AEGIS Dogfooding Guide

How AEGIS governance is wired into Undercurrent engineering workflows.

Status: Phase 2 (Shadow Mode) active on aegis-governance CI. Phase 3 (undercurrent-core) ready for activation. Phase 4 (Enforcement) pending calibration data.

Architecture Overview

AEGIS has 6 integration channels. Dogfooding uses three of them:

Channel	Where	Mode	Status
MCP Server	Claude Code (all repos)	Interactive	Active
Python SDK	aegis-governance CI	Shadow	Active
REST API	undercurrent-core CI	Shadow	Ready

Developer writes code
        |
        v
Claude Code session (MCP tools available)
        |
        |-- /aegis-evaluate (slash command, interactive)
        |
        v
Push to branch -> Open PR
        |
        v
CI Pipeline runs quality gates (lint, type, security, test)
        |
        v
AEGIS Shadow Evaluation (after CI success)
        |
        |-- Classifies change type (docs/config/deps/code/infra)
        |-- Derives AEGIS parameters from diff stats
        |-- Calls pcw_decide() in shadow mode
        |-- Writes decision to GitHub Actions step summary
        |
        v
PR Summary: "AEGIS Shadow Evaluation: PROCEED (confidence: 0.95)"

For AI Agents (Claude Code, Codex)

MCP Tools Available

When working in any Undercurrent repo, you have 7 AEGIS MCP tools:

Tool	When to Use
`aegis_check_thresholds`	Understand gate configuration before evaluating
`aegis_get_scoring_guide`	Get domain-specific parameter derivation formulas
`aegis_evaluate_proposal`	Full 6-gate evaluation of a proposal
`aegis_quick_risk_check`	Simple risk threshold check for low-stakes actions
`aegis_crypto_status`	Check cryptographic provider availability
`aegis_list_decisions`	List recent governance decisions for the current customer
`aegis_get_decision`	Get a specific governance decision by ID

Recommended Flow

Call aegis_get_scoring_guide(domain="cicd") to understand parameter derivation
Analyze the changes (files, modules, change type)
Derive parameters using the CI/CD domain mapping (see below)
Call aegis_evaluate_proposal with shadow_mode=true
Report the per-gate breakdown to the user

Parameter Derivation (CI/CD Domain)

Parameter	How to Derive	Notes
`risk_baseline`	0.02	Stable repo with high test coverage
`risk_proposed`	`0.02 + (files_changed * 0.002)`	Cap at 0.5
`profit_baseline`	0.98	Current test pass rate
`profit_proposed`	0.98	Assume no regression
`novelty_score`	By change type (see table)	Gate passes at >= 0.74
`complexity_score`	`max(0.5, 1.0 - (files * modules / 100))`	HIGHER = SIMPLER
`quality_score`	0.85	CI gates pass as prerequisite
`estimated_impact`	By file count	low/medium/high/critical

Novelty by change type:

Change Type	Files Matching	Novelty Score
docs	`.md`, `.txt`, `docs/`	Skip (no evaluation)
config	`.json`, `.yaml`, `*.toml`	0.3
deps	`requirements.txt`, `lock`	0.5
code	`src/`, `.py`, `.ts`	0.85
infra	`infra/`, `.github/workflows/`, `Dockerfile`	0.95

Estimated impact by file count:

Files Changed	Impact
< 5	low
5-14	medium
15-29	high
30+	critical

Key Gotchas for Agents

complexity_score is inverted: HIGHER means SIMPLER. A complex 50-file refactor gets ~0.5 (barely passing the floor)
novelty gate passes for HIGH novelty: G(0.85) = 0.82 >= 0.6. Routine changes (low novelty) fail this gate by design
Utility requires synthesis: The SDK path needs explicit utility synthesis (the MCP server does this automatically). The shadow script handles this
Shadow mode always exits 0: Never blocks the pipeline. The decision is advisory only
The /aegis-evaluate slash command does all the derivation work for you

For Humans

What You'll See on PRs

After all CI gates pass, the AEGIS Shadow Evaluation job runs and adds a summary to the GitHub Actions page:

### AEGIS Shadow Evaluation

Decision: PROCEED (confidence: 0.95)
Change type: code | Files: 8

| Gate       | Result | Value  | Threshold | Message              |
|------------|--------|--------|-----------|----------------------|
| risk       | PASS   | 1.6    | 2.0       | P(delta>=2.0) = 0.03 |
| profit     | PASS   | 0.0    | 2.0       | P(|delta|>=2.0) = 0  |
| novelty    | PASS   | 0.82   | 0.6       | G(N=0.85) = 0.82     |
| complexity | PASS   | 0.76   | 0.5       | Met                  |
| quality    | PASS   | 0.85   | 0.7       | Passed               |
| utility    | PASS   | 0.001  | 0.0       | LCB=0.00             |

Shadow mode: advisory only, does not block the pipeline.

