meetLab/ Docs/ DOC · 03 — lifecycle

SAIRP lifecycle walkthrough.

The four runtime phases traced end to end. Negotiation produces planning text, agreement seals it into an ACK envelope, admission verifies the authority chain, the airlock freezes the surface, and execution consumes frozen context. Each phase has a strict boundary; crossing one without the previous closing fails closed.

StatusStable
DocDOC · 03 / 12
Sourceruntime/04 → 07
Phases4 · 5 · 6 · 6.5 · 7
Boundary ruleno phase repairs the previous
04.

Negotiation

The Negotiation-to-Agreement (NTA) artifact is a non-executable planning artifact used to clarify intent, constraints, risk, and scope before any agreement binds. NTA does not grant execution authority. Authority begins later, with a persisted ACK envelope.

Required NTA content

  • Problem statement
  • Proposed action (descriptive, not imperative)
  • Constraints and exclusions
  • Assumptions
  • Risks and uncertainties
  • Explicit agreement criteria

Forbidden content

  • Tool or script execution directives
  • Runtime mutation instructions
  • Claims of execution authority
  • Embedded governed-execution commands phrased imperatively

CLI surface

meetlab nta open <path>
meetlab nta validate <path>

Both are inspection or validation only. Neither authorizes execution.

runtime boundary
Runtime and execution surfaces must not consume NTA text directly. Execution authority comes from ACK envelope plus session state pointer — not from negotiation prose.
05.

Agreement · ACK envelope

The ACK envelope is the persisted, hash-addressed agreement artifact that closes negotiation. It captures the negotiated proposal hash, session metadata, and artifact root, then seals them under a deterministic envelope_hash. The envelope lives alongside the originating NTA and is immutable once recorded.

Bound inputs

Proposal
Hash of the negotiated plan plus the SHCL summary that operators reviewed.
Session state
Arbiter, E-Emitter, environment identifiers, timestamps, and HALT state at minting time.
Artifact root
Memory seal pointer covering every file or bundle the execution is allowed to mutate.

Enforcement rules

  1. Execution without a persisted ACK envelope triggers HALT-101 (no agreement).
  2. If the cited envelope_hash does not match stored envelope contents, HALT-201 fires and OPS_CI aborts.
  3. Attempting execution with an absent, stale, or unsealed envelope triggers HALT-301 (Agreement → Execution breach).
  4. Envelopes are append-only. Superseding an agreement requires minting a new envelope with a new hash, linked to the updated NTA.

Relationship to SHCL

  • Every SHCL exec-mode payload must cite the governing envelope_hash.
  • The payload expands to OPS_CI directives only when the cited envelope is present, unexpired, and matches the artifact root.
  • Proof-of-Behavior traces record the envelope_hash so audits can replay the SHCL → OPS_CI chain deterministically.
06.

Admission

Phase 6 is a deterministic gate between agreement and execution. It validates existing authority; it does not mint new authority.

Required inputs

Admission must fail closed if any of these are missing or unreadable:

  • Active ACK envelope — runtime/airlock/envelopes/ack_v*.json
  • Session pointer — runtime/governance/session_state.json
  • Manifest index — artifacts/manifests/manifest_index.jsonl
  • Governance law set — canonical artifacts under docs/01_governance/

Deterministic checks

  • Envelope/session pointer coherence (active_envelope_hash binding)
  • Integrity and hash consistency for required artifacts
  • Authorized scope and namespace conformance
  • Restriction-contract and quarantine constraints

Outcomes

APPROVED
Gate conditions satisfied. Handoff may proceed to Phase 6.5.
DENIED / HALT
Any mismatch, ambiguity, or missing requirement.
phase 6 must not
Reinterpret intent · repair authority mismatches · execute side effects.
6.5

Handshake · airlock

Phase 6.5 is the airlock between admission and execution. It freezes the admitted surface and emits evidentiary heartbeat and log records before Phase 7 begins.

Handoff requirements

  • Use only admitted artifact pointers and governed runtime surfaces.
  • Load required inputs atomically for execution handoff.
  • Forbid expansion or derivation of new authority inputs during handoff.

Freeze and lock

  • Preserve session pointer integrity (runtime/governance/session_state.json).
  • Enforce read-only semantics on non-target governance surfaces.
  • Emit heartbeat and evidence before Phase 7 starts.

Failure handling

Any transfer, lock, or continuity failure must halt. No partial continuation or in-phase repair is permitted.

07.

Execution

Phase 7 is a blind worker surface: it executes admitted instructions in frozen context and does not originate authority.

Execution mechanics

  • Respect declared execution ordering from admitted artifacts.
  • Treat each side effect as atomic success or failure.
  • Emit append-only, non-interpretive execution logs.

Retry and correction

  • No autonomous authority repair.
  • No alternate-path speculation.
  • Retry only when explicitly allowed by the admitted execution contract.

Allowed HALT surface

Phase 7 may emit only HALT-7xx runtime failures:

HALT-701
Primitive failure.
HALT-702
Resource exhaustion.
HALT-703
Binary assertion failure.
forbidden in phase 7
Re-verifying governance law as authority source · inferring permission from diagnostics or prose · producing governance-level halt decisions.

Boundary rule

The protocol's correctness rests on a single discipline: no phase repairs the previous. Negotiation does not authorize. Agreement does not admit. Admission does not execute. Phase 7 does not re-verify.

If a gate detects a mismatch, the only legal outcomes are HALT or escalation up the authority chain. There is no in-phase repair surface, no implicit retry, and no path that lets execution infer permission from prose.

the lifecycle NTA ACK envelope admit freeze execute PASS | HALT
doc · 03 · build 2026-04-25 event → enforce(event) → invariant → PASS | HALT meetLab · 2026