Skip to main content
Version: v0 (preview)

How it works

When a guarded tool is about to run, the adapter captures the action and sends it to the scoring engine. The engine returns a score; your threshold and mode decide what happens next.

What gets captured

Everything that helps judge risk is captured fresh, at call time — nothing is configured statically:

  • tool name — which capability is being invoked
  • tool arguments — where the danger lives (DELETE vs SELECT, admin vs viewer), filled in by the model at runtime
  • instructions — the agent's live mandate (its system prompt for this run). Risk is largely the mismatch between the action and the mandate.
  • conversation history — recent turns, to catch prompt-injection and off-intent actions
  • available tools, agent name, and framework runtime context

What comes back

A single risk score from 0.0 (safe) to 10.0 (dangerous) and a confidence (0–1). That's it — Kelhe deliberately does not expose which internal dimensions contributed or how they were weighted. You get the number and set the threshold.

The same action scores differently in different context. A DELETE under "clean up old data" and the same DELETE under "summarize sales" are not the same risk — the engine reads the mandate, not just the call.

Next: Observe & Enforce modes.