The trust layer for autonomous AI

Infrastructure for
autonomous AI agents.

Aegize is the runtime layer between autonomous AI agents and the tools they use — providing identity, policy, permissions, approvals, audit logging, observability, and runtime governance for every AI action.

View on GitHub Documentation

Runtime

Every action passes through Aegize before it runs.

Identity, policy, permissions, approval, execution, audit — in order, on every call. Allowed actions proceed. High-impact actions wait for a human. Denied actions never execute. All of it is recorded.

web_search→allowed
send_email→approval required
execute_shell→denied

agent ▸ web_search()evaluating

allowedapprovaldenied

See it run

The same policy, in your terminal.

One agent makes three tool calls. Aegize allows the search, holds the email for approval, blocks the shell command — and writes an audit record for every attempt.

Aegize terminal demo: an agent makes three tool calls — web search allowed, email approval required, shell command denied — each governed and audited.

Sandbox

Try the runtime.

Choose an action and watch it pass through Aegize before it reaches a tool.

This is a local simulation. No real commands, emails, payments, or API calls are executed.

AI Agent

research_bot

An autonomous agent is requesting permission to use a tool.

Runtime

Identity
Policy
Permissions
Approval
Execution
Audit

Choose a tool to begin.

Tools

Audit logappend-only

No actions yet — choose a tool to record an entry.

Open the full playground →

Why

AI agents are evolving from conversations to actions.

Modern agents no longer just answer questions. They take actions in the systems you run:

execute code
call APIs
modify databases
access files
send email

As they become increasingly capable, organizations need a runtime layer they can trust — one that decides what every agent is allowed to do, and keeps a record of it.

Capabilities

One runtime, the full governance surface.

Identity

A durable, attributable identity for every agent — owner, environment, and metadata.

Policy Engine

Declarative YAML policy, versioned in source control and enforced deterministically on every call.

Permissions

Scope each agent to the exact tools and operations it is allowed to use. Default deny.

Approval Workflows

Route high-impact actions to a human for review before they execute.

Audit Logging

An append-only record of every attempt and outcome — allowed, denied, gated, or failed.

Observability

See what agents attempt, in real time, across every environment you operate.

Developer-first

Govern any tool in three lines.

Wrap a function with a decorator. Aegize attaches identity, evaluates policy, gates for approval, and records the result — before your code runs.

tools.py

from aegize import guarded_tool

@guarded_tool(
    tool_name="email",
    operation="send",
    risk_level="high",
)
def send_email(...):
    ...

Architecture

A single layer, between frameworks and tools.

AI frameworks send tool calls into Aegize. Only allowed actions reach the tools they use — every AI action passes through Aegize first.

How Aegize fits into an AI agent stack: AI frameworks send tool calls into the Aegize runtime (identity, policy engine, permissions, approval workflows, audit logging, observability); only allowed actions reach tools. Every AI action passes through Aegize before reaching the outside world.

Open source

Built in the open, for developers.

Aegize is open source and MIT licensed. Read the code, run it locally, and shape where the runtime goes next.

View on GitHub

Infrastructure for autonomous AI agents.