AegisAI Platform¶
AI Agent Security & Governance — secure, observe, and govern autonomous AI agents across your organization.
AegisAI provides a unified control plane for registering agents, enforcing compliance policies, detecting anomalies, maintaining tamper-evident audit trails, and routing high-risk actions through human-in-the-loop (HITL) approval workflows.
Platform version
Current release on main: 1.1.0 (Prompt Guard, Shadow AI, hybrid anomaly). First public tag: 1.0.0.
What AegisAI Does¶
| Capability | Description |
|---|---|
| Agent Registry | Register, monitor, and manage AI agents with heartbeat tracking |
| Policy Engine | OPA-powered Rego policies with GDPR, HIPAA, and FZ-152 templates |
| Prompt Guard | Injection / jailbreak / leakage checks (rules + ML + OPA) before LLM calls |
| Audit Logging | Signed, exportable audit trails for compliance and forensics |
| Anomaly Detection | Hybrid supervised / Isolation Forest / ONNX + rules; Shadow AI discovery |
| HITL Workflows | Human approval gates for critical or high-risk operations |
| Real-time Dashboard | Vite SPA with live WebSocket updates |
| SSO / OIDC | Keycloak, Okta, Google Workspace, Microsoft Entra ID |
| SIEM Export | Syslog, CEF, LEEF, JSONL → Splunk HEC, ELK, TCP/UDP |
Quick Start¶
git clone https://github.com/valera7623/AegisAI.git
cd aegisai
cp .env.example .env
docker compose up --build
| Service | URL |
|---|---|
| Frontend Dashboard | http://localhost:5173 |
| API (OpenAPI) | http://localhost:8000/docs |
| Legacy Dashboard | http://localhost:8000/dashboard |
| OPA | http://localhost:8181 |
Default super-admin credentials (created on first boot):
- Email:
admin@aegisai.com - Password:
admin123
Change default credentials
Replace the super-admin password and SECRET_KEY before deploying to production.
Architecture Overview¶
flowchart TB
subgraph Clients
SPA[Vite Frontend :5173]
SDK[Python SDK]
WH[Webhook Agents]
end
subgraph AegisAI["AegisAI Platform :8000"]
API[FastAPI API Gateway]
WS[WebSocket /api/v1/ws]
AUTH[JWT + API Key Auth]
RBAC[RBAC Layer]
PG_GUARD[Prompt Guard]
PE[Policy Engine]
AD[Anomaly Detector]
AUD[Audit Logger]
HITL[HITL Service]
end
subgraph Data
PG[(PostgreSQL)]
RD[(Redis)]
OPA[OPA :8181]
end
SPA -->|JWT + X-API-Key| API
SPA <-->|token query param| WS
SDK -->|X-API-Key| API
WH -->|HMAC signature| API
API --> AUTH --> RBAC
API --> PG_GUARD
RBAC --> PE
RBAC --> AD
RBAC --> AUD
RBAC --> HITL
PG_GUARD --> OPA
PG_GUARD --> RD
PE --> OPA
API --> PG
API --> RD
WS --> RD
Technology Stack¶
| Layer | Technology |
|---|---|
| Backend | FastAPI, SQLAlchemy (async), Alembic |
| Frontend | Vite 5, Vanilla JS, Tailwind CSS, Chart.js |
| Database | PostgreSQL 15 |
| Cache / Pub-Sub | Redis 7 |
| Policy Engine | Open Policy Agent (OPA) + Rego |
| Auth | JWT sessions + X-API-Key (tenant & user keys) |
| Real-time | WebSocket (/api/v1/ws?token=...) |
| Deployment | Docker Compose |
Documentation¶
Getting Started¶
- Getting Started — install, login, and first steps
- Architecture — components, data flow, and security layers
User Guide¶
Day-to-day operations for security analysts and operators:
Admin Guide¶
Platform administration for admins and super-admins:
- Admin Guide Overview
- User Management
- Roles & Permissions
- SSO Configuration
- SIEM Integration
- Deployment
- Monitoring
- Backup & Recovery
Developer Guide¶
Integrate agents and build on the API:
Deployment¶
Production deployment and operations:
Policy Templates¶
AegisAI ships with built-in Rego policy templates for major compliance frameworks:
| Template | Framework | Focus |
|---|---|---|
gdpr |
GDPR | EU personal data protection, consent, lawful basis |
hipaa |
HIPAA | Protected health information (PHI) controls |
fz152 |
FZ-152 | Russian personal data localization and transfer |
hitl |
— | Human approval for critical operations |
guard |
— | Prompt injection / jailbreak / data leakage |
custom |
— | Customizable allow/deny rules |
Support¶
- API docs: http://localhost:8000/docs (interactive OpenAPI)
- Repository: https://github.com/valera7623/AegisAI