Aegis
Open-source control plane for AI agent security and compliance
February 2026 —
Least-Privilege
Policy Engine
capability-based access control
Cryptographic
Audit
hash-linked action log
Deterministic
Replay
full session replay for debugging
Problem
AI agents operate with unchecked access to tools, APIs, and data. Without a control plane, there's no way to enforce what an agent can or cannot do, no tamper-proof record of what it did, and no way to reproduce a run for debugging or compliance review.
Approach
- 1Capability manifests declare per-skill permissions (tools, network, budgets)
- 2Policy engine evaluates every tool call against live session state
- 3Cryptographically-linked audit log records every agent action
- 4Deterministic replay rebuilds any session from the audit chain
- 5Docker-based deployment with systemd support for production
System Pipeline
Capability Manifest
→Policy Engine
→Audit Log
→Replay Engine
Evaluation
Aegis enforces least-privilege policies at runtime — any undeclared tool call is denied. The cryptographic audit chain provides tamper-proof compliance records, and deterministic replay enables exact reproduction of any agent session for debugging.
Learnings
- Capability-based security maps naturally to agentic tool-use patterns
- Cryptographic chaining catches subtle state corruption that simple logging misses
- Deterministic replay requires careful handling of non-deterministic LLM outputs
GoPythonSQLiteDockergRPC