Jarvis Docs
Playbooks

Runtime Membrane Operations

Operator guidance for capability approvals, lifecycle blocked actions, and quarantine behavior

Runtime Membrane Operations

Phases 7.3 and 7.4 introduce governed runtime membrane and lifecycle controls for package execution. This playbook covers how to interpret and handle approvals, blocked actions, lifecycle outcomes, and quarantine states.

Capability Approvals

When approvals are required

Approvals are required when:

  • requires_approval is true for the requested capability/action
  • install or update introduces capability expansion (PKG-002-CAP_EXPANSION_PENDING)
  • import posture requires receiving-instance re-verification/re-approval (PKG-008-*)

Approval flow

  1. Package request enters membrane admission.
  2. Runtime checks trust/signature/policy compatibility.
  3. Lifecycle gate checks transition validity and current package state.
  4. Capability grant is validated (scope, status, expiry, replay state).
  5. Membrane/lifecycle emits allow, deny, quarantine, rolled_back, or disabled with a reason code.

Scope and anti-replay

Capability grants are constrained by:

  • package_id
  • project_id
  • capability
  • action surface/action name scope
  • expires_at validity window
  • nonce replay protection (single nonce cannot be reused)

Replay attempts are denied with PKG-002-CAPABILITY_REPLAY_DETECTED. Expired grants are denied with PKG-002-CAPABILITY_GRANT_EXPIRED.

Blocked Actions (Deny)

deny means the requested action is blocked for this request and does not execute.

Common deny reason codes

Reason codeMeaningOperator interpretation
PKG-002-CAPABILITY_NOT_GRANTEDCapability not declared or approvedPackage lacks required permission for this action
PKG-002-CAPABILITY_SCOPE_MISMATCHGrant scope does not match requested actionGrant is valid but not for this surface/action
PKG-002-CAPABILITY_GRANT_EXPIREDApproval grant expiredRe-approval required
PKG-002-CAPABILITY_REPLAY_DETECTEDGrant nonce replay detectedSecurity protection triggered; investigate duplicate/replayed request
PKG-002-CAP_EXPANSION_PENDINGUpdate/install adds capability scopeExplicit re-approval required before transition can continue
PKG-003-DIRECT_ACCESS_DENIEDDirect host access attemptedPackage attempted forbidden direct access outside membrane
PKG-003-POLICY_INCOMPATIBLEPolicy/control-state incompatibleProject/runtime policy currently blocks this request
PKG-003-API_RANGE_MISMATCHPackage API contract incompatible with runtimeUpdate/import/install cannot proceed until compatible package/runtime version is used
PKG-004-UPDATE_STAGE_CHECK_FAILEDStaged update checks did not passReview compatibility, migration, and health check evidence before retry
PKG-004-ROLLBACK_TRUST_CHECK_FAILEDRollback target failed trust/verification checksPackage is forced to safe disabled posture until trusted rollback target exists
PKG-005-INVALID_TRANSITIONLifecycle transition is not allowed from current stateRequest sequencing is invalid; run required prior transition first
PKG-005-REMOVE_RETENTION_DECISION_REQUIREDRemove requested without retention decisionSupply explicit export_then_remove or delete_confirmed decision
PKG-007-RE_TRUST_REQUIREDCross-instance trust cannot be auto-transferredComplete receiving-instance trust workflow
PKG-008-IMPORT_VERIFICATION_PENDINGImported package not yet re-verified/re-approvedKeep blocked until verification and approval complete

Lifecycle Outcomes (Phase 7.4)

Lifecycle orchestration now enforces deterministic transitions for:

  • ingest -> install -> enable
  • enable -> stage_update -> commit_update
  • stage_update -> rollback_update (or forced disabled on trust failure)
  • export/remove with explicit retention posture
  • import -> import_verified -> enable

Update and rollback handling

  1. stage_update records a previous safe version snapshot.
  2. Compatibility, migration, and health checks run before commit.
  3. If commit checks fail, lifecycle transitions to deterministic rollback behavior.
  4. If rollback target trust checks fail, package transitions to disabled (fail-closed).

Remove handling

Remove is blocked until one of:

  • export_then_remove
  • delete_confirmed

is explicitly provided and evidence-linked.

Quarantine Behavior

quarantine is stronger than deny. It indicates package runtime posture is unsafe or untrusted and execution must remain blocked until remediation.

Typical quarantine triggers

  • Invalid signature posture
  • Unknown or revoked signer state
  • Import/re-verification posture not satisfied

Deny vs Quarantine

  • deny: Request-level block for the specific action.
  • quarantine: Package/runtime-level safety state requiring remediation before further execution.

Remediation guidance

  1. Verify signer/trust evidence and package provenance.
  2. Complete required re-verification/re-approval workflow for imported or changed package state.
  3. Confirm lifecycle transition ordering is valid for the requested action.
  4. Confirm policy/control-state allows execution.
  5. Retry only after posture is restored and a valid scoped approval grant exists.

Feature Discovery Nudges Operations

How to interpret advisory discovery signals, ranking posture, suppression state, and acceptance routes

Troubleshooting

Common issues and recovery steps

On this page

Runtime Membrane OperationsCapability ApprovalsWhen approvals are requiredApproval flowScope and anti-replayBlocked Actions (Deny)Common deny reason codesLifecycle Outcomes (Phase 7.4)Update and rollback handlingRemove handlingQuarantine BehaviorTypical quarantine triggersDeny vs QuarantineRemediation guidance