory software trusted the contract and did not validate the data. The error accumulated silently over 10 to 14 thruster firings across 9.5 months, shifting the trajectory by 20 m/s. The spacecraft arrived at 57 km altitude instead of 226 km and was destroyed. Cost: $327.6 million. One side of the interface violated the contract. Nobody checked.

Twitter broke its API contract in February 2023, discontinuing free access with roughly 30 days notice. Thousands of bots went dark, student projects broke, researchers lost data access. Google breaks contracts so routinely that “Killed by Google” tracks 299 discontinued products. TechCrunch’s headline when Stadia shut down: “Stadia died because no one trusts Google.” The contract is the thing that makes infrastructure reliable. Break the contract, lose the ecosystem.

Jon Postel formulated the robustness principle for the early Internet: “Be conservative in what you do, be liberal in what you accept from others.” It sounds pragmatic. It means: tolerate violations of the interface specification. In 2023, RFC 9413 formally argued that Postel’s principle makes protocols less robust over time. Every bug you tolerate becomes a feature someone depends on. Every deviation you accept becomes part of the de facto contract. The explicit contract erodes, replaced by an implicit contract nobody can fully specify. Contracts work because they are enforced. Postel’s Law teaches what happens when they are not.

Where AI contracts fail

The interface between data producers and AI consumers is a contract: the schema, the value ranges, the semantic meaning of fields, the distribution of values. When any of these change without the consumer knowing, the system breaks.

Unity’s ad-targeting algorithm ingested corrupted data from a single client in 2022 and lost an estimated $110 million in revenue. The data contract (expected schema, expected value ranges, expected semantic meaning) was not enforced at the boundary. Apple made App Tracking Transparency mandatory in iOS 14.5, unilaterally changing the de facto data contract between its platform and the advertising ecosystem. Meta reported a $10 billion revenue impact for 2022. In each case, the failure was at the contract boundary. Not in the algorithm. Not in the infrastructure. At the interface.

LLM APIs are the opposite of stable contracts. Model behaviors change between versions without notice. Prompts that worked last month fail after an update. Agent systems that chain multiple calls compound the instability: every link in the chain is a contract that might break silently.

OpenAI’s model versioning illustrates the mechanism. Developers who built on gpt-3.5-turbo discovered that the model behind the endpoint changed without their applications changing: safety filtering, instruction-following behavior, and output formatting all shifting between updates. OpenAI introduced snapshot versions (gpt-3.5-turbo-0301, gpt-3.5-turbo-0613) because the unversioned endpoint had become unreliable for production use. But snapshot versions deprecate on rolling schedules, typically with 90 days notice. A contract that requires active maintenance to honor is not a contract. It is a truce.

This is why data contracts are not bureaucracy. They are the thing that separates infrastructure that survives from infrastructure that constrains you for a decade.

What survives

The AI infrastructure that survives will define stable interfaces that implementations can change behind. The model behind the contract will be replaced. The embedding architecture will be replaced. The agent framework will be replaced. The contract, if it is well-designed, will not.

The infrastructure that survives will look like schema registries done right: explicit agreements about data interfaces where consumers register dependencies, producers see who depends on them, and breaking changes require acknowledgment before they proceed. Schema registries promised this but never delivered, because they validated structure without coordinating change.

The shipping container did not standardize ships. It standardized the interface between ships, trucks, and cranes. The contract freed everything behind it to evolve independently. AI infrastructure needs the same: stable boundaries that let the components behind them change without breaking everything downstream.

This is the problem Tessera exists to solve. When I was running data pipelines at scale, the most expensive failures were always contract violations: someone upstream dropped a column, changed a type, or redefined what a field meant without telling anyone downstream. The pipeline did not crash. It produced wrong numbers, quietly, for days. Tessera makes schema relationships into dependency relationships — consumers register, producers see who depends on them, breaking changes require acknowledgment. It is not a clever system. It is the boring contract enforcement that shipping containers got right in 1968.

The S3 case suggests what this looks like in practice. Amazon did not design S3 to be a standard. It became one because it was stable enough that competitors found it cheaper to implement it than to fight it. Cloudflare R2, Backblaze B2, MinIO — none of them joined a standards body. They read the spec and shipped. The contract acquired gravity through demonstrated stability. That is the test for AI infrastructure contracts: not whether they are declared as standards, but whether they are stable enough that competitors implement them rather than fight them. So far, nothing in AI infrastructure has passed that test.

What I am still figuring out

Whether contracts and innovation are in tension. Stable contracts enable independent evolution behind the interface, but they also constrain what the interface can express. The S3 API is stable, but it cannot express operations that were not imagined in 2006. At some point, the contract itself becomes the bottleneck. Knowing when to evolve a contract versus when to honor it is a judgment call that no framework resolves.

Whether AI systems can even have stable contracts. A traditional API contract specifies inputs and outputs deterministically. An LLM contract is probabilistic: the same input may produce different outputs. Contracts for probabilistic systems may require fundamentally different primitives than contracts for deterministic ones.

On April 26, 1956, the Ideal X proved that standardizing the interface was worth more than optimizing the implementation. Behind ISO 668’s dimensions, the entire global logistics industry rebuilt itself multiple times. The contract, unchanged since 1968, outlasted every ship, every crane, and every port it was designed for.

Ground truth establishes the foundation. Provenance traces the chain. Contracts enforce the boundaries. The AI contracts that matter will outlast every model they were designed for.