A sophisticated Security Liaison and Governance Layer for AI Agents
Project description
🛡️ AegisFlow
The Universal Security Layer for AI Agents.
AegisFlow is a sophisticated Security Liaison designed to govern AI agent actions through transparent mediation rather than silent blocking. It acts as a "conscious" layer, ensuring high-risk operations are verified by a human-in-the-loop (HITL).
Core Philosophy
- Suspicion Scoring: Every action is assigned a Threat Level (Low, Medium, High).
- Transparent Mediation: Risks are reported clearly; high risks require explicit approval.
- Sentinel State Engine: Tracks reputation and persists logs.
- Audit Trail: All decisions and outcomes are logged to
~/.aegis/logs/aegis_audit.json. - Sandwich Wrapper: Wrap any terminal command in a monitored shell (Ollama, Python, Bash).
Installation
pip install aegisflow
This installs the aegis CLI tool globally.
Usage
1. The AegisSandwich (Interactive Wrapper)
Run aegis run to wrap any agent process, including interactive tools like Ollama. AegisFlow will monitor its output for dangerous patterns and suspend it if necessary.
# Supports both quoted and unquoted syntax (v2.5.1+)
aegis run "ollama run llama3"
# or
aegis run ollama run llama3
Or for Python scripts:
aegis run "python my_agent.py"
2. Static Scan
Scan a file for behavioral redlines:
aegis scan path/to/script.py
3. Universal LLM Integration (Code)
Wrap any LLM call with SafeGenerator to get instant security:
from aegisflow.llm import SafeGenerator
# Automatically scrubs keys, checks for injections, and verifies dangerous outputs.
llm = SafeGenerator()
response = llm.generate("Write a script to delete all files.", model="gpt-4")
print(response)
Sentinel State Engine
The Sentinel tracks "Risk Streaks". If an agent triggers 3 Medium risks in a row, the next action is automatically escalated to High.
For High Risk (or escalated) actions, the user must provide a Reasoning String (e.g., "Debugging local server") to proceed. Simple "yes/no" confirmations are not accepted for high-risk operations.
Configuration (.aegis.json)
Create a .aegis.json in your project root or home directory to customize behavior:
{
"protected_paths": [
"/prod/db",
"./secrets"
],
"strict_mode": true
}
Behavioral Redlines
AegisFlow monitors for:
- Recursive Operations:
rm -rf, massive deletes. - Exfiltration: POST requests containing key-like patterns.
- Rule Negation: AI thoughts attempting to bypass security constraints.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aegisflow-2.5.2.tar.gz.
File metadata
- Download URL: aegisflow-2.5.2.tar.gz
- Upload date:
- Size: 13.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
246a78c4a464904d259b92bbaf06718bc32b0c7ca5a0e607f38e1b7ef8d0a5ce
|
|
| MD5 |
460c3ae7e72fdf33d7520ec1a624fbf4
|
|
| BLAKE2b-256 |
8dbd6c1aaa70ad0c28ca59a55cc278ba2312ccc3e831f76000e41abc005c217b
|
File details
Details for the file aegisflow-2.5.2-py3-none-any.whl.
File metadata
- Download URL: aegisflow-2.5.2-py3-none-any.whl
- Upload date:
- Size: 17.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
392be8d7ba4a05bc5da66edca1648e9037c92f1730302bb66c926828332fdb7b
|
|
| MD5 |
610e5cd69a73ed2dd8c4bb1c816ac252
|
|
| BLAKE2b-256 |
3463854cf06c56970dca140ebe6bd64710c5c5bcd97c2b4fdfdbaca61192a788
|
