Skip to content

Acacian/aegis

v0.4.2 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 2mo MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agent-security ai-agent-security ai-agents ai-governance ai-safety ai-security
+14 more
audit-trail compliance guardrails langchain llm-security mcp mcp-security model-context-protocol pii-detection policy-as-code policy-engine policy-testing prompt-injection selection-governance

Affected surfaces

auth rbac

Summary

AI summary

Toxicity guardrail default behavior changes from block to warn.

Full changelog

What's New

Constitutional Protocol (Phase 1 + 2)

  • Agent Constitution: Ontology + obligations + constraints for structural governance
  • Plan-level governance: Sequence pattern detection + cumulative risk thresholds
  • Governance Envelope: A2A messages carry sender credentials (SHA-256 signed) — like TLS certs for agents
  • Governance Handshake: 5-step constitutional compatibility verification before agent communication
  • Cross-session data leakage detection: 5 detectors for shared MCP servers correlating requests across tenants

Performance

  • Lazy imports: import aegis loads 20 modules instead of 67 (174ms → 87ms, 2x faster)

Positioning Update

  • Toxicity guardrail default changed from block to warn (opt-in to block)
  • Security guardrails (injection, PII) remain unchanged
  • Governs what agents do (actions, tool calls, data access), not what they say

Compliance

  • Dual-compliance mapping: EU AI Act + NIST AI RMF + SOC2 + ISO 42001 + OWASP Agentic Top 10
  • All 11 auto-instrumentation frameworks now marked Stable

Stats

  • 3,265+ tests passing
  • 27 files changed, +4,300 lines
  • ruff/mypy clean
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Acacian/aegis

Get notified when new releases ship.

Sign up free

About Acacian/aegis

Policy-based governance for AI agent tool calls. YAML policies, approval gates, risk assessment, and audit logging. Cross-platform: LangChain, OpenAI, Anthropic, MCP.

All releases →

Related context

Beta — feedback welcome: [email protected]