DEV Community

Radoslav Tsvetkov
Radoslav Tsvetkov

Posted on • Originally published at radotsvetkov.github.io

Why I built Akmon, the AI coding agent for regulated engineering

#ai #rust #devops #security

For the last two years I have watched the same conversation happen in every regulated engineering team I work with. Someone tries the new AI coding agent. It writes a real diff. The team is impressed. Then somebody asks the question that ends the experiment.

If we merge this, what do we tell the auditor?

The agent did the work. The session was a TUI window that closed. The diff is in git. The reasoning is gone. Whatever policy the agent used, whatever model version it called, whatever tool it ran, none of that survived. In a hobby project that is fine. In avionics, in a medical device, in a SOC 2 release process, in a CMMC-bound codebase, that is a hard stop.

This post is the short story of why I started Akmon, what it actually is, and the small set of commands you can try this afternoon.

The problem in one sentence

AI coding agents produce code. They do not produce evidence. In regulated engineering, code without evidence is a liability.

By "evidence" I mean an artifact that lets a reviewer answer five questions without your help.

  1. What did the agent read?
  2. What tools did it call, with what inputs?
  3. What changed on disk?
  4. Which policy decision allowed each side effect?
  5. Can we replay the session and confirm the artifact is intact?

These are not exotic asks. They are the same questions a careful human reviewer asks of a colleague's branch. The difference is that an agent does ten times the moves in one tenth the time, and the rest of the system has not caught up.

What I tried first

The first instinct, the same one I had, is to slap a logger on the agent. That helps for a week.

Then you discover three things.

First, logs are not evidence. Logs are a developer's artifact. Evidence is a reviewer's artifact. The shape is different, the audience is different, and the integrity guarantees are different.

Second, the chain is the point. A flat log file does not let you say "this file change was caused by that tool call which was caused by that model response". You need a chain of events, ordered, with parent linkage.

Third, the export is the work. The audit will not happen on your laptop. The bundle has to travel. It has to verify offline. It has to be portable across machines that have never seen your repo.

By the time I had stitched all of that together with shell scripts, I had a small, ugly piece of infrastructure. I deleted the scripts and started Akmon.

What Akmon is, in one paragraph

Akmon is a single Rust binary. It is an AI coding agent (interactive TUI plus a headless --task mode), built for environments where the agent's reasoning, tool calls, and file changes have to be reviewable later. Every session writes a tamper-evident, content-addressed audit chain to .akmon/audit/<session-id>.jsonl and a structured evidence summary to .akmon/evidence/<session-id>.json. Sessions can be replayed deterministically, compared with diff, redacted before external review, and exported as portable AGEF bundles.

Akmon supports Anthropic, OpenAI, OpenRouter, Groq, Azure OpenAI, Bedrock, OpenAI-compatible endpoints, and Ollama. Model choice is operator controlled. There is no hosted runtime to log into. You run it on your laptop, your CI runner, or your hardened SSH host.

License is Apache-2.0. The repo is at github.com/radotsvetkov/akmon. v2.0.0 is the current line.

Five commands you can try this afternoon

Install the binary, then walk this short pipeline.

# Run a small headless task in your project.
cd your-project
akmon --yes --output json --task "summarize failing tests and propose minimal fixes" | tee run.json

# Verify the tamper-evident audit chain for the session.
akmon audit verify .akmon/audit/<session-id>.jsonl

# Verify the evidence schema and the linkage to the audit chain.
akmon evidence verify .akmon/evidence/<session-id>.json

# Enforce a single-run SLO check.
akmon slo verify .akmon/evidence/<session-id>.json --strict

# Detect regressions vs a historical baseline.
akmon slo trend .akmon/evidence/<session-id>.json \
  --baseline-dir .akmon/evidence/history \
  --window 20 \
  --strict
Enter fullscreen mode Exit fullscreen mode

Five commands, five exit codes, five crisp signals. None of them depend on a dashboard. All of them gate cleanly in CI.

