Home/For CTOs
CTO · Engineering

Integrate AI agent compliance into your stack.

TypeScript SDK, REST API, event streaming, and webhooks for AI agents. Issue X.509 certificates, monitor behavior, and enforce scope in production without building a PKI team from scratch.

15 minTime to first certificate
<5msLatency overhead
1,000/sEvent ingest capacity
RSA-2048AWS KMS — key never leaves
01 — INTEGRATION

Your integration path

Four steps from zero to a certified, monitored AI agent. Full TypeScript types throughout.

1

Register agent

POST /agents with metadata: name, org, permitted_actions, model_hash. Returns agent_id immediately.

kakunin.agents.create({agent_id, scope})
2

Receive certificate

X.509 RSA-2048 cert. Private key stays in AWS KMS — never exposed. Valid 365 days per MiCA Art. 70.

{ cert_pem, kms_arn }
3

Stream events

Agent streams behavioral events: transaction, data_access, api_call, auth_failure. 1,000 events/sec capacity.

events.ingest(agent_id, event[])
4

Handle auto-revocation

Risk score >0.85 triggers auto-revoke in <60s. Webhook fires. Enforce via /v1/verify at the edge.

webhooks.on('certificate.revoked')
02 — SDKs

Available SDKs & languages

TypeScript (@kakunin/sdk)

Zod validation, automatic retry, sandbox mode. Full type safety. Production-ready.

npm install @kakunin/sdk

REST API (all languages)

OpenAPI 3.0 spec. JSON/REST. Available now for Python, Go, Java, and any HTTP client.

/api/v1/agents · /api/v1/events

MCP server

Model Context Protocol integration. AI agents can self-register and self-certify via MCP.

MCP docs

Python (V1.1 roadmap)

Coming Q3 2026. Early access for enterprise customers. REST API available today.

Coming soon
03 — PERFORMANCE

Engineering specs

Event ingestion

1,000 events/second capacity. Rolling 30-day risk score. p99 latency: 200ms ingestion, <5ms verification overhead.

Certificate issuance

Register + certify first agent: <3 seconds end-to-end. Async via QStash for scale. KMS RSA-2048 signing.

Auto-revocation

SLA: certificate revoked within 60 seconds of threshold breach. Webhook delivered within 5 seconds.

Public verification

Regulators verify at /v1/verify — no auth, <500ms p99, globally CDN-cached. Zero overhead on your stack.

05 — ARCHITECTURE

Non-Human Identity (NHI) architecture

Non-human identity (NHI) is the cryptographic layer that distinguishes a trusted AI agent from a rogue script. Kakunin is the NHI infrastructure layer for agent-native teams — purpose-built for systems that act at machine speed in regulated environments.

For a buyer-facing explanation of the same model, see the non-human identity overview. If you want to pressure-test the control path before writing code, the live sandbox shows the revocation flow end to end.

Why machine identity matters

AI agents operating in financial services, healthcare, or critical infrastructure need verifiable machine identity before touching regulated systems. Without it, an agent is indistinguishable from a compromised automation or a supply-chain injection. X.509 certificates encode operator, model version, and permitted scope — tamper-proof, publicly verifiable, regulator-readable.

Certificate-bound scope enforcement

Permitted actions are encoded in the X.509 certificate at issuance — not in application config, not in a database row. An agent with read:invoicesin its cert physically cannot perform write:payments, even if the application code is compromised. Scope is cryptographic, not advisory.

Short-lived credentials by default

X.509 certificates expire. Static API keys do not. Every Kakunin-issued certificate has a maximum 365-day validity window — and can be configured shorter for high-risk agents. Expiry forces rotation, limits blast radius, and satisfies MiCA Art. 70 without any manual credential hygiene process.

Public verification, no account required

Any counterparty, regulator, or downstream service can confirm an agent's machine identity via GET /v1/verify/{serial} — no Kakunin account, no API key, under 500ms. The verification response includes operator, scope, model hash, validity window, and revocation status.

06 — KEY CUSTODY

AWS KMS key custody — private keys that never leave hardware

AWS KMS HSM-backed RSA-2048 keypairs. The private key is generated inside the hardware security module and never exported — not to Kakunin, not to your application, not anywhere.

AWS KMS — why it matters for agents

Traditional agent deployments store private keys in environment variables, secrets managers, or worse — application code. A single leaked key compromises every agent sharing it. AWS KMS eliminates this: the key is generated inside the HSM, signing operations are delegated to KMS directly, and Kakunin stores only thekms_key_arn — never the key material.

Per-agent KMS keys

Each agent gets its own AWS KMS RSA-2048 keypair. Revoking one agent does not affect any other agent's key. The blast radius of a compromised agent is bounded to that agent's certificate serial — not the entire fleet. AWS KMS key deletion is scheduled automatically on retirement.

Signing at the edge

When an agent needs to sign a request payload, your code callsPOST /v1/agents/{id}/sign. Kakunin delegates the signing operation to AWS KMS, returns the base64 signature, and logs the event. The private key never transits the network. The receiver verifies via POST /v1/verify/message.

Audit trail for every KMS operation

AWS KMS generates a CloudTrail entry for every key usage. Kakunin writes a corresponding entry to the immutable behavioral log. Two independent tamper-proof records for every signing operation — satisfying the most demanding audit requirements with zero additional instrumentation from your team.

07 — ZERO-TRUST

Zero-trust agent authentication

Never trust, always verify — applied to the agent layer. Every inbound agent request is verified against a live certificate status check before reaching your services.

mTLS gateway enforcement

Add the Kakunin gateway middleware once. Every inbound agent request must present a valid X-Kakunin-Cert-Serial header. The middleware calls/v1/verify/:serial — public, no credentials — and blocks any request from a suspended or revoked agent before it reaches your application layer. Under 5ms overhead.

kakuninEnforce(req, res, next)

mTLS flow

Agent
  │ presents X-Kakunin-Cert-Serial
  ▼
Gateway Middleware
  │ GET /v1/verify/:serial (< 5ms)
  ▼
Kakunin CA
  │ returns { status, scope, risk_score }
  ▼
Gateway
  │ status=active? pass │ revoked? 403
  ▼
Your Service

Scope enforcement at the border

The verify response includes the agent's permitted_actions array. Your gateway compares the requested action against the cert-bound scope before the request hits your business logic. An agent trying to call an endpoint outside its scope gets a 403 Scope violation — and the attempt is logged as a high-risk behavioral event.

Instant revocation propagation

No TTL cache on the verify endpoint by design. When a certificate is revoked — auto or manual — the next request from that agent fails at the gateway. No 15-minute JWKS cache window. No stale session. Sub-60-second SLA from risk breach to first blocked request.

Ship it

Ready to integrate?

Add non-human identity (NHI) to your agent stack in ~15 minutes. TypeScript SDK + REST API. Sandbox mode — no production risk.

If your evaluation starts with governance rather than code, review the AI governance tools page or use the readiness report to identify the highest-priority control gaps first.