Kernel-hard sandbox · Real-time PII redaction · Merkle tamper-evident audit · Enforced cost & loop kills
Open source (GPL-3). Built for infra, app dev, and security teams.
Run agents safely in a strict sandbox (seccomp-bpf, userns). Default-deny network and filesystem access.
Hard kill-switches for API costs and infinite loops. Enforce budgets per workflow.
Real-time PII detection and redaction built-in. Protect sensitive data before it leaves the cage.
Ship auditable logs and reproducible builds. Every action is signed and traceable.
Connect tools with explicit policies, not magic. You define exactly what an agent can access.
Single binary, no heavy dependencies. Native Unix design for clean CI/CD integration.
Install the runtime on a native Unix system and run your first sandboxed agent.
AKIOS
# Install
pip install akios
# Initialize a project
akios init my-project
cd my-project
# Run the sample workflow (kernel-hard on Linux)
akios run templates/hello-workflow.ymlExpected output:
[akios] sandbox: seccomp-bpf, cgroups v2 (Linux) / policy container (Docker)
[akios] pii: redaction enabled
[akios] audit: Merkle trail initializedRuntime layers: policy engine, kernel sandbox (seccomp/cgroups), PII redaction, budget/loop kills, Merkle audit — then agents to tools/APIs under explicit policies.
The runtime enforces these controls for every agent:
Four built-ins cover typical workflows while staying inside the cage:
Allowlisted reads, optional writes; path and mode constrained.
Rate-limited requests with PII-redacted payloads and headers.
Token and cost tracking with budget kills; prompts/responses redacted.
Whitelisted commands in a sandboxed subprocess with syscall filtering.
Star on GitHub if you value secure AI.
Join the community, contribute templates, discuss use cases.
Need help or to report an issue? Use GitHub Discussions or Issues — no contact form to keep support open and transparent.
Have a question? Visit the Community page or use GitHub Discussions/Issues for open, transparent support.