Releases · saivedant169/AegisFlow

This is the release where AegisFlow stops being "another AI gateway" and becomes what it was meant to be: an open-source runtime governance layer for tool-using agents.

The gateway features did not disappear. They moved into the supporting cast. The new main character is the execution boundary — the moment an agent tries to actually do something (open a PR, run a shell command, drop a table, hit an external API) — and what AegisFlow does at that moment.

The one-line pitch

Let coding agents draft PRs safely. Install in 15 minutes. Block destructive actions. Review risky writes. Prove what happened.

What is new

Agent execution governance (Phase 6)

ActionEnvelope core type — every agent action normalised into one policy-evaluable object
MCP remote gateway with JSON-RPC 2.0 and SSE transport (Claude Code, Cursor, and other MCP clients connect directly)
Tool policy engine with glob matching and three first-class decisions: allow, review, block
Human-in-the-loop approval queue with submit, approve, deny, and history
Session evidence chain with SHA-256 hash linking and tamper detection
Fail-closed governance mode with an explicit break-glass override
Protocol connectors: shell (dangerous command detection), SQL (operation classification), GitHub (risk tiers), HTTP (reverse proxy with host allowlists)
10 end-to-end integration tests covering the full lifecycle

Task-scoped credentials (Phase 7)

GitHub App broker with real RS256 JWT signing (pure stdlib, no external JWT library)
AWS STS broker with SigV4 signing inlined (no AWS SDK dependency)
HashiCorp Vault broker for database secrets with lease management
Static broker as a clearly labelled degraded fallback
Credential provenance recorded in the evidence chain, so every action is linked to the exact short-lived credential used

Evidence, policy packs, benchmarks, and demo (Phase 8)

aegisctl verify for audit chain and session verification
aegisctl evidence for export and session listing
Three blessed policy packs: readonly, pr-writer, infra-review
Governance overhead benchmarks: policy evaluate (~1.2 µs), full allow pipeline (~5.2 µs), review path (~1.3 µs)
Attack demo pack with 20 scenarios
One-click Docker Compose demo

Governed Coding Agent Starter Kit (Phase 9)

Complete starter-kit/ directory: everything a team needs to adopt AegisFlow in 15 minutes
PR-writer focused installer (install-pr-writer.sh) with prerequisite checks, sanity tests, and verified install-to-running time under 10 seconds on a dev machine
Claude Code and Cursor setup guides with copy-paste configs
Production deployment templates: Docker Compose, Helm chart, Terraform for AWS ECS Fargate
Sample evidence bundle and human-readable session report

Adoption sprint (Phase 10, in progress)

docs/PR_WRITER.md proof page — one concrete scenario walkthrough with real output, real hashes, real decisions
Tuned pr-writer policy pack — everyday commands like git status, git log, pytest, go test now pass without interruption; dangerous operations still hard-blocked

Enterprise grade (all 12 uplift items)

Tier 1: typed resource model, TaskManifest with drift detection, capability tickets (HMAC-signed), policy simulation (aegisctl simulate/why/diff-policy), safe execution sandboxes
Tier 2: behavioral session policy, GitHub + Slack approval integrations, enterprise identity (org/team/project/environment), signed policy supply chain
Tier 3: HA/recovery/retention/backup, threat model with OWASP Agentic Top 10 mapping

What changed

README rewritten to lead with the PR-writer workflow and governance positioning, not the gateway one
Default policy engine mode is now fail-closed (break-glass mode exists for explicit opt-in)
Gateway features are now described as supporting infrastructure behind the governance plane
Architecture diagram redrawn to show agent → AegisFlow (policy, credentials, evidence) → tools

Try it

```bash
git clone https://github.com/saivedant169/AegisFlow.git
cd AegisFlow/starter-kit
./install-pr-writer.sh
```

The installer builds AegisFlow, starts it with the tuned PR-writer policy pack, runs three sanity checks, and prints exactly what to do next. Then connect Claude Code or Cursor using the setup guides in starter-kit/editors/.

For the full scenario walkthrough with real output, see docs/PR_WRITER.md.

Full changelog

See CHANGELOG.md for the complete list of changes.

Thanks

To everyone who tried the demo, opened an issue, or sent feedback while the pivot was in flight. The project is in much better shape because of it.

What's Changed

feat(gateway): Add request counter to health endpoint by @yumosx in #52
feat: add QualityScore column to live feed table by @Raf-Hs in #51
feat(ratelimit): Add sliding window rate limiting mode by @yumosx in #53
Add data plane names to the live request feed by @t7r0n in #71
Add provider retry policy support by @t7r0n in #69
Add provider-aware usage breakdowns by @t7r0n in #66
Add actor_role filtering to the audit API by @t7r0n in #65
Add audit log CSV export by @t7r0n in #64
Add a persistent dashboard theme toggle by @t7r0n in #63
Show cache TTL on the dashboard by @t7r0n in #62
Add benchmark harness and CI workflow by @t7r0n in #61
Add admin API RBAC integration tests by @t7r0n in #60
Add aegisctl plugin outdated command by @t7r0n in #59
Retry eval webhooks once on transient failures by @t7r0n in #56
Update and validate the OpenAPI specification by @t7r0n in #55
Add development Docker hot-reload setup by @t7r0n in #54
Pivot: Open-Source Verifiable Execution Plane for Agents by @saivedant169 in #74

New Contributors

@Raf-Hs made their first contribution in #51
@t7r0n made their first contribution in #71
@saivedant169 made their first contribution in #74

Full Changelog: v0.4.0...v0.5.0

Releases: saivedant169/AegisFlow

v0.6.0

What's Changed

New Contributors

Contributors

Uh oh!

v0.5.0 - The governance pivot

The one-line pitch

What is new

What changed

Try it

Full changelog

Thanks

What's Changed

New Contributors

Contributors

Uh oh!

v0.4.0

What's Changed

New Contributors

Contributors

Uh oh!

v0.3.0

Uh oh!