Getting Started
Kakunin issues cryptographic identities to AI agents, monitors their behaviour, and generates MiCA/EU AI Act compliance reports — all via a single API.
What is Kakunin?
Kakunin is compliance infrastructure purpose-built for AI agents. It provides:
- X.509 certificates — cryptographic identity issued via AWS KMS. Private keys never leave the HSM.
- Behaviour monitoring — stream events from your agent, receive real-time risk scores.
- Compliance reports — auto-generated PDF reports aligned with MiCA Article 70 and EU AI Act.
- Agent inboxes — secure email inboxes provisioned automatically after certification.
Core Concepts
How X.509 certs and behavioral monitoring make AI agents auditable.
Agents
Register and manage AI agents as first-class compliance resources.
Certificates
Issue and revoke X.509 identities backed by AWS KMS.
Verify
Real-time cert status checks — Kakunin's OCSP equivalent.
Start with an SDK
The fastest way in — the Apache-2.0 SDKs talk to the hosted service, with free sandbox keys. No platform to self-host.
npm install @kakunin/sdk # TypeScript — https://github.com/kakunin-ai/kakunin-sdk-typescript
pip install kakunin # Python — https://github.com/kakunin-ai/kakunin-sdk-pythonimport { Kakunin } from '@kakunin/sdk';
const kkn = new Kakunin({ apiKey: process.env.KAKUNIN_API_KEY });
const agent = await kkn.agents.create({ name: 'trading-bot-prod', model: 'gpt-4o', version: '1.0.0' });
await kkn.agents.certify(agent.id); // X.509 identity via AWS KMSTypeScript SDK
npm install @kakunin/sdk — client + enforcement middleware.
Python SDK
pip install kakunin — async client + LangChain / CrewAI / AutoGen guards.
Prefer to run your own control plane? The whole platform is open source (AGPL-3.0) — see self-hosting. For most use cases, the SDKs above are the on-ramp.
Quickstart (raw API)
Create an agent
curl -X POST https://api.kakunin.ai/v1/agents \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "name": "trading-bot-prod", "model": "gpt-4o", "version": "1.0.0" }'Issue a certificate
curl -X POST https://api.kakunin.ai/v1/agents/{id}/certify \
-H "Authorization: Bearer YOUR_API_KEY"The response includes:
serial_number— unique certificate identifiercertificate_pem— X.509 PEM for mutual TLSexpires_at— 365-day validity (MiCA Art. 70)
Stream behaviour events
curl -X POST https://api.kakunin.ai/v1/events \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "YOUR_AGENT_ID",
"action_type": "tool_call",
"payload": { "tool": "web_search", "query": "EUR/USD" }
}'Generate a compliance report
curl -X POST https://api.kakunin.ai/v1/reports/compliance \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "agent_id": "YOUR_AGENT_ID", "window_days": 30 }'Reports are generated asynchronously. Poll GET /v1/reports/{id} until status is ready, then fetch the PDF at GET /v1/reports/{id}/pdf.
Environments
| Environment | Base URL |
|---|---|
| Production | https://api.kakunin.ai/v1 |
All endpoints require an API key passed as Authorization: Bearer <key>. API keys are issued from the Kakunin dashboard.