The one design decision that matters most

Akmon ships as a single Rust binary on purpose. That choice does work most teams underestimate.

  • Runtime state is explicit. There is no plugin runtime to drift.
  • Behavior is reproducible across laptops, CI runners, SSH hosts, and air-gapped environments.
  • Troubleshooting tends to focus on policy, providers, repository state, or model behavior. Not host runtime mismatch.

If two machines run the same Akmon version, you can treat them as equivalent. That sounds boring. It is the difference between a tool you can support and one you cannot.

Policy is a deterministic merge

Policy in Akmon comes from four layers, in a fixed order:

  1. Built-in profile (dev, staging, prod).
  2. Policy packs (TOML or JSON files in .akmon/policy-packs/).
  3. Project-local policy (.akmon/policy.toml or .akmon/policy.json).
  4. CLI override (--policy-override).

Within each layer, list fields append and deduplicate while keeping the last occurrence, so higher precedence keeps later rule order. The effective policy is inspectable.

akmon policy show-effective --profile prod \
  --policy-pack .akmon/policy-packs/org.toml \
  --policy-pack .akmon/policy-packs/team.toml
Enter fullscreen mode Exit fullscreen mode

Tickets that start with "I think the policy was" become tickets that end with "the policy was, here is the merged TOML".

Why an open evidence format

After Akmon's audit chain was working, the next gap was portability. A reviewer who needs to confirm a session should not need Akmon installed. They should need a verifier and a bundle.

That is what AGEF is. AGEF is the Agent Governance Evidence Format. It is an open spec, governed in its own repo at github.com/radotsvetkov/agef. A bundle is a tar.zst archive with manifest.json, an events.bin stream of length-delimited canonical CBOR records, and a directory of content-addressed objects/<hex> files. The current spec text is v0.1.1; the wire format version is 0.1. Spec text is CC BY 4.0. Code is Apache-2.0.

Akmon is the reference implementation. The journal substrate (akmon-journal) is a Substrate Profile under AGEF v0.1. Bundle Profile (full export and import) is part of Akmon Phase 4.

I will go deep on AGEF in the next post. The point for this one is that the format is real, written, and meant to outlive any one tool, including mine.

Who Akmon is for

Three concrete audiences, in order.

First, senior engineers in regulated codebases. Avionics (DO-178C, DO-330 tool qualification), medical devices (IEC 62304), automotive (ISO 26262, ASPICE), industrial control (IEC 61508), defense (CMMC). If your build process treats unreviewable AI output as inadmissible, Akmon is built for you.

Second, DevSecOps and platform engineers in finance. SOC 2 evidence, internal audit on AI use, vendor risk on model providers. The trust pipeline maps cleanly to these controls.

Third, AI tooling leads at companies that have rolled out AI coding tools and now have to answer the next layer of questions about provenance, regression detection, and review fatigue.

If none of that fits, you might still find the format interesting. AGEF is meant to be useful beyond Akmon.

What Akmon is not

A few things to keep the conversation honest.

  • Akmon is not the fastest autocomplete. It is the agent that records what it did. If your workflow does not need that, the trade may not be worth it.
  • Akmon is not a hosted SaaS runtime. You run the binary. Your data stays where you put it.
  • Akmon is not a guarantee that the model behaves. The model is the model. Akmon makes the consequences of misbehavior bounded, observable, and provable.

That last point matters. Governance is not the absence of bad behavior. It is the ability to prove what happened.

Where to start

If anything in this post hit close to home, the smallest first step is one minute long.

  1. Install the binary.
  2. Run akmon --yes --task "..." on a sandbox project.
  3. Run the five-command trust pipeline above.
  4. Open the AGEF section of the docs and read what a manifest.json and an events.bin look like. Pretend you are the reviewer.

If that bundle answers the five questions in the second section without your help, you have closed the gap I described at the start of this post.

The repo is at github.com/radotsvetkov/akmon.

The format spec is at github.com/radotsvetkov/agef.
The site lives at radotsvetkov.github.io/akmon.

Top comments (0)