Analysis updated 2026-05-18
Require sign off and an audit trail before any apt upgrade or package install runs on a server.
Prevent an AI agent with shell access from directly executing risky package changes.
Keep a tamper evident log of every package operation approved and applied on a machine.
| mitkox/aegis | avelino/roam-tui | danilaa1/auditkit | |
|---|---|---|---|
| Stars | 21 | 21 | 21 |
| Language | Rust | Rust | Rust |
| Setup difficulty | hard | easy | moderate |
| Complexity | 4/5 | 3/5 | 3/5 |
| Audience | ops devops | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires building from source in Rust and running a local OpenAI compatible model endpoint such as vLLM.
Aegis is a security tool written in Rust that adds a strict approval and audit layer on top of package managers like apt on Linux, npm for JavaScript, pip for Python, Docker, Cargo for Rust, Go modules, NuGet, and VS Code extensions. The problem it addresses is that running commands like sudo apt upgrade or npm install some package is a relatively blind action, you are trusting that the packages are safe and that the operation will not cause harm. Aegis intercepts those operations and replaces them with a multi step process: analyze the intended changes, have a local AI model review the plan, run deterministic policy checks, generate a cryptographically signed execution plan, and only then allow a constrained execution daemon, running as root, to carry out the approved steps. The key design principle is zero trust, the AI model is only a reviewer and never has permission to execute anything or generate shell commands that Aegis runs. All actual policy enforcement and execution is handled by deterministic Rust code, not AI output. This prevents a compromised or hallucinating model from causing damage. Every operation is recorded in a tamper evident audit log. You would use this in security sensitive environments where you want a verifiable paper trail for every package installation or system upgrade, or where you want to prevent accidental or malicious package changes from running without review. The local AI endpoint is configurable and must be OpenAI compatible, you run your own local model, such as via vLLM. The full README is longer than what was shown.
A Rust tool that puts package manager operations like apt, npm, and pip behind AI review, deterministic policy checks, and a signed, audited execution plan.
Mainly Rust. The stack also includes Rust, vLLM, Ollama compatible endpoints.
License is not stated in the excerpt of the README.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.