Open preview · MIT licensed

aegis-trust One decorator. Purpose + scope at the data boundary.

Install

Published on PyPI and npm. The packages are public; the SDK runs in LITE mode with no account, no gateway, and no token.

Python

pip install --pre aegis-trust

The --pre flag is required: it resolves to the current pre-release (0.9.0rc8). A bare pip install aegis-trust returns the older stable line (0.9.1) until the v1.0 GA cut. Pin explicitly with pip install 'aegis-trust==0.9.0rc8'. View on PyPI →

TypeScript / Node

npm install aegis-trust

Resolves to 0.9.0-rc8 (current on the rc dist-tag). npm install aegis-trust@rc and pinning @0.9.0-rc8 both work too. View on npm →

Wrap your data accessor

Wrap the function that fetches data — not the LLM client. The wrapped function keeps the same signature, so you can hand it to any agent framework, tool registry, or message-building step you already use.

Pythonruns as written · LITE mode
from aegis_trust import shield

@shield(purpose="customer_support", scope=["name", "issue"])
def get_customer(id):
    return db.fetch(id)  # your real fetch

# Now use get_customer anywhere you'd use the raw accessor —
# Anthropic / OpenAI / Bedrock payloads, LangChain / LlamaIndex / CrewAI tools.
TypeScript / Nodesame contract
import { shield } from "aegis-trust";

const getCustomer = shield({
  purpose: "customer_support",
  scope: ["name", "issue"],
})(db.fetch);

// getCustomer has the same signature as db.fetch.
// Hand it to your framework's tool registry.

These are the generic wrapper, not framework adapters. They work today, but you wire them into your framework yourself. Runnable example files in the package cover MCP, LangChain.js, and CrewAI (Node).

Status & honest limitations

This is an Alpha preview. We list what does not work here so you do not have to discover it from the code.

  • Not GA, no SLA, not production-ready. Stability level is preview; the public API may change between rc tags. Production use is at your own risk.
  • Streaming responses are not preserved. shield() buffers the full return value before filtering. SSE / chunked / generator responses from streaming LLM APIs are not supported yet.
  • No first-party framework adapters. Anthropic, OpenAI, Vercel AI SDK, Mastra, LlamaIndex, Bedrock and AutoGen are compatible-by-pattern via the generic wrapper — not dedicated, integrated modules.
  • Local audit logs are append-only, not tamper-evident. In LITE mode (the public preview) the SDK writes a plain append-only local record (SQLite for Python, JSONL for Node). Tamper-evidence is a property of the aegis-core gateway in FULL mode — a private-pilot path, not part of this preview — not of these local files. See LITE / FULL modes.
  • No compliance certification. No SOC 2 / ISO 27001 / PCI-DSS / HIPAA attestation exists for the preview. The SDK is a data-minimization tool by design, but ships with no DPA and no DSR tooling — your own DPIA still applies.

If any of the above is a blocker, wait for v1.0 GA rather than adopting the preview.

Install it and strip a field.

60-second quickstart Talk to us