██╗ ██╗███████╗██╗ ██╗ ██╗██████╗ █████╗ ██║ ██╔╝██╔════╝██║ ╚██╗ ██╔╝██╔══██╗██╔══██╗ █████╔╝ █████╗ ██║ ╚████╔╝ ██████╔╝███████║ ██╔═██╗ ██╔══╝ ██║ ╚██╔╝ ██╔══██╗██╔══██║ ██║ ██╗███████╗███████╗██║ ██║ ██║██║ ██║ ╚═╝ ╚═╝╚══════╝╚══════╝╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝
Kelyra combines a local CLI, SWD verification, policy gates, proof bundles, and a watch-only console preview before token-holder access opens.
$ kelyra swd apply --stdin --json
✔ Verified: PATCH src/auth.ts
✔ Receipt saved: swd-20260526-8f1c2a
$ kelyra proof share swd-20260526-8f1c2a
Verification demo
Kelyra does not ask reviewers to trust a model narrative. It turns each file edit into a claim, checks it against disk state, and records the outcome.
Normal edit
The model proposes a PATCH, SWD applies it, hashes the result, and saves a receipt.
── SWD Verification ──
✔ Verified: PATCH src/auth.ts
✔ Receipt: swd-20260526-8f1c2a
Tokens: 4,812 total via anthropic
Budget: 4,812/500k · 1/3 turns · ~$0.024Mismatch
If the model claims a write that did not happen, Kelyra returns actual state instead of accepting the story.
✖ Verification failed
Expected: 9b2d3c1a
Actual: 44f0aa91
Correction turn:
The file differs from your declared CONTENT_HASH.
Re-read README.md and submit a corrected FILE_ACTION.Policy gate
Sensitive files and command surfaces are blocked or require explicit opt-in, even for external agents.
{
"ok": false,
"rejected": [{
"path": ".env",
"risk": "block",
"reason": "Sensitive file writes are blocked"
}]
}Entry points
Kelyra can run the agent, learn repo rules, or act as the verified file-edit boundary for another agent.
For developers who want Kelyra to call a configured provider and verify every file edit.
kelyra init
kelyra run "explain this repo"
For teams that want repo rules, review expectations, and risk surfaces active every session.
kelyra learn
kelyra run --file TASK.md -s repo
For MCP clients or external agents that need dry-runs, verified applies, rollback, and receipts.
kelyra mcp
swd_dry_run / swd_apply
For teams that need local readiness checks, CI failure explanations, static proof pages, and hosted receipt history.
kelyra doctor
kelyra ci explain
Proof first
Kelyra snapshots the filesystem before and after model output, verifies the declared action, records the result, and exports a bundle reviewers can inspect without trusting a chat transcript.
Models must declare file actions. Kelyra checks disk reality before accepting the result.
Each verified run records hashes, provider, branch, policy, and chain context.
Teams can require signatures, block risky paths, and enforce receipt-backed changes in CI.
Portable proof bundles and static HTML pages expose file status, integrity, signature state, chain state, and diffs.
How it works
Use Kelyra chat/run, MCP, or external-agent JSON and FILE_ACTION output.
Paths are constrained, sensitive files are blocked, and policy is loaded.
The engine snapshots before and after state, hashes files, and rolls back failed writes.
Successful writes produce local receipts, proof bundles, share pages, and CI-verifiable evidence.
Console surface
The CLI stays useful without accounts or tokens. Kelyra Console first ships as a public preview for the proof workflow, then unlocks hosted chat, Pulse, Forge, and receipt history for KELYRA token holders.
Access model
Open-source CLI for local SWD verification, receipts, policy checks, proof sharing, diagnostics, and CI gates.
Public watch-only preview first; token-holder workspace for proof chat, hosted jobs, quota-aware app tools, and receipt history next.
Quick start
npm install -g kelyra
kelyra doctor
kelyra providers check
kelyra console