{"id":49888896,"url":"https://github.com/arpitcoder/aegrail-engine","last_synced_at":"2026-05-15T20:01:25.608Z","repository":{"id":357772739,"uuid":"1238485369","full_name":"arpitcoder/aegrail-engine","owner":"arpitcoder","description":"The aegrail enforcement engine. Go sidecar + Helm chart for Kubernetes — HTTP forward proxy with per-agent allowlist, tamper-evident audit chain, and OWASP ASI02/ASI03 control mappings. Pairs with the aegrail Python library.","archived":false,"fork":false,"pushed_at":"2026-05-14T06:59:32.000Z","size":15,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-14T08:39:15.038Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arpitcoder.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-14T06:54:39.000Z","updated_at":"2026-05-14T07:16:22.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/arpitcoder/aegrail-engine","commit_stats":null,"previous_names":["arpitcoder/aegrail-engine"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/arpitcoder/aegrail-engine","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arpitcoder%2Faegrail-engine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arpitcoder%2Faegrail-engine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arpitcoder%2Faegrail-engine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arpitcoder%2Faegrail-engine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arpitcoder","download_url":"https://codeload.github.com/arpitcoder/aegrail-engine/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arpitcoder%2Faegrail-engine/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33077916,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-15T11:35:32.926Z","status":"ssl_error","status_checked_at":"2026-05-15T11:35:31.362Z","response_time":103,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-15T20:00:52.386Z","updated_at":"2026-05-15T20:01:25.588Z","avatar_url":"https://github.com/arpitcoder.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aegrail-engine\n\n[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)\n\n**The Kubernetes-deployable enforcement engine for `aegrail`.**\n\nA Go sidecar that enforces aegrail's runtime contract for AI agents at\nthe network egress boundary — outside the agent process, in any\nlanguage. Pairs with the [`aegrail`](https://github.com/arpitcoder/aegrail)\nPython library to provide defense-in-depth: the library enforces tool\nACLs in-process; the engine enforces egress + audit at the pod level.\n\n---\n\n## Why this exists\n\nThe `aegrail` Python library is application-level: it works for\nPython agents that route their tool calls through `session.call_tool(...)`.\nThat covers the L7 capability boundary inside a Python process.\n\nIt does **not** cover:\n\n- Agents written in other languages (TypeScript, Go, Rust, JVM)\n- A Python developer who calls `requests.post(...)` directly,\n  bypassing the library\n- Anything that ends up at a TCP socket regardless of what library\n  opened it\n\n`aegrail-engine` closes that gap by being a **separate process** that\nsits between the agent's container and the outside world. It enforces\negress policy at the network boundary, where it doesn't matter what\nlanguage the agent is written in or what library it used.\n\nThis is the same pattern Envoy uses for service-mesh policy and\n[oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) uses for\nHTTP auth — push the policy boundary out of the application, into a\nsidecar where it's enforced once and language-agnostic.\n\n---\n\n## Status\n\n**Pre-release. v0.1.0 is the first milestone (egress proxy MVP).**\n\nThis repo was created on 2026-05-14. Engineering is sequenced after\n`aegrail` v0.2.4 ships its in-Python interceptors. See\n[ARCHITECTURE.md](ARCHITECTURE.md) in the [`aegrail`](https://github.com/arpitcoder/aegrail/blob/main/ARCHITECTURE.md)\nrepo for how the engine fits into the broader project.\n\nTrack the v0.1.0 milestone for what's planned and current progress.\n\n---\n\n## Architecture\n\n```\n┌──────────────────────────────────────────────────────────────────┐\n│ Pod                                                              │\n│                                                                  │\n│   ┌────────────────────┐    HTTP_PROXY    ┌───────────────────┐  │\n│   │ Agent container    │ ────────────────▶│ aegrail-engine    │  │\n│   │  - Python / Node / │   to localhost   │ sidecar           │  │\n│   │    Go / etc.       │       :8080      │  - Go binary      │  │\n│   │  - any aegrail SDK │                  │  - allowlist      │  │\n│   │    or none         │                  │  - audit chain    │  │\n│   └────────────────────┘                  │  - JSONL log      │  │\n│             ▲                             └───────────────────┘  │\n│             │                                       │            │\n│             │                                       ▼            │\n│             │      ┌──────────────────────────────────────────┐  │\n│             │      │  Network egress (allowed hosts only)     │  │\n│             │      └──────────────────────────────────────────┘  │\n└──────────────────────────────────────────────────────────────────┘\n```\n\n**What it enforces** that the Python library can't:\n\n- All outbound HTTP from the agent container, regardless of language\n  or library\n- Allowlist policy applied at request time\n- Audit chain (SHA-256, same format as the Python library's audit log)\n- Denials recorded as `egress_denied` events with the requested\n  destination\n\n**What it does NOT do:**\n\n- Non-HTTP traffic (use NetworkPolicy / Cilium for L3/L4)\n- In-process enforcement (use the `aegrail` Python library for that)\n- Process / syscall isolation (use containers, gVisor, Firecracker)\n\nSee [ARCHITECTURE.md](https://github.com/arpitcoder/aegrail/blob/main/ARCHITECTURE.md)\nin the aegrail repo for the layered defense-in-depth model.\n\n---\n\n## Quickstart (when v0.1.0 ships)\n\n```bash\n# Add the Helm repository\nhelm repo add aegrail https://arpitcoder.github.io/aegrail-engine\nhelm repo update\n\n# Install with default allowlist (deny-by-default)\nhelm install aegrail-engine aegrail/aegrail-engine \\\n  --set policy.allowlist[0]=api.openai.com \\\n  --set policy.allowlist[1]=api.anthropic.com\n```\n\nOr for sidecar injection in an existing agent pod:\n\n```yaml\napiVersion: v1\nkind: Pod\nmetadata:\n  name: my-agent\n  annotations:\n    aegrail.io/inject: \"true\"\nspec:\n  containers:\n    - name: agent\n      image: my-agent:latest\n      env:\n        - name: HTTP_PROXY\n          value: \"http://localhost:8080\"\n        - name: HTTPS_PROXY\n          value: \"http://localhost:8080\"\n```\n\n---\n\n## Roadmap\n\n- **v0.1.0** — HTTP forward proxy, allowlist policy from ConfigMap,\n  audit chain JSONL, Helm chart, single-pod sidecar deployment\n- **v0.2.0** — gRPC policy sync from the agent's `Tool` registry\n  (no ConfigMap duplication)\n- **v0.3.0** — mutating admission webhook for automatic sidecar\n  injection across the cluster\n- **v0.4.0** — approval gates: irreversible actions pause on the\n  sidecar and require human confirmation before the request is\n  forwarded\n- **v1.0** — hosted control plane integration; multi-tenant policy\n  management\n\nThe roadmap-discipline rules in\n[`CLAUDE.md`](https://github.com/arpitcoder/aegrail/blob/main/CLAUDE.md)\nof the aegrail repo govern when structural and feature work proceeds.\n\n---\n\n## Contributing\n\nContributions welcome via PR. See [CONTRIBUTING.md](CONTRIBUTING.md)\nfor the workflow. The contribution model mirrors the aegrail Python\nrepo: small reviewable PRs against `main`, tests required, Apache\n2.0 license.\n\nSecurity issues: please report privately per [SECURITY.md](SECURITY.md).\nDo not open public issues for vulnerabilities.\n\n---\n\n## License\n\nApache License 2.0. See [LICENSE](LICENSE) for full terms.\n\nCopyright © 2026 [Arpit Nigam](https://github.com/arpitcoder).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farpitcoder%2Faegrail-engine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farpitcoder%2Faegrail-engine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farpitcoder%2Faegrail-engine/lists"}