AEGISdocs

Changelog

All notable changes to the AEGIS Governance SDK are documented here.

All notable changes to the AEGIS Governance SDK are documented here.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.1.0] - 2026-02-24

Added

  • REST API with API key authentication — customers can now call AEGIS via REST without AWS credentials
  • Usage plans and rate limiting — per-customer throttling (dev: 50 req/s, prod: 500 req/s)
  • Tenant context — every API response includes _tenant_id, _request_id, and X-AEGIS-Tenant header
  • OpenAPI 3.1 specification — full API schema at docs/api/openapi.yaml
  • Documentation site — hosted at GitHub Pages with quickstarts, API reference, and guides
  • PyPI trusted publishingpip install aegis-governance with OIDC-based releases
  • Customer provisioning scriptscripts/provision-customer.py for API key management
  • GitHub Action — reusable aegis-gate composite action for PR governance
  • SECURITY.md — vulnerability disclosure policy
  • AEGIS Advisor v2 — domain-aware form wizard with 6 domains, factual rubric, real API calls
  • Scoring guide MCP toolaegis_get_scoring_guide with 5-domain derivation guidance

Changed

  • API Gateway authentication switched from IAM (SigV4) to API key + usage plans
  • CORS widened to * (API key is now the access control mechanism)
  • /health endpoint is now fully public (no authentication required)
  • Documentation site URL migrated to aegis.undercurrentholdings.com (custom domain with HTTPS)

Fixed

  • Advisor Evaluate button — renamed evaluate() to runEvaluation() to avoid collision with the built-in document.evaluate() DOM XPath method
  • Lambda CORS headers — POST/GET responses now include Access-Control-Allow-Origin: * (previously only the OPTIONS preflight returned CORS headers, causing browser fetch failures)
  • Advisor utility gate — Lambda now auto-computes UtilityResult from risk/profit/complexity via PERT estimates when not explicitly provided (utility gate was always N/A for advisor proposals)
  • Advisor novelty gate — reframed Step 7 from "How new is this?" to "How well-documented is this type of change?" with inverted value mapping so well-documented precedent passes the gate

[1.0.0] - 2026-02-20

Added

  • Core governance engine — six quantitative gates (risk, profit, novelty, complexity, quality, utility)
  • Bayesian confidence gates — posterior probability P(delta >= 2 | data) with configurable thresholds
  • Python SDKfrom aegis_governance import pcw_decide with typed dataclasses
  • CLIaegis evaluate, aegis validate-config, aegis version
  • MCP server — stdio and HTTP transports for AI agent integration
  • Shadow mode — evaluate without affecting production decisions
  • Drift monitoring — KL-divergence detection for parameter drift
  • Post-quantum cryptography — Ed25519 + ML-DSA-44 hybrid signatures, ML-KEM-768 key encapsulation
  • RBAC — role-based access control with fail-closed enforcement
  • Telemetry pipeline — Prometheus exporter, HTTP event sinks, alerting
  • AWS deployment — Lambda + ECS Fargate via CDK (4 stacks)
  • Workflow engine — proposal, consensus, and override workflows with persistence
  • 2998 tests, ~94.8% coverage across Python 3.9-3.12

Contributors: For the detailed internal development changelog (per-session versions), see docs/claude/changelog.md.

AEGIS Roadmap

Single source of truth for AEGIS future work including active PRs, open issues, and release milestones.

On this page

[1.1.0] - 2026-02-24AddedChangedFixed[1.0.0] - 2026-02-20Added