| 1. Accept Business Transaction | Validates trust-chain invariants (IDs match across the chain, policy/action present) | [AVAILABLE] | BusinessTransactionValidator, packages/runtime/src/validators/BusinessTransactionValidator.ts |
| 2. Policy evaluation | Loads the exact referenced policy (name+version), evaluates signals against sequential rules, first match wins | [AVAILABLE] | PolicyRouter, PolicyEngine, CLAIMS.md 2.2/2.3 |
| 3. Execution gate | Refuses to execute when the Decision is not APPROVED or required trust artifacts are missing | [AVAILABLE] | ExecutionGate, TrustChainValidationComponent, CLAIMS.md 2.4 |
| 4. Signed Execution Authorization | Signs a payload scoped to one Decision, bound to a single-use nonce, valid only within a bounded window — only after the gate approves | [AVAILABLE] | RuntimeAuthorizationSigner, CLAIMS.md 2.8/2.12 |
| 5. Execution Gateway (content-binding) | Recomputes the executable-content hash, compares to the authorization’s businessTransactionHash, rejects a mismatch before consuming the nonce | [AVAILABLE] as a library; not invoked by the default server | ExecutionGateway.ts:141-195; see Content Binding & TOCTOU |
| 6. Connector | Forwards verified content to the target system | [AVAILABLE] (one reference implementation: HttpConnector) | packages/execution-gateway/src/HttpConnector.ts |
| 7. Execution Trust Record | Assembles the immutable record: transaction, executions, overrides, verifications, receipts, canonical hash, signature | [AVAILABLE] | ExecutionTrustRecordBuilder, CLAIMS.md 2.5 |
| 8. Verification | Recomputes hash, verifies signature, checks authorization binding on every APPROVED execution | [AVAILABLE], exactly 3 checks | VerificationService, CLAIMS.md 2.15 |
| 9. Replay | Deterministically reconstructs the recorded decision | [PARTIAL] | See Replay |