# PNVA R3 Runtime Evidence Guard

Author: Gustavo de Aguiar Martins
Project: PNVA-Core / Enygnalab / EnyOS
Edition: Open Research / Production Evidence Edition, 2026

## Objective

The R3 runtime evidence guard protects the intake boundary for the next PNVA runtime capture.

The runtime capture matrix defines what must be captured.

The runtime evidence guard defines what must be rejected.

```text
fresh runtime JSONL -> slot mapping -> no-tick pair check -> authority check -> proof check -> accept or reject
```

## Current Public Result

Report:

```text
reports/pnva-r3-runtime-evidence-guard-2026-05-05.json
```

Current classification:

```text
R3_RUNTIME_EVIDENCE_ACCEPTED
```

Current result:

```text
intake_guard_ready: true
runtime_evidence_present: true
runtime_evidence_approved: true
runtime_acceptance_complete: true
capture_slot_count: 35
required_runtime_event_count: 70
required_no_tick_precheck_count: 35
required_collapse_commit_count: 35
accepted_slot_count: 35
pending_slot_count: 0
rejected_event_count: 0
duplicate_event_rejection_count: 0
duplicate_proof_hash_rejection_count: 0
duplicate_proof_ref_rejection_count: 0
source_line_monotonicity_rejection_count: 0
causal_chain_slot_collision_rejection_count: 0
no_tick_pair_integrity_count: 35
no_tick_pair_failure_count: 0
same_source_file_no_tick_pair_count: 35
state_continuity_no_tick_pair_count: 35
negative_control_detected_count: 63
negative_control_count: 63
positive_control_passed_count: 6
positive_control_count: 6
positive_controls_fixture_only: true
```

## What It Adds

The R3 capture matrix is a contract. This guard is the enforcement layer.

It rejects final runtime evidence when any event has:

```text
proof.projection=true
missing schema_version
missing timestamp
invalid timestamp
duplicate event_id
missing entity_id
missing entity_type
entity_type mismatch
missing causal_chain_id
missing field.state_before or field.state_after
missing proof_hash
invalid proof_hash format
duplicate proof_hash
duplicate proof_ref
duplicate source.file_name + source.line
unsafe source.file_name with path separators, traversal or local-path markers
source.line regression inside the same source.file_name stream
missing proof.native=true
invalid source.format
missing source.file_name
missing source.line
missing or invalid tension.score
missing or invalid tension.threshold
missing or invalid tension.gate_delta
non-finite tension.score or tension.threshold
unknown original_event_id
missing r3_runtime_slot_id
original event mismatch
R3 runtime slot mismatch
entity mismatch
precheck and commit without shared causal_chain_id
commit timestamp before or equal to precheck timestamp
commit JSONL line before or equal to precheck JSONL line
precheck and commit emitted by different source.file_name values
commit field.state_before not equal to precheck field.state_after
commit source.line before or equal to precheck source.line
commit authority below H2
commit action mismatch
precheck decision.reason mismatch
commit decision.reason mismatch
precheck field.state_before equal to field.state_after
commit field.state_before equal to field.state_after
precheck field.state_after mismatch
commit field.state_after mismatch
missing native target rules
precheck missing target heuristic rules
unknown heuristic rule
duplicate heuristic rule
precheck that executes instead of suppressing
```

## Required Runtime Pair

Every R3 slot must contain:

```text
1 native no-tick precheck event
1 native collapse commit event
same causal_chain_id
causal_chain_id not reused across different slots
commit timestamp > precheck timestamp
commit JSONL line > precheck JSONL line
same source.file_name across precheck and commit
commit field.state_before = precheck field.state_after
commit source.line > precheck source.line
unique event_id values
unique proof_hash values
unique proof_ref values
unique source.file_name + source.line values
public-basename source.file_name values
monotonic source.line values inside each source.file_name stream
known, non-legacy and unique heuristic rules
precheck and commit include all target heuristic rules for the slot
proof_ref in runtime:<slot-id>:<role> form
proof_hash bound to the event identity and source-location payload
source.file_name present
source.line present
source.sanitized=true
precheck decision.reason=native_authority_precheck_no_tick
commit decision.reason=native_runtime_commit
precheck field.state_after=suppressed
commit field.state_after=committed
gate_delta equal to score - threshold
precheck gate_delta <= 0
commit gate_delta >= 0
event_type matching the slot contract
exactly one precheck and one commit per slot
runtime event count equal to the declared requirement
```

The precheck proves that PNVA can observe and suppress without waking blindly.

