Governance enforcement that sits between your AI agent and the filesystem. Every write, delete, and execute operation gets validated against role-based policies in `.agentpolicy/` before it happens. The server loads your governance rules into its own memory, so the agent never pays the token cost. You get path restrictions, content pattern scanning, quality gates, and an override protocol with append-only logging. Comes with a construction mode for initial builds where the agent reads governance files as a blueprint but skips write restrictions for speed. Universal mode lets the user pick a role at session start, fixed mode locks a role at launch. Works alongside native agent tools, enforcement is opt-in through governed tool routing.
claude mcp add --transport stdio cleburn-aegis-mcp uvx aegis-mcp