Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Architecture

Akshi ships as a single Rust binary (akshi) that runs agents, routes inference, brokers secrets, enforces policy, and serves a dashboard — all in one process.

Runtime model

The runtime uses a supervisor tree inspired by Erlang/OTP. Each agent gets its own OS thread (sync mode) or Tokio task (async mode). Sync mode is the default and the only mode shipped today — it keeps the execution model simple and deterministic.

When you run akshi run, the process:

  1. Loads runtime.toml and resolves agent definitions.
  2. Spawns the supervisor tree.
  3. Starts the dashboard HTTP server (default port 3210).
  4. Launches each agent in its own supervised thread.

If an agent panics or exceeds its fuel budget, the supervisor restarts it according to the configured restart policy.

Five subsystems

SubsystemResponsibility
SupervisorLifecycle management, restart policies, health tracking
Protocol RouterInference routing — picks local or cloud provider per request
Secrets BrokerCredential injection at the sandbox boundary
Policy EngineApproval gates, risk scoring, spend limits
Discovery ServicemDNS/DHT peer discovery, mesh transport selection

These subsystems are composed inside the single binary. There are no separate daemons or sidecar processes.

Request pipeline

A typical agent action flows through this pipeline:

Incoming request
    → Protocol Router (select inference provider)
        → Supervisor (locate target agent thread)
            → WASM Sandbox (execute agent code)
                → Host capabilities (db, journal, http_fetch, infer, …)
    ← Response back through the chain

The sandbox boundary is the security perimeter. All host capability calls cross this boundary and are subject to capability checks, broker interception, and policy evaluation.

Dashboard

The built-in HTTP server exposes:

  • A web dashboard for monitoring agents, approving actions, and viewing logs.
  • REST API endpoints for programmatic access.
  • SSE streams for real-time event feeds.

The dashboard binds to 0.0.0.0:3210 by default. Override with the dashboard.port setting in runtime.toml or the AKSHI_DASHBOARD_PORT environment variable.

What is not in the runtime

  • No orchestrator process. Agents coordinate through the journal and A2A protocol, not a central controller.
  • No external database required. State lives in per-agent Automerge documents on the local filesystem.
  • No container runtime. WASM sandboxing replaces container-based isolation for Tier 1 agents.