# Kimitsu

> Declarative agentic pipeline orchestration. Run AI agent pipelines from YAML with built-in auditability, safety, and simple operations.

Full documentation: [llms-full.txt](https://kimitsu.ai/llms-full.txt)

## Docs

- [Overview](https://kimitsu.ai/ktsu/overview.md): Introduction to ktsu: what it does, why it exists (auditability, safety, simplicity), the four YAML file types, and the three-service architecture.
- [Quickstart](https://kimitsu.ai/ktsu/quickstart.md): Step-by-step walkthrough of the hello-world pipeline end-to-end: starting services, invoking a workflow, polling for completion, and inspecting the run envelope.
- [Installation](https://kimitsu.ai/ktsu/installation.md): How to install ktsu (macOS/Linux only; WSL2 for Windows) as a binary or via Docker Compose, with environment variable reference for all three services and verification steps.
- [Hello World (Minimal)](https://kimitsu.ai/ktsu/examples/hello-world-minimal.md): Minimal ktsu project from scratch: three files (gateway, workflow, agent), start services, invoke, and trace exactly what the orchestrator did at each step.
- [ktsu CLI Reference](https://kimitsu.ai/ktsu/reference/cli.md): Complete CLI reference: start, validate, invoke, runs, runs get, workflow tree, lock, new project, and hub subcommands with all flags and defaults.
- [Kimitsu YAML Spec](https://kimitsu.ai/ktsu/reference/yaml-spec/index.md): Index of all Kimitsu YAML file kinds with filename conventions: workflow, agent, server (tool-server), servers manifest, gateway, and env.
- [workflow.yaml](https://kimitsu.ai/ktsu/reference/yaml-spec/workflow.md): Complete workflow.yaml spec: kind, visibility, env declarations, params schema, invoke auth, all four step types with annotated examples, model_policy, and variable substitution namespaces.
- [agent.yaml](https://kimitsu.ai/ktsu/reference/yaml-spec/agent.md): Full agent.yaml spec: model group, params schema, system/user/reflect prompts, tool server references with allowlists and approval policies, output schema, and all ktsu_ reserved fields.
- [server.yaml (tool-server)](https://kimitsu.ai/ktsu/reference/yaml-spec/server.md): server.yaml spec (tool-server): URL, auth config, declarable params with secret marking, and the four-layer secret propagation chain for credentials.
- [servers.yaml](https://kimitsu.ai/ktsu/reference/yaml-spec/servers.md): servers.yaml spec: shared manifest for marketplace/platform MCP servers — name, URL, auth. No {{ env }} support; all values must be literals.
- [gateway.yaml](https://kimitsu.ai/ktsu/reference/yaml-spec/gateway.md): gateway.yaml spec: env var declarations, provider config (Anthropic/OpenAI), named model groups with routing strategy and pricing, and {{ env.VAR }} substitution.
- [env.yaml](https://kimitsu.ai/ktsu/reference/yaml-spec/env.md): env.yaml spec: environment-specific variables, optional provider overrides, and state store backend — used to keep dev/prod differences out of workflow definitions.
- [Architecture](https://kimitsu.ai/ktsu/architecture/README.md): Overview of the four-component architecture (orchestrator, runtime, gateway, tool servers), their responsibilities, and the single-responsibility-over-HTTP design principle.
- [Runtime Architecture](https://kimitsu.ai/ktsu/architecture/runtime.md): Deep-dive into runtime architecture: four container tiers, orchestrator responsibilities, the agent reasoning loop, and fail-fast/clean-skip/budget-breaker failure semantics.
- [Tool Servers](https://kimitsu.ai/ktsu/architecture/tool-servers.md): MCP tool server integration: server types, YAML configuration, parameter resolution order, secret propagation rules, tool allowlists, and human-in-the-loop approval flow.
- [Air-Lock](https://kimitsu.ai/ktsu/architecture/air-lock.md): How the Air-Lock validation gate works: validates agent output against the declared schema after every step, halts the run on failure, no unvalidated data reaches downstream steps.
- [Configuration Reference](https://kimitsu.ai/ktsu/architecture/configuration.md): Project directory layout and annotated YAML examples for workflow and agent configs, including variable substitution reference.
- [Concepts](https://kimitsu.ai/ktsu/concepts/README.md): Index and reading guide for the Concepts section with recommended reading order and a worked pipeline scenario tying together all core ideas.
- [Pipeline Primitives](https://kimitsu.ai/ktsu/concepts/pipeline-primitives.md): The four step types every pipeline is built from: agent (LLM), transform (JMESPath), webhook (HTTP), and workflow (sub-pipeline), with YAML examples.
- [Variables](https://kimitsu.ai/ktsu/concepts/variables.md): The {{ expr }} template syntax for env vars, params, and step outputs across all pipeline layers, including the secret propagation chain and common errors.
- [Reserved Output Fields](https://kimitsu.ai/ktsu/concepts/reserved-outputs.md): The ktsu_ prefixed output fields agents emit to signal control flow: injection detection, confidence thresholds, quality failures, human review gates, skip signals, and observability fields — with evaluation order.
- [Fanout (for_each)](https://kimitsu.ai/ktsu/concepts/fanout.md): How for_each fanout works: YAML syntax, concurrency and failure controls, the {results:[...]} output shape, and referencing fanout output in downstream steps.
- [Transform Ops](https://kimitsu.ai/ktsu/concepts/transforms.md): Complete reference for the six transform ops (merge, filter, sort, map, flatten, deduplicate) with JMESPath syntax and a chained pipeline example. No LLM calls.
- [Versioning](https://kimitsu.ai/ktsu/concepts/versioning.md): How versioning works: declaring versions on workflows, @version suffix for hub references, the lockfile concept, and current status — parsed but not enforced at runtime.
- [Core Invariants](https://kimitsu.ai/ktsu/concepts/invariants.md): The 34 inviolable system contracts: tool isolation, secret propagation, fail-fast semantics, the four-primitive constraint, and all other architectural invariants.
- [Production Deployment](https://kimitsu.ai/ktsu/deployment/README.md): Production deployment guide: service topology, state persistence (memory/SQLite/Postgres), per-service env vars, scaling, health checks, and observability.
- [Deploy with Docker](https://kimitsu.ai/ktsu/deployment/docker.md): Running ktsu with Docker Compose: quick-start for Anthropic and local LLM variants, the deploy/ directory structure, and .env file injection.
- [Cost Management](https://kimitsu.ai/ktsu/cost-management.md): How LLM costs accumulate (fanout, reflection, model choice), available cost controls (max_turns, max_items, model groups), and the cost_budget_usd field — parsed but not yet enforced as a circuit breaker.
- [Glossary](https://kimitsu.ai/ktsu/glossary.md): Precise definitions for ktsu-specific terms: agent, step, primitive, workflow, orchestrator, runtime, gateway, tool server, pipeline, and param.