Behavior must earn the right to act.

Systems can possess capability long before they have earned execution authority. Separating those ideas keeps governance honest — especially for AI runtimes that move quickly.

These modes package evidence, posture, and reviewer dialogue — they do not, by themselves, grant permission to change production state:

• Observe — scoped visibility into runtime behavior and lineage signals.
• Replay — bounded, hash-forward timelines and digest commitments (LP-004 posture).
• Verify — verifier-safe receipts beside portable envelopes (LP-006/LP-007).
• Attest — continuity envelopes and receipts where teams choose that packaging (LP-008).
• Coordinate — topology echoes and handshake placeholders from bundle-shaped inputs (LP-009).
• Recommend — advisory scoring and governance rehearsal separated from execution (non-enforcing UX).

These verbs imply changing live systems, policies, or commitments — they require explicit human and organizational gates, not assumptions from demo surfaces:

• Deploy — promote artifacts or configurations into live pathways.
• Mutate — change data, tools entitlements, or mission graphs without a separate authorization act.
• Self-authorize — expand scope, credentials, or policy without an accountable review path.
• Execute autonomously — run closed-loop actions on external systems without continuity-qualified boundaries (not claimed on this route).

Observe / replay / verify / attest / coordinate / recommend ≠ deploy / mutate / self-authorize / execute autonomously — the arrow between them is earned continuity, not feature defaults.

Product posture today: Today’s public surfaces and guided demos emphasize replay-safe, non-enforcing posture — observe, replay, verify, attest, coordinate, and recommend within verifier-shaped JSON. Tiers 3–5 describe how conditional execution authority could be qualified in principle (bounded domains, explicit policy envelopes) — not unrestricted autonomous execution on external systems from these routes.

Trust Lock doctrine expresses runtime trust boundaries — not a generic security slogan. Public narrative stays replay-safe, non-enforcing, and verifier-shaped.

• Replay-safe: evidence and comparisons derive from bounded replay and digest commitments — no protected payload reconstruction on marketing routes.
• Append-only orientation: continuity surfaces favor hash-forward lineage and records that resist silent rewrite where product paths apply — illustrative doctrine, not a claim about every backing store.
• Verifier-safe: portable envelopes and receipts stay paste/parse local to reviewer workflows (LP-006/LP-007 posture).
• Execution separated: governance rehearsal and advisory scoring do not substitute for operator authorization to change live systems.
• Non-enforcing: UX describes posture and packaging — it does not perform wire authority or autonomous control of external runtimes.
• Structured guard (illustrative): carriesExecutionAuthority remains false in verifier artifacts — authority is explicit, not inferred.

Before widening execution authority, teams qualify runtime trust — vocabulary echoes LP-004–LP-010 surfaces without inventing new schema semantics here.

• Continuity — portable attestation envelopes and deterministic digests where teams adopt LP-008 packaging (recon.trust_runtime.portable_continuity_attestation.envelope.v0).
• Recovery — bounded replay summaries and lineage deltas that inform honest repair dialogue (recon.trust_survival.replay_portable_evidence.v1).
• Verifier posture — exchange envelopes and verification receipts remain reviewer-local (recon.trust_runtime.portable_verifier_exchange.envelope.v0; recon.trust_runtime.trust_bundle_verification_receipt.v0).
• Topology continuity — declarative coordination handles summarized from bundle-shaped, replay-derived inputs — not autonomous graph mutation from this UX.
• Survivability — continuity overlays and Trust Survival–aligned demos illustrate posture under change — illustrative, not production incident response.
• Interoperability — LP-010 envelopes stitch declared continuity fragments across systems as structured storytelling — no cross-system control plane on this route (recon.trust_runtime.runtime_trust_interoperability.envelope.v0).

Regulated-runtime alignment is about intake posture and portability — not impersonating regulators or promising supervisory endorsement.

• Healthcare — decision-support and model lifecycle evidence trails without claiming clinical authority here.
• Financial services — continuity summaries across model and policy shifts, mapped locally to firm governance.
• Public sector — repeatable verifier exchange and audit-facing lineage language — still owned by agency policy teams.
• Defense-adjacent — multi-tenant attestation and scope boundaries described as packaging, not accreditation.
• Multi-agent ops — topology echoes and coordination handles from replay-derived inputs — not silent autonomous operations.