Quickstart — Aegis | aegis-trust in 60 seconds

1 · Install

pip install --pre aegis-trust

Node instead? npm install aegis-trust. Full install notes on the SDK page.

2 · Add one decorator

Wrap the function that returns your data. Declare the purpose the agent acts under and the scope of fields that purpose may see.

quickstart.pyPython

from aegis_trust import shield

@shield(purpose="customer_support", scope=["name", "issue"])
def get_customer(id):
    # stands in for your real DB/API row (30 fields, 2 of them sensitive)
    return {"name": "Tanaka Taro", "issue": "Login problem",
            "email": "t@example.com", "ssn": "123-45-6789"}

print(get_customer(1))

3 · Run it

python quickstart.py

Outputemail / ssn never reach the agent

{'name': 'Tanaka Taro', 'issue': 'Login problem'}

The email and ssn fields are outside the declared scope, so they are removed before the value leaves the function — the agent calling get_customer never sees them. No gateway was contacted; this ran entirely in your process (LITE mode).

What just happened. You declared a purpose and a scope, and the SDK applied field-level reduction at the data boundary, fail-closed — all in LITE mode, the public preview. A tamper-evident server-side audit log is part of FULL mode, a private-pilot path that is not included in the public preview — see LITE / FULL modes.

Now wire it into your agent.

Read the SDK guide Contact for early access

Strip a sensitive field in 60 seconds. Three steps. LITE mode. No gateway, no token.

1 · Install

2 · Add one decorator

3 · Run it

Now wire it into your agent.