The executionboundary.
Runtime is the only layer allowed to authorize and execute consequential actions. Every approved effect is policy-bound, identity-bound, and receipt-backed before it occurs.
Nothing crosses without authorization. Nothing bypasses the boundary.
The only lawful path to effect.
Runtime is where consequence is either authorized or blocked.
- Evaluate policy before consequence.
- Bind tenant, sub-tenant, actor, and authority.
- Require Decide before Execute.
- Fail closed on missing anchors.
- Emit cryptographic receipts.
- Preserve causal lineage for verification.
- Generate strategy.
- Branch cognition.
- Act on ungoverned tool output.
- Permit alternate execution paths.
- Downgrade enforcement under failure.
- Treat narrative as authority.
- Does not treat post-hoc logging as authorization.
Decide. Execute. Emit proof.
The runtime path is mechanical. Each step creates or checks an anchor before the next step can exist.
A consequential action reaches the governed boundary.
Tenant, actor, authority, and scope become part of the execution context.
The exact policy state is checked before any effect is allowed.
Authorization becomes a signed pre-execution artifact.
Denied or incomplete decisions terminate the path.
Execution returns receipts, outcome state, and evidence material.
Causal proof can be reconstructed outside the story told by the system.
Failure does not create freedom.
If proof breaks, execution stops. Runtime does not degrade into trust-me mode.
Missing identity, missing lineage, denied policy, or unavailable Runtime all resolve to the same outcome: no execution. A system with a fallback effect path is not governed.
Authorization artifact.
A compact receipt specimen makes the boundary inspectable before the full evidence chain.
The artifact is not a story. It is the authorization surface Runtime emits and other systems verify.
Receipts are not logs.
Logs describe what someone says happened. Runtime receipts prove authorization before effect and preserve the chain after consequence.
What the system was asked to do.
The effect-bound action extracted from the request.
The signed authorization result before execution.
The governed action after approval.
The observed result of the action.
Portable proof for inspection and replay.
Every surface routes to the boundary.
Other layers matter. None of them replace Runtime.
May hand candidates to Runtime. It does not execute them.
Routes external calls into Runtime. It does not replace the boundary.
Observes and initiates through Runtime. It does not become authority.
Preserves resulting canonical truth. It does not decide.
Pre-execution authorization becomes operationally real here.
CAES cannot be satisfied by post-hoc logging alone. Runtime is the boundary that makes pre-execution authorization operational, binds the actor to the policy state before effect, and returns evidence for later verification.
Authorization exists before consequence, not after review.
Execution follows the signed decision path or stops.
Receipts and evidence packs remain available for independent verification.
Bring your AI, tools, and operators. Keep one lawful execution boundary between cognition and consequence.