Acacian/aegis

What's New in v0.3.0

MCP Supply Chain Security

• Tool poisoning detection: 10 regex patterns against Unicode-normalized text, schema recursion
• Rug pull detection: SHA-256 hash pinning, definition change alerts
• Argument sanitization: Path traversal, command injection, null byte detection
• Trust scoring (L0-L4): Automated trust levels from scan + pin + audit status
• Vulnerability database: 8 built-in CVEs for popular MCP servers, version-range matching, auto-block
• SBOM generation: CycloneDX-inspired bill of materials with vulnerability overlay

Cost Management

• Cost circuit breaker: 17 model pricing entries, loop detection, hierarchical budgets, thread-safe
• Cross-framework cost tracking: LangChain + OpenAI + Anthropic + Google → unified CostTracker
• Multi-agent cost attribution: Delegation trees, subtree rollup, formatted attribution reports

Multi-Agent Governance

• A2A communication governance: Capability-gated messaging, PII/credential redaction, rate limiting, audit log
• Session replay: Record/replay agent sessions with retroactive security scanning (20 patterns)

Observability

• OpenTelemetry export: Policy/cost/anomaly/MCP events → OTel spans, in-memory fallback
• Policy-as-code Git integration: Diff formatting, impact analysis, drift detection, YAML export

Changed

• Development status upgraded from Alpha to Beta
• PyPI keywords expanded (mcp, cost-management, supply-chain-security, a2a, observability)

Stats

• 2,238+ tests passing
• 92% code coverage

pip install agent-aegis==0.3.0

Full changelog: https://github.com/Acacian/aegis/blob/main/CHANGELOG.md