Execution firewall for AI agents.
Put a real execution boundary between AI and your tools.
Approve, refuse, or defer to human — before anything executes.
Every decision leaves proof.
AEG Gate is the public wedge for governed execution.
It shows a simple rule: AI can suggest anything, but it can only execute when AEG Gate issues one-time authority for that exact action.
Without AEG Gate:
agent -> tool -> execution
With AEG Gate:
agent -> AEK policy -> AEG token -> tool -> execution
const decision = await aeg.evaluate({
action: "deploy",
target: "service:smartlabel-web"
});
if (!decision.allowed) throw new Error("refused");
const token = await aeg.issueToken(decision.id);
await runDeploy({ token });pnpm install
pnpm start:local
pnpm demo:10snode ./bin/aeg.mjs run -- bash examples/protect-any-deploy/deploy.sh- A task is created
- Execution without authority fails
- AEK evaluates the request
- AEG Gate issues a one-time execution token
- Execution with the token succeeds
- A proof artifact is emitted
Expected ending:
DEMO_10S_PASS
PROOF_PACKET_ID=...
PROOF_URL=...Protected deploy ending:
DEPLOY_EXAMPLE_PASSRelease gate ending:
RELEASE_CHECK_PASSThis repo is the AEG Gate demo and open-source wedge.
It demonstrates:
- command intake
- task creation
- policy evaluation
- one-time execution token issuance
- token-gated execution
- proof artifact emission
pnpm start:local
pnpm smoke
pnpm demo:10s
pnpm prove
pnpm gateThis repo currently proves:
- token-gated execution
- refusal when no token is present
- proof emission
- local reproducible demo flow
This repo does not yet claim:
- multi-tenant SaaS
- public internet production hardening
- enterprise GA controls