Deployment (AKIOS V1.0)

Minimal, security-first deployment: single-process runtime via pip or Docker. No sidecars, no reverse proxies, no multi-service stacks.

Scope (what’s supported)

• Pip package (Linux: kernel-hard security; macOS/Windows: standard isolation).
• Docker container (cross-platform, policy-based security).
• Optional minimal Dockerfile and a single-service example only.

Out of scope (V1.0)

No compose stacks, db/redis, proxies, monitoring, systemd, scaling, hardening scripts. Keep it single-container/single-binary.

Minimal Docker example

FROM python:3.12-slim
RUN pip install akios
CMD ["akios", "run", "/app/templates/hello-workflow.yml"]

docker run --rm -v $(pwd)/templates:/app/templates akios:latest

Security Hardening

Run as Non-Root

The official AKIOS Docker image runs as a non-root user by default (UID 1000) since v1.0.10. If you build a custom image, always add a non-root user:

# Custom Dockerfile — create non-root user
RUN useradd -m -u 1000 akios
USER akios

# Or use --user flag at runtime
docker run --user 1000:1000 my-akios-app

File Permissions

Secure your configuration:

# Restrict .env access
chmod 600 .env

# Read-only config
chmod 644 config.yaml

# Protect audit logs
chmod 700 audit/

Network Isolation

No ports open by default (AKIOS doesn't listen):

# AKIOS runs as isolated process
# No need for --network host
docker run --rm my-akios-app

API Key Management

Keep keys secure:

✓ Do:

• Use different keys per environment
• Rotate keys regularly
• Use Docker secrets or cloud key management
• Never commit .env to git

× Don't:

• Share keys between dev/prod
• Hardcode keys in Dockerfile
• Use the same key for multiple projects

Monitoring & Health Checks

Basic Health Check

# Check if AKIOS is healthy
akios status

# Exit code 0 = healthy, non-zero = unhealthy

Structured Logging

Since v1.0.10, AKIOS uses Python's logging module with structured JSON output instead of plain print() calls. Set the log level via config.yaml or environment variable:

# Set log level
export AKIOS_LOG_LEVEL=DEBUG

All log entries include timestamp, level, module, and message fields for easy integration with log aggregation tools.

Monitoring Audit Logs

# Watch audit events
tail -f audit/audit_events.jsonl

# Export for analysis
akios audit export --format json > audit-report.json

Disk Space Monitoring

AKIOS writes to:

• ./data/ - Workflow inputs/outputs
• ./audit/ - Audit trail

# Monitor disk usage
df -h .

# Clean old runs
akios clean --old-runs 7

Troubleshooting Production Issues

Docker Image Stale

# Force pull latest
AKIOS_FORCE_PULL=1 ./akios status

# Or manually
docker pull akiosai/akios:v1.0.15

Linux Kernel Requirements

For maximum security on Linux:

• Kernel >= 5.4
• seccomp-bpf support
• cgroups v2 enabled
• System packages: libseccomp-dev and python3-seccomp

# Check kernel version
uname -r

# Check seccomp
grep SECCOMP /boot/config-$(uname -r)

# Install required packages (Debian/Ubuntu)
sudo apt install libseccomp-dev python3-seccomp

Configuration Validation

# Validate before deploying
akios status --verbose

# Check configuration
cat config.yaml

What V1.0 Doesn't Include

AKIOS V1.0 focuses on single-process security:

Not included:

• Docker Compose stacks
• Database/Redis integration
• Reverse proxies
• systemd services
• Auto-scaling
• Built-in monitoring dashboards

Future versions will add enterprise deployment features. For now, keep it simple: one container, one workflow, maximum security.

Legal & Compliance Notes

AKIOS is a security tool, not a guarantee. Users are responsible for compliance with applicable laws and regulations in their jurisdiction. The security cage reduces risk but does not eliminate it. Always validate outputs and run AKIOS in appropriate environments for your security needs. See the Security page for compliance frameworks supported by audit exports.

Production Checklist

Before deploying to production:

✓ Security

• Run as non-root user
• .env file permissions set to 600
• Different API keys for prod/dev
• Audit logging enabled
• PII redaction enabled

✓ Configuration

• Production config tested
• Budget limits set appropriately
• Network access restricted (unless needed)
• Resource limits configured

✓ Monitoring

• Health check configured
• Disk space monitoring
• Audit log rotation
• Alert webhooks configured

✓ Testing

• Workflow tested in staging
• Error handling verified
• Mock mode tests pass
• Real API tests pass

AWS EC2 Deployment

For deploying AKIOS on AWS EC2 with performance validation, benchmarking, and cost estimation, see the EC2 Performance Testing & Deployment Guide which covers:

• Instance selection and sizing
• Performance baselines and projections
• Complete setup walkthrough
• Security best practices for cloud deployment
• Cost estimation and optimization

Related Docs

• Configuration - All config options
• Security - Security features
• Best Practices - Production patterns
• EC2 Deployment Guide - AWS cloud deployment with benchmarks