Don't Trust Your LLM's Safety Promises Across Runtimes

Most LLM safety guardrails are built with a silent assumption baked in: all your customer-facing traffic runs through a single runtime. One process. One in-process safety check. Done.

That assumption breaks the moment you deploy a polyglot stack.

This is a write-up of a pattern we call parity contracts — a deployable security primitive for LLM commerce agents that span multiple runtimes. We implemented it in production at BrewHub PHL, a Philadelphia café whose AI agent, Franklin, places orders, charges customer wallets, and issues loyalty mutations without a human approval step. The full academic paper, red-team corpus, and parity test runner are open-source at github.com/BrewHubPHL/allergen-parity-corpus.

The Problem: Polyglot Deployments Break In-Process Safety

BrewHub's architecture spans three runtimes: