RuntimeGuard-AI V2 is a protocol and evidence-format rebuild centered on one boundary: a system must not claim durable audit evidence before the selected host synchronization operation completes.
Highlights:
- signed commit receipts bound to exact policy and request commitments
- explicit buffered, data-sync, and full-sync acknowledgement semantics
- strict framed-log recovery, replay idempotency, sequence continuity, and single-writer ownership
- chained signed Merkle epochs with size-bound inclusion verification
- clean-commit canonical benchmark corpus with source closure and artifact hashes
- six-page evidence-bound paper, figures-as-code, and one-command verification
Verification:
- 30 Rust tests and strict Clippy
- RustSec dependency audit
- 10 Python provenance/release tests
- canonical manifest records
git_dirty=falseand source closurepassed - final staged-tree and visual PDF audits passed
The original archived journal article at DOI 10.5281/zenodo.18527375 remains immutable. This V2 release corrects and narrows the implementation and claims; it does not overwrite that record.