Open-source · MIT · v0.1.0
Every tool call — classified, gated, audited. Zero code change.
Same code either way. Watch the 90-second tour → · Compare the two paths
Describe the rule
Block USDC > $10,000 to
non-allowlisted wallets. Require 2 of finance-ops.
rule: "stablecoin-egress-2of2" when: - tool.name == "circle_usdc_transfer" - amount > 10_000_00 - wallet NOT IN treasury.allowlist require: approvers: 2 scope: "finance-ops" action: ESCALATE
Live · acme-pay · refund-agent
stripe.refund · $47.00 285 ms ALLOW coinbase_prime.deposit · 3,200 USDC 412 ms ALLOW circle_usdc.transfer · 24,500 USDC → 0x7f31…aE92 12 ms ESCALATE ↑ stablecoin-egress-2of2 · wallet not on treasury allowlist · needs 2 approvers
Merkle log · acme-pay · 14,829 events / 24h
witness.aegistraces.com Compatible with the stacks teams already ship
What you see
One dashboard surfaces every agent decision, every block, every anomaly — across every workflow you ship.
What it does
Pre-deploy scan
Tree-sitter AST across Python / JS / TS. Every tool, every credential, mapped — and a starter policy proposed.
Plain English → Policy
One sentence in, grammar-constrained DSL out. Auditable, reversible, version-controlled.
Describe the rule
Block emails to personal addresses during checkout flow. Allow [email protected] but flag anything to gmail, outlook, or icloud.
↓ ✨ Generate
rule: "block-personal-email-in-checkout" when: - tool.name == "send_email" - context.workflow == "checkout" recipient: deny: ["@gmail.com", "@outlook.com"] allow: ["@acme.io"] action: BLOCK
Runtime block
Allow, escalate, block — every tool call decided before it leaves your network. Sub-50 ms inline.
Forensic audit
Every block in a Merkle-chained log. Filter by risk, group by policy, export to your auditor.
Agent registry
Status, owner, scope, key rotation — one place to suspend a misbehaving agent or grant a new scope.
Coverage
Per-agent coverage report — which tools are policy-gated, which categories only audit. No mystery gaps.
Beyond the call
Tainted recall, undeclared agent-to-agent leaks, PII that appears without ever being in the prompt. A distinct layer.
5-minute integration
import openai
client = openai.OpenAI(
api_key="sk-xxxx"
)OPENAI_BASE_URL=https://gateway.aegistraces.com/openai/v1
AEGIS_API_KEY=aeg_xxx
# code unchangedvs. the category
| Capability | AEGIS | Others |
|---|---|---|
| Cryptographic audit (Merkle + witness) | RFC 6962, built-in | none |
| Sequence-aware anomaly | n-gram LM, per-agent | single-call only |
| Multi-agent collusion | burst / relay / cycle | single-agent only |
| Workflow → per-node policy | 5 frameworks | none |
| Counterfactual explainer | verified by re-validation | partial |
| AST scan rules | tree-sitter + YAML | regex only |
| GenAI OTel semconv | full | proprietary |
| SCIM + SAML + OIDC | all three | one or the other |
| Policy effectiveness scoring | P/R/F1 + retire signal | none |
| License | MIT | closed |
From the field
Assistant Professor, USC · AI Risk Audit & Control
@AEGIS is the runtime control layer the agent ecosystem has been missing. The architecture is clean, the cryptographic audit is real, and the DSL is the right primitive.
Head of AI · healthcare SaaS
HIPAA review used to take six months. With @AEGIS we got the evidence pack in two weeks and the auditor signed off without a follow-up call.
CTO · payments infra
Our refund agent shipped to production the day after we wired @AEGIS in. Two reviewers, three policies, ten minutes. The audit log alone saved us a six-week SOC 2 cycle.
CISO · neobank
We tried to write our own policy DSL twice and shipped neither. @AEGIS gave us grammar-constrained NL-to-DSL the same week we integrated. Three policies in production by Friday.
Staff Engineer · healthcare AI
The Memory & Cross-Agent layer in @AEGIS caught two undeclared crossings on day one — neither was in our threat model. We standardized on it for all agent rollouts.
Founder · agent observability · YC W26
The Merkle audit log is a real moat. Every other guard product I evaluated stores decisions in plain Postgres. @AEGIS is the only one I'd hand to an auditor.
Head of DevRel · Web3 ops
Stablecoin transfers used to require a human on every $10k+ wire. With @AEGIS the policy enforces 2-of-N approval automatically. Our ops team got their evenings back.