Evaluate the Platform
Run the full proof lifecycle in 14 seconds.
Seal a policy, govern tool calls, verify evidence offline.
Platform metrics verified against current codebase
Try It
The CLI is the primary interface, with no infrastructure required beyond the binary itself.
# Generate keys and initialize chain
aga init --standalone
# Validate system health
aga doctor
# Seal a governance policy for an MCP agent
aga seal --file agent.bin --model-name research-agent \
--tool-policy-file policy.json -o sealed-artifact.json
# Start the enforcement proxy
aga proxy --upstream localhost:3000 --artifact sealed-artifact.json
# Export and verify evidence offline
aga export -o evidence.json
aga verify --bundle evidence.jsonStandalone Demo
Seal a policy, start the enforcement proxy, route 4 tool calls (3 permitted, 1 denied), export the evidence bundle, and verify offline with 8-step verification. Full proof lifecycle in 14 seconds.
What Enforcement Looks Like
Agent receives prompt-injected instruction
→ Executes unauthorized API call
→ Writes partial log entry
→ No enforcement, no proof, no detection
Agent receives prompt-injected instruction
→ Proxy intercepts tool call
→ Policy violation: tool not in sealed allowlist
→ Call blocked (HTTP 403)
→ Signed DENY receipt generated
→ Receipt appended to continuity chain
→ Evidence bundle verifies: PASS
The agent cannot forge the receipt. It does not hold the signing keys.
What's Built
50,725 lines of Go. 230+ source files. 1,227 test functions. 90%+ coverage. 8-step verification with decision re-derivation. Zero stubs.
New in v2.8.0: threshold signing (Shamir k-of-n), response attestation via streaming hash, decision re-derivation (Step 8), Roughtime IETF timestamps, network isolation receipts, portal self-attestation, receipt batching with Merkle amortization, phantom timing profiles.
CLI
16 commands: init, seal, deploy, verify, export, audit, status, gate, rotate, policy, proxy, doctor, falcon, version, completion, help.
Enforcement
HTTP reverse proxy blocks denied MCP tool calls. Envoy ext_authz gRPC server denies at the network layer. Kubernetes admission webhook with failurePolicy: Fail prevents unsealed pods from running.
Policy Profiles
18 pre-built profiles spanning SCADA, defense, AI agent, healthcare, financial services, and EU AI Act high-risk deployments. Custom profiles supported.
Crypto Stack
Ed25519, ML-DSA-65, and hybrid composite signatures. SHA-256 and BLAKE2b-256 hashing. Merkle trees with inclusion proofs. 45 cross-language test vectors across 10 categories.
Evidence
Continuity chain with hash-linked signed receipts. Offline evidence bundles with Merkle inclusion proofs. HTML audit reports via aga audit --format html.
Health Check
aga doctor runs a 21-point diagnostic validating keys, policy state, chain integrity, proxy connectivity, and enforcement readiness. One command, full stack validation.
$ aga doctor
[PASS] Key pair exists (portal.key, portal.pub)
[PASS] Key algorithm: Ed25519
[PASS] Public key readable (32 bytes)
[PASS] Policy artifact exists
[PASS] Policy artifact signature valid
[PASS] Policy effective period active
[PASS] Agent identity hash present
[PASS] Enforcement mode: mandatory
[PASS] Chain store initialized
[PASS] Chain integrity: 0 broken links
[PASS] Receipt signature algorithm: Ed25519-SHA256-JCS
[PASS] Merkle tree depth: 4 (16 leaves)
[PASS] Proxy listener: localhost:8080
[PASS] Upstream reachable: localhost:3000
[PASS] ext_authz gRPC: disabled (standalone mode)
[PASS] Admission webhook: disabled (standalone mode)
[PASS] Evidence export: ready
[PASS] Offline verification: ready
[PASS] Key rotation policy: max-age=720h
[PASS] Portal self-attestation: binary hash verified
[PASS] Roughtime: configured (roughtime.cloudflare.com)
21/21 checks passed. System healthy.How This Compares
Evaluation Path
Five steps from first run to diligence pack.
Run the Demo
Run the standalone demo. 4 tool calls, 5 signed receipts, offline verification. Full proof lifecycle in 14 seconds.
Start hereInspect the Chain
Run aