AKIOS
Core Concepts
Security-first runtime for AI agents: sandbox, PII redaction, audit, and cost/loop kills on every run.
Platform security levels
| Environment | Security level | Notes |
|---|---|---|
| Native Linux + sudo | Full (kernel-hard: cgroups v2 + seccomp-bpf) | Maximum isolation and enforcement |
| Native Linux without sudo | Strong (policy-based, graceful degradation) | Most protections still active |
| Docker (macOS/Windows/Linux) | Strong (policy-based) | Cross-platform; host FS perms/seccomp depend on host |
Docker is convenient and strong; use native Linux for the strictest guarantees (filesystem perms + seccomp on host).
Core protections
- Sandbox & quotas: syscall filtering, CPU/memory/file limits, default-deny network.
- PII redaction: 53 detection patterns across 6 categories on inputs/outputs, configurable aggressiveness.
- Audit: Merkle-style, tamper-evident logs with PDF/JSON export.
- Cost/loop kills: budgets and token caps, loop detection.
Core agents (4)
- filesystem — read/write/list/stat/exists within allowed paths.
- http — rate-limited (10 req/min) web/API calls with PII redaction.
- llm — token/cost-tracked calls to OpenAI, Anthropic, Grok, Mistral, Gemini, AWS Bedrock (v1.0.13+).
- tool_executor — allowlisted commands (17 safe commands) in a sandboxed subprocess.
Environment detection (v1.0.5+)
AKIOS auto-detects its runtime environment at startup (<5ms):
- Container type: native, Docker, Kubernetes, Podman, CI/CD (GitHub Actions, GitLab, Jenkins)
- Terminal capabilities: Unicode support, color depth, TTY detection
- Adjusts defaults (symbol mode, colors, output format) per environment
Rich terminal UI (v1.0.5+)
Semantic color scheme with structured output: print_success(), print_warning(), print_error(), print_table(), print_panel(). Respects NO_COLOR and FORCE_COLOR standards.
Accessibility (v1.0.5+)
- Symbol modes: Unicode (default), ASCII (CI/log-safe), Minimal (screen readers)
- Colorblind modes: protanopia, deuteranopia, tritanopia, achromatopsia
- 7 built-in themes: default, dark, light, nord, solarized-dark/light, high-contrast
Workflow validation
YAML workflow definitions are validated at load time against the workflow schema. Validation catches structural errors, missing agent references, and invalid step configurations before execution begins.
akios workflow validate my_workflow.yml
Audit management
Audit logs support rotation and statistics. Rotate creates a new audit chain while archiving the old one. Stats shows aggregate metrics across the audit trail.
akios audit rotate
akios audit stats
Cage controls
The security cage supports ablation flags for benchmarking individual components and configurable erasure for secure data destruction.
Ablation flags — Run with specific protections disabled to benchmark overhead:
akios cage up --no-pii # Disable PII redaction only
akios cage up --no-audit # Disable audit only
akios cage up --no-budget # Disable budget enforcement only
Secure erasure — Configure data destruction passes on cage teardown:
akios cage down # Deletes audit/ and data/output/ (input preserved since v1.0.14)
akios cage down --wipe-all # Full erasure including data/input/
akios cage down --passes 3 # DOD 5220.22-M (3-pass)
akios cage down --fast # Truncate-only (dev/CI)
EnforceCore
The enforcement engine inside AKIOS has been extracted into an independent open-source framework: EnforceCore. Now in beta (v1.0.0b3) with a frozen 30-symbol API, EnforceCore provides the same policy enforcement, PII redaction, Merkle audit, and resource guards — available to any Python agent framework under Apache 2.0.
Architecture
Single-process runtime, no sidecars. State is ephemeral per run; persistence is file-based (data/, audit/). Deployable as pip package or Docker (wrapper or direct). Minimal surface = easy to audit and operate in air‑gapped or high-assurance environments.