Agents execute code.
We execute oversight.
Real-time threat detection for AI coding agents. Local. Open-source. Zero cloud.
568 tests · 107 agents · 70 rules
Most developers don't realize the risk.
Every time you run an AI coding agent, it inherits your user permissions. It can read your files, execute binaries, and make network requests -- all while you watch it write code. The attack surface is enormous, and until now, there was no way to monitor it.
Code Execution
Agents run arbitrary shell commands without explicit consent.
File Access
Your entire filesystem is readable -- keys, cookies, secrets.
Network Calls
Outbound requests can exfiltrate data to unknown endpoints.
Credential Theft
API keys and tokens are one command away from leaking.
These aren't hypothetical attacks. Prompt injection, supply-chain poisoning, and data exfiltration via coding agents have been demonstrated in the wild.
Each module operates independently and can be enabled or disabled per agent. Together they form a comprehensive monitoring system that covers every vector an AI agent might exploit.
Process Scanner
Tracks every subprocess your agent spawns -- PIDs, arguments, parent-child trees, and execution timelines in real time.
Aegis hooks into the process tree via syscall interception and ptrace. It monitors /proc/fs for new process creation events, captures full command-line arguments, maps parent-child relationships, and builds execution timelines. If an agent runs rm -rf or curl to an unknown host, you know immediately.
File Watcher
Monitors all file I/O and flags access to sensitive paths. Configurable allowlists define what agents can touch.
Uses inotify watchers for continuous monitoring of file reads, writes, creates, and deletes. Aegis flags access to sensitive paths -- SSH keys, .env files, browser credential stores, cloud configuration directories. Path pattern matching and ACL checks enforce configurable allowlists per agent.
Network Monitor
Captures every outbound connection, DNS query, and HTTP request. Flags anomalous traffic against known-bad databases.
Every outbound TCP connection, DNS query, and HTTP request is captured via netfilter hooks and analyzed. Aegis compares destinations against known-bad endpoint databases and flags anomalous traffic patterns. Optional TLS interception gives you full payload visibility when needed.
Risk Scoring Engine
Composite threat score per session using 70+ MITRE ATT&CK rules and lightweight ML anomaly detection.
A composite threat score for each agent session, computed from behavioral signals across all monitoring layers. The scoring engine runs 70+ detection rules mapped to the MITRE ATT&CK framework, and uses lightweight ML models to detect anomalous sequences in process, file, and network activity.
Policy Engine
Granular per-agent or global policies for file access, network endpoints, and process types. Auto-blocks on violation.
Define granular security policies per agent, per project, or globally via YAML configuration. Specify which files an agent can access, which network endpoints are allowed, and what process types are permitted. Violations trigger alerts or automatic blocks depending on configurable severity thresholds.
Audit Log
Structured, queryable event log. Filter by agent, severity, or time range. Export to JSON or pipe to your SIEM.
Every event Aegis captures is written to a structured, queryable audit log. Filter by agent, time range, severity, or event type. Export to JSON, pipe into your existing SIEM, or review locally. Full forensics capability without sending a single byte to the cloud.
Aegis is designed to be non-intrusive. It runs as a background daemon, consumes minimal resources, and never modifies your agents or their output.
Install & configure
Clone the repo, run npm install, and edit the YAML config to define which agents you want to monitor. Aegis auto-detects Claude Code, GitHub Copilot, Cursor, and Aider out of the box. Custom agent definitions take one line.
Aegis hooks into the kernel
On startup Aegis registers syscall hooks for process creation, file I/O, and network sockets. It builds a live process tree of every agent on your machine and begins capturing events at the kernel level -- zero userspace overhead.
Real-time analysis
Events flow through the policy engine and risk scoring pipeline in under 5ms. Each event is checked against 70+ detection rules, behavioral baselines, and your custom allowlists. High-severity events trigger immediate alerts.
Alert, block, or log
Depending on your policy configuration, Aegis can passively log events for later review, send real-time alerts to your terminal or webhook, or actively block dangerous operations before they complete. You decide the response level.
Most AI security tools are cloud-hosted, closed-source, and charge per seat. Aegis is the only open-source, local-first EDR for AI agents.
Open Source
Runs Locally
Free Forever
Process Monitoring
File Watcher
Network Intercept
Risk Scoring
Policy Engine
Audit Logging
No Cloud Required
// BATTLE-TESTED
GitHub Stars
Forks
Tests Passing
Agents Monitored
GitHub Stars
Forks
Tests Passing
Agents Monitored
Aegis installs in under 30 seconds. No configuration files to write, no accounts to create, no cloud services to provision. Just clone, install, and start.
$ git clone https://github.com/antropos17/Aegis.git && cd Aegis$ npm install$ npm startMIT License · No account required · No cloud dependency
A live web demo of the Aegis Electron UI. No install required.
Opens in new tab · No account needed