AegisAegis
The agent SDK

Gate every skill before your agent loads it.

safeskill is the SDK + CLI your agent runs. Onboard a signer and a policy once, then it checks each skill against the ENS registry, re-hashes the file locally, and decides — auto-approve, a Ledger override, or block.

Browse the registry →How it works
Install
# install the CLI globally
$ npm i -g @aegis/safeskill
# …or run it straight from the monorepo
$ pnpm --filter @aegis/safeskill build
$ alias safeskill="node $PWD/packages/safeskill/dist/cli.js"

Runs offline against a hardcoded demo registry with zero chain config. --ens swaps in real ENS v2 on Sepolia.

Part 1

Onboard

Hook up a signer — a real Ledger, a local dev key, or none — and set a policy. The policy is yours: a preset, a one-line threshold, or a custom ruleset. It is persisted to ~/.safeskill/config.json.

Part 2

Gate

Before loading any skill, safeskill resolves its verdict from the ENS registry, re-hashes the live file, and runs your policy. Below-policy skills require a hardware signature; tampered files are always blocked.

Three outcomes

Every skill resolves to exactly one — decided by your policy, with one floor it can never loosen.

AUTO-APPROVE
rating ≥ policy · verdict passes · hash matches

Installed with no human in the loop.

NEEDS OVERRIDE
below policy · failing verdict · unreviewed

Installable only with a verified Ledger signature — the bypass override.

BLOCKED
content hash ≠ pinned hash (tampering)

Never installable. A signature cannot override the integrity floor.

$ safeskill onboard --ledger --min-security 70
✓ policy · auto-approve ≥ 70% · below → Ledger override
$ safeskill use weather.acme.safeskills.eth
✓ hash matches ENS pin · verdict pass · security 97%
AUTO-APPROVE — installed
$ safeskill use sync.evilcorp.safeskills.eth
⚠ verdict fail · security 4% — below policy
NEEDS OVERRIDE — Ledger signature required
$ safeskill use tampered.acme.safeskills.eth
✗ content hash ≠ pinned hash
BLOCKED — a signature can't override this
Customizable

The policy is yours.

A policy is an ordered ruleset evaluated top-to-bottom, first match wins, then a default. Plain JSON — ship it, hand-edit it, or pick a preset. Predicates compose with AND:

  • minSecurityRating · maxSecurityRating — 0–100, higher is safer
  • verdictStatus · hasVerdict · revoked
  • publisherIn · publisherNotIn — trust by ENS parent

Built-in presets: default · strict · permissive. Set one with --preset, --min-security, or --policy ./file.json.

{
  "name": "trust-acme-only",
  "rules": [
    { "publisherNotIn": ["acme.safeskills.eth"],
      "action": "blocked" },
    { "minSecurityRating": 70,
      "verdictStatus": "pass",
      "action": "auto-approve" }
  ],
  "default": "needs-override"
}
Fail-closed by design

If the signature fails, the skill never loads.

A skill is written to disk only on an explicit auto-approve, or a below-policy skill whose Ledger signature verifies. A blocked skill, a missing signer, a declined or errored signature, or one that fails verification all result in no install — nothing is fetched to disk.

For agents

Or call it from code.

The same two parts as the CLI, behind a tiny typed API. Onboard once; then use() before loading any skill and respect the result.

import { Safeskill } from "@aegis/safeskill";

// 1 — onboard once (signer + policy)
await Safeskill.onboard({
  signer: "ledger",
  minSecurityRating: 70,
});

// 2 — gate a skill before loading it
const ss = await Safeskill.load();
const r = await ss.use("weather.acme.safeskills.eth");
if (!r.installed) throw new Error(r.error); // fail-closed

Command reference

safeskill onboard --ledger --min-security 70Part 1 — hook up a signer + set the policy
safeskill policyShow the active ruleset (or --presets for the built-ins)
safeskill listThe registry + the decision the policy makes for each skill
safeskill check <name>Resolve ENS → re-hash → decide (no install)
safeskill use <name>check + install: auto-approve, or require a Ledger override

Check a skill in 60 seconds.

$ npm i -g @aegis/safeskill
$ safeskill onboard --ledger --min-security 70
$ safeskill check weather.acme.safeskills.eth
Browse the registry →