Confidence scoring
Aggregate the signals you already measure (self-reported uncertainty, evidence coverage, schema validity)
into one weighted score in [0, 1] with a per-signal breakdown and a coarse verdict.
A single, explainable number to threshold on, instead of scattered ad-hoc checks.
Typed grounding (GSAR)
The GSAR scoring core: four-way claim typology, evidence-strength weights, an asymmetric
contradiction penalty, and a three-tier decision (proceed, regenerate, replan).
A principled groundedness score that punishes contradictions harder than it rewards
support, from a published method.
Drift monitor
A per-metric baseline maintained with Welford's online algorithm, flagging any observation beyond a
z-score threshold, with an explicit insufficient-data state.
Catch a slow behavioral shift before it becomes an incident, with no history to store.
Recovery orchestrator
An ordered policy (first matching rule wins) maps an issue to a strategy: proceed, retry, rollback,
escalate, or ask a human. Safe mode and a retry budget keep it from auto-acting on serious failures.
Recovery decisions are deterministic and repeatable, not a tangle of inline if-statements.
Heuristic detectors
Model-free starters: a lexical grounding matcher turns text plus evidence into classified claims, a loop
detector flags repetition, a corruption detector flags malformed output.
The loop works out of the box; swap any detector for a real model when you need more.
Human escalation
An immutable, content-addressed escalation record carries the issue, the decision, and full context the
moment automatic recovery is not safe.
When AutoMend pauses and asks, the human gets everything they need in one object.
Tamper-evident audit
Every detection, decision, and outcome is appended to an audit log and sealed with a SHA-256 hash chain
over the Web Crypto API. Verify later that nothing was altered.
The immutable execution record EU AI Act Article 12 asks of high-risk systems.
Framework-agnostic and edge
Wrap any step with interceptors, bridge a failed MCP tool call into recovery, and run the node-free core
in Node, Cloudflare Workers, Vercel Edge, Deno, Bun, and the browser.
One reliability layer for every agent, wherever it runs, with no framework lock-in.
Zero-dependency, SLSA provenance
Zero required runtime dependencies and a core around 4.2 kB brotli. Every published version is signed with
npm publish --provenance through GitHub Actions OIDC.
Verify in one command that the tarball you installed was built from the source commit you
trust.