Production Runtime Capabilities

Milestone 2 adds a host runtime boundary for production app rewrites. The

runtime is intentionally separate from app release shims: app logic must live in

.0x0, while host effects are exposed through explicit runtime calls.

Capabilities

• local filesystem read, write, stat, list, copy, move, and delete;
• environment and argv capture;
• subprocess execution with timeout, stdout, stderr, exit code, and timeout

diagnostics;

• HTTP client fetches with method, headers, body, timeout, status, body, and

hash output;

• browser snapshot capture with text extraction, redaction, and capture artifact

output;

• loopback HTTP server, router dispatch, static asset serving, WebSocket

upgrade/reject behavior, and LiveView-compatible readiness, event, diff,

heartbeat, and reconnect behavior;

• service adapters for deterministic database, object store, search, email,

observability, backup/restore, and job runtime tests;

• opt-in production smoke hooks for Postgres through psql, SMTP, and generic

HTTP service probes.

Artifacts

• runtime/production-capabilities.tsv: capability-to-command inventory.
• runtime/production-host.0x0: 0x0-facing host runtime call boundary.
• tools/production-host-runtime.py: host runtime implementation.
• tools/runtime-production-check.py: session-safe runtime production gate.

Gates

make runtime-local-production-check
make runtime-network-browser-production-check
make runtime-server-live-production-check
make runtime-service-production-check
make runtime-production-capabilities-check

The default gates use temp directories and loopback processes only. External

Postgres, SMTP, Kubernetes, browser, and load paths remain opt-in.