Kelvin Core is the extension SDK for KelvinClaw. It keeps the runtime minimal while allowing pluggable implementations behind stable interfaces.
- Canonical SDK name:
Kelvin Core - Core SDK API version constant:
KELVIN_CORE_API_VERSION - Source:
crates/kelvin-core/src/sdk.rs
Extension boundaries remain trait-first:
ModelProviderMemorySearchManagerToolSessionStoreEventSinkCoreRuntime/RunRegistryfor deterministic run lifecycle semantics
Source: crates/kelvin-core/src/*.rs
PluginManifest defines extension metadata:
id,name,version,api_versioncapabilities- compatibility bounds (
min_core_version,max_core_version) experimentalflag
Source: crates/kelvin-core/src/sdk.rs
PluginCapability captures required powers:
- interface capabilities (model/memory/tool/session/event)
- privileged capabilities (
fs_read,fs_write,network_egress,command_execution)
PluginSecurityPolicy controls what is allowed at registration time.
Source: crates/kelvin-core/src/sdk.rs
check_plugin_compatibility(...) validates:
- manifest schema correctness
- API major-version compatibility
- core-version range matching
- security policy compliance
Source: crates/kelvin-core/src/sdk.rs
PluginFactory exposes concrete implementations without coupling core to vendor crates.
PluginRegistry and InMemoryPluginRegistry provide:
- plugin registration with compatibility checks
- lookup by plugin id
- manifest inventory
SdkToolRegistry provides:
- fail-fast projection from plugin metadata to runtime
ToolRegistry - duplicate-tool-name rejection
- capability/implementation consistency checks (
tool_providercapability must match actual tool export)
SdkModelProviderRegistry provides:
- fail-fast projection from plugin metadata to runtime
ModelProviderwiring - duplicate
provider_name::model_namerejection - capability/implementation consistency checks (
model_providercapability must match actual provider export)
Source: crates/kelvin-core/src/sdk.rs
kelvin-sdk ships a first-party default tool pack registered through the SDK plugin path:
fs_safe_readfs_safe_writeweb_fetch_safeschedule_cronsession_tools
Sensitive operations require explicit per-call approvals and are bounded by scope/allowlist policy.
Source: crates/kelvin-sdk/src/toolpack.rs
Current SDK tests cover:
- manifest validation failures
- policy-based capability rejection
- compatibility acceptance
- registry registration/get/list
- duplicate registration rejection
- core-version range rejection
SdkToolRegistrybuild success for registered tool plugins- rejection of missing tool implementation when
tool_provideris declared - rejection of duplicate tool names across plugins
Source: crates/kelvin-core/src/sdk.rs (#[cfg(test)])
SDK operation is governed by:
This keeps Kelvin small and stable while making plugin development predictable and safe.
Detailed security/stability test coverage matrix:
- ../security/sdk-test-matrix.md
- ../security/sdk-owasp-top10-ai-2025.md
- ../security/sdk-nist-ai-rmf-1-0.md
- root-vs-sdk.md
SDK certification command:
cargo test -p kelvin-sdkkelvin-brain now includes an installed-plugin loader that keeps plugin execution on the SDK path:
- package discovery from plugin home (
<plugin_id>/<version>/plugin.json) - manifest integrity checks (
entrypoint_sha256) and optional mandatory signatures (plugin.sig) - publisher trust policy (
PublisherTrustPolicy) with Ed25519 keys - publisher revocation checks and plugin->publisher pinning checks
- runtime capability scopes for filesystem/network access
- per-tool operational controls (timeout, retries, rate limit, circuit breaker)
Primary API:
InstalledPluginLoaderConfigload_installed_plugins(...)load_installed_plugins_default(...)load_installed_tool_plugins(...)load_installed_tool_plugins_default(...)default_plugin_home()default_trust_policy_path()
Source: crates/kelvin-brain/src/installed_plugins.rs