Adjacent runtime bridge
What you'll find here
The rule for bridging to adjacent runtimes — posture levels, required controls, and prohibited behavior.
Bridge routes, doesn't elevate.
A bridge may route work to another runtime, but it must not turn that runtime into a source of higher-priority instructions or unbounded tool authority.
Posture
adjacent_runtime_bridge_decision returns allowed,
review_required, deferred, or blocked for a candidate surface.
supportedexperimentaldeferredRequired controls
Policy envelope id
Preserved policy context
Preserved evidence links
Explicit capability grants
Execution receipts
Input & output redaction
Documented decision
When exposed as supported integration.
Prohibited behavior
Adjacent runtime bridges are blocked when they:
Copy secret values
Grant unbounded tool access
Accept external instructions as authoritative
Over Craik policy.
Mutate state without operator approval
Omit policy envelope context
Omit grants / receipts / evidence / redaction
Bridge receipts identify everything.
Runtime · route · policy envelope · evidence links · capability grant · redaction outcome · operator approval (when a mutation is requested).
v0.12.0 Agent/Client Bridge
craik.runtime.agents.protocol_bridge implements the first local
agent/client protocol bridge adapter. It is designed for editor and
client smoke tests, not for granting ambient runtime authority.
AgentClientBridgeRequest records the client name, requested tool,
capability, operator subject, policy envelope, capability grant,
evidence links, and redacted arguments. decide_agent_client_bridge
blocks requests that lack operator auth, policy context, grants,
receipts, or redaction. It also blocks client-provided authoritative
instructions and unbounded tool access.
LocalAgentClientBridgeAdapter emits a redacted
craik.capability_receipt for allowed calls. Blocked calls return a
structured decision and no receipt.