AGT runtime bridge
Split runtime enforcement and workspace authority cleanly when OSuite is paired with a dedicated Trust Boundary runtime layer.
Use this page when
Read this page when OSuite is paired with an external runtime governor and you need to explain the boundary clearly.
What the bridge does
The Trust Boundary runtime handles execution-side enforcement close to the agent. OSuite remains the workspace authority for approvals, replay, proof, and buyer-facing evidence.
Boundary split
| Layer | Best use |
|---|---|
| Trust Boundary runtime | runtime enforcement, policy evaluation, trust evaluation, execution safety |
| OSuite workspace layer | membership, approval, replay, evidence export, procurement artifacts, final certificate closure |
What OSuite should absorb
- runtime stage receipts
- multi-stage policy outcomes
- observability and incident receipts
- compliance-template outputs that enrich assurance artifacts
What OSuite should keep
- final action certificate
- tenant-visible approval authority
- replay source of truth
- buyer-facing artifact packaging
What success looks like
The split is working when runtime-side controls can be strong without making the tenant-visible authority model ambiguous.