Aegis

A local proxy that sits between your AI agent and the APIs it calls, injecting credentials at the network boundary so the agent never sees raw tokens. Instead of putting your Slack bot token or GitHub PAT in environment variables where Claude or Cursor can read them, you store credentials in an encrypted vault and route requests through localhost:3100. Aegis enforces domain allowlists (your Slack token can't be sent to evil.com), logs every request, and supports per-agent access control. Exposes three MCP tools: aegis_proxy_request for authenticated API calls, aegis_list_services to see what's available, and aegis_health for status checks. Reach for this when you're shipping AI agents that need to call production APIs and you want defense against prompt injection credential exfiltration.