Skip to content

AegisAI Platform

AI Agent Security & Governance — secure, observe, and govern autonomous AI agents across your organization.

AegisAI provides a unified control plane for registering agents, enforcing compliance policies, detecting anomalies, maintaining tamper-evident audit trails, and routing high-risk actions through human-in-the-loop (HITL) approval workflows.

Platform version

Current release on main: 1.1.0 (Prompt Guard, Shadow AI, hybrid anomaly). First public tag: 1.0.0.

What AegisAI Does

Capability Description
Agent Registry Register, monitor, and manage AI agents with heartbeat tracking
Policy Engine OPA-powered Rego policies with GDPR, HIPAA, and FZ-152 templates
Prompt Guard Injection / jailbreak / leakage checks (rules + ML + OPA) before LLM calls
Audit Logging Signed, exportable audit trails for compliance and forensics
Anomaly Detection Hybrid supervised / Isolation Forest / ONNX + rules; Shadow AI discovery
HITL Workflows Human approval gates for critical or high-risk operations
Real-time Dashboard Vite SPA with live WebSocket updates
SSO / OIDC Keycloak, Okta, Google Workspace, Microsoft Entra ID
SIEM Export Syslog, CEF, LEEF, JSONL → Splunk HEC, ELK, TCP/UDP

Quick Start

git clone https://github.com/valera7623/AegisAI.git
cd aegisai
cp .env.example .env
docker compose up --build
Service URL
Frontend Dashboard http://localhost:5173
API (OpenAPI) http://localhost:8000/docs
Legacy Dashboard http://localhost:8000/dashboard
OPA http://localhost:8181

Default super-admin credentials (created on first boot):

  • Email: admin@aegisai.com
  • Password: admin123

Change default credentials

Replace the super-admin password and SECRET_KEY before deploying to production.

Architecture Overview

flowchart TB
    subgraph Clients
        SPA[Vite Frontend :5173]
        SDK[Python SDK]
        WH[Webhook Agents]
    end

    subgraph AegisAI["AegisAI Platform :8000"]
        API[FastAPI API Gateway]
        WS[WebSocket /api/v1/ws]
        AUTH[JWT + API Key Auth]
        RBAC[RBAC Layer]
        PG_GUARD[Prompt Guard]
        PE[Policy Engine]
        AD[Anomaly Detector]
        AUD[Audit Logger]
        HITL[HITL Service]
    end

    subgraph Data
        PG[(PostgreSQL)]
        RD[(Redis)]
        OPA[OPA :8181]
    end

    SPA -->|JWT + X-API-Key| API
    SPA <-->|token query param| WS
    SDK -->|X-API-Key| API
    WH -->|HMAC signature| API

    API --> AUTH --> RBAC
    API --> PG_GUARD
    RBAC --> PE
    RBAC --> AD
    RBAC --> AUD
    RBAC --> HITL

    PG_GUARD --> OPA
    PG_GUARD --> RD
    PE --> OPA
    API --> PG
    API --> RD
    WS --> RD

Technology Stack

Layer Technology
Backend FastAPI, SQLAlchemy (async), Alembic
Frontend Vite 5, Vanilla JS, Tailwind CSS, Chart.js
Database PostgreSQL 15
Cache / Pub-Sub Redis 7
Policy Engine Open Policy Agent (OPA) + Rego
Auth JWT sessions + X-API-Key (tenant & user keys)
Real-time WebSocket (/api/v1/ws?token=...)
Deployment Docker Compose

Documentation

Getting Started

User Guide

Day-to-day operations for security analysts and operators:

Admin Guide

Platform administration for admins and super-admins:

Developer Guide

Integrate agents and build on the API:

Deployment

Production deployment and operations:

Policy Templates

AegisAI ships with built-in Rego policy templates for major compliance frameworks:

Template Framework Focus
gdpr GDPR EU personal data protection, consent, lawful basis
hipaa HIPAA Protected health information (PHI) controls
fz152 FZ-152 Russian personal data localization and transfer
hitl Human approval for critical operations
guard Prompt injection / jailbreak / data leakage
custom Customizable allow/deny rules

Support

  • API docs: http://localhost:8000/docs (interactive OpenAPI)
  • Repository: https://github.com/valera7623/AegisAI