Stage357 extends Stage356 by mapping runtime verification decisions into defensive runtime actions.
Stage356 decides whether runtime execution should be allowed, warned, or blocked.
Stage357 turns that decision into an action plan:
- allow -> continue
- warn -> isolate risky capabilities and continue safely
- block -> terminate runtime
Stage357 adds:
- Stage356 runtime receipt loading
- Stage356 fail-closed gate loading
- Stage356 receipt_sha256 binding
- Runtime decision to action mapping
- Metadata-only isolation action receipt
- Defensive capability isolation
- Fail-closed terminate action
- Safety boundary preservation
Stage357 answers this question:
What defensive action should the system take based on the Stage356 runtime decision?
In simple terms:
Stage356 says whether execution is safe.
Stage357 decides what to actually do.
Inputs
Stage357 reads:
docs/runtime/stage356_runtime_execution_receipt.json
docs/runtime/stage356_runtime_fail_closed_gate.json
Outputs
Stage357 generates:
docs/actions/stage357_runtime_action_policy.json
docs/actions/stage357_runtime_action_receipt.json
docs/actions/stage357_runtime_action_summary.txt
Action Mapping
Stage357 maps:
allow -> continue
warn -> isolate_and_continue
block -> terminate
Isolation Behavior
When Stage356 returns warn, Stage357 isolates:
private_runner
unsafe_payload_fetch
secret_material_access
and allows only:
public_metadata_verification
This keeps the system useful while reducing risk.
Fail-Closed Behavior
When Stage356 returns block, Stage357 records:
terminate_runtime
and may stop execution with exit 1 in enforcement contexts.
Safety Boundary
Stage357 does not publish:
private keys
raw secrets
raw payloads
exploit code
internal runner code
Stage357 publishes metadata-only action receipts.
Relationship to Stage356
Stage356:
Determines runtime_decision: allow / warn / block.
Stage357:
Maps that decision into concrete defensive actions.
License
MIT License