AEGIS Documentation

Overview

AEGIS is a production-hardened AI agent platform for teams that need strong automation without giving up control. The product ships with 100+ integrated tools, per-conversation Autonomy Modes (Chat, Safe, Standard, Full), multi-agent orchestration and delegation, and security patterns aligned with regulated environments. The supported customer offering today is managed cloud SaaS at aegisaiagent.com.

What is new and expanded

• Richer tool surface — Document conversion, scrape-to-export pipelines, spreadsheet formulas and charts, fillable PDFs and signing, archive extraction, QR generation, watermark tools, avatar-style video helpers, browser sessions (navigate, act, research), and an in-app camera capture request flow for vision-assisted tasks.
• Delegation and sub-agents — Create and manage child agents, delegate work, list and clear task queues, and run parallel agent workstreams from a single conversation.
• Uploaded asset workflows — Plan and execute multi-step workflows over files the user provides (orchestrated planning plus execution tools).
• Capability reference — Built-in tooling so the agent can summarize what it is allowed to do in the current mode and profile.
• Scheduler depth — Create and manage scheduled jobs, detect conflicts, and cancel or update runs.
• Stricter SaaS policy — On shared cloud deployments, high-risk capabilities (shell, arbitrary code, unrestricted HTTP, local Playwright drivers) are disabled by default; Firecrawl cloud browser (Standard/Full) is available with a Firecrawl key.
• Browser trust reference — See docs/BROWSER_TRUST_MODEL.md in the repository for operator allowlists and audit logging on hosted deployments.

Key capabilities

• Large integrated toolbox — Communication, calendars, files, media generation, web research, data work, automation triggers, and administration — exposed consistently to the agent.
• Autonomous agents — Multi-step tool loops with parallel sub-agent execution where appropriate.
• Multiple model backends — Swap providers and models from Settings or natural language. Bring your own keys from the in-app API Keys and credentials panels.
• Privacy-oriented operation — Cloud traffic is encrypted in transit; conversations are not used to train foundation models.
• Where to run — Managed cloud SaaS in your browser.
• Autonomy modes — Chat (schedules + search), Safe (curated tools, no live browser), Standard (Safe + Firecrawl live browser), Full (widest capability where policy allows), enforced server-side.
• Fast onboarding — Short wizard for default model, tone, and optional channels.
• Enterprise-style controls — Audit-friendly event logging, idle session limits, strong password hashing, persistent JWT signing material, and default-deny access rules.
• Cloud subscriptions — Usage-based SaaS plans with clear limits and upgrade paths.
• Automation webhooks — Fire outbound webhooks from chat so you can chain AEGIS into broader automation stacks.

Getting Started

Start with AEGIS Cloud:

Cloud SaaS (aegisaiagent.com)

1. Sign up at /setup
2. Complete the administrator setup wizard and add your first model API key
3. On first login, follow the in-app onboarding wizard to pick defaults, personality, and optional email and messaging connectors
4. Start using AEGIS immediately — no installation required

AEGIS ADA — autonomous dev agent (separate product)

We are building AEGIS ADA (Autonomous Dev Agent) as a focused developer-agent experience. It is not bundled with AEGIS Cloud subscriptions. Follow announcements and early access at aegiside.com.

Hosted deployment configuration

On managed hosts, everything is driven by environment variables. The table below lists the highest-signal entries; your full template is in backend/.env.example.

Variable	Required	Description
AEGIS_SECRET_KEY	Yes (production)	Long random secret for signing session tokens. Example: python -c "import secrets; print(secrets.token_urlsafe(64))"
AEGIS_FRONTEND_URL / AEGIS_APP_URL	Yes	Public URLs the browser uses to reach the UI and API
Model gateway keys	Recommended	One or more entries from the template so chat can reach your chosen models
Billing integration	If you charge	Secret key and webhook signing secret — exact names are in the environment template
Outbound mail	If you send mail	API or SMTP settings from the template for welcome, reset, and billing messages
Single sign-on	Optional	OAuth client credentials when you enable social login (field names in the template)

Exact variable names and optional alternates are listed in the shipped environment templates and internal runbooks. Store secrets in your host’s secret manager, not in source control.

Integrated tools

The agent runtime registers 100+ tools at startup — bundled with the product, no separate plugin store. Availability depends on autonomy mode, tool profile, and your host’s safety policy (high-risk tools stay off by default on shared cloud).

Communication and collaboration

• Email — Send, receive, search, and thread mail over standard mail protocols
• SMS and voice — Outbound messaging and calls when telephony credentials are configured
• Meetings — Schedule and manage conferencing when a calendar integration is linked
• Team chat connectors — Wire popular chat apps through the integrations panel so the agent can post and respond

Development, automation, and the web

• Shell — Not available on the shared public cloud; reserved for dedicated/self-hosted deployments where operators explicitly enable it.
• Code execution — Run supported languages in a controlled executor where enabled
• Advanced code assistance — Lint, format, diff, and refactor project files
• HTTP client — Call REST endpoints when egress is permitted for your deployment
• Automation webhooks — POST to signed URLs to hand off work to external automation flows
• Browser sessions — Create sessions, navigate, perform actions, run structured research, and tear down cleanly
• Legacy browser helpers — Older navigate/scrape/login flows remain available on trusted runtimes

Documents, files, and data

• Office documents — Create and edit word-processing and presentation files
• Spreadsheets — Read and write workbooks, including formulas, charts, and pivots
• PDFs — Generate fillable forms, convert, and apply signatures
• Conversion — Convert between common document and image formats
• Archives — Extract packaged assets safely inside the workspace sandbox
• Data analysis — Inspect CSV, JSON, Excel, and similar structured sources
• Scrape and export — Pull structured data from the web and save to spreadsheet or document outputs

