Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.runaegis.co/llms.txt

Use this file to discover all available pages before exploring further.

Every time an agent makes a GitHub MCP tool call, Aegis evaluates the action against your active policies and assigns it a decision before anything executes. The decision determines exactly what happens next, whether the action runs immediately, gets transformed, waits for human review, or is blocked outright. Understanding decisions is the foundation for understanding how Aegis governs your agents.

The four decision types

The action passed all active policy checks with no modifications. Aegis forwards it to the GitHub MCP server and the agent receives the result without delay.Use this as your baseline signal that an action was within the boundaries you defined. A high ALLOW rate on read-only tools (like get_file_contents or list_branches) is expected and healthy.
The action violated a policy that does not permit any fallback path. Aegis returns an error to the agent and nothing is written to GitHub.Common reasons for a DENY:
  • The target repository is not on the repo allowlist
  • A merge was attempted without passing CI checks
  • A branch name does not follow the aegis/{session_id}/{task} convention
  • A diff contains a detected secret (API key, token, or credential)
  • The action occurred during a release freeze window
The agent receives a structured error response that includes which policy triggered the denial.
The action is redirected to an equivalent but safer workflow before it reaches GitHub. The agent is not blocked; instead, Aegis substitutes the original request with a compliant one.The primary example is Protected Branch Denial: when an agent attempts a direct push or file write to main, master, or a release branch, Aegis rewrites the action to open a pull request instead. From the agent’s perspective the tool call succeeds, but the outcome is a PR rather than a direct commit.Rewrites let you enforce best practices without interrupting the agent’s progress.
The action is held in a queue until a human explicitly approves or denies it. The agent’s tool call does not return until a decision is made, effectively pausing that session.Actions that trigger approval gates include:
  • Any write action when Mandatory PR Flow is enabled
  • Changes to CI/CD pipelines, infrastructure definitions, or auth configuration
  • Large diffs that exceed the Blast Radius Gate threshold
You review and act on pending approvals from the Dashboard or the Approvals page. Once you approve, the action executes immediately. If you deny, the agent receives an error and the action is discarded.

Decision comparison

DecisionAgent blocked?Action reaches GitHub?Human action required?
ALLOWNoYes, unchangedNo
DENYYesNoNo
REWRITENoYes, as PRNo
REQUIRE_APPROVALPausedOnly after approvalYes

Blast radius

Every action that Aegis evaluates also receives a blast radius rating, which estimates how severe the consequences would be if the action executed unchecked.
RatingMeaning
LowScoped, easily reversible change, e.g., reading a file or creating an issue
MediumModerate scope, e.g., editing a single file on a feature branch
HighBroad or hard-to-reverse change, e.g., pushing to multiple files or renaming a branch
CriticalPotentially destructive, e.g., modifying CI/CD pipelines or infrastructure code
Blast radius feeds directly into policy enforcement. The Blast Radius Gate policy uses this rating to trigger an approval requirement when a High or Critical action is detected. You can see the blast radius on every action in a session’s detail view.
Blast radius is calculated by Aegis at evaluation time based on the tool name, target repository, target branch, and the size and nature of the diff. It is not set by the agent.

Reading decisions in the dashboard

The Dashboard home page gives you two views into decisions across all your agents. Decision distribution bar, a horizontal bar at the top of the Decision overview card breaks down your total evaluated actions into four color-coded segments: Allow (green), Rewrite (purple), Approval (amber), and Deny (red). Below the bar, each segment shows an absolute count and a percentage. Use this to spot anomalies, a sudden spike in DENY actions may indicate a misconfigured agent or a policy that is too strict. Recent activity feed, the activity feed lists the latest tool calls with their decision badge inline. Each row shows the agent name, the MCP tool called, a plain-English summary of what the action would do, execution time, and the decision. Click any row to navigate to the full runs list for that agent. Stat strip, the six-cell strip below the distribution bar surfaces at-a-glance numbers: active sessions (last hour), total runs this week, pending approvals, active policies, blocked runs this week, and rewrites this week.
Filter the Runs page by decision type to isolate all DENY or REWRITE events and audit why specific policies fired.