Define goals, give it skills, and let your agent handle the rest. It runs continuously, generates images, delegates tasks, and gets things done — with the safeguards that let you sleep at night.
Everything you need to deploy, manage, and scale autonomous AI agents — with security built into every layer, not bolted on as an afterthought.
Every AI agent runs in an isolated sandbox — no network access, no credential leaks, no escape hatches. We support seatbelt, nsjail, bwrap, and Docker.
Every piece of external content is tagged at the source. We trace it through the entire pipeline so you always know what's user-generated and what isn't.
Multi-layer scanning catches injection attempts before they reach your LLM. Regex patterns, ML classifiers, and canary tokens — belt, suspenders, and a backup belt.
Extend ax with third-party providers via the Provider SDK. Integrity-verified, process-isolated, and lockfile-pinned. Because "npm install trust-me" isn't a security strategy.
Multi-provider image pipeline with OpenAI, OpenRouter, and Gemini. Generate, persist, and serve images — with automatic fallback between providers.
Real-time event bus with SSE streaming, OpenTelemetry tracing, and Langfuse integration. Watch your agent think — or plug into your existing observability stack.
API keys never enter the sandbox. OS keychain integration, credential-injecting proxy, and host-side isolation. Your secrets stay where they belong.
46 swappable providers across LLM, image, memory, scanner, channel, web, browser, credentials, skills, audit, sandbox, scheduler, and screener. All TypeScript interfaces.
Drop-in /v1/chat/completions with SSE streaming plus /v1/files/ for persistent artifacts. Point your existing tools at ax and get security for free.
Drop an ax.yaml into your project. Pick your models by task type, choose your providers, and you've got a working agent.
# ax.yaml — configure your agent
profile: standard
models:
default: # main agent loop
- anthropic/claude-sonnet-4-20250514
- groq/llama-3.3-70b-versatile
fast: # summarization, screening
- anthropic/claude-haiku-4-5-20251001
image: # image generation
- openai/gpt-image-1.5
providers:
memory: sqlite # persistent memory w/ full-text search
scanner: basic # prompt injection detection
web: tavily # web search via Tavily API
audit: sqlite # queryable log of every action
sandbox: nsjail # Linux sandbox (~5ms start)
scheduler: cron # cron jobs and reminders
skills: git # self-authored skills w/ screeningax agents don't just answer questions — they break down complex tasks, use tools, check their work, and iterate. Extended thinking models (Anthropic, OpenAI o-series, DeepSeek R1) stream their reasoning in real time so you can watch the gears turn.
Every LLM call, every tool invocation, every decision — logged and queryable. The streaming event bus emits typed events via SSE. Plug into OpenTelemetry or Langfuse for production-grade traces. When you need to debug, the full picture is right there.
Every piece of ax is a TypeScript interface. Swap Anthropic for OpenAI, SQLite for Postgres, add custom tools, or write your own providers with the Provider SDK. Install third-party plugins with ax plugin add — integrity-verified and process-isolated.
Organize models by task type — default, fast, thinking, coding, image — each with its own fallback chain. The router handles failover with exponential backoff and circuit breakers. Your agent picks the right model for each job automatically.
Install, configure, and start chatting with your agent.
# Install and run
npm install
export ANTHROPIC_API_KEY=your-key-here
npm start
# Or use the CLI
ax configure # interactive setup wizard
ax serve # start the server
ax chat # interactive chat session
ax plugin add @ax/web # install a provider pluginax is free and open source under the MIT license. No paid tiers, no gated features. Just a framework you can use, fork, extend with plugins, and build on.