Aegis MCP Server

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.
1

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal
npm install -g aegis-mcp-server
2

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal
claude mcp add aegis-mcp -- node "<FULL_PATH_TO_AEGIS_MCP>/dist/index.js"

Replace <FULL_PATH_TO_AEGIS_MCP>/dist/index.js with the actual folder you prepared in step 1.

README.md

MCP enforcement layer for the Aegis agent governance specification.

aegis-mcp-server

MCP enforcement layer for the Aegis agent governance specification.

The spec writes the law. The CLI generates the law. This enforces the law.

What It Does

aegis-mcp-server is an MCP server that validates every agent action against your .agentpolicy/ files before it happens. Path permissions, content scanning, role boundaries, quality gates — all enforced at runtime with zero token overhead to the agent.

The agent never loads your governance files. The MCP server reads them into its own process memory and validates silently. The agent calls governed tools and gets back either a success or a blocked response with the specific reason.

Quick Start

# Install globally
npm install -g aegis-mcp-server

If you generated your policy with aegis-cli, the .mcp.json connection config is already in your project root. Just install the MCP and open your agent — it connects automatically.

First Prompt

When starting a new agent session in a governed project, use this as your first prompt:

Call aegis_policy_summary now. This is your governance contract — it defines your
role, your boundaries, and which tools to use. Do not read files, do not take any
action, and do not assume your role until you have called this tool.

How It Works

Universal Mode (Default)

The MCP starts without a pre-assigned role. When the agent calls aegis_policy_summary, it receives the list of available roles from .agentpolicy/roles/. The agent presents them to the user, the user picks, and the agent calls aegis_select_role to lock in. All enforcement uses the selected role for the rest of the session.

This is the default behavior — no configuration needed beyond the .mcp.json that aegis init creates automatically.

Fixed Mode

If you know which role to assign at startup:

{
  "mcpServers": {
    "aegis": {
      "command": "aegis-mcp",
      "args": ["--project", ".", "--role", "backend"]
    }
  }
}

The MCP locks to that role immediately. aegis_policy_summary returns the role's boundaries directly, skipping role selection.

Tools

Tool What it does Token cost
aegis_policy_summary Role boundaries and governance summary (or available roles in universal mode) ~200 tokens
aegis_select_role Select a role in universal mode Tiny
aegis_check_permissions Pre-check if an operation is allowed Tiny
aegis_write_file Governed write with path + content validation Same as a normal write
aegis_read_file Governed read with path validation Same as a normal read
aegis_delete_file Governed delete with path validation Tiny
aegis_execute Governed command execution Command output only
aegis_complete_task Run quality gates before marking done Gate results only
aegis_request_override Execute a blocked action after human confirmation Tiny

Zero Token Overhead

Traditional approach: load governance files into the agent's context window. Token cost scales with policy complexity.

Aegis MCP approach: the server loads policy into its own process memory. The agent calls tools and gets structured results. A project with 200 lines of governance has the same token cost as one with 20 lines. The complexity is absorbed by the server, not the agent.

Enforcement

  • Governance boundarieswritable, read_only, forbidden path lists
  • Role scoping — agents confined to their role's writable and readable paths
  • Sensitive pattern detection — content scanned against governance-defined patterns
  • Cross-domain boundaries — imports validated against shared interface rules
  • Quality gate validationpre_commit flags mapped to build_commands and executed
  • Override logging — every blocked action logged to append-only overrides.jsonl
  • Immutable policies — designated rules that cannot be overridden, ever

Override Protocol

When an action is blocked and the governance override behavior is warn_confirm_and_log:

  1. The blocked response includes an override_token and the specific policy violated
  2. The agent presents the violation to the user
  3. If the user confirms, the agent calls aegis_request_override with the token and the user's rationale
  4. The action proceeds — the override is logged with human_confirmed: true
  5. Normal governance resumes immediately — the override is a one-time exception

Immutable policies (e.g., HIPAA compliance, audit completeness) return override_available: false and cannot be overridden. The user must modify the governance through aegis init.

Consent-Based Governance

The Aegis MCP does not override the agent's native directives. It introduces itself through tool descriptions, explains why governance is active, and asks the agent to seek u

Tools (9)

aegis_policy_summaryProvides role boundaries and governance summary or available roles in universal mode.
aegis_select_roleSelects a role in universal mode.
aegis_check_permissionsPre-checks if an operation is allowed.
aegis_write_filePerforms a governed write with path and content validation.
aegis_read_filePerforms a governed read with path validation.
aegis_delete_filePerforms a governed delete with path validation.
aegis_executePerforms governed command execution.
aegis_complete_taskRuns quality gates before marking a task as done.
aegis_request_overrideExecutes a blocked action after human confirmation.

Configuration

claude_desktop_config.json
{"mcpServers": {"aegis": {"command": "aegis-mcp", "args": ["--project", ".", "--role", "backend"]}}}

Try it

Call aegis_policy_summary now to understand my role and boundaries.
Can you check if I have permission to write to the /config directory using aegis_check_permissions?
Please use aegis_read_file to read the project README safely.
I need to execute a build command; please use aegis_execute to run it under governance.

Frequently Asked Questions

What are the key features of Aegis MCP Server?

Runtime validation of agent actions against governance policies. Zero token overhead by processing policies in server memory. Role-based access control for file operations and commands. Sensitive pattern detection and content scanning. Quality gate validation for task completion.

What can I use Aegis MCP Server for?

Enforcing strict file system boundaries for AI agents in sensitive projects. Implementing HIPAA or audit compliance by preventing unauthorized file access. Managing role-based access for agents working on multi-domain codebases. Ensuring quality gates are passed before an agent marks a task as complete.

How do I install Aegis MCP Server?

Install Aegis MCP Server by running: npm install -g aegis-mcp-server

What MCP clients work with Aegis MCP Server?

Aegis MCP Server works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Aegis MCP Server docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all ai-tools servers →

Related MCP Servers

Skill Seekers
The data layer for AI systems.
ai-tools11.1K stars
Context Mode
The other half of the context problem.
ai-tools5.6K stars
Semiotic
A React data visualization library designed for AI-assisted development.
ai-tools2.6K stars
RocketRide
Self-hosted, open-source AI pipeline platform for MCP tools
ai-tools1.6K stars
Context+
Semantic Intelligence for Large-Scale Engineering.
ai-tools1.5K stars
ShipSwift
AI-native SwiftUI component library — production-ready code for LLMs
ai-tools1.3K stars