AI Environment Guardian & Integrity Shield — Supply chain security for developers and AI agents
Project description
AEGIS — AI Environment Guardian & Integrity Shield
Supply-chain security for developers and AI coding agents.
AEGIS intercepts package installations and destructive commands in real-time — detecting typosquatting, malicious scripts, vulnerable dependencies, and dangerous shell operations before they reach your system.
Why AEGIS?
AI coding agents (Claude Code, Copilot, Cursor) can install packages and run arbitrary commands — but nobody verifies what they do. AEGIS fills that gap:
- Destructive command detection — catches
rm -rf /,DROP DATABASE, fork bombs,curl | sh, and more - Typosquatting detection — Levenshtein distance + normalization against top packages
- Slopsquatting detection — flags non-existent packages hallucinated by AI agents
- Vulnerability check — OSV.dev API integration for known CVEs
- AI-aware — higher scrutiny when the command comes from an AI agent
- Three ecosystems — Python (pip), Node.js (npm/yarn/pnpm), Rust (cargo)
Claude Code Hook (primary use case)
AEGIS integrates as a PreToolUse hook that intercepts every Bash command Claude Code tries to run:
# Install AEGIS
pip install aegis-security
aegis init
# Install the Claude Code hook
aegis hook install claude
# → writes PreToolUse hook to ~/.claude/settings.json
# That's it — Claude Code is now protected
When Claude Code attempts a dangerous operation, AEGIS:
- Allows safe commands silently (exit 0, no output)
- Warns on suspicious packages → prompts you to approve or deny
- Blocks critical destructive commands → denies execution with explanation
Quick Start (shell hook)
For protecting your own terminal (without Claude Code):
pip install aegis-security
aegis init
# Activate shell hooks (add to .bashrc/.zshrc)
aegis hook install shell
source ~/.aegis/shell_hook.sh
# Now pip/npm commands are protected
pip install reqeusts # → BLOCKED: typosquat of "requests"
pip install requests # → ALLOWED: known safe package
Commands
aegis init Initialize ~/.aegis/ with config and DB
aegis check pip install <pkg> Check a command before execution (used by hooks)
aegis check-hook Check a Claude Code hook payload from stdin
aegis scan [target] Scan a directory or package for suspicious patterns
aegis hook install [claude|shell|browser] Install an AEGIS hook
aegis hook status Show which hooks are installed
aegis config View current configuration
aegis log View decision history
aegis agent-log View AI agent activity dashboard
aegis status Show AEGIS status
Browser Extension
AEGIS includes a Chromium extension (aegis-browser/) that detects copy-paste of suspicious install commands from web pages. Install the native messaging host with:
aegis hook install browser
Architecture
┌───────────────────────────────────────────┐
│ AEGIS CLI (Python) │
│ Claude Code hook · Shell hook · Browser │
├───────────────────────────────────────────┤
│ Orchestrator (Python) │
│ Destructive Cmd │ Package Analyzer │
│ Agent Detector │ Slopsquat Checker │
├───────────────────────────────────────────┤
│ Rust Core (via PyO3) │
│ Command Parser │ Typosquat Detector │
│ Pattern Engine │ Hash Checker │
├───────────────────────────────────────────┤
│ Threat Intelligence │
│ SQLite DB │ OSV.dev │ PyPI/npm APIs │
└───────────────────────────────────────────┘
Rust core is optional — AEGIS falls back to pure Python if the native extension isn't available.
Configuration
# ~/.aegis/config.yml
mode: interactive # interactive | strict | permissive
ecosystems:
python: true
node: true
rust: true
typosquat:
threshold: 2
enabled: true
osv_check: true
allowlist:
- numpy
- pandas
- flask
blocklist:
- colourama # known typosquat
Development
# Prerequisites: Python 3.11+ (tested on 3.11, 3.12, 3.13) + Rust toolchain (optional)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Setup
git clone https://github.com/iafiscal1212/aegis.git
cd aegis
python3 -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
# Build Rust extension (optional — pure Python fallback works)
pip install maturin
maturin develop
# Test
pytest
cargo test # if Rust toolchain installed
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aegis_security-0.2.0-cp312-cp312-manylinux_2_34_x86_64.whl.
File metadata
- Download URL: aegis_security-0.2.0-cp312-cp312-manylinux_2_34_x86_64.whl
- Upload date:
- Size: 1.2 MB
- Tags: CPython 3.12, manylinux: glibc 2.34+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
75dab120c916b0da9bc1686502dca02eb4104e1971bb4145129743659bbdbbb8
|
|
| MD5 |
056d7a1420e68f05c8c24c1e333f963e
|
|
| BLAKE2b-256 |
abde6142fd21d116c69d64d108c529939466d2676cd75601ffe04269c2e51c29
|
