Pramiti Docs

Aegis Overview

Deterministic action validation control plane — the write plane

Aegis is the write plane of the Pramiti platform. It validates every proposed agent action against business rules before execution, returning a deterministic verdict with a cryptographically signed attestation record. Aegis operates on the assumption that the LLM will be compromised — enforcement is external, deterministic, and at the action layer.

Architecture

Aegis consists of these components:

  • Policy Decision Point — The core evaluation pipeline producing ALLOW/DENY/REWRITE/ESCALATE verdicts
  • Constraint Engine — JSON predicates (auto-tier) and SHACL shapes (formal-tier) for business rules
  • Target Model — Semantic classification of tools and blast radius computation
  • Attestation Store — Immutable, Ed25519-signed decision records
  • SIEM Integration — OCSF mapping and delivery to Splunk, Sentinel, and other SIEMs
  • Connection Manager — Downstream MCP server lifecycle and schema merging
  • Reasoning Engine — Pluggable evaluator registry and safe rewrite engine
  • Intake — Action surface adapters for MCP, OpenAPI, and FHIR SMART

How It Works

When an agent proposes an action:

  1. The MCP Gate intercepts the tool call and resolves agent identity
  2. The Tool Classifier determines if this is a read (pass-through) or write (evaluate) action
  3. The Policy Engine evaluates workspace-scoped constraints against the action payload
  4. The Impact Engine computes blast radius (what downstream systems are affected)
  5. The Attestation Store records the decision with an Ed25519 signature
  6. The SIEM Enqueue writes delivery rows for each active SIEM destination
  7. The verdict is returned: ALLOW (execute), DENY (block), REWRITE (modify and execute), or ESCALATE (human review)

Dependencies

DependencyRequiredPurpose
PostgreSQLYesConstraints, attestations, connections, policies
OxigraphNoNot required for Aegis
LLMNoNot required for Aegis

Aegis is deliberately PostgreSQL-only to keep the security-critical path simple and auditable.

Verdicts

VerdictActionWhen
ALLOWExecute the actionAll constraints pass
DENYBlock the actionOne or more constraints fail
REWRITEModify payload, then executeConstraints define safe transformations (cap values, mask fields)
ESCALATEQueue for human reviewConstraints flag the action as requiring human approval

On this page