Agent eXecution Model — a deterministic shell for non-deterministic agents.
Some problems resist determinism by nature — judging an open situation, writing prose, reasoning over the never-seen. Law met that long ago and didn't try to make the judge deterministic: it accepted a fallible core and built a deterministic shell around it — procedure, rules of evidence, the duty to give reasons. You don't make the judge infallible; you make the trial reliable.
AXM applies the same move to AI agents. LLM generation is irreducibly probabilistic, so AXM doesn't fight it — it frames it. Analysis, quality gates, and orchestration can be deterministic, and that's the shell: tight enough that the model's non-determinism stays confined, framed, justified, and revisable.
Where this idea comes from — and where it breaks — is in the first post.
🔧 axm-forge — the developer toolchain. Nine packages on PyPI: a unified CLI, an MCP server, tree-sitter code intelligence, quality auditing, scaffolding, git automation, atomic editing, CST refactoring, and token compaction. Every tool returns a structured result with a compact text view — built for agents that consume data, not parse prose.
claude mcp add --scope user axm-mcp -- uvx --python 3.12 --from "axm-mcp[all]@latest" axm-mcp--scope user installs it globally (available in every session). Drop it to enable AXM per-project instead — the server then loads only in the directory where you run the command.
This wires verify, audit, the ast_* family, git_commit, batch_edit and the
rest into your MCP client. Each package also ships standalone (uv add axm-audit).
The toolchain is the shell's foundation. The runtime is what comes next: turning agent work into something you can structure, gate, and replay.
- Deterministic orchestration (loom-DAG). Agent workflows as graphs — phases, quality gates, and bounded repair loops — where the orchestration is structural and observable, and the LLM is the oracle inside it, never the thing in charge.
- Ticket-driven execution. A feature lifecycle from idea → spec → ticket → done, each transition carried by a workflow rather than by discipline. The agent picks up a ticket and runs it through the gates; nothing mediocre passes.
The shell is what makes the autonomy safe. That's the whole bet.
Every AXM package is measured on two axes:
- Governance (
axm-init check) —src/layout, PEP 621,py.typed, CI, MkDocs docs, prek, conventional commits. - Code quality (
axm-audit) — Ruff, MyPy strict, coverage, cyclomatic + cognitive complexity, security, dead code — composite score on 100 pts.
