In Aegis, governance is the shape of the system — not a bolt-on setting you remember to switch on. Every agent acts inside an operating envelope or it does not act, every governed action is written to an append-only audit trail, and on any trust or authorization error the system denies rather than falling open. Security questionnaires get answered by design, not by promise.
Aegis separates the trust plane — which governs what agents may do — from the execution plane, where agents do the actual work. Nothing on the execution plane runs outside the authority granted on the trust plane. The two are connected by governance that is enforced on every action, not sampled after the fact.
People grant authority here: who may act, how much they may spend, what classification of data they may touch, and for how long. Authority is defined once, flows down the org chart, and can only narrow.
Function-focused agents carry out governed work strictly inside their envelope. Every step is checked against the trust plane in real time and recorded — observable, interruptible, and provable after the fact.
governance state machines drive every lifecycle transition.
distinct governed actions, each written to the audit trail.
dimensions bound every agent's operating envelope.
test functions guard governed behavior continuously.
Aegis integrates with the identity provider you already run via standards-based single sign-on — SAML and OIDC — so people sign in with the accounts and policies you control. Access inside Aegis is then governed by role-based access control with classification-based clearance and strict per-tenant isolation enforced at every lookup.
Classification-based clearance
Clearance is independent of authority. A senior role does not automatically see sensitive data, and a junior role can hold high clearance. Access requires the right clearance and the right containment — both checks must pass.
Deploy Aegis in your own environment — self-hosted or inside your own cloud VPC — so data never has to leave the perimeter you already control. On top of that, strict multi-tenant isolation keeps every organization's records separated and verified on every access.
Run Aegis self-hosted or in your own cloud VPC. Data stays within your network boundary, under your existing controls — you decide where it lives and who can reach it.
Every record carries the organization that owns it. Data belonging to one tenant is never visible to another — isolation is a property of the schema, not an afterthought in a query.
The tenant boundary is checked on every lookup-by-id — including cached reads — so that, by design, a request cannot resolve to another organization's data, even on a guessed identifier.
Data is protected with encryption in transit (TLS) and at rest. Secrets — encryption keys, signing keys, database credentials — are supplied to the deployment through your environment or a key-management service, never written into source. And mandatory crypto keys fail the deployment closed: if a required key is unset, the system refuses to start rather than running silently insecure.
A required key is unset at deploy time
Boots anyway with an empty key — data is left effectively unprotected. Aegis does not do this.
Deployment refuses to start and names the missing key. The operator fixes it before anything runs.
Secure-by-default. The system cannot reach a running state with an empty crypto key — the safest outcome is the default outcome.
Aegis is built to provide the controls compliance frameworks commonly require — audit logging, access control, data minimization, encryption and tenant isolation — and to run inside your own certified environment. The architecture maps to these frameworks; certification is something your deployment and audit program achieve.
Aegis implements the controls; certification is achieved by your deployment within your environment and audit program. We name SOC 2, ISO 27001 and GDPR as frameworks the architecture is designed to support — Aegis does not hold these certifications on your behalf, and you should treat any vendor that claims otherwise with caution.
Aegis deploys inside your trust boundary — it isn't a black box you ship your organization's structure to. Pick the model your security program already approves; the governance is identical in all three.
Run the full platform on infrastructure you own. Your org chart, your agents and your audit lineage never leave hardware you control.
Deploy into your own cloud account and region, behind your network controls and identity provider. Aegis operates inside the perimeter you already run.
Prefer us to operate it? We run it in the region you choose, with data residency and tenant isolation set out in writing — not assumed.
We would rather your reviewers verify the architecture than trust a claim. The materials below are available to your security and compliance team on request, under NDA — so your own people can judge the design before any rollout, not after.
These are documents to review and a system to test — not certifications we hold on your behalf. What your deployment certifies is yours to certify; what we provide is the architecture and the access to make that review fast and honest.
Aegis is a commercial implementation of four open standards published by the Terrene Foundation under CC BY 4.0 — it implements them, it does not own them. The governance you can audit is grounded in specifications anyone can read.
The governance philosophy — humans and agents on two planes, people on the loop.
PhilosophyThe org model — departments, roles, addresses, clearance and operating envelopes.
ArchitectureThe trust protocol — lineage, attestation, delegation and cascade revocation.
ProtocolThe methodology — how autonomous systems plan, execute and improve over time.
MethodologyCARE, PACT, EATP and CO are standards of the Terrene Foundation (CC BY 4.0). Aegis implements them — it does not own them. Learn more →
Aegis models your organization on top of the systems you already operate — it doesn't ask you to replace them. It speaks the open protocols of the agent ecosystem and connects outward through standard integration points, so a governed agentic layer sits alongside your existing tools rather than in front of them.
Layered on top of your systems
Additive, not invasive. Aegis governs how agents act across your stack; your systems of record stay where they are.
We'll walk your security and compliance reviewers through the architecture — dual-plane governance, fail-closed design, tenancy and encryption — and map it against the controls your program requires.