High-risk tools in Kernelcad
5 of the 48 tools in Kernelcad are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
design_loopExecuteRun an agent CAD design loop over one or more attempt scripts: review each attempt with review_cad, continue past functional attempts that still have unresolved review warnings,...
-
evaluate_scriptExecuteRun a kernelCAD .kcad.ts script and report pass/fail + feature count + diagnostics. Pass either { file: "<path>" } or { code: "<inline source>" }.
-
review_cadExecuteRun the deterministic CAD review loop: evaluate the script, validate the assembly/mate graph, check mate connectors touch modeled material, sample declared mate limits, optional...
-
solve_matesExecuteRun the v0.6 mate-graph solver on the active assembly. Returns { status, poses, iterations? } where each pose is a serialized Transform ({ translation, rotateAxis, rotateDeg })....
-
trace_from_imageExecuteTrace pixel-space features from a reference photo into normalized [0..1] waypoints the agent can map to mm via a known scale anchor and feed to path().spline / path().nurbsSegme...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.