The commit proves that PNVA can act with hard-authority heuristics when collapse is justified.

## Negative Controls

The guard runs internal rejection controls before it claims readiness:

```text
reject_projection_true
reject_missing_timestamp
reject_invalid_timestamp
reject_missing_field_state
reject_missing_gate_delta
reject_gate_delta_inconsistent
reject_nonfinite_tension_score
reject_nonfinite_tension_threshold
reject_missing_entity
reject_entity_mismatch
reject_missing_entity_type
reject_entity_type_mismatch
reject_missing_chain
reject_missing_hash
reject_invalid_proof_hash_format
reject_proof_hash_binding_tamper
reject_proof_ref_role_mismatch
reject_low_authority_commit
reject_missing_target_rules
reject_precheck_missing_target_rules
reject_unknown_heuristic_rule
reject_duplicate_heuristic_rule
reject_wrong_action
reject_precheck_reason_mismatch
reject_commit_reason_mismatch
reject_precheck_state_after_mismatch
reject_commit_state_after_mismatch
reject_precheck_state_transition_missing
reject_commit_state_transition_missing
reject_precheck_event_type_mismatch
reject_commit_event_type_mismatch
reject_precheck_execution_action
reject_precheck_positive_gate_delta
reject_commit_negative_gate_delta
reject_missing_slot_id
reject_slot_id_mismatch
reject_original_event_mismatch
reject_missing_native_proof
reject_invalid_source_format
reject_missing_source_file_name
reject_unsafe_source_file_name
reject_missing_source_line
reject_source_location_hash_tamper
reject_unsanitized_source
reject_duplicate_event_id
reject_duplicate_proof_hash
reject_duplicate_proof_ref
reject_duplicate_source_location
reject_source_line_regression
reject_causal_chain_slot_collision
reject_no_tick_pair_chain_mismatch
reject_commit_before_precheck
reject_commit_log_line_before_precheck
reject_commit_source_line_before_precheck
reject_no_tick_pair_source_file_mismatch
reject_no_tick_pair_state_continuity_mismatch
reject_invalid_risk_flags
reject_duplicate_risk_flag
reject_unknown_risk_flag
reject_missing_target_risk_flags
reject_precheck_missing_target_risk_flags
```

Current result:

```text
63/63 detected
```

## Positive Controls

The guard also runs fixture-only acceptance controls before it claims intake readiness:

```text
accept_cooldown_gpu_precheck
accept_cooldown_gpu_commit
accept_execute_precheck
accept_execute_commit
accept_resize_batch_precheck
accept_resize_batch_commit
```

Current result:

```text
6/6 accepted
fixture_only: true
runtime_evidence: false
```

## Instrumentation Plan Link

The next layer turns these guard rules into concrete emitter contracts:

```text
docs/PNVA_R3_RUNTIME_INSTRUMENTATION_PLAN.md
reports/pnva-r3-runtime-instrumentation-plan-2026-05-05.json
```

Current result:

```text
R3_RUNTIME_INSTRUMENTATION_PLAN_READY
35 capture slots
3 action contracts
6 event templates
70 required runtime events
28 mandatory event fields
63 negative controls
6 positive controls
```

This keeps the workflow explicit:

```text
capture matrix -> evidence guard -> instrumentation plan -> fresh runtime JSONL -> final guard acceptance
```

## Command

Guard contract only:

```bash
python3 tools/pnva_r3_runtime_evidence_guard.py \
  --write reports/pnva-r3-runtime-evidence-guard-2026-05-05.json
```

Guard fresh runtime evidence:

```bash
python3 tools/pnva_r3_runtime_evidence_guard.py \
  --runtime-events path/to/fresh-runtime-events.jsonl \
  --write /tmp/pnva-r3-runtime-evidence-guard.json
```

## Boundary

This guard now accepts the public slot-bound native runtime evidence sample.

It deliberately records:

```text
runtime_evidence_present: true
runtime_evidence_approved: true
runtime_acceptance_complete: true
```

That makes PNVA more robust because the accepted runtime sample has already passed a strict intake boundary, and future samples must pass the same boundary before cutover state can remain valid.

## Sovereign Rule

Projected evidence can guide engineering, but it cannot become final runtime evidence.

The final R3 runtime package must be native, entity-bound, no-tick paired, H2+ authorized and proof-clean.