Skip to content
Kairos Engine

CLI: evaluate

kairos evaluate performs a single stateless Substrate evaluation. It loads a calibration artifact and deployment policy, validates the license, and evaluates a request JSON.

Usage

Section titled “Usage”
Terminal window
kairos evaluate \
  --config artifact.json \
  --policy policy.json \
  [--license license.key] \
  [--request request.json] \
  [--hmac-secret <secret>]

Flags

Section titled “Flags”
FlagRequiredDescription
--configYesPath to the calibration artifact JSON
--policyYesPath to the deployment policy JSON
--licenseNoPath to the license key file (default: ~/.kairos/license.key)
--requestNoPath to the request JSON (reads stdin if omitted)
--hmac-secretNoHMAC shared secret for snapshot signature verification

Request Format

Section titled “Request Format”

The request JSON must be an EvaluationRequest envelope:

{
  "envelopeVersion": 1,
  "requestId": "eval-001",
  "snapshot": {
    "timestamp": "2026-03-21T12:00:00.000Z",
    "signature": null,
    "metrics": {
      "capabilityIndex": 450.0,
      "alignmentScore": 72.0
    }
  },
  "action": null,
  "actorId": null,
  "overrideToken": null
}

The snapshot.metrics must include all metrics referenced by the calibration artifact’s scaling functions.

Response

Section titled “Response”

The command prints the EvaluationResponse as pretty-printed JSON to stdout:

{
  "envelopeVersion": 1,
  "requestId": "eval-001",
  "decision": "PASS",
  "reasonCode": "NONE",
  "mode": "state_gate",
  "policyVersion": 1,
  "adapterVersion": 1,
  "evaluation": {
    "currentGamma": 0.68,
    "gammaFloor": 0.20,
    "currentLambda": 0.89,
    "stability": 2.40,
    "predictedGamma": null
  },
  "escalation": null,
  "overrideOutcome": null,
  "timestamp": "2026-03-21T12:00:00.500Z"
}

HITL Override Tokens

Section titled “HITL Override Tokens”

kairos evaluate transparently supports HITL override tokens. No special flags are needed — the overrideToken field in the request JSON is optional. When present, HITL verification is invoked automatically.

Terminal window
# Evaluate with an override token included in the request
kairos evaluate \
  --config artifact.json \
  --policy policy.json \
  --request request-with-token.json

The response will include an overrideOutcome field showing whether the token was Applied or Rejected.

stdin Usage

Section titled “stdin Usage”

When --request is omitted, the command reads from stdin:

Terminal window
cat request.json | kairos evaluate --config artifact.json --policy policy.json
Terminal window
echo '{"envelopeVersion":1,"requestId":"r1","snapshot":{"timestamp":"2026-03-21T12:00:00Z","metrics":{"capabilityIndex":450,"alignmentScore":72}}}' \
  | kairos evaluate --config artifact.json --policy policy.json

Errors

Section titled “Errors”

Errors are printed to stderr with a non-zero exit code:

ErrorCause
failed to load calibration artifactInvalid or missing artifact file
failed to load deployment policyInvalid or missing policy file
failed to parse request JSONMalformed request
License validation errorsExpired, missing, or fingerprint mismatch

Notes

Section titled “Notes”
  • evaluate uses SubstrateRuntime (stateless). It does not maintain engine state between calls.
  • Action gating and hazard gating are not available — those require SubstrateSession, available via kairos observe or the native library API.
  • The action field in the request is accepted but ignored in state-gate mode.