AWS Bedrock Agents governance middleware for Aegis ACP (maintenance-only — Anthropic SDK is the active hero)
Project description
aegis-bedrock
⚠️ Sprint 25 freeze (2026-06-26):
aegis-bedrockis now maintenance-only. The Aegis team has narrowed focus to a single hero SDK,aegis-anthropic, while we drive design-partner revenue.aegis-bedrockcontinues to receive security patches but no new features until further notice. The drop-in Bedrock contract below remains fully supported against the canonical/executeAPI; you can keep using it in production.
AWS Bedrock Agents governance middleware for Aegis ACP. Intercepts
invoke_agent action-group calls and consults Aegis /execute before any
tool runs — same SDK contract as aegis-anthropic and aegis-openai.
Install
pip install "aegis-bedrock[bedrock]"
Use
Drop-in replacement for boto3.client("bedrock-agent-runtime"):
from aegis_bedrock import AegisBedrockAgentRuntime
client = AegisBedrockAgentRuntime(
aegis_key="acp_…",
aegis_url="https://aegisagent.in",
tenant_id="00000000-0000-0000-0000-000000000001",
agent_id="<your-aegis-agent-id>",
region_name="us-east-1", # standard boto3 kwarg
)
response = client.invoke_agent(
agentId="…",
agentAliasId="…",
sessionId="…",
inputText="Find the customer that owes the most.",
)
Every Bedrock action-group invocation is checked by Aegis before the underlying lambda fires. Blocked actions are replaced with a text-only response explaining the denial; the buyer's Bedrock agent sees a clean governance message instead of a side-effecting tool call.
What Aegis governs
| Bedrock primitive | Aegis maps to | Notes |
|---|---|---|
| Action group invocation | tool.<action_name> |
arguments = the JSON parameter block |
| Knowledge-base query | tool.kb_search |
arguments = {query, retrievalConfiguration} |
| Code-interpreter call | tool.python_exec |
arguments.code is the Python body |
The same per-tool ALLOW grants you've already configured for your Aegis agent are honoured by Bedrock calls — no separate Bedrock permission model.
Standard wrapper guarantees
- Verdicts are pre-checked. A blocked tool never invokes the lambda / knowledge base / interpreter.
- HTML 403 (WAFv2) surfaces as
findings=["waf_blocked"], same as the other SDKs. - JSON parse / network errors fail closed (
action="deny").
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aegis_bedrock-1.1.5.tar.gz.
File metadata
- Download URL: aegis_bedrock-1.1.5.tar.gz
- Upload date:
- Size: 11.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e5d98605d1c320f9f7af8597f8d33da83fa0cfa1312c5ab61fc32aa0797e80a5
|
|
| MD5 |
a6744298f433aaa39b1a8c389e4958a8
|
|
| BLAKE2b-256 |
33847321d6c780cc6c06693659c30caef7a7bd7fc0ada522315d17b86a7da3b5
|
File details
Details for the file aegis_bedrock-1.1.5-py3-none-any.whl.
File metadata
- Download URL: aegis_bedrock-1.1.5-py3-none-any.whl
- Upload date:
- Size: 12.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0eaff1af95d47ddd1e6067defa35d060c89fef11380921daece664820648dea3
|
|
| MD5 |
8c9208756beb8ae64247f990a382c536
|
|
| BLAKE2b-256 |
7037e428f70d4f37da16a95ca121c1256da9e4f986098d4bbbbf6fe8e6bc8ce4
|
