Aegis 0.1.3

Aegis 0.1.3

A precision release. Scanning a Grafana checkout under
~/Documents/Coding/maxlabs-terminal/maxsignal_v2 produced 71 obfuscation
findings on minified Monaco editor bundles and 2 critical secrets findings
on HTML/TSX templates that contained the literal -----BEGIN ... PRIVATE KEY----- label without any actual PEM body. Both were false positives.
This release fixes them and adds regression tests so they cannot resurface.

Fixed

• secrets/private_key_block now requires a real PEM body — at least
  100 base64 characters between matching BEGIN and END markers. Label-only
  content (placeholders, docs, configuration UI strings) no longer
  triggers the rule.
• obfuscation/obfuscated_loader skips minified vendor bundles. Files
  whose name contains .min. or ends in .bundle.js, or whose path
  components include min, vendor, monaco, or monaco-editor, are no
  longer scanned. Minified Monaco JS is build output, not a packer.

Tests

• tests/test_v013_fp_regressions.py (4 tests):
  • Label-only PEM no longer fires.
  • Real PEM body still fires (positive case).
  • Minified bundles are skipped.
  • Real packer-style JS is still detected.

Verified

• 36 passed + 1 skipped (the arctryx loader fixture is environment-bound).
• PyPI: https://pypi.org/project/aegis-sec/0.1.3/
• GitHub Release: https://github.com/verrysimatupang99/aegis/releases/tag/v0.1.3
• Sigstore-signed via PyPI trusted publishing.

Install

Same one-liner. No client config changes:

{
  "mcpServers": {
    "aegis": {
      "command": "uvx",
      "args": ["--from", "aegis-sec", "aegis-mcp"]
    }
  }
}

Aegis 0.1.2

Aegis 0.1.2

A practicality release. While dogfooding Aegis on ~/Documents/Coding
(50 GB across 16 projects), the scan took minutes because Rust/Tauri
target/, Python venv/, ML model weights, and upload directories were
not skipped. This release fixes that.

Added

• --exclude flag on aegis scan, repeatable. Skips directory names
  by basename match against any path component, on top of the defaults.
• Default excluded directories now also cover:
  target, .next, .nuxt, .turbo, .parcel-cache, vendor,
  coverage, .cache, .gradle, .idea, .pytest_cache, .mypy_cache,
  .ruff_cache, site-packages, gen, artifacts, models.

Whole-workspace scans skip GB-scale build trees by default. Project-specific
folders (uploads, monitoring, etc.) can be passed explicitly:

aegis scan ~/Documents/Coding \
  --exclude uploads \
  --exclude monitoring \
  --max-bytes 2097152

Tests

• tests/test_exclude_flag.py (2 tests) pins the broadened defaults and
  verifies --exclude actually skips matching path components.

Verified

• 32 passed + 1 skipped (the arctryx loader fixture is environment-bound).
• PyPI: https://pypi.org/project/aegis-sec/0.1.2/
• MCP Registry: republished as io.github.verrysimatupang99/aegis@0.1.2
• Sigstore-signed via PyPI trusted publishing.

Install

Same one-liner. Existing client configs need no changes:

{
  "mcpServers": {
    "aegis": {
      "command": "uvx",
      "args": ["--from", "aegis-sec", "aegis-mcp"]
    }
  }
}

Aegis 0.1.1

Aegis 0.1.1

A dogfood release. Aegis was scanned by Aegis, and four findings turned up.
All four were false positives in the scanner heuristics; this release fixes
them and adds regression tests so they cannot resurface.

Fixes

• Dockerfile scanner — _looks_like_dockerfile no longer matches
  dockerfile.py, dockerfile.md, dockerfile.json, or other code/doc
  files. Only true Dockerfile-family names match: Dockerfile,
  Dockerfile.<short-alpha-variant>, and *.dockerfile.
• Obfuscation scanner — scope tightened to JS-family suffixes only
  (.js, .mjs, .cjs, .ts). Python and shell scripts can legitimately
  reference tokens like eval( or gunzipSync as data; the scanner used to
  treat them as packers.
• Obfuscation scanner — parenthesised the self_extract heuristic so
  the precedence between or and and is unambiguous.

Reliability

• Runner — isolates scanner exceptions. One crashing scanner no longer
  aborts the whole run; errors land in the Glasswing journal as
  scan.scanner_error.
• Index — enables WAL mode and synchronous=NORMAL on SQLite open so
  the MCP server and the CLI can read the same index concurrently without
  hitting database-locked errors.

Tests

• New tests/test_dogfood_regression.py pins the dockerfile heuristic,
  asserts that Aegis self-scanning yields zero findings, and verifies that
  one misbehaving scanner cannot take the others down.
• Suite size: 31 tests (was 28). All pass on py3.11 and py3.12.

Verified

• aegis scan src against this repository: 0 findings on 37 files.
• PyPI: https://pypi.org/project/aegis-sec/0.1.1/
• MCP Registry: io.github.verrysimatupang99/aegis@0.1.1
• Sigstore-signed via PyPI trusted publishing.

Install

No change in the install path. Same one-liner works:

{
  "mcpServers": {
    "aegis": {
      "command": "uvx",
      "args": ["--from", "aegis-sec", "aegis-mcp"]
    }
  }
}

Aegis 0.1.0

Aegis 0.1.0

First public release. Aegis is a transparent, constitution-bound defensive
security copilot. Ships a CLI, an MCP server, optional Claude/Ollama LLM
advisors, HTML reports, and an evaluation harness.

Install (any MCP client)

{
  "mcpServers": {
    "aegis": {
      "command": "uvx",
      "args": ["--from", "aegis-sec", "aegis-mcp"]
    }
  }
}

Codex uses servers instead of mcpServers. See client guide.

What's included

• Mythos charter: 6 hard rules + 3 soft rules, hashed in memory, immutable at runtime.
• Glasswing journal: append-only JSONL audit trail. Every decision recorded.
• Shared SQLite index (JetBrains-style): copy data/index.sqlite to share an audit baseline.
• 7 scanners: secrets, obfuscation, dependencies, filesystem, dockerfile, IaC, optional YARA.
• MCP server: 5 tools (scan_path, report_findings, explain_finding, show_charter, tail_journal) + 2 resources.
• LLM adapters: Anthropic API, local Ollama, deterministic mock for CI.
• Differential gate: aegis-diff baseline.sqlite current.sqlite --fail-on critical,high.
• Evaluation harness: deterministic precision/recall fixtures + LLM-advise rubric scorer + LLM-as-judge phase 2.

Inspirations

• Project Glasswing (Anthropic) — defensive collaboration; shareable security artifacts.
• Claude Mythos — constitution-as-character; refuse to act outside the charter.
• JetBrains Shared Indexes — heavy analysis built once, distributed.

Verified

• 28/28 tests pass (pytest, py3.11 + py3.12).
• Eval harness: P=R=F1=1.0 on bundled fixtures.
• Detection of the original abuse-loader smoke test: critical with 6 signals.
• Published to PyPI under aegis-sec via PyPI trusted publishing + sigstore.
• Listed in the official MCP Registry as io.github.verrysimatupang99/aegis.

Links

• PyPI: https://pypi.org/project/aegis-sec/0.1.0/
• MCP Registry: https://registry.modelcontextprotocol.io/v0/servers?search=io.github.verrysimatupang99/aegis
• Architecture: docs/architecture.md
• Client setup: docs/clients/README.md
• Marketplace + benchmarks: docs/marketplace.md

Roadmap

See README. Highlights: more scanners (browser ext manifests, mobile permissions),
HTML diff exporter, sigstore-attested baselines.