Skip to content

Declared behavior

The Observer learns what an agent normally does. You can also tell Kaizen what an agent is expected to do, its declaration, and anything observed outside it is flagged as undeclared. The learned baseline catches drift over time; the declaration catches the things you can name up front.

What you declare

  • Destinations the agent should connect to (domains or IPs).
  • Tools the agent should use.

Anything else, an undeclared destination or tool, becomes an anomaly the moment it is observed, whether or not the agent has "gotten used to" it.

Where you declare it

In code, at attach time, by the developer who knows the agent's intended surface:

kz = Kaizen(api_key="kz_live_...", agent="pay-bot")
kz.declare(
    tools=["lookup_order", "issue_refund"],
    destinations=["api.stripe.com", "db.internal"],
)

In the console, by the security team: open an agent and edit its Declared (expected) behavior.

Declared vs actual

This is the saying-vs-doing check made explicit. The declaration is what the agent is meant to do; the observations, tool calls and the real connections from the egress proxy, are what it actually does. A divergence is flagged:

undeclared: this agent connected to a destination it never declared (45.9.148.108).

Declarations are optional and per-agent. An agent with no declaration is checked against its learned baseline only. The two work together: the declaration is the floor you set, the baseline is what Kaizen learns on top.