AgentMachine: A Controllable AI Agent Runtime Built with Elixir, Redefining Secure and Transparent Intelligent Workflows

AgentMachine is an Elixir-based terminal-first agent runtime focused on providing narrowly scoped AI capabilities for local projects. It addresses common issues in current AI coding tools like ambiguous permissions and lack of traceability through explicit permissions, structured execution strategies, and complete audit logs. Its core philosophy is based on four "no" principles, and it adheres to the idea that "useful paths should be explicit", setting a safety benchmark for AI agent execution environments.

Current AI coding assistants generally have hidden risks such as overly high default permissions and difficulty for users to control precisely. Founder Pawel Dubiel identified this pain point and built an agent runtime that fundamentally solves the problem of ambiguous permissions. The core philosophy is based on four "no" principles: no hidden permissions (deny by default, explicit configuration required), no ambiguous execution strategies (strategies are clearly documented), no blurred provider boundaries (remote models have no control over orchestration, etc.), and no expanding local project scope (tools only operate within explicitly specified root paths). The design philosophy aligns with the Unix philosophy of "do one thing and do it well" and the security principle of "least privilege".

The system consists of three parts: 1. Elixir runtime core: Handles agent logic, tool scheduling, etc., supporting four execution strategies: direct (pure dialogue), tool (read-only tools), planned (complete workflow), and swarm (collective intelligence); 2. Go terminal UI: Based on the Bubble Tea framework, responsible for persistent configuration, progress display, and communication, with core logic retained on the Elixir side; 3. Structured logging system: Outputs JSONL events, execution summaries, etc., facilitating auditing and debugging.

1. Explicit runtime specifications: To start a run, non-empty task descriptions, provider IDs, timeout durations, maximum steps, and other parameters are required. Remote providers need to additionally specify model IDs, etc., eliminating implicit default values; 2. Layered permission approval: Covers four risk levels: read-only, ask-before-write, auto-approved-safe, and full-access. Tool capabilities require explicit authorization; 3. MCP and browser automation: Integrates external tools (such as Playwright) via MCP, executes web operations in a controlled environment, and retains complete logs.

1. Enterprise-level code review: Complete logs and explicit permission control meet compliance requirements, with every modification traceable; 2. Multi-agent collaborative development: The swarm strategy allows multiple AI variants to try solutions in parallel, and an evaluator selects the optimal result, suitable for exploratory programming; 3. Sensitive project maintenance: Root path restrictions and permission levels prevent AI from accidentally accessing sensitive files, reducing risks.

Ecosystem extension points: Skills (loadable instruction packages, etc.), Provider Catalog (supports multiple models like OpenAI), Web Client (Phoenix/LiveView browser interface), CLI tools (scripted runs). Getting started (macOS): Install Elixir, ripgrep, and Go; clone the repository and install dependencies; start the terminal UI or run via the installed launcher.

The project is in an active development phase, with core functions available. The GitHub repository follows good engineering practices (Makefile, test suite, detailed documentation). In the long run, AgentMachine represents a technical trend: AI agents play an important role in development, and the demand for their predictability, controllability, and auditability is increasingly urgent. Its design concepts such as "explicit is better than implicit" may become the standard paradigm for the next generation of AI development tools.

The biggest insight from AgentMachine is that the security and controllability of AI agents should be considered from the very beginning of architectural design. Through Elixir's concurrency advantages, explicit permission model, and complete audit mechanism, it provides an excellent reference for building a trusted AI-assisted development environment. Development teams pursuing security and transparency are worth evaluating and trying it—it is not only a tool but also a technical manifesto for the responsible use of AI agents.