mokkunsuzuki-code/stage357

# Stage357：Runtime Context Action 与隔离强制器 Stage357 通过将 runtime 验证决策映射为防御性 runtime action，对 Stage356 进行了扩展。 Stage356 决定是允许、警告还是阻止 runtime 执行。 Stage357 将该决策转化为 action 计划： - allow -> 继续 - warn -> 隔离高风险 capabilities 并安全继续 - block -> 终止 runtime ## Stage357 新增内容 Stage357 新增了： - Stage356 runtime 凭证加载 - Stage356 fail-closed gate 加载 - Stage356 receipt_sha256 绑定 - Runtime 决策到 action 的映射 - 仅包含元数据的隔离 action 凭证 - 防御性 capability 隔离 - Fail-closed 终止 action - 安全边界保留 ## 主要目的 Stage357 解答了这个问题： ``` What defensive action should the system take based on the Stage356 runtime decision? In simple terms: Stage356 says whether execution is safe. Stage357 decides what to actually do. Inputs Stage357 reads: docs/runtime/stage356_runtime_execution_receipt.json docs/runtime/stage356_runtime_fail_closed_gate.json Outputs Stage357 generates: docs/actions/stage357_runtime_action_policy.json docs/actions/stage357_runtime_action_receipt.json docs/actions/stage357_runtime_action_summary.txt Action Mapping Stage357 maps: allow -> continue warn -> isolate_and_continue block -> terminate Isolation Behavior When Stage356 returns warn, Stage357 isolates: private_runner unsafe_payload_fetch secret_material_access and allows only: public_metadata_verification This keeps the system useful while reducing risk. Fail-Closed Behavior When Stage356 returns block, Stage357 records: terminate_runtime and may stop execution with exit 1 in enforcement contexts. Safety Boundary Stage357 does not publish: private keys raw secrets raw payloads exploit code internal runner code Stage357 publishes metadata-only action receipts. Relationship to Stage356 Stage356: Determines runtime_decision: allow / warn / block. Stage357: Maps that decision into concrete defensive actions. License MIT License ```

标签：Homebrew安装, Lerna, Streamlit, 容错机制, 策略执行, 访问控制, 运行时上下文, 逆向工具, 隔离执行