aegis-mcp-server

MCP enforcement layer for the Aegis agent governance specification.

Policy at the root. Enforcement at runtime. Accountability on every action.

What It Does

aegis-mcp-server is an MCP server that validates every agent action against your .agentpolicy/ files before it happens. Path permissions, content scanning, role boundaries, quality gates — all enforced at runtime with zero token overhead to the agent.

The agent never loads your governance files. The MCP server reads them into its own process memory and validates silently. The agent calls governed tools and gets back either a success or a blocked response with the specific reason.

Quick Start

# Install globally
npm install -g aegis-mcp-server

If you generated your policy with aegis-cli, the .mcp.json connection config is already in your project root. Just install the MCP and open your agent — it connects automatically.

First Prompt

When starting a new agent session in a governed project, use this as your first prompt:

Call aegis_policy_summary now. This is your governance contract — it defines your
role, your boundaries, and which tools to use. Do not take any action until you have
called this tool and received confirmation from the user to proceed.

For initial builds, the Aegis CLI generates a custom handoff prompt tailored to your project — use that instead.

How It Works

Universal Mode (Default)

The MCP starts without a pre-assigned role. When the agent calls aegis_policy_summary, it receives the list of available roles — including the built-in construction role and all specialist roles from .agentpolicy/roles/. The agent presents them to the user, the user picks, and the agent calls aegis_select_role to lock in. All enforcement uses the selected role for the rest of the session.

This is the default behavior — no configuration needed beyond the .mcp.json that aegis init creates automatically.

Construction Mode

The construction role is always available for initial builds and major restructuring. When selected:

• The agent has full repository access (all paths writable and readable)
• The .agentpolicy/ files serve as the blueprint — the agent reads constitution, governance, and role files to understand the project's architecture, conventions, and quality standards
• File operations run through native tools rather than governed tools, for speed
• The MCP logs the construction session start to state/overrides.jsonl with a timestamp and human_confirmed: true
• When the build is complete, the agent calls aegis_complete_task to run quality gates and close construction mode — the closing timestamp is logged alongside the opening entry
• All future sessions after construction should select a specialist role for governed operations

Construction mode is not a bypass — the agent still follows the governance files as its blueprint. It's a speed optimization for greenfield builds where enforcing write restrictions on every file would be counterproductive.

Fixed Mode

If you know which role to assign at startup:

{
  "mcpServers": {
    "aegis": {
      "command": "aegis-mcp",
      "args": ["--project", ".", "--role", "backend"]
    }
  }
}

The MCP locks to that role immediately. aegis_policy_summary returns the role's boundaries directly, skipping role selection.

Tools

... View full README on GitHub