The runtime gate between an AI agent and the world. Three language bindings, one spec, one wire protocol.
Rust, Python, Node — same policy packs, same audit ledger, same /api/protect wire shape against the local reference daemon or the production cloud endpoint.
Information-only pages explaining what the harness is, how a policy pack is structured, how the four architectural layers compose, and how to deploy it.
One curl, one Python snippet, one Node snippet. The local reference daemon or the cloud endpoint — same call shape.
Signed JSON manifest, rule evaluation order, signature canonicalisation, audit-log entry shape. Side-by-side annotated example.
Pin (cryptographic identity), Daemon (local runtime gate), Enforcement (policy evaluation), Ledger (append-only audit).
Proxy (HTTP fronting), Sidecar (per-pod gate), SDK (in-process library). Concrete configs for each.
Auto-generated from the source tree. Rust via cargo doc --no-deps --workspace --release; Python via pdoc aiegis_harness; Node hand-rendered directly from the NAPI-RS index.d.ts (typedoc not available at build time — see note on that page).
Pack loader, evaluator, audit-log sinks. Library crate. Embed in your own daemon.
The reference daemon binary. axum HTTP server + clap CLI.
HarnessClient + EvaluationResult + HarnessDenied / HarnessTransportError. PyO3 + maturin.
HarnessClient (NAPI-RS native module). Same wire protocol; camelCased field names.
These docs are derived from canonical sources. If anything on this site disagrees with the upstream, the upstream wins.
From a shell, against the production cloud endpoint:
curl -sS -X POST https://aiegis.ie/api/protect \
-H 'Content-Type: application/json' \
-H "X-AEGIS-Tag: $AEGIS_KEY" \
-d '{"action":"tool.read_file","target":"/etc/hosts","input":""}'
Or build the reference daemon locally — see Quickstart.