Attested AIVerify Sample

What is a Runtime Boundary?

A Runtime Boundary (also called Governance Boundary or Enforcement Boundary) is the component that intercepts operations, evaluates them against policy, enforces actions, and emits signed receipts.

Key Functions

  • Intercept: Capture operations before they reach the workload
  • Evaluate: Apply selection rules and measure current state
  • Enforce: Execute policy-defined actions (CONTINUE, BLOCK, TERMINATE)
  • Receipt: Sign and emit enforcement receipts for every decision

Why It Matters

The Runtime Boundary is where governance transforms from policy to action. Without it, policies are just documentation. With it, policies become actively enforced rules with cryptographic proof of enforcement.

The boundary must be isolated from the workload it governs—if the workload could modify the boundary, enforcement becomes meaningless.

Placement Options

Placement         Description
─────────────────────────────────────────
API Gateway       Network edge enforcement
Sidecar Proxy     Per-pod/container proxy
Runtime Wrapper   In-process interception
Agent Framework   Tool/action layer control

Each has different:
- Latency characteristics
- Isolation guarantees
- Deployment complexity
Learn more about Runtime Enforcement Boundary →

Related Terms

Policy ArtifactEvidence BundleContinuity ChainSelective InterceptionOffline Verification

See It In Action

Download a sample Evidence Bundle and verify it offline with our CLI tool.

Download Sample Bundle