Decision Meanings

Status	What It Means	CI Behavior (Shadow)	CI Behavior (Enforcement)
PROCEED	All 6 gates pass, low impact	Log to summary	Log to summary
PAUSE	Some gates failed, or human approval needed	Log to summary	Log to summary (advisory)
ESCALATE	High-impact with failures, or requires human review	Log to summary	Add PR comment, continue
HALT	Complexity floor violated (< 0.5)	Log to summary	Block pipeline

Phase Transition: Shadow to Enforcement

After collecting ~20 PRs of shadow data:

Review the shadow decisions — at least 50% of non-docs PRs should get PROCEED
If < 30% get PROCEED, adjust the novelty derivation or threshold (ask-first trigger)
To activate enforcement, modify tools/ci/aegis_shadow_evaluate.py:
- Change shadow_mode=True to shadow_mode=False
- Add exit code logic: exit 1 only on HALT decisions
Add continue-on-error: true for one week buffer
Remove continue-on-error after confirming no false positives

Local Testing

Run the shadow evaluation locally to see what it would report:

cd Projects/aegis-governance
python tools/ci/aegis_shadow_evaluate.py

This analyzes your current branch diff against HEAD~1 and prints the decision to stdout.

Infrastructure

API Keys

Key	Location	Purpose
Service key	AWS Secrets Manager: `aegis/portal-service-key-dev`	Provisioning customer keys
CI Dogfood key	GitHub Secret: `AEGIS_API_KEY` (both repos)	CI REST API access
Customer ID	`cust_6dc3a2ddedb6`	Usage tracking for CI dogfood

MCP Server Configuration

The MCP server is configured in .claude/settings.json at each repo root:

{
  "mcpServers": {
    "aegis": {
      "command": "/Users/joshuakirby/.pyenv/versions/3.12.11/bin/aegis-mcp-server",
      "args": []
    }
  }
}

Note: The path is machine-specific. If the pyenv version changes, update these files:

Undercurrent-Holdings/.claude/settings.json
undercurrent-core/.claude/settings.json

Files Reference

File	Purpose
`tools/ci/aegis_shadow_evaluate.py`	CI shadow evaluation script
`.github/workflows/python-ci.yml`	CI workflow with `aegis-shadow` job
`.github/actions/aegis-gate/action.yml`	Reusable GitHub Action (for external repos)
`src/aegis_governance/mcp_server.py`	MCP server (7 tools)
`src/integration/pcw_decide.py`	Python SDK entry point
`src/aegis_governance/scoring_guide.py`	Domain-specific parameter derivation

Calibration Targets

After ~20 PRs of shadow data, review these metrics:

Metric	Target	Action if Missed
Non-docs PRs getting PROCEED	>= 50%	Adjust novelty derivation
False HALTs (complexity floor)	0	Review complexity calculation
Gate pass distribution	No single gate failing > 80%	Investigate that gate's derivation
Evaluation errors	0	Fix script bugs

Onboard a New Repository

This section is a cookbook for adding AEGIS governance to a repository that doesn't have it yet. Pick one or more integration paths below.

Decision Tree

Goal	Path	Time	Prerequisites
Interactive governance during Claude Code sessions	A: MCP	2 min	`aegis-mcp-server` installed
Automated advisory on every PR (source access)	B: CI Shadow	15 min	Python in CI, AEGIS source (BSL-1.1)
Language-agnostic CI gate (no Python needed)	C: REST API	10 min	API key from portal
Reusable GitHub Action (Lambda-backed)	D: GitHub Action	10 min	AWS OIDC role for Lambda invoke

Recommendation: Start with A + B for internal Python repos. Use C for non-Python or external repos.

Path A: MCP Server Setup

Verify aegis-mcp-server is on PATH:

which aegis-mcp-server

If missing, install from a licensed source checkout:

git clone <your-aegis-repo>
cd aegis-governance
pip install -e ".[mcp]"

Add .claude/settings.json to the repo root:
```
{
  "mcpServers": {
    "aegis": {
      "command": "aegis-mcp-server",
      "args": []
    }
  }
}
```
pyenv note: If Claude Code can't find aegis-mcp-server, use the full path from which aegis-mcp-server. The path is machine-specific and will break on pyenv version changes — prefer keeping aegis-mcp-server on a stable PATH.
Restart Claude Code (or start a new session).
Verify: run the aegis_check_thresholds MCP tool — it should return all 6 gates.

Path B: CI Shadow Job (aegis-governance repo)

This path uses the shadow evaluation script that ships with aegis-governance. It requires the AEGIS source (BSL-1.1 licensed) — the script imports integration.pcw_decide at runtime.

For repos that do not have AEGIS source access, use Path C (REST API) or Path D (GitHub Action) instead.

