Operating modes
LITE is the public preview. FULL is a private-pilot path. Same decorator. Both fail-closed.
aegis-trust describes two modes. LITE is the public preview — you
can install it and run it today, fully local. FULL is a gateway-connected
enforcement path that is not part of the public SDK preview; it is
available only through private pilot access by request. The same
@shield(purpose, scope) code is written the same way in both; what
differs is where the audit record goes and what guarantees it carries.
The boundary, side by side
| LITE (public preview) | FULL (private pilot) | |
|---|---|---|
| Field-level reduction | Yes — scope / deny_fields field reduction | Yes — identical field reduction |
| Network | None. Runs entirely in your process | Connects to an aegis-core gateway (provisioned with the pilot) |
| Token / account | Not required | Provided through the private pilot |
| Where audit records go | Local file — SQLite (~/.aegis/history.db, Python) or JSONL (Node) |
Gateway via POST /shield/ingest |
| Tamper-evidence | No — local log is plain append-only | Yes — server-side chain, verifiable with GET /audit/verify → chain_valid |
| Fail-closed | Yes — no data released if policy can't apply | Yes — data released only after the audit record is durably accepted |
| Data residency | Your machine only | Determined by the private-pilot gateway deployment |
LITE — local-first, zero setup
With no token and no gateway URL set, the SDK runs in LITE mode. Nothing is transmitted: scope / deny_fields field reduction and the audit record both happen on your machine. Purpose is declared as context and recorded; authorization is not enforced locally. The local audit log is an append-only record — useful for local inspection, but it is not hash-chained or tamper-evident, and the SDK does not manage its retention, encryption, or transport to a SIEM. That is the operator's responsibility.
This is the mode every snippet on this site runs in.
FULL — gateway-connected enforcement (private pilot)
In FULL mode, each shielded access is sent to an aegis-core gateway that keeps a
server-side audit chain, verifiable with GET /audit/verify →
chain_valid. The filtered data is released only after the audit record
is durably accepted, and if the gateway is unreachable the SDK stays fail-closed
and denies rather than silently dropping to LITE.
FULL is not part of the public SDK preview. Gateway-connected enforcement is available only through private pilot access by request — the public package does not install or self-host a gateway. Public developers should begin with LITE.