MCP unreviewed MIT Self-run

Aegis — AI Agent Governance

Name: Aegis — AI Agent Governance
Availability: InStock
Author: Acacian

mcp-acacian-aegis · by Acacian

Policy-based governance for AI agent tool calls. YAML policy, approval gates, audit logging.

↗ Website ↗ Repository

— No reviews yet

0 installs

0 views

— view→install

Install

$ agentstack add mcp-acacian-aegis

Open-source listing — not yet scanned by AgentStack. Follow the source repository for install instructions.

Security review

⚠ Flagged

1 finding(s); flagged for manual review. · v0.1.6 How review works →

• Prompt-injection patterns
• Secret / credential exfiltration
• Dangerous shell & filesystem operations
• Untrusted network calls
• Known-malicious package signatures

high Dangerous shell/eval execution.

Are you the author of Aegis — AI Agent Governance? Claim this listing to set pricing, connect Stripe payouts, and keep 70% of every sale.

About

Agent-Aegis

The governance layer for AI agents. One API, 12 frameworks, every governance primitive.

Aegis is to agent governance what Redis is to data structures — one runtime that unifies prompt-injection blocking, PII masking, policy enforcement, trust delegation, and tamper-evident audit across every agent framework. No code changes. pip install agent-aegis → aegis.auto_instrument() → 12 frameworks are now governed.

What is Aegis • Primitives • Frameworks • Use Cases • 30-Second Start • Research • Docs • Playground

English • 한국어

What is Aegis

Every AI agent framework reinvents the same governance primitives — and each one does it slightly differently. Aegis is the abstraction layer that unifies them.

| Layer | What it does | Examples | |-------|-------------|----------| | 1. Primitives | A universal contract for every tool call | Action, ActionClaim, Policy, Result, DelegationChain, AuditEvent | | 2. Adapters | Auto-instrument any framework through its own hooks | LangChain callbacks, CrewAI BeforeToolCallHook, OpenAI Agents tracing, Google ADK BasePlugin, MCP transport, DSPy modules, httpx middleware, Playwright context | | 3. Governance | Declarative primitives you compose into policy | Prompt injection / PII / leak / toxicity guardrails, RBAC, rate limit, cost budget, drift detection, anomaly scoring, trust delegation, justification gap, selection audit, Merkle audit chain | | 4. Lifecycle | One runtime, every stage of agent ops | Scan → Instrument → Policy CI/CD → Runtime → Proxy → Audit |

import aegis
aegis.auto_instrument()    # 12 frameworks governed. No other code changes.

Redis is to in-memory data structures what Aegis is to agent governance: one library, every primitive, every framework, one API. You don't write a LangChain guardrail and a CrewAI guardrail and an OpenAI guardrail — you write one Policy and every framework inherits it.

Primitives

The contract every adapter maps into. Framework-agnostic by design.

| Primitive | Purpose | Module | |-----------|---------|--------| | Action | Unified representation of any tool / LLM / HTTP / MCP call across all frameworks | aegis.core.action | | ActionClaim | Tripartite structure — Declared (agent-authored) / Assessed (Aegis-computed) / Chain (delegation) | aegis.core.action_claim | | Policy | Declarative YAML rules: match → risk → approval (auto / approve / block) | aegis.core.policy | | ClaimPolicy | Policy layer that evaluates 6-dimensional impact vectors, not just tool names | aegis.core.claim_policy | | Guardrails | Deterministic regex checks for injection, PII, prompt leak, toxicity — 2.65ms cold / 0.15) or block (>0.40). | Name "ActionClaim" from COA-MAS (Carvalho); 6D metric + runtime form original | | Selection Governance | Audits what agents exclude, not just what they choose. A model that "helpfully" omits risky options is exerting selection power — Aegis detects this. | Santander et al., arXiv:2602.14606 | | Monotone Trust Constraint | Delegated agents cannot escalate their own authority. Trust levels must be non-increasing along the chain — violations auto-block. | Lattice-based access control | | Full Lifecycle | Scan (detect) → Instrument (protect) → Policy CI/CD (test) → Runtime (govern) → Proxy (gateway) → Audit (trace). One library, one pip install. | — |

CLI

aegis scan ./src/                       # Detect ungoverned AI calls
aegis score ./src/ --policy policy.yaml # Governance score (0-100)
aegis init                              # Generate starter policy
aegis validate policy.yaml              # Validate syntax
aegis plan current.yaml proposed.yaml   # Preview policy changes
aegis test policy.yaml tests.yaml       # Policy regression testing
aegis audit                             # View audit log
aegis serve policy.yaml                 # REST API + dashboard
aegis probe policy.yaml                 # Adversarial policy testing
aegis autopolicy "block deletes"        # Natural language → YAML

Research

Original measurements on public agent trace datasets. Stdlib-only, reproducible in 30 seconds.

The Justification Gap in 14,285 Tau-Bench Tool Calls — Formal definition of the Tripartite ActionClaim with a silent-baseline empirical study. 90.3% approve / 9.7% escalate / 0% block across four model:domain groups. Airline domain exposes ~2× the mean gap of retail. Includes soundness sketches for the three structural invariants and an honest note on the max-only override limitation discovered during the study.
Tool Distribution Drift in 1,960 Tau-Bench Trajectories — Shannon entropy on tool name sequences across GPT-4o and Sonnet 3.5 New. 39.8% of scored trajectories collapse onto one or two tools by the end. Bimodal distribution, 1.7× cross-model gap. All scripts and raw data included.

Run the same signal on your own trace:

aegis check drift --trace path/to/trace.jsonl

The CLI reads only the tool_name field — never args, CoT, or prompts — so enterprise users can score prod traces without exfiltrating PII.

Documentation

Full documentation at acacian.github.io/aegis:

Integration guides — LangChain, CrewAI, OpenAI, MCP, and more
Policy reference — conditions, templates, best practices
Security features — guardrails, anomaly detection, compliance
[Architecture](ARCHITECTURE.md) — how the codebase is structured
Interactive playground — try in browser, no install

Contributing

git clone https://github.com/Acacian/aegis.git && cd aegis
make dev      # Install deps + hooks
make test     # Run tests
make lint     # Lint + format check

[Contributing Guide](CONTRIBUTING.md) • Good First Issues • [](https://codespaces.new/Acacian/aegis)

License

MIT -- see [LICENSE](LICENSE) for details.

The governance layer for AI agents. One API, 12 frameworks, every governance primitive. If Aegis helps you, consider giving it a star -- it helps others find it too.

Source & license

This open-source MCP server is cataloged on AgentStack and links to its original source — we do not rehost the code.

Author: Acacian
Source: Acacian/aegis
License: MIT
Homepage: https://acacian.github.io/aegis/

Install and usage instructions live in the source repository linked above.

Reviews

No reviews yet — be the first.

Write a review

Versions

v0.1.6 Imported from the upstream source.