v0.8: docs/LIFE_RUNTIME_STANDARD.md — Part B Topic 4 (5-stage assembly) (#105)

[devin-ai-integration]

Summary

Closes sub-issue #105, the final sub-issue of the v0.8 Asset Architecture epic #106. Lands the per-topic normative spec for Topic 4 — Runtime / Assembly.

This is a doc-only PR. Part B is appended to the v0.7 runtime spec; Part A (the existing eight-step load sequence) is unchanged. There is no JSON Schema in this topic — Topic 4 governs runtime behaviour, not file contents.

What this PR contains

• docs/LIFE_RUNTIME_STANDARD.md Part B: a single new normative
  section appended to the existing v0.7 spec, with the following
  structure:
  • B.1 Five-stage assembly pipeline (Verify / Resolve / Assemble
    / Run / Guard) mapped onto the existing v0.7 §2.x steps; new
    decision D6=fail-close generalises the v0.7 hard-fail rule
    across all five stages.
  • B.2 Provider Registry with list_providers / resolve /
    metadata operations + the abstract LifeCapabilityProvider
    interface (capability_name, provider_name, provider_version,
    sandbox_class, initialize, teardown, invoke).
  • B.3 Tier-aware resolution consuming tier.level from
    docs/LIFE_TIER_SPEC.md (v0.8: docs/LIFE_TIER_SPEC.md + life-package.schema.json::tier + Schema D appendix #104) as a
    SHOULD-level Provider preference; honours
    capability_binding.tier_floor from the binding spec (v0.8: docs/LIFE_BINDING_SPEC.md + schemas/binding.schema.json + sanity tests #103).
  • B.4 Sandboxing classes (built_in / user_installed /
    bundled_in_life) — encodes D1=C graded sandbox; D2=B
    refuses bundled_in_life Providers in v0.8 with a deferred
    whitelisting scheme for v1.0+.
  • B.5 Hosted-API AND-gate — encodes D3=mixed (offline and
    hosted are both first-class); both binding.hosted_api_preference
    AND policy/hosted_api.json must permit the call.
  • B.6 OS-package-manager bootstrap — encodes D5=C
    (brew install dlrs-runtime / apt install / winget install).
    .life archives MUST NOT carry self-extracting bootstrap stubs.
  • B.7 Four new audit event types: capability_bound,
    assembly_aborted, withdrawal_check,
    lifecycle_transition_observed.
  • B.8 explicitly documents what is out of scope for v0.8
    (specific sandbox tech, Provider distribution registry format,
    Provider crypto identity, runtime failover).
• CHANGELOG.md: one entry covering the spec update.

Decisions encoded

#	Decision	Realisation
D1=C	Graded sandbox (built-in / user-installed / .life-bundled)	Part B §4
D2=B	v0.8: no bundled Providers (whitelist deferred to v1.0+)	Part B §4.1
D3=mixed	Both offline and hosted are first-class	Part B §5
D4=C	Three-field surface (supported, preferred, minimum_required)	Already in binding spec (#103); referenced from Part B §1
D5=C	OS package manager bootstrap	Part B §6
D6=fail-close	Stage failure aborts assembly, no degraded mount	Part B §1.1

Local validation

• python tools/batch_validate.py → 21/21 steps pass (no schema or test changes; pure doc).
• markdownlint (CI) — verified locally that fenced code blocks and table syntax are clean.

Out of scope (deferred to v1.0+)

• Provider sandbox implementation choice (firejail, nsjail, wasm,
  seccomp).
• Provider distribution registry format.
• Cryptographic Provider identity / signing.
• Runtime failover protocol.
• The bundled_in_life whitelisting scheme (D2=C).
• Reference runtime implementation (still v0.9+).

Review & Testing Checklist for Human

Risk: green — pure spec PR; no code, no schema, no tests; only an additive
"Part B" section appended to an existing released spec doc.

• Skim Part B §1 (the five stages) and confirm the v0.7 §-mapping column is correct against the existing §2.1–§2.8.
• Confirm decision codes in Part B §9 match the locked decisions in
  docs/LIFE_ASSET_ARCHITECTURE.md §6.

Notes

This PR closes the last sub-issue of epic #106. After merge, all six v0.8 sub-issues
(#100–#105) ship together with two follow-up patches (#109 fixed a
genesis pattern; #112 fixed a lifecycle pattern; #114 fixed binding
ui_hints _ref pattern). The v0.8 architecture is now spec-complete;
v0.9+ begins runtime implementation.

Link to Devin session: https://app.devin.ai/sessions/ff7322e18fd94887875daa2c1c75f87d
Requested by: @LING71671

---

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

Devin Review found 1 potential issue.

View 3 additional findings in Devin Review.

[devin-ai-integration]

🟡 Part B references non-existent v0.7 event name turn_emitted instead of session_turn

Line 641 in the new Part B text says "Existing v0.7 events (session_started, turn_emitted, etc.) are unchanged." However, the v0.7 audit event table at docs/LIFE_RUNTIME_STANDARD.md:288 defines the event as session_turn, not turn_emitted. There is no turn_emitted event anywhere in the repository. Implementers reading Part B who search for turn_emitted would find no definition, and could mistakenly create a new event type with that name instead of reusing the existing session_turn.

Suggested change

	Existing v0.7 events (`session_started`, `turn_emitted`, etc.) are
	Existing v0.7 events (`session_started`, `session_turn`, etc.) are

---

Was this helpful? React with 👍 or 👎 to provide feedback.