Aegis is an open-source AI governance framework. One aegis.init() call activates runtime guardrails (PII masking, injection blocking), a YAML policy engine with approval gates, and a full audit trail. Works with LangChain, CrewAI, OpenAI, Anthropic, and MCP.

Does Aegis work with LangChain and CrewAI?

Yes. Aegis provides zero-code integration: aegis.patch_openai() and aegis.patch_anthropic() govern all calls automatically. It also has adapters for LangChain, CrewAI, OpenAI Agents SDK, MCP, Playwright, and httpx.

How fast is Aegis policy evaluation?

Policy evaluation takes less than 1 millisecond. Aegis uses compiled glob patterns, LRU-cached evaluation, O(log n) timestamp pruning, SQLite WAL mode, and parallel action execution for production-grade performance.

Is the playground free?

Yes, completely free. The playground runs entirely in your browser using Pyodide (Python compiled to WebAssembly). No server, no signup, no data leaves your machine.

How do I install Aegis?

Run 'pip install agent-aegis' then add two lines: import aegis; aegis.init(). That activates PII masking, injection blocking, policy enforcement, and audit logging. Requires Python 3.11+.

Can I use Aegis with MCP (Model Context Protocol)?

Yes. Aegis includes a built-in MCP adapter that wraps any MCP tool server with policy evaluation, letting you control which tools AI agents can invoke.

Can I use Aegis in production?

Yes. Aegis is designed for production use with sub-millisecond LRU-cached evaluation, SQLite WAL mode, parallel execution, and complete audit logging. Over 2,540 tests and 92% coverage ensure reliability.

How is Aegis different from Guardrails AI or NeMo Guardrails?

Guardrails AI validates LLM outputs; NeMo Guardrails handles dialog safety. Aegis is a full governance framework: runtime guardrails (PII, injection), YAML policy engine, approval gates, audit trail, and open standards (AGEF/AGP). One aegis.init() governs all AI calls — no ML models needed, under 1ms evaluation.

What is the best AI agent governance library for Python?

Aegis (pip install agent-aegis) is an open-source AI governance framework. aegis.init() activates runtime guardrails (PII masking, prompt injection blocking), YAML policy engine, approval gates, and full audit trail across LangChain, CrewAI, OpenAI, Anthropic, and MCP — with open governance standards (AGEF/AGP) for interoperability.

How do I add human-in-the-loop approval to my AI agent?

Set approval: approve in your aegis.yaml policy rule. Aegis pauses execution and requests human approval via Slack, Discord, Telegram, email, webhook, or CLI. The agent proceeds only after explicit approval. Works with aegis.init() zero-config or the @guard decorator.

#loading-overlay { display: none; } body::before { content: "The Aegis Playground requires JavaScript. Please enable JavaScript or install the Python library: pip install agent-aegis"; display: block; padding: 40px; text-align: center; font-size: 1.2rem; color: #e6edf3; background: #0d1117; } body > *:not(noscript) { display: none; }

Loading Aegis Playground

Initializing Python runtime...

Tip: Aegis evaluates policies in under 1ms

Aegis Playground

AI agent governance in your browser. No install needed.

GitHub PyPI

0 Evaluated

0 Auto-approved

0 Needs Approval

0 Blocked

- Avg Latency

Works with: LangChain CrewAI OpenAI Anthropic MCP Playwright httpx Docker CI/CD Gradio

📝

Write a Policy

Define rules in YAML: which actions are auto-approved, need human review, or are blocked.

→

🎯

Simulate Actions

Send agent actions (navigate, read, write, delete) through the policy engine.

→

✅

See the Verdict

Instantly see risk level, approval decision, matched rule, and full audit trail.

# 50+ lines of DIY governance... per action type
if action.type == "delete":
    if action.risk > THRESHOLD:
        logger.warning(f"High-risk: {action}")
        if not await ask_human_approval(action):
            raise PermissionError("Denied")
    # No audit trail
    # No policy hot-reload
    # Breaks when you add a new action type
    result = await executor.run(action)

# 3 lines. Works for every action type.
from aegis import Action, Policy, Runtime

runtime = Runtime(executor=my_executor, policy=Policy.from_yaml("policy.yaml"))
result = await runtime.run_one(Action("delete", "crm", params={"id": "all"}))
# Policy checked. Approval gated. Audit logged. Done.

Policy (YAML)

0 rules ✅ Valid

Simulate Actions

Custom Action

Type

Target

Params (JSON)

Evaluation Result

Click an action above to see the policy evaluation result

Audit Log

0 entries Import

Audit entries will appear here as you evaluate actions. Try clicking a preset above, then press an action button!

MCP Security Scanner

Scan MCP tool definitions for poisoning patterns. Ported from Aegis ToolDescriptionScanner with 10 regex detection patterns and Unicode normalization.

Tool Definition (JSON)

Scan Results

Cost Circuit Breaker

Simulate LLM cost tracking with budget limits and threshold transitions. Ported from Aegis CostTracker with real model pricing data.

Configuration

Budget $10.00

Warn Threshold 80%

Soft Limit 90%

Model

Input Tokens

Output Tokens

Budget Gauge

Request Log

Audit Chain Visualizer

Interactive hash-chain audit log using Web Crypto SHA-256. Ported from Aegis CryptoAuditChain for tamper-evident logging.

