Wrap an AI agent's tool call behind the AiEGIS Harness in three lines of code. One curl, one Python snippet, one Node snippet.
Same wire protocol against the local reference daemon or the production cloud endpoint at https://aiegis.ie/api/protect.
If you want to evaluate policies entirely on your own machine — zero-network — build the Rust reference daemon from github.com/AiEGIS/aiegis-harness and run:
git clone https://github.com/AiEGIS/aiegis-harness
cd aiegis-harness
cargo build --release
./target/release/aiegis-harness \
--port 18081 \
--audit-db /tmp/harness.db \
--policy-pack examples/pii-block.json \
--policy-pack examples/tool-allowlist.json \
--policy-pack examples/rate-limit.json
The daemon listens on http://127.0.0.1:18081 and exposes two endpoints: GET /health and POST /api/protect. The wire shape is byte-compatible with https://aiegis.ie/api/protect — point your client at either.
The minimal probe. Replace $BASE with http://127.0.0.1:18081 (local daemon) or https://aiegis.ie (cloud prod). For cloud prod, set X-AEGIS-Tag: <your-key>.
curl -sS -X POST "$BASE/api/protect" \
-H 'Content-Type: application/json' \
-H "X-AEGIS-Tag: $AEGIS_KEY" \
-d '{
"action": "tool.read_file",
"target": "/etc/hosts",
"input": "",
"context": {"agent_did": "did:key:z6Mk..."}
}'
Response shape (reference daemon):
{
"decision": "ALLOW",
"reason": null,
"layer": null,
"deciding_pack": null,
"deciding_rule": null,
"decision_ms": 2,
"agent_did": "did:key:z6Mk...",
"receipt_id": "01HZ..."
}
On DENY the HTTP status is 401 and reason, layer, deciding_pack, deciding_rule are populated.
The Python binding lives in crates/harness-py/ and is published as the aiegis-harness wheel. It is built with PyO3 + maturin and ships a single class HarnessClient plus a result type EvaluationResult and two exceptions HarnessDenied + HarnessTransportError.
pip install aiegis-harness
from aiegis_harness import HarnessClient, HarnessDenied
client = HarnessClient(
base_url="https://aiegis.ie",
api_token="your-key-here",
timeout_s=10,
)
# 1) Inspect mode — never raises on DENY
result = client.evaluate(
action="tool.read_file",
target="/etc/hosts",
input="",
context={"agent_did": "did:key:z6Mk..."},
)
print(result.decision, result.reason, result.layer)
print(result.allowed, result.denied, result.decision_ms)
# 2) Guard mode — raises HarnessDenied on non-ALLOW
try:
client.evaluate_or_raise(
action="tool.shell_exec",
target="rm -rf /",
input="",
)
# proceed with the tool call
except HarnessDenied as e:
# abort, log, or surface to the user
print("blocked:", e)
Full API reference: /docs/harness/api/python/.
The Node binding lives in crates/harness-node/ and is published as the aiegis-harness npm package. It is a NAPI-RS native module — no Node JS shim around HTTP, just direct Rust calls.
npm install aiegis-harness
import { HarnessClient } from 'aiegis-harness';
const client = new HarnessClient('https://aiegis.ie', {
apiToken: process.env.AEGIS_KEY,
timeoutMs: 10_000,
});
// 1) Inspect mode
const result = await client.evaluate(
'tool.read_file',
'/etc/hosts',
'',
JSON.stringify({ agent_did: 'did:key:z6Mk...' })
);
console.log(result.decision, result.reason, result.layer);
// 2) Guard mode
try {
await client.evaluateOrThrow('tool.shell_exec', 'rm -rf /');
// proceed with the tool call
} catch (e) {
// HarnessDenied — log + surface
console.error('blocked:', e.message);
}
Full API reference: /docs/harness/api/node/.