Governance infrastructure for autonomous AI agents
Aegis sits between an agent's reasoning and its execution. We control what it can do before it acts, verify the action against its stated purpose, and produce a record you can show anyone. Operators get accountability without writing it themselves.
The problem with shipping agents to production
Agents need authority to act on your behalf. But raw authority — your wallet, your private key — is binary: total trust or no trust. There is no middle, no boundary, no record. That works for a demo. It does not work for a production deployment, and it definitely does not work for compliance.
No real boundary
Giving an agent your private key gives it access to everything you own. There's no spending cap, no allowed-action list, no kill switch.
No purpose check
An agent can drift from its stated purpose with no system catching the drift. Nothing verifies that what it's about to do matches what it's supposed to be doing.
No defensible record
When something goes wrong, you need to show what happened, what authority the agent had, and why each action was permitted. Most stacks can't produce that record.
The three jobs Aegis does
An agent is safe to deploy when you can answer all three questions: what is it allowed to do, did it stay on purpose, and what actually happened.
Control
The agent can't do anything you didn't authorize.
- • Spend, frequency, and asset rules — enforced before each action lands
- • x402 / EIP-3009 payments enforced and counted against the same limits
- • Time-bounded authority you can revoke at any time
- • Approved actions, tokens, protocols, and chains — nothing outside the list
Judgment
The agent's actions match its stated purpose.
- • Each action ties to a declared purpose checked against the transaction
- • Pass/fail decisions on submitted work before any funds move
- • A compromised agent still can't exceed policy — the contract is the final word
Visibility
You know what happened and can prove it.
- • Every authorization, action, and outcome captured in one record
- • Behavioral signals surfaced as the agent runs, not after the fact
- • Compliance-ready exports for the questions that come later
Your agent never touches your personal wallet
Each agent gets its own dedicated keypair, generated in your browser at creation time. The agent operates from its own account — funded with only what it needs and bounded by the policy you set. You control the boundary, the agent operates inside it.
- One-click keypair generation in the browser
- Private key shown once, never stored on any server
- Download a .env file with everything the bot needs
- A compromised agent still can't exceed its policy
- Fund only what the agent needs — your main wallet stays untouched
How agent setup works
Register the agent
Give it a name and choose a signer type
Generate a keypair
A fresh signer is created in your browser
Deploy the agent's account
The agent gets its own on-chain account, bound to that signer
Save and configure the bot
Download the .env file and give it to your agent code
Write the policy
Spending limits and rules — enforced on-chain from the first transaction
No off-chain override
Every agent runs through a policy-gated account. Enforcement is always on, always on-chain. There is no advisory mode, no exception path, no override.
What gets enforced
A disallowed action does not execute. The transaction reverts on-chain before any funds move, the violation is recorded in your audit log, and your operator dashboard sees it within seconds.
- Per-transaction value limits
- Daily volume caps
- Transaction count limits
- Time-bounded permissions
- Action allowlists
- Token and protocol allowlists
- Chain restrictions
- Time-of-day windows
For the under-the-hood version — contract addresses, the request-flow diagram, and how enforcement runs inside the validation path — see the docs.
Where Aegis fits
Any agent that moves value on-chain benefits from explicit authorization and an audit trail.
DeFi trading agents
Limit trades to approved pairs and protocols. Cap position size, cap daily volume.
Treasury and portfolio
Allow rebalancing within bounds. Restrict to approved venues, set maximum allocation per asset.
Orchestration and ops
Coordinate borrow, swap, and stake flows — without ability to deviate from approved sequences.