Media generation and vision

• Images — Generate and transform images, including background removal and watermark handling when configured
• Audio — Speech synthesis, music and SFX stubs, transcription, and stem-style isolation helpers
• Video — Generate clips, stitch timelines, trim, subtitle burn-in, and related post-processing
• Camera capture — Request a one-time webcam frame from the user for visual reasoning tasks
• QR and lightweight assets — Generate QR codes and similar outputs for campaigns or ops

Calendar, tasks, and time

• Calendar — Create and query events when a calendar connector is present
• Scheduling — Cron-style jobs plus list/update/cancel flows and conflict checks

Orchestration and governance

• Sub-agents — Spawn parallel child agents with capped concurrency
• Delegation toolkit — Delegate work, track child tasks, and clean up queues
• Capability introspection — Summarize enabled tools and integration health from inside the chat
• Uploaded assets — Plan and execute multi-step workflows on user-supplied files
• Autonomy controls — Chat, Safe, and Full profiles with server-side enforcement

Workspace and settings

• Filesystem — Read, write, and enumerate files inside per-user workspace boundaries
• Model and key management — Switch models, store credentials, and validate connectivity
• Personality and memory — Tune tone and persist user-specific facts with forget controls
• Integration setup helpers — Guided configuration for mail, telephony, chat, and media credentials

Cloud SaaS

Today’s customer-facing product is managed cloud SaaS in the browser. Subscriptions, trials, upgrades, and support workflows all run through the hosted app.

What you get

• Instant setup in minutes
• Automatic updates and patches
• High-availability architecture with a 99.9% uptime target
• Global CDN for fast access
• Integrated subscription and usage management

AEGIS ADA

For the separate autonomous developer agent we are building, see AEGIS ADA (Autonomous Dev Agent) and aegiside.com.

Security and compliance

AEGIS is built to enterprise security standards from the ground up:

Authentication and identity

• JWT authentication — Stable signing material persisted in the database; avoids surprise session invalidation on restart
• Argon2id password hashing — Memory-hard password storage
• Brute-force protection — Repeated failures trigger temporary lockouts
• Rate limiting — Per-IP limits on authentication and recovery endpoints
• Optional SSO — Social login when OAuth credentials are configured

Regulatory-style controls

• Audit trails — Logins, logouts, password resets, and security events record severity, user, source address, and time
• Idle session timeout — Automatic logout after inactivity (tunable)
• Default-deny access — Non-admin users start without privileges; grants are explicit
• Least privilege — Permission resolution prefers exact scopes before wildcards or inherited roles
• Encrypted integration storage — Connector secrets are encrypted at rest

Transport and headers

• HSTS — Strict-Transport-Security enforced on all responses
• CSP — Content-Security-Policy prevents XSS and injection attacks
• X-Frame-Options: DENY — Blocks clickjacking
• X-Content-Type-Options: nosniff — Prevents MIME-type sniffing

API Documentation

AEGIS is primarily used through the web application, but it also exposes a focused HTTP and WebSocket API for advanced integrations.

Authentication

All API requests to your deployment require a valid user JWT. Include it in the Authorization header:

Authorization: Bearer YOUR_JWT

Base URL

• Cloud SaaS: https://app.aegisaiagent.com/api (your deployment’s public API base may differ)

Chat Endpoints

The same chat engine that powers the UI is available programmatically.

Send a Chat Message (HTTP)

POST /chat/send
Content-Type: application/json

{
  "message": "Summarize my last 5 unread emails.",
  "conversation_id": null,
  "tools_enabled": true,
  "tool_profile": "safe",  // "chat" | "safe" | "full"
  "timezone": "America/Chicago",
  "current_datetime": "Tuesday, March 3, 2026, 10:15:00 AM CST"
}

The response includes the assistant message content and the conversation_id to reuse on the next call.

Streaming Chat (WebSocket)

GET /chat/ws?token=YOUR_JWT

// Send over the WebSocket:
{
  "message": "Write a summary of my week based on email.",
  "conversation_id": null,
  "tools_enabled": true,
  "tool_profile": "full"
}

Messages stream back as JSON chunks including partial content, final content, tool calls, and artifacts so you can build your own custom UI.

Frequently Asked Questions

What AI models does AEGIS support?

You can connect multiple commercial model backends. Defaults are tuned for strong general quality on the hosted service, and you can change provider or model from Settings or by asking the agent.

Can I use my own API keys?

Yes. Add your provider keys in API Keys / credentials settings so usage and spend stay inside the accounts you control.

Is my data secure?

AEGIS follows a privacy-first design. Data is encrypted in transit and protected with the controls described in this document, including strong password hashing and persistent signing keys for sessions.

Can I cancel my subscription anytime?

Yes, you can cancel your subscription at any time. For Cloud SaaS, you'll retain access until the end of your billing period. See our Refund Policy for details.

Do you offer custom integrations?

Yes! Business and Enterprise plans include custom integrations. Contact our sales team to discuss your specific needs.

What kind of support do you provide?

• Starter: Email support (24-48 hour response)
• Pro: Priority email support (12-24 hour response)
• Business: Phone and email support (4-8 hour response)
• Enterprise: Dedicated support team (custom SLAs available in enterprise contracts)

Can I upgrade or downgrade my plan?

Yes, you can change your plan at any time. Upgrades take effect immediately, while downgrades take effect at the start of your next billing cycle.

Do you offer educational or non-profit programs?

Yes. Contact info@eactivenet.com with proof of status for educational institutions and registered non-profit organizations.