While contemporary language agents excel at task execution, their adherence to operational constraints and safety protocols remains inadequately and systematically evaluated. Method: We propose AgentOrca—the first dual-system evaluation framework explicitly designed for operational compliance, covering five critical domains (e.g., finance, healthcare). It innovatively integrates natural-language prompting with executable-code verification, enabling programmatic constraint modeling, automated test-case generation, and multi-dimensional quantitative assessment. Results: Empirical evaluation reveals pervasive compliance failures across mainstream models: compliance rates drop by over 40% under complex constraints or adversarial user prompting. Although large-reasoning models (e.g., o1) achieve the highest scores, they still fall significantly short of acceptable compliance thresholds. AgentOrca establishes a reproducible benchmark and actionable improvement pathway for developing trustworthy, deployable language agents.

As language agents progressively automate critical tasks across domains, their ability to operate within operational constraints and safety protocols becomes essential. While extensive research has demonstrated these agents' effectiveness in downstream task completion, their reliability in following operational procedures and constraints remains largely unexplored. To this end, we present AgentOrca, a dual-system framework for evaluating language agents' compliance with operational constraints and routines. Our framework encodes action constraints and routines through both natural language prompts for agents and corresponding executable code serving as ground truth for automated verification. Through an automated pipeline of test case generation and evaluation across five real-world domains, we quantitatively assess current language agents' adherence to operational constraints. Our findings reveal notable performance gaps among state-of-the-art models, with large reasoning models like o1 demonstrating superior compliance while others show significantly lower performance, particularly when encountering complex constraints or user persuasion attempts.