██╗ ██╗███████╗██╗ ██╗ ██╗██████╗ █████╗ ██║ ██╔╝██╔════╝██║ ╚██╗ ██╔╝██╔══██╗██╔══██╗ █████╔╝ █████╗ ██║ ╚████╔╝ ██████╔╝███████║ ██╔═██╗ ██╔══╝ ██║ ╚██╔╝ ██╔══██╗██╔══██║ ██║ ██╗███████╗███████╗██║ ██║ ██║██║ ██║ ╚═╝ ╚═╝╚══════╝╚══════╝╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝
Kelyra is a local execution boundary for AI coding agents. It checks file actions against real disk state, records signed receipts, and keeps risky writes behind policy.
$ kelyra swd apply --stdin --json
✔ Verified: PATCH src/auth.ts
✔ Receipt saved: swd-20260526-8f1c2a
$ kelyra proof share swd-20260526-8f1c2a
Verification demo
Kelyra turns each model edit into a claim, compares it with the actual filesystem, and records the outcome for reviewers.
Normal edit
The agent proposes a PATCH, SWD checks the result on disk, and Kelyra saves the proof.
── SWD Verification ──
✔ Verified: PATCH src/auth.ts
✔ Receipt: swd-20260526-8f1c2a
Tokens: 4,812 total via anthropic
Budget: 4,812/500k · 1/3 turns · ~$0.024Mismatch
If the agent declares a write that did not happen, Kelyra returns the actual state instead of accepting the transcript.
✖ Verification failed
Expected: 9b2d3c1a
Actual: 44f0aa91
Correction turn:
The file differs from your declared CONTENT_HASH.
Re-read README.md and submit a corrected FILE_ACTION.Policy gate
Sensitive files and command surfaces are stopped or require explicit opt-in before writes happen.
{
"ok": false,
"rejected": [{
"path": ".env",
"risk": "block",
"reason": "Sensitive file writes are blocked"
}]
}Entry points
Kelyra can run the agent, learn repo rules, or sit behind another agent as the verified file-edit boundary.
Call your configured provider through Kelyra and verify every file edit before it counts.
kelyra init
kelyra run "explain this repo"
Keep repository rules, review expectations, and risk surfaces active in every session.
kelyra learn
kelyra run --file TASK.md -s repo
Give MCP clients and external agents dry-runs, verified applies, rollback, and receipts.
kelyra mcp
swd_dry_run / swd_apply
Run readiness checks, explain CI failures, publish proof pages, and inspect receipt history.
kelyra doctor
kelyra ci explain
Proof first
Kelyra snapshots the filesystem before and after model output, verifies declared actions, and exports proof reviewers can inspect without trusting a chat transcript.
Agents must declare file actions. Kelyra checks disk reality before accepting the result.
Each verified run records hashes, provider, branch, policy, and proof context.
Teams can require signatures, block risky paths, and enforce receipt-backed changes in CI.
Portable bundles and static HTML pages expose file status, integrity, signatures, and diffs.
How it works
Use Kelyra chat/run, MCP, or external-agent JSON with declared file actions.
Paths are constrained, sensitive files are checked, and project policy is loaded.
The engine snapshots before and after state, hashes files, and rolls back failed writes.
Successful writes produce local receipts, proof bundles, share pages, and CI-verifiable records.
Console surface
Kelyra Console brings proof chat, receipt review, source-backed research, and app workspaces into one operator surface.
Access model
Open-source CLI for local SWD verification, receipts, policy checks, proof sharing, diagnostics, and CI gates.
Browser workspace for proof chat, hosted jobs, quota-aware app tools, and receipt history.
Quick start
npm install -g kelyra
kelyra doctor
kelyra providers check
kelyra console