AKIOS Logo AKIOS
EN | FR

Core Concepts

Security-first runtime for AI agents: sandbox, PII redaction, audit, and cost/loop kills on every run.

Platform security levels

Environment Security level Notes
Native Linux + sudo Full (kernel-hard: cgroups v2 + seccomp-bpf) Maximum isolation and enforcement
Native Linux without sudo Strong (policy-based, graceful degradation) Most protections still active
Docker (macOS/Windows/Linux) Strong (policy-based) Cross-platform; host FS perms/seccomp depend on host

Docker is convenient and strong; use native Linux for the strictest guarantees (filesystem perms + seccomp on host).

Core protections

  • Sandbox & quotas: syscall filtering, CPU/memory/file limits, default-deny network.
  • PII redaction: 44 detection patterns across 6 categories on inputs/outputs, configurable aggressiveness.
  • Audit: Merkle-style, tamper-evident logs with PDF/JSON export.
  • Cost/loop kills: budgets and token caps, loop detection.

Core agents (6)

  • filesystem — read/write/list/stat/exists within allowed paths.
  • http — rate-limited (10 req/min) web/API calls with PII redaction.
  • llm — token/cost-tracked calls to OpenAI, Anthropic, Grok, Mistral, Gemini, AWS Bedrock, and Ollama (local models).
  • tool_executor — allowlisted commands (17 safe commands) in a sandboxed subprocess.
  • webhook — send notifications to Slack, Discord, Microsoft Teams, or generic HTTP POST endpoints. PII redaction on messages, HTTPS enforcement.
  • database — query PostgreSQL and SQLite with parameterized queries only (no raw SQL), DDL always blocked, read-only by default. PII redaction on query results.

Environment detection (v1.0.5+)

AKIOS auto-detects its runtime environment at startup (<5ms):

  • Container type: native, Docker, Kubernetes, Podman, CI/CD (GitHub Actions, GitLab, Jenkins)
  • Terminal capabilities: Unicode support, color depth, TTY detection
  • Adjusts defaults (symbol mode, colors, output format) per environment

Rich terminal UI (v1.0.5+)

Semantic color scheme with structured output: print_success(), print_warning(), print_error(), print_table(), print_panel(). Respects NO_COLOR and FORCE_COLOR standards.

Accessibility (v1.0.5+)

  • Symbol modes: Unicode (default), ASCII (CI/log-safe), Minimal (screen readers)
  • Colorblind modes: protanopia, deuteranopia, tritanopia, achromatopsia
  • 7 built-in themes: default, dark, light, nord, solarized-dark/light, high-contrast

Workflow validation

YAML workflow definitions are validated at load time against the workflow schema. Validation catches structural errors, missing agent references, and invalid step configurations before execution begins.

akios workflow validate my_workflow.yml

Audit management

Audit logs support rotation and statistics. Rotate creates a new audit chain while archiving the old one. Stats shows aggregate metrics across the audit trail.

akios audit rotate
akios audit stats

Cage controls

The security cage supports ablation flags for benchmarking individual components and configurable erasure for secure data destruction.

Ablation flags — Run with specific protections disabled to benchmark overhead:

akios cage up --no-pii     # Disable PII redaction only
akios cage up --no-audit   # Disable audit only
akios cage up --no-budget  # Disable budget enforcement only

Secure erasure — Configure data destruction passes on cage teardown:

akios cage down             # Deletes audit/ and data/output/ (input preserved since v1.0.14)
akios cage down --wipe-all  # Full erasure including data/input/
akios cage down --passes 3  # DOD 5220.22-M (3-pass)
akios cage down --fast      # Truncate-only (dev/CI)

Parallel execution (v1.1.0+)

Run steps concurrently with parallel: blocks in workflow YAML. ThreadPoolExecutor with max 4 workers, thread-safe execution context, and cost tracking. Kill switches evaluated between parallel groups.

Plugin system (v1.1.0+)

pip-installable agent packages via akios.agents entry points. Auto-discovery at import time via importlib.metadata. Type-checked: only BaseAgent subclasses registered.

REST API (v1.0.9+)

akios serve starts a FastAPI-based REST API with 6 endpoints: health check, workflow run, workflow list, workflow validate, status, and version.

EnforceCore

The enforcement engine inside AKIOS has been extracted into an independent open-source framework: EnforceCore. Now at v1.14.0 with a 63-symbol API, EnforceCore provides policy enforcement, PII redaction (regex + optional NER), Merkle audit with pluggable backends (JSONL, SQLite, PostgreSQL), resource guards, secret scanning, content rules, subprocess sandbox, multi-tenant enforcement, compliance reporting (EU AI Act, SOC2, GDPR), streaming enforcement, plugin ecosystem, and LangChain integration — available to any Python agent framework under Apache 2.0. Install as optional AKIOS dependency: pip install akios[enforcecore].

Architecture

Single-process runtime, no sidecars. State is ephemeral per run; persistence is file-based (data/, audit/). Deployable as pip package or Docker (wrapper or direct). Minimal surface = easy to audit and operate in air‑gapped or high-assurance environments.

ESC