Lelu Engine Overview

Introduction

Lelu is a policy engine for AI-driven systems. It combines Rego-based authorization, confidence-aware decisioning, human approval queues, and auditable enforcement so teams can ship AI agents without giving up control.

Features

Lelu includes the core building blocks needed to govern AI actions in production, with simple defaults for development and stronger controls for enterprise workloads.

Confidence-aware policies

Author policies that branch on confidence score instead of binary allow/deny only.

Human-in-the-loop approvals

Automatically queue risky operations for reviewers before execution.

Token lifecycle control

Mint short-lived tokens for approved actions and revoke them when needed.

Audit-ready trail

Track every decision and approval with immutable, compliance-friendly records.

Installation

Get started with Lelu in less than 5 minutes.

Architecture

Learn how Lelu works under the hood.

The Problem with Traditional Auth

Traditional authorization systems (like RBAC or ABAC) are binary: a user either has permission or they don't. But AI agents operate on probabilities. When an AI agent tries to execute a trade, delete a database, or send an email, you don't just want to know if it has permission—you want to know how confident it is.

The Lelu Advantage

Confidence-Aware Policies

Evaluate authorization requests with built-in confidence thresholds. Write rules that adapt to the AI's self-reported certainty.

Human-in-the-loop

Automatically queue risky or low-confidence actions for human review. The AI pauses until a human approves or denies the request.

Cryptographic Audit Trail

Every decision, confidence score, and human approval is cryptographically hashed and stored immutably in S3 for SOC2 compliance.

How it Works

🤖
AI Agent proposes action (Conf: 85%)
Lelu Engine evaluates Rego policy
Allow (>90%)
Review (<90%)
allow {
input.action == "trade"
input.confidence >= 0.90
}
require_approval {
input.action == "trade"
input.confidence < 0.90
}

MCP

Lelu provides an MCP server so you can use it with any AI model that supports the Model Context Protocol (MCP).

We provide a first-party MCP, powered by fastmcp. You can alternatively use zckly/mcp-server-lelu and other MCP providers.

CLI Options

Use the Lelu CLI to easily add the MCP server to your preferred client:

terminal
npx @lelu/mcp add --cursor

Manual Configuration

Alternatively, you can manually configure the MCP server for each client with the Lelu SSE endpoint:

terminal
claude mcp add --transport http lelu http://localhost:3003/sse

AI Tooling

Use Lelu tools from Cursor, Claude, or any MCP-compatible client.

LLMs.txt

Lelu supports the LLMs.txt standard for AI-friendly documentation.

Skills

Pre-built authorization patterns for common AI agent workflows.

MCP

Model Context Protocol support for seamless AI integration.

CLI Options

Command-line setup for Cursor, Claude Code, Open Code, and local development.

Manual Configuration

Full control over Lelu configuration for advanced use cases.

Last updated: Today
Next: Installation