Runtime Boundary and Nucleus

Current Rule

Classify first. Execute nothing.

Current runtime work adds request labels, effect labels, policy decisions, denial reasons, authority prerequisites, Nucleus task metadata, Lat/LIR evidence propagation, and deterministic reports. It does not execute commands, run Lat or LIR, mutate files, contact networks, control hardware, recover systems, or provide a sandbox.

01

Declaration

Lat, LIR, L-UI, and source metadata provide reportable facts before runtime decisions.

02

Authority check

Constrained authority metadata must be present, no-effect, and successful before any no-effect allow result.

03

Nucleus task record

Task classification records request kind, effect kind, prerequisites, policy, denial reason, and no-execution flags.

04

Runtime boundary

Runtime records copy evidence, classify modes, report gates, and keep operational requests future-gated.

05

Deterministic report

Reports expose policy, reason, mode, allowed effect, authority labels, task flags, and source spans.

Runtime Snapshot

The current boundary is a report surface, not a runtime.

These fields summarize the posture readers should keep in mind when interpreting runtime or Nucleus records.

runtime_behavior disabled

default_policy deny

report_only_allowed 1

classification_only 1

command_execution 0

file_io 0

network_io 0

operator_override 0

Policy Matrix

Every request falls into an auditable cell.

The policy matrix reports why a request is report-only, validation-only, classification-only, future-gated, blocked, prerequisite-denied, invalid, or unsupported.

no-effect-report

Report requests

Render, task, and evidence reports may be classified only when mode and prerequisites match.

no-effect-validation

Validation requests

Lat, LIR, Lat pipeline, and authority checks can be validation-only with no-effect metadata.

no-effect-classification

Classification requests

Classification surfaces can report decisions while preserving execution and mutation flags at zero.

future-gated-operation

Operational requests

Runtime execute, command execute, file write, network, recovery, hardware, and boot requests stay gated.

blocked-effect

Blocked effects

Mutation, network, hardware, boot, recovery, external, and unknown effects remain denied.

prerequisite-denied

Missing evidence

Failed authority, failed render metadata, failed Lat metadata, failed LIR metadata, or missing task data denies the request.

Nucleus Boundary

Nucleus coordinates reports, not work.

Nucleus task records make future task execution auditable by naming request, effect, policy, denial, authority status, gate state, operator metadata, and no-execution flags.

Allowed now

State reports, transition previews, render reports, Lat validation, LIR validation, authority checks, and runtime reports when no-effect prerequisites are satisfied.

Future-gated

Runtime execution, command execution, server interaction, self-update, recovery, rollback, hardware, boot, Lat execution, and LIR execution.

Blocked now

Unknown requests, unknown effects, failed prerequisites, non-no-effect authority flags, and operator-confirmation attempts to override policy.

Local Commands

Run the boundary checks as no-effect evidence.

These guards compile and inspect deterministic C report surfaces. They do not activate runtime behavior.

Runtime boundary

sh scripts/test-runtime-boundary.sh
sh scripts/test-runtime-boundary-refinement-implementation.sh

Policy matrix

sh scripts/test-runtime-boundary-policy-matrix-refinement.sh
sh scripts/test-runtime-boundary-domain-matrix-refinement.sh

Nucleus reports

sh scripts/test-nucleus-preview.sh
sh scripts/test-nucleus-task-execution.sh

Source Records

Trace runtime claims back to exact evidence.

Runtime boundary contractDisabled-by-default runtime posture, request kinds, effects, policies, and non-claims. Runtime implementationC API, deterministic labels, reports, authority prerequisites, and no-effect tests. Runtime refinementLat pipeline and Lat-specific LIR evidence propagation at the runtime boundary. Policy matrixDecision cell labels and matrix booleans for request auditing. Nucleus previewPreview-only request/effect classification with no execution. Nucleus task reportsTask classification and deterministic reports without task execution. Kernel evidenceState lattice, kernel lifecycle, subsystem summary, and no-external-effect posture. Network exposure and remote accessRuntime network authority denial, service-listener blockers, network-client blockers, and remote-access non-claims. Security boundariesSafe testing, effect gates, and security non-claims. System architectureHow runtime boundary fits between language, authority, Nucleus, and Seal.