Execution Runtime

The Execution Runtime is responsible for enforcing Authorization Decisions in a deterministic and secure manner. It is the final execution boundary in Parmana.

System role

The Execution Runtime ensures that:

only valid Authorization Decisions are executed
execution is deterministic
unauthorized actions are blocked
replay attacks are prevented

System model

Authorization Decision → Execution Runtime → Execution Outcome → Attestation
What Execution Runtime receives

The runtime only accepts:

Authorization Decisions
executionId
policy version reference
verified signal hash

It does NOT accept raw AI outputs or unverified inputs.

Execution process
Receive Authorization Decision
Validate decision integrity
Verify executionId uniqueness
Enforce policy constraints
Execute action if approved
Enforcement rules

Execution Runtime enforces:

fail-closed behavior
deterministic execution
replay protection
decision integrity validation

If validation fails → execution is rejected.

Replay protection

Each execution is uniquely bound to an executionId.

This ensures:

no duplicate execution
no reprocessing of the same decision
no cross-system replay attacks
Determinism guarantee

Execution is fully deterministic:

same Authorization Decision → same execution outcome
no runtime randomness
no external influence
What Execution Runtime is NOT

Execution Runtime is NOT:

a workflow engine
an AI system
a decision maker
a policy evaluator

It only enforces decisions.

Relationship to Governance

Governance decides, Execution Runtime enforces:

Governance → Authorization Decision → Execution Runtime
Key invariant

Governance decides
Execution Runtime enforces
Attestation proves

Summary

Execution Runtime ensures:

deterministic enforcement of decisions
strict separation from AI and governance
replay-safe execution
verifiable system behavior

Authorization Decisions Auditability

​Execution Runtime

​System role

​System model

Execution Runtime

System role

System model