Every run is tenant-scoped, sandboxed, budget-limited, and traced. The 16-type runtime envelope is the complete set of hard constraints that apply to every agent, regardless of domain pack.
The 16 runtime types group into four surfaces. Each surface is enforced by the runtime and cannot be bypassed by an agent.
Every proposal carries a confidence score. That score is calibrated against the domain pack's regression corpus, with a declared maximum age. An uncalibrated or stale-calibrated confidence is ineligible for auto-approval — the proposal falls through to external review.
Calibration is not a per-run decoration. It is a pack-level requirement that gates the entire auto-approval path.
Every proposal records the model identity used to produce it,
with an explicit version kind: PINNED (specific version locked),
RESOLVED (pointer resolved at runtime), or UNKNOWN.
Only PINNED qualifies for auto-approval. RESOLVED and
UNKNOWN fall through to external review, regardless of
confidence, regardless of validation outcome.
Ojas governs the run. External platform layers decide what happens next. Ojas emits typed proposals across the boundary, the external authority reads them, applies policy, and emits an approval decision. The decision is an audit artifact.
In the current internal deployment, the external authority is
Aegis. Future standalone deployments will connect to a different
authority that implements the same boundary contracts. The
review states used are external-neutral:
PENDING_EXTERNAL_REVIEW, EXTERNALLY_APPROVED,
EXTERNALLY_REJECTED, NEEDS_MORE_EVIDENCE, ESCALATED,
EXPIRED.