Intervention Execution Mode

Use intervention_execution when a session needs explicit execution semantics in addition to intervention computation.

Scope

  • intervention_execution is synchronized control-plane state.
  • It is carried by SESSION_INIT and may be updated by BUNDLE_UPDATE.
  • It changes execution semantics only after the final intervention is known.
  • It does not change tripwire, CTQ, threshold, flag, trust-debt, or posture-floor computation.

Canonical Capability Surface

Advertise execution support only through the canonical enumerated capability field:

{
  "intervention_execution_modes": ["passive", "active"]
}

Do not replace this field with multiple booleans.

Session State

The synchronized object is intentionally narrow in v1:

{
  "mode": "active",
  "nudge_behavior": "acknowledge_and_retry",
  "allow_local_auto_apply": false
}
  • mode is required and uses passive or active.
  • nudge_behavior is frozen to acknowledge_and_proceed or acknowledge_and_retry.
  • allow_local_auto_apply applies only to active nudge plus modifications.

Passive And Active Meaning

  • passive: final interventions remain advisory for execution.
  • active: final interventions are execution-authoritative after the decision is already formed.
  • Local signed-bundle terminal decisions may be execution-authoritative in active mode within the protocol bounds.

Downgrade Handling

If a session transitions from active to passive:

  • the transition must be audit-visible
  • the update must carry a reason
  • subsequent evaluations observe the downgraded mode only after the update is accepted

HITL And Nudge

  • Active escalate requires durable pending state.
  • If pending state cannot be persisted safely, the runtime must fail closed.
  • modify_and_approve remains final nudge with modifications.
  • The final nudge behavior follows synchronized nudge_behavior and allow_local_auto_apply.

TypeScript Note

The TypeScript SDK in this release accepts and preserves intervention_execution fields for protocol interoperability. It does not implement local execution-authoritative runtime behavior. Use the Python runtime or a supported evaluator service for enforcement semantics.