KyroDB
Docs

Product

The context correctness runtime for production AI.

KyroDB serves context only when it can explain freshness, scope, provenance, and failure behavior. If a strict context boundary cannot be proven, KyroDB fails closed.

Read the runtime contract

Freshness contract

KyroDB never claims a proof it cannot enforce.

OwnershipWhat KyroDB controlsProof sourceFailure behavior
write_throughKyroDB owns reads and writesruntime generation + mutation ACKfail closed
event_feedKyroDB receives authoritative changesruntime generation + event ACKfail closed after ACK
snapshot_bundleReads pin immutable bundle versionsbundle version + generationfail closed if unavailable
best_effortKyroDB does not control all changestrace onlydowngrade strict

Runtime anatomy

One serving envelope for HTTP and embedded callers.

The public runtime facade and gateway share serving semantics so embedders cannot bypass auth, evidence, limits, trace coverage, or fail-closed behavior.

01

Gateway

Auth, rate limits, request validation, public-safe error serialization.

02

Planner

Freshness resolution, reuse, proof validation, packet assembly.

03

Connectors

Certified pgvector and Qdrant paths with scope enforcement and hard caps.

04

Evidence

Durable traces, feedback, replay capture, proof reports, and health.

Developer surface

Ask for context. Get a packet with evidence.

The application does not recover failed packets and guess. It either receives proof-bearing context or a public-safe fail-closed error.

POST /v1/context/retrieve

{
  "query_embedding": [0.18, -0.42, 0.77, 0.09],
  "scope": {
    "tenant_id": "acme",
    "namespace": "support",
    "entitlement_boundary": "enterprise"
  },
  "freshness_mode": "strict",
  "top_k": 8
}

-> ContextPacket {
  status: "complete",
  generation: 184,
  trace_id: "trc_7H2A...",
  omissions: ["stale_blocked: 3"],
  proof: "source_boundary_verified"
}