Blog homeKYC for AI AgentsIntegration guideEU AI Act checklistCompare
← Back to blog
· By

Kakunin is open source, top to bottom

Kakunin is now open source, top to bottom — platform under AGPL-3.0, SDKs under Apache-2.0, all provenance-signed. Here's what's open, what's hosted, and why.

Preferred source on Google
Kakunin is open source
Table of Contents

AI agents are starting to do consequential things — move funds, execute trades, call production APIs, act on a user's behalf. And almost none of them can answer the questions a regulator, an auditor, or a counterparty will eventually ask: which agent did this? Was it authorized? Who's accountable? And can you prove it?

Right now the answer is usually a shared API key and a log file you could have edited. That doesn't survive contact with MiCA or the EU AI Act — and it shouldn't survive contact with your own risk team.

We built Kakunin to fix that, and today we're open-sourcing it — the whole thing.

What Kakunin does

Every agent gets an X.509 certificate, issued through AWS KMS so the private key never leaves the HSM. The certificate encodes the agent's permitted scope. As the agent acts, it streams behavioral events to Kakunin, which scores each one in real time against a rolling 30-day baseline. When risk crosses a threshold, the certificate is auto-revoked in under 60 seconds — and anyone can verify a certificate's status keylessly, without an account.

Issuance, behavioral monitoring, auto-revocation, and regulator-ready compliance exports — the full lifecycle, built for MiCA Article 70 and the EU AI Act.

What's open

The platform — kakunin-core, the application, the CA integration, the risk engine, the audit pipeline — is AGPL-3.0. You can read exactly how risk is scored and how revocation decisions are made. For a compliance product, that transparency isn't a giveaway; it's the entire pitch. No black box gets to decide whether your agent is trustworthy.

The SDKs and integrations — TypeScript, Python, and drop-in tools for LangChain, Mastra, the Vercel AI SDK, MCP, LlamaIndex, and CrewAI — are Apache-2.0. Build on them with no copyleft obligation. Every package publishes with cryptographic provenance, traceable to a public commit. Six public repositories, seven packages.

What's hosted, and why we're telling you plainly

The canonical certificate authority and the public verification endpoint run as a hosted service. A trust anchor you can fork is not a trust anchor: the value of a Kakunin certificate is that any counterparty can verify it against one authority, keylessly, without asking you. Key custody (KMS-backed) and independent audit-log custody are what make the evidence admissible. Run every line of the code; verify against the canonical CA. We wrote up the exact split at kakunin.ai/open-source.

Why AGPL

We chose AGPL-3.0 for the platform deliberately. It's OSI-approved open source — read it, run it, modify it. Its copyleft means anyone who offers a modified Kakunin as a network service must share their changes, which keeps the project honest and keeps us eligible for the open-source commons. The SDKs stay Apache-2.0 so nothing you integrate carries an obligation.

Try it

Install the SDK (npm install @kakunin/sdk) and you're seven lines from a certified, monitored agent — see the SDK quickstart. Or open the live sandbox — no signup — and watch an agent go rogue and its certificate revoke itself.

Where this is going

It's early and we'll say so: baselines need history to be meaningful, the hosted CA is single-region today, and the roadmap is public. If you're building agents that do things that matter — or you have opinions about how machine identity and open-core should work — star kakunin-core, read the code, and tell us where we're wrong.

Palash Bagchi
Published July 8, 2026
All articles →
Read more from the blog
Documentation →
API reference and guides