Aegis is built on two planes — a data plane that enforces at the workload, and a control plane that governs the fleet — solving identity, attestation, and authorization with no compromises on performance or auditability.
One control plane. Every workload enforced.
The Policy Server is the single signing authority for the fleet. The Aegis SDK runs in-process at every workload — no sidecar, no network hop for policy evaluation — gating REST, Shell, and MCP calls at the trust boundary before anything leaves.
Three surfaces. One policy interface.
REST, Shell, and MCP all speak different dialects. Aegis intercepts all three with a single policy engine.
REST / HTTP
requests · httpx · aiohttp
What it sees
A CallContext — method, host, path, tool, and arguments — built for every outbound HTTP call.
Policy decides
Re-authorized on the same OPA schema. A call to an unapproved host is denied before it is sent.
Shell
tool-type aware
What it sees
Execution type classified as HTTP, shell, or MCP; shell commands registered straight from policy.
Policy decides
Pre-execution callbacks can inspect or veto before any command runs.
MCP
client-session wrap
What it sees
Tool name, schema, and arguments on every outgoing MCP call — across stdio, SSE, and HTTP transports.
Policy decides
Each call authorized before it leaves the agent — closing the gap to un-vetted MCP servers.
Aegis controls secrets, not the app.
Tokens are injected at call time, configuration is encrypted at rest, and your enterprise vault stays the source of truth.
Credential broker · platform-controlled, per call
1
App makes an outbound call — any Authorization header it set is stripped.
2
The interceptor fetches the credential scoped to (host, path, method, tool).
3
The platform token is injected, decrypted in memory via a per-agent HKDF key.
The agent never holds a long-lived API token.
Fronts your enterprise vaults
HashiCorp Vault
OpenBao
AWS Secrets Manager
Azure Key Vault
Google Cloud
CyberArk Conjur
Thales
Infisical
Framework adapters
Aegis ships adapters for all major AI agent frameworks. One SDK call instruments your entire agent for policy enforcement and audit.
LangChain
CrewAI
AutoGen
Claude Tool Use
LlamaIndex
OpenAI Assistants
Semantic Kernel
Heritage Gated Tool
Coming Soon
An outbound-only WebSocket gateway for legacy infrastructure that can't accept a sidecar or SDK — SSH, MySQL, MSSQL, PostgreSQL, REST. No firewall changes. No target install.
Deployment options
Embedded
The Aegis SDK ships with a WASM policy bundle baked into the agent container. No external calls at runtime. Ideal for single-tenant or air-gapped deployments.
Single binary
Offline-capable
Zero external dependencies
Enterprise Control Plane
The Aegis SDK connects to a centralized Policy Server with real-time push to agent fleets. Governance console, policy versioning, fleet-wide audit aggregation.
Centralized policy management
Real-time policy updates
Aggregated audit dashboard
Four weeks. One agent fleet. Real policy, enforcing.
A bounded pilot with one sponsor and no infrastructure lift — walk away with identity, attestation, and a real authorization layer in production.
WK 0
Setup
Control Panel in your environment. Trust root provisioned. SPIRE Agent rolled to one fleet. No app changes yet.
WK 1
Identity
One initialize() in the pilot agent. Two-layer attestation working end-to-end. Shadow mode — observe only.
WK 2
Policy
Interception live across REST, Shell, MCP. Allow/deny enforced. Audit log streaming. Slack alerts on blocks.
WK 3
Callback
Pre-execution callbacks wired in. App-specific rules enforced. Joint readout + rollout plan for the next two teams.
Pilot commitment · 4 weeks · 1 sponsor · 1 fleet · no infrastructure lift