Most platforms add guardrails after the fact. Aegis builds them into the architecture: every agent is born inside an authority envelope it cannot widen, every action is checked against the org chart, and every decision leaves a verifiable trail. Autonomy and control stop being a trade-off.
Aegis separates the enterprise into two planes. People live on the trust plane, where they set intent and grant authority. Agents act on the execution plane, where they carry out governed work. The human is always on the loop — observing, steering, intervening — never trapped in it for every keystroke.
Where humans define the operating envelope: who may do what, how much they may spend, what they may see, and when. Authority is granted here and flows down the chart. Decisions that need a person stay with a person.
Where function-focused agents carry out the actual work, each mirroring a role and acting strictly inside the authority that role allows. Everything they do is observable on the trust plane in real time.
Every role defines an operating envelope for the roles beneath it across five dimensions. A task may tighten that envelope further but can never loosen it. What an agent may actually do is the intersection of every envelope from the top of the chart down to the task in hand — the tightest limit always wins.
Effective envelope = the intersection
Fails closed. If any envelope in the chain is missing or undefined, the action is denied — governance is never assumed.
Binary gates force a false choice: block everything for review, or wave it all through. Aegis grades each action into one of four zones, so routine work flows and only genuinely consequential decisions reach a human.
Inside every limit. The agent proceeds on its own; humans can review it afterwards.
Proceeds, but a human is notified and can step in if something looks off.
Pauses for a specific, bounded human approval before going any further.
Outside the envelope. The action is denied automatically — no human action needed.
An agent's authority isn't an assumption — it's a documented lineage of five elements, backed by instant cascade revocation. Together they answer, for any action at any moment: who granted this, how far does it reach, and can it be proven after the fact?
The root of authority — where this chain of trust began and who established it.
The hand-offs of authority down the chart — each one signed, each one traceable to its source.
The exact limits in force for this agent — the five dimensions, intersected to the tightest bound.
Proof of what this agent is actually permitted and able to do — verified, not claimed.
The append-only landing point for every action, so the whole chain can be replayed and reviewed later.
The five elements above make authority auditable. Cascade revocation is what makes it enforceable: pull authority at any point in the chain and everything downstream loses it instantly — no orphaned permissions, no lingering access.
Every agent runs at one of five trust postures. The posture caps both what the agent may do and how sensitive the data it may reach. Upgrades require demonstrated performance and a human gate; downgrades happen automatically and instantly the moment conditions change.
Autonomy is only safe if you can take it away faster than it can be misused. Aegis's controls are structural and automatic — they don't depend on someone watching a dashboard at the right moment.
Pull authority from any role and, in the same operation, every agent below it on the chart loses that authority too. There's no window where a revoked branch keeps acting.
Cross a boundary or change the conditions and the agent's posture tightens by itself — instantly, with no human in the loop. The system is the gate for taking trust away.
When an incident needs more room, authority can be widened — but only with a hard expiry (4 hours by default, 72 at most), escalated to the reporting superior, and never beyond that superior's own limits.
Every governed action lands on a complete, append-only audit trail — what was attempted, which envelope applied, which zone it fell into, and how it resolved. Compliance stops being a quarterly scramble and becomes a continuous, queryable fact.
See an agent get blocked, flagged, and held in real time — and watch the audit trail capture every decision as it happens.