Definition
A Runtime owns the capability registry, the policy engine, and the interception machinery. You create one per agent process, configure it with capabilities and policies, and let it govern all capability calls.Constructor
Owned Components
Methods
Common Setups
Minimal local development:One runtime per agent process is the recommended pattern. If you need different tenant or principal contexts per request, create a new Runtime per request with the appropriate identity fields, or override them per
create_action call.Future Constructor Arguments
audit: AuditSink for recording action eventsapprovals: ApprovalProvider for handlingapproval_requireddecisionscloud: CloudClient for remote policy evaluationgrants: GrantRegistry for agent capability grantsfail_mode: fail-open or fail-closed on policy engine errors