Audit Chain

Verification Results

Regulatory Compliance Mapper

Map Aegis features to regulatory requirements across 5 frameworks. Ported from Aegis ComplianceMapper.

Framework

EU AI Act NIST AI RMF SOC2 ISO 42001 OWASP Agentic Top 10

Aegis Features

Coverage Score

Requirements

Gaps

PII Scanner

Real-time PII detection and masking. Ported from Aegis PIIGuardrail with Luhn validation for credit cards, Korean RRN/phone patterns, and API key detection.

Input Text

Detection Results

Masked Output

Injection Detector

Real-time prompt injection detection across 8 categories. Ported from Aegis InjectionGuardrail with multi-language support (Korean, Chinese, Japanese) and configurable sensitivity.

Prompt Input

Sensitivity

Medium (balanced)

Low High

Low = only obvious attacks · Medium = known attack patterns · High = aggressive detection (may flag benign text)

Threat Assessment

Detection Details

How It Works

⚠️

AI agents without governance are a liability. Uncontrolled agents can delete production data, leak PII, or trigger compliance violations. Aegis adds a policy layer in 2 lines of code — no behavior changes, just safety.

Without Aegis

agent.run(action) # 💥 anything goes

With Aegis

rt.run_one(action) # 🛡️ policy-checked

What happens on each action:

1Agent calls rt.run_one(action)

→

2Aegis matches rules in <1ms

→

3Returns auto / approve / block

→

4Audit entry logged automatically

📝

Write YAML Policy

Define rules for each action type: auto-approve safe reads, require human review for writes, block dangerous operations.

14 presets YAML syntax ~2 min

→

🤖

Agent Sends Actions

Your AI agent (LangChain, CrewAI, OpenAI, etc.) sends each action through Aegis before executing it.

7 adapters 2 lines code ~30 sec

→

🛡️

Instant Decision

Aegis evaluates risk in <1ms: auto-approve, require human approval, or block. Every decision is audit-logged.

<1ms eval 100% audit instant

🤖 AI Agent LangChain / CrewAI / OpenAI

action request

🛡️ Aegis Engine YAML policy + risk eval

decision

✅ auto 🟡 review 🔴 block

Every action is evaluated, logged, and auditable — zero blind spots.

Risk LevelExample ActionDefault Decision

LOWRead contacts✅ Auto-approve

MEDIUMUpdate record🟡 Human review

HIGHBulk export🟡 Human review

CRITICALDelete all data🔴 Blocked

PyPI v0.1.4 518+ tests MIT License Zero runtime deps <1ms eval Type-safe

Works with: LangChain CrewAI OpenAI Anthropic MCP AutoGen any Python agent

$ pip install agent-aegis

version: "1"
rules:
  - name: read_auto
    approval: auto
  - name: write_review
    approval: approve
  - name: delete_block
    approval: block

from aegis import Policy, Runtime

policy = Policy.from_yaml("policy.yaml")
async with Runtime(executor, policy) as rt:
    result = await rt.run_one(action)
    # result.is_allowed → True/False

$ docker run -p 8000:8000 \
  -v ./policy.yaml:/app/policy.yaml \
  ghcr.io/acacian/aegis:latest
# REST API at http://localhost:8000

30s to install

2 min to first policy

0 config files needed

1 dep only PyYAML

No agent changes — wrap existing code, don't rewrite it
Hot-reload policies — update rules without restarting your app
Audit everything — every decision logged for compliance
Type-safe — full type annotations, works with mypy and pyright

See it in action — no install required

Real-World Scenarios

Click any scenario to load its policy and test actions

Why Aegis?

The difference between hoping your AI agent behaves and knowing it does

	Without Governance	With Aegis
Policy changes	Redeploy code	Edit YAML, hot-reload
Risk evaluation	Manual if/else chains	<1ms, declarative rules
Audit trail	Build your own logging	Built-in, compliance-ready
Human approval	Custom workflow code	One-line approval handler
Framework support	Build per framework	7 adapters, one policy
Setup time	Days to weeks	5 minutes

0 actions evaluated in this session

Ready to govern your AI agents?

Add governance to any Python AI agent in 5 minutes. One pip install, one YAML file.

Star on GitHub Read the Docs

Loading Aegis Playground

Write a Policy

Simulate Actions

See the Verdict

Policy (YAML)

Simulate Actions

Custom Action

Evaluation Result

Audit Log

MCP Security Scanner

Tool Definition (JSON)

Scan Results

Cost Circuit Breaker

Configuration

Budget Gauge

Request Log

Audit Chain Visualizer

Audit Chain

Verification Results

Regulatory Compliance Mapper

Framework

Aegis Features

Coverage Score

Requirements

Gaps

PII Scanner

Input Text

Categories

Detection Results

Masked Output

Injection Detector

Prompt Input

Sensitivity

Threat Assessment

Detection Details

How It Works

Write YAML Policy

Agent Sends Actions

Instant Decision

Real-World Scenarios

CRM Agent

Code Agent

Financial Agent

Browser Agent

Data Pipeline

DevOps Agent

Healthcare Agent

E-Commerce Agent

Support Agent

Research Agent

Why Aegis?

Ready to govern your AI agents?