npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

aegis-mcp-server

v0.1.17

Published

MCP enforcement layer for the Aegis agent governance specification

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cleburncleburn

Keywords

mcpai-governanceagent-governanceaegismodel-context-protocol

Readme

aegis-mcp-server

MCP enforcement layer for the Aegis agent governance specification.

The spec writes the law. The CLI generates the law. This enforces the law.

What It Does

aegis-mcp-server is an MCP server that validates every agent action against your .agentpolicy/ files before it happens. Path permissions, content scanning, role boundaries, quality gates — all enforced at runtime with zero token overhead to the agent.

The agent never loads your governance files. The MCP server reads them into its own process memory and validates silently. The agent calls governed tools and gets back either a success or a blocked response with the specific reason.

Quick Start

# Install globally
npm install -g aegis-mcp-server

If you generated your policy with aegis-cli, the .mcp.json connection config is already in your project root. Just install the MCP and open your agent — it connects automatically.

First Prompt

When starting a new agent session in a governed project, use this as your first prompt:

Call aegis_policy_summary now. This is your governance contract — it defines your
role, your boundaries, and which tools to use. Do not take any action until you have
called this tool and received confirmation from the user to proceed.

For initial builds, the Aegis CLI generates a custom handoff prompt tailored to your project — use that instead.

How It Works

Universal Mode (Default)

The MCP starts without a pre-assigned role. When the agent calls aegis_policy_summary, it receives the list of available roles — including the built-in construction role and all specialist roles from .agentpolicy/roles/. The agent presents them to the user, the user picks, and the agent calls aegis_select_role to lock in. All enforcement uses the selected role for the rest of the session.

This is the default behavior — no configuration needed beyond the .mcp.json that aegis init creates automatically.

Construction Mode

The construction role is always available for initial builds and major restructuring. When selected:

  • The agent has full repository access (all paths writable and readable)
  • The .agentpolicy/ files serve as the blueprint — the agent reads constitution, governance, and role files to understand the project's architecture, conventions, and quality standards
  • File operations run through native tools rather than governed tools, for speed
  • The MCP logs the construction session start to state/overrides.jsonl with a timestamp and human_confirmed: true
  • When the build is complete, the agent calls aegis_complete_task to run quality gates and close construction mode — the closing timestamp is logged alongside the opening entry
  • All future sessions after construction should select a specialist role for governed operations

Construction mode is not a bypass — the agent still follows the governance files as its blueprint. It's a speed optimization for greenfield builds where enforcing write restrictions on every file would be counterproductive.

Fixed Mode

If you know which role to assign at startup:

{
  "mcpServers": {
    "aegis": {
      "command": "aegis-mcp",
      "args": ["--project", ".", "--role", "backend"]
    }
  }
}

The MCP locks to that role immediately. aegis_policy_summary returns the role's boundaries directly, skipping role selection.

Tools

| Tool | What it does | Token cost | |------|-------------|------------| | aegis_policy_summary | Role boundaries and governance summary (or available roles in universal mode) | ~200 tokens | | aegis_select_role | Select a role (including construction) in universal mode | Tiny | | aegis_check_permissions | Pre-check if an operation is allowed | Tiny | | aegis_write_file | Governed write with path + content validation | Same as a normal write | | aegis_read_file | Governed read with path validation | Same as a normal read | | aegis_delete_file | Governed delete with path validation | Tiny | | aegis_execute | Governed command execution | Command output only | | aegis_complete_task | Run quality gates and close construction mode if active | Gate results only | | aegis_request_override | Execute a blocked action after human confirmation | Tiny |

Zero Token Overhead

Traditional approach: load governance files into the agent's context window. Token cost scales with policy complexity.

Aegis MCP approach: the server loads policy into its own process memory. The agent calls tools and gets structured results. A project with 200 lines of governance has the same token cost as one with 20 lines. The complexity is absorbed by the server, not the agent.

Enforcement

  • Governance boundarieswritable, read_only, forbidden path lists
  • Role scoping — agents confined to their role's writable and readable paths
  • Sensitive pattern detection — content scanned against governance-defined regex patterns (content only, not path-based)
  • Cross-domain boundaries — imports validated against shared interface rules
  • Quality gate validationpre_commit flags mapped to build_commands and executed
  • Override logging — every blocked action logged to append-only overrides.jsonl
  • Immutable policies — designated rules that cannot be overridden, ever
  • Construction session logging — start and end timestamps for initial builds

Override Protocol

When an action is blocked and the governance override behavior is warn_confirm_and_log:

  1. The blocked response includes an override_token and the specific policy violated
  2. The agent presents the violation to the user
  3. If the user confirms, the agent calls aegis_request_override with the token and the user's rationale
  4. The action proceeds — the override is logged with human_confirmed: true
  5. Normal governance resumes immediately — the override is a one-time exception

Immutable policies (e.g., HIPAA compliance, ITAR data sovereignty, audit completeness) return override_available: false and cannot be overridden. The user must modify the governance through aegis init.

Consent-Based Governance

The Aegis MCP does not override the agent's native directives. It introduces itself through tool descriptions, explains why governance is active, and asks the agent to seek user permission to route write operations through Aegis tools. The user's authority is the enforcement mechanism.

Native tools for reading, searching, and exploring the codebase work fine without governance gating. Only write, delete, and execute operations benefit from routing through Aegis.

Architecture

Agent ──→ aegis-mcp-server ──→ File System
              │
              ├── Loads .agentpolicy/ into process memory (once)
              ├── Watches for policy changes (auto-reload)
              ├── Validates every tool call against policy
              ├── Returns success or blocked with override option
              └── Logs all enforcement decisions to overrides.jsonl

Three artifacts, one governance framework:

  • aegis-spec — The governance standard
  • aegis-cli — Generates the governance
  • aegis-mcp-server — Enforces the governance

License

MIT