The aegis-shadow job in .github/workflows/python-ci.yml is the reference implementation:

  aegis-shadow:
    name: AEGIS Shadow Evaluation
    needs: [ci-success]  # run after all quality gates pass
    if: needs.ci-success.result == 'success'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 2  # needed for HEAD~1 diff

      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install AEGIS from source
        run: pip install -e ".[engine]"

      - name: Run AEGIS shadow evaluation
        env:
          PR_TITLE: ${{ github.event.pull_request.title || '' }}
        run: python tools/ci/aegis_shadow_evaluate.py

To add this to another internal repo with AEGIS source access:

Copy tools/ci/aegis_shadow_evaluate.py into the target repo.

Add a CI step that checks out aegis-governance and installs it:

      - uses: actions/checkout@v4
        with:
          repository: undercurrentai/aegis-governance
          path: aegis-governance
          token: ${{ secrets.GH_PAT }}  # private repo access

      - name: Install AEGIS
        run: pip install -e "./aegis-governance[engine]"

Add 'tools/ci/**' to your PR trigger paths so changes to the script trigger CI.
Push a test PR and verify the AEGIS summary appears in Actions.

Adaptation notes:

The shadow script auto-classifies changes (docs/config/deps/code/infra) using file extensions and directory prefixes — works for any language.
For non-src/ layouts: the script uses _CODE_DIRS and _CODE_EXTENSIONS sets. Fork the script if your code lives in a custom directory not already covered (lib/, app/, etc. are already included).
Parameter derivation uses CI/CD domain defaults. For trading, moderation, or agent domains, see docs/integration/domain-templates.md.

Path C: REST API (Any Language)

Get an API key: sign up at portal.undercurrentholdings.com or request internal provisioning from the AEGIS team.
Store as GitHub Secret: AEGIS_API_KEY

Add a CI step that calls the REST API:

      - name: AEGIS shadow evaluation
        env:
          AEGIS_API_KEY: ${{ secrets.AEGIS_API_KEY }}
          PR_TITLE: ${{ github.event.pull_request.title || 'manual run' }}
        run: |
          PAYLOAD=$(python3 -c "
          import json, os
          print(json.dumps({
            'proposal_summary': os.environ['PR_TITLE'],
            'estimated_impact': 'medium',
            'risk_proposed': 0.1,
            'risk_baseline': 0.02,
            'profit_proposed': 0.98,
            'profit_baseline': 0.98,
            'novelty_score': 0.85,
            'complexity_score': 0.7,
            'quality_score': 0.85,
            'shadow_mode': True
          }))
          ")
          RESULT=$(curl -sf -X POST \
            https://aegis-api-980022636831.us-central1.run.app/evaluate \
            -H "Authorization: Bearer $AEGIS_API_KEY" \
            -H "Content-Type: application/json" \
            -d "$PAYLOAD")
          echo "### AEGIS Shadow Evaluation" >> $GITHUB_STEP_SUMMARY
          echo '```json' >> $GITHUB_STEP_SUMMARY
          echo "$RESULT" | python3 -m json.tool >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY

For dynamic parameter derivation (like the shadow script does), compute file counts and types yourself. The REST API evaluates whatever parameters you send.

Path D: Reusable GitHub Action (Lambda-Backed)

For repos with AWS OIDC access to the AEGIS Lambda:

      - uses: undercurrentai/aegis-governance/.github/actions/aegis-gate@main
        with:
          proposal_summary: ${{ github.event.pull_request.title }}
          estimated_impact: "medium"
          risk_score: "0.1"
          complexity_score: "0.7"
          aws_role_arn: ${{ secrets.AEGIS_GATE_ROLE_ARN }}
          customer_id: "cust_your_id_here"

Outputs available to subsequent steps: status, confidence, rationale, decision_json.

Set fail_on_halt: 'false' for shadow mode (default is 'true' which blocks on HALT).

API Key Management

Scenario	Recommendation
Single internal repo	Shared dogfood key (`AEGIS_API_KEY` GitHub Secret)
Multiple internal repos	One key per repo for usage attribution (`customer_id` tracks)
External/partner repo	Dedicated key via portal signup
Key rotation	Generate new key in portal, update GitHub Secret, old key revoked
Local development	Set `AEGIS_API_KEY` in `.env` (gitignored) or use MCP path instead

Internal dogfood customer ID: cust_6dc3a2ddedb6 — for Undercurrent repos, use this for usage aggregation.

Onboarding Checklist

Choose integration path (A: MCP, B: CI Shadow, C: REST, D: GitHub Action)
MCP (if Path A): .claude/settings.json added, aegis_check_thresholds returns 6 gates
CI Shadow (if Path B): AEGIS source checkout in CI, aegis-shadow job added, test PR shows summary
REST API (if Path C): API key in GitHub Secrets, health check passes, test evaluation returns decision
GitHub Action (if Path D): AEGIS_API_KEY secret configured, action runs, outputs available
First PR evaluated: Shadow decision visible in GitHub Actions summary
Calibration started: Tracking PROCEED rate on first 20 non-docs PRs

AEGIS Dogfooding Guide

On this page