mitkox

mitkox / aegis

Public

Aegis- a local zero-trust AI gate for OS and Apps packages

18
2
100% credibility
Found May 15, 2026 at 18 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

Aegis is a security tool that intercepts package manager operations to add planning, local AI risk review, policy enforcement, signing, and audited execution for safer software installations.

How It Works

1
🔍 Discover Aegis

You hear about Aegis, a helpful guard that makes installing and updating software much safer by checking everything first.

2
🛠️ Set it up

You easily add Aegis to your computer so it can watch over your software changes.

3
📋 Preview a change

You tell Aegis what software you want to add or update, and it shows you exactly what would happen.

4
🤖 AI safety check

A smart local helper reviews the plan for risks and suggests if it's safe or needs extra care.

5
Approve the plan

You look at the review, make sure it's good, and give your personal okay to proceed securely.

🛡️ Safe update done

Your software installs safely, with a full record of what happened so you always know it's protected.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 18 to 18 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is aegis?

Aegis is a Rust-built local zero-trust broker that intercepts package ops like `aegis apt upgrade --plan` or `aegis npm install lodash --plan`, generating deterministic plans with metadata previews, feeding them to a local LLM for risk review, enforcing policy rules, and allowing only signed execution via `aegisctl apply`. It covers APT, npm, pip, Docker/Podman pulls, NuGet, VS Code extensions, Go modules, and Cargo crates, with tamper-evident audit logs and a hardened daemon executor. Distinct from Aegis Authenticator (that aegis android github OTP app), this aegis shield github guards OS/app installs against supply chain surprises.

Why is it gaining traction?

It mandates a plan-review-policy-sign-apply flow that blocks mutable tags, unsigned images, and risky scripts upfront, using local models like deepseek-v4-flash over OpenAI-compatible endpoints—no cloud leaks. Users get isolated installs (e.g., npm to /var/lib/aegis/npm-global) and verifiable logs via `aegisctl audit-verify`, catching what direct `sudo apt` misses. The deterministic Rust core ensures AI only flags risks, never executes.

Who should use this?

DevOps engineers securing Ubuntu servers from rogue apt upgrades, or backend devs auditing Cargo/Go installs before prod deploys. Frontend teams pulling VS Code extensions or npm deps without lifecycle script surprises. Local lab ops wanting aegis local legend status on desktops, but skip if no hardware for vLLM serving.

Verdict

Early (18 stars, v0.2.7) with 1.0% credibility score, but strong README, tests, and conservative APT focus make it viable for testing. Adopt for high-stakes local package gates; prod non-APT needs more evidence pins.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.