✦ ✦ ✦ ▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒▒ ▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒▒ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓ ▓▓ ▓▓ ▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
Prove what any AI agent did. Offline, with no lock-in.
Akmon is a tamper-evident evidence and verification layer for AI agents. It sits on top of whatever agent you already run, through OpenTelemetry or with Akmon's own reference agent, and turns every session into a portable, signed record. A third party can verify a signature offline with nothing but openssl. No Akmon install, no cloud.
Take any agent's OpenTelemetry trace, sign it, verify it, and emit a proof a stranger can check with plain openssl. The sequence below cycles through a representative run.
Step 1: import any agent's OpenTelemetry trace.
Akmon does not replace your agent. It sits on top of it and turns each session into a sealed record that someone else can verify independently, with standard tools, even on a machine that never had Akmon installed.
Import any OpenTelemetry GenAI trace with akmon otel import. It reads the v1.37 structured form and the older v1.36 message-event form that most agents still emit.
Each session is a content-addressed, hash-linked record. akmon bundle sign adds an offline Ed25519 signature over the head, so a record is attributable to a key.
akmon bundle prove-openssl writes a statement, signature, and public key. A stranger checks the signature with plain openssl, no Akmon and no cloud.
agef-verify is a small, separate binary. An auditor can confirm integrity and authorship without installing the full Akmon toolchain.
akmon bundle attest records the accountable person behind a session, signed separately from the head, so a record carries who, not just what.
Own-agent runs are full and replay deterministically. Imported traces are structural and never dressed up as full recordings. The level is signed into the record.
Evidence exports as a single content-addressed AGEF bundle (v0.1.3) you can hand off, archive, and verify anywhere. Signatures and attestations are optional add-ons.
Runs in local shells, SSH, and CI with no plugin runtime stack. Deterministic akmon replay is available for sessions Akmon produced itself.
Make a key, import any agent's OpenTelemetry trace, export a portable bundle, sign it, verify it, and emit a proof a stranger can check with plain openssl. The verification chain is the same whether the session came from Akmon's own agent or another tool. Akmon v2.2.0 implements AGEF v0.1.3.
Curious how Akmon fits alongside other agent and governance tooling? See the comparison. Short notes in the docs, not a billboard here.
GitHub Releases attach real akmon and agef-verify binaries per platform, plus a SHA256SUMS file. Writing to /usr/local/bin usually requires sudo on macOS, so installing to ~/bin avoids that. If a download is HTML instead of a binary, the matching release asset is missing (cut a v* tag after the release workflow runs).
One tool, any model. Set an environment variable and it works. No config files required to get started.
When you run Akmon's own agent, every action lands in a JSONL audit log and a content-addressed evidence record. That record is the raw material the trust layer seals, signs, and exports as a portable bundle anyone can verify later.
See exactly what changes before approving. Green for additions, red for removals.
Every tool call, permission verdict, and token usage logged with timestamps.
Sessions end with tool calls, files touched, cache savings, and USD cost.
Cache hit tokens shown in green. Session cost always visible.
Akmon is Apache 2.0, friendly to shipping CLI wrappers, internal forks, and agent experiments. Issues, docs fixes, and focused PRs are welcome.
Read the development setup, run tests with cargo test --workspace, and open a PR with a clear description.
The book covers the trust model, verifying evidence, and tutorials. Help us keep the docs sharp.
Apache 2.0 only. See license notes for why that fits agent tooling.
Turn any AI agent's session into a portable, signed record. Verify it offline with nothing but openssl, on a machine that never had Akmon installed. No cloud, no lock-in.