aegis-trust 0.6.5.2

AI agent data access control — control what agents can see

aegis-trust

The trust layer for AI agents. One decorator controls what agents can see.

pip install aegis-trust

30-Second Quickstart

from aegis import shield

@shield(purpose="customer_support", scope=["name", "issue"])
def get_customer(id):
    return {
        "name": "Tanaka Taro",
        "email": "tanaka@example.com",       # hidden
        "card": "4242-****-****-1234",        # hidden
        "issue": "Login problem",
    }

get_customer(1)
# → {"name": "Tanaka Taro", "issue": "Login problem"}

The agent never sees email or card. No config files. No middleware. One line.

Two Filtering Modes

Whitelist — keep only these fields:

@shield(purpose="support", scope=["name", "issue"])

Blacklist — hide these fields, keep everything else:

@shield(purpose="billing", deny_fields=["card", "ssn"])

scope and deny_fields are mutually exclusive. Specifying both raises ValueError.

FastMCP Integration

@shield works with any decorator. Stack it with FastMCP's @mcp.tool():

from fastmcp import FastMCP
from aegis import shield

mcp = FastMCP("customer-service")

@mcp.tool()
@shield(purpose="customer_support", scope=["name", "issue"])
def get_customer(customer_id: str) -> dict:
    """Look up a customer by ID."""
    return db.get(customer_id)

Every MCP tool call now respects purpose-based access control.

How It Works

Your function                    @shield                     AI agent
─────────────                    ───────                     ────────
return {                    ┌─ scope=["name","issue"] ─┐
  "name": "Tanaka",        │                           │    {"name": "Tanaka",
  "email": "t@ex.com", ──→ │  filter by purpose        │ ──→ "issue": "Login"}
  "card": "4242-****",     │                           │
  "issue": "Login",        └───────────────────────────┘
}                               email, card blocked

Aegis Platform

aegis-trust is the open-source entrypoint to the Aegis platform — a trust layer for AI agents.

For production deployments with full audit, policy orchestration, and enterprise controls, contact sales@incierge.com.

API Reference

@shield(purpose, scope=None, *, deny_fields=None, mode=Mode.AUTO)

Decorator that controls data access based on purpose.

• purpose (str): Why the agent needs this data.
• scope (list[str]): Whitelist — fields the agent can see.
• deny_fields (list[str]): Blacklist — fields to hide.
• mode (Mode): Operating mode (AUTO, LITE, FULL).

sync_policies(policies)

Sync purpose policies to aegis-core (Full mode only).

Types

• Mode — LITE, FULL, AUTO
• AccessPolicy — purpose + scope + deny_fields
• ShieldResult — result wrapper with metadata

Security & Cryptographic Posture

aegis-trust uses OpenTimestamps (OTS) over the Bitcoin blockchain to anchor CI attestation timestamps (AO-004 audit completeness). OTS provides tamper-evident chronology for audit records.

OTS is not a post-quantum cryptography (PQC) substitute. OTS anchors SHA-256 hashes to Bitcoin's proof-of-work chain, which relies on classical cryptographic assumptions. When NIST PQC standards (FIPS 203/204/205) mature, aegis-trust will migrate accordingly. As of v0.6.4, attestation hashes use SHA-3-512 (NIST FIPS 202) as a pre-PQC bridging measure.

For vulnerability reports and security inquiries, contact security@incierge.com.

License

MIT