Open preview · MIT licensed

aegis-trust One decorator. Purpose + scope at the data boundary.

Install

Published on PyPI and npm. The packages are public; the SDK runs in LITE mode with no account, no gateway, and no token.

Python

pip install aegis-trust

Resolves to the current stable release (0.9.3). The pre-release line stays available — pin explicitly with pip install 'aegis-trust==0.9.0rc8'. View on PyPI →

TypeScript / Node

npm install aegis-trust

Resolves to 0.9.3 (current on the latest dist-tag). The release-candidate line stays available via npm install aegis-trust@rc (0.9.0-rc8). View on npm →

Source code: github.com/Incierge3789/aegis-trust →

Wrap your data accessor

Wrap the function that fetches data — not the LLM client. The wrapped function keeps the same signature, so you can hand it to any agent framework, tool registry, or message-building step you already use.

Pythonruns as written · LITE mode
from aegis_trust import shield

@shield(purpose="customer_support", scope=["name", "issue"])
def get_customer(id):
    return db.fetch(id)  # your real fetch

# Now use get_customer anywhere you'd use the raw accessor —
# Anthropic / OpenAI / Bedrock payloads, LangChain / LlamaIndex / CrewAI tools.
TypeScript / Nodesame contract
import { shield } from "aegis-trust";

const getCustomer = shield({
  purpose: "customer_support",
  scope: ["name", "issue"],
})(db.fetch);

// getCustomer has the same signature as db.fetch.
// Hand it to your framework's tool registry.

These are the generic wrapper, not framework adapters. They work today, but you wire them into your framework yourself. Runnable example files in the package cover MCP, LangChain.js, and CrewAI (Node).

Status & honest limitations

This is an Alpha preview. We list what does not work here so you do not have to discover it from the code.

  • Not GA, no SLA, not production-ready. Stability level is preview; the public API may change between rc tags. Production use is at your own risk.
  • Streaming responses are not preserved. shield() buffers the full return value before filtering. SSE / chunked / generator responses from streaming LLM APIs are not supported yet.
  • No first-party framework adapters. Anthropic, OpenAI, Vercel AI SDK, Mastra, LlamaIndex, Bedrock and AutoGen are compatible-by-pattern via the generic wrapper — not dedicated, integrated modules.
  • Local audit logs are append-only, not tamper-evident. In LITE mode (the public preview) the SDK writes a plain append-only local record (SQLite for Python, JSONL for Node). Tamper-evidence is a property of the aegis-core gateway in FULL mode — a private-pilot path, not part of this preview — not of these local files. See LITE / FULL modes.
  • No compliance certification. No SOC 2 / ISO 27001 / PCI-DSS / HIPAA attestation exists for the preview. The SDK is a data-minimization tool by design, but ships with no DPA and no DSR tooling — your own DPIA still applies.

If any of the above is a blocker, wait for v1.0 GA rather than adopting the preview.

Install it and strip a field.