POLICY CONTROL PLANE

LLMs suggest.
The Kernel decides.
Aegis enforces the boundary.

AegisAI — Policy Control Plane for AI Systems

Deterministic policy control before any tool call, state change, or external action.

→Deterministic adjudication before action

→Evidence-grade decision traces

→Designed to support regulated deployments

See Evidence Read Architecture Try the demo — adapter mode exercises real Kernel

WHY AEGISAI EXISTS

LLMs are probabilistic

They cannot be audited. Same input may yield different behavior in different contexts.

Prompts are not policies

Text instructions are suggestions, not enforceable controls. Policies are.

Governance requires evidence

Regulators and operators need determinism — and a verifiable artifact trail.

"In ancient Greece, Aegis meant an impenetrable shield — a symbol of enforced protection, not passive trust."

The name reflects the architecture: AI systems are not trusted by default. They are contained, governed, and constrained by a deterministic kernel.

AEGISAI EXECUTION BOUNDARY

LLM ROLE

Proposal generation only — unprivileged

KERNEL ROLE

Adjudication, policy, decision

GOVERNANCE

Panic mode & Break-Glass (signed)

VIOLATIONS

Hard-blocked by design, never soft-degraded

LLMs never execute actions.
All actions dispatched exclusively through Kernel adjudication.

DECISION FLOW

Upstream model / LLM

stochastic — same input may produce different output

↓ proposes raw text output

LLM Adapter

normalization → typed ProposalSpec (schema-validated)

↓ typed ProposalSpec

AegisAI Kernel / PolicyEngine

deterministic · auditable · traceable

↓ decision outcome

ALLOWWARNREQUIRE_CONFIRMBLOCK

↓ always — regardless of outcome

DecisionTrace

session_id · custody_hash (SHA-256) · audit_log

↓ if AEGIS_SIGNING_KEY configured

DecisionTraceAttestation

Class A · Ed25519 signed · externally verifiable

EVIDENCE-GRADE DECISIONING

Every adjudication. Verifiable.

No decisions happen off the record.

SHA-256

Custody hash

Every DecisionTrace

Ed25519

Attestation

Class A — externally verifiable

Chain

Tamper-evident

Integrity by design

CLI

Reproducible

Deterministic + CLI verification

"Logs can be deleted. Evidence cannot."

WHAT AEGISAI PROVIDES

Kernel Sovereignty

Deterministic control loop. LLM output normalized before reaching the kernel. The kernel adjudicates; the model does not.

Policy Engine

DSL-governed rules: ALLOW, WARN, REQUIRE_CONFIRM, BLOCK. No eval(). Conditions validated at load time.

Cryptographic Records

SHA-256 custody hash on every trace. Ed25519-signed attestation for Class A governance artifacts when configured.

Benchmark Evidence

7 canonical governance scenarios. Reproducible artifact. CI gate: exits 1 on any security failure.

WHERE AEGISAI FITS

AegisAIthis

Policy control plane

Adjudicates whether an action is admissible before dispatch.

KiLu↗

Execution authorization

Issues external execution authority and cryptographic receipts.

StasysOS↗

Bounded runtime

The execution environment where admitted actions occur.

Designed to support record-keeping, human oversight, and auditability in regulated AI deployments.

See Evidence Request a Pilot

LLMs suggest.The Kernel decides.Aegis enforces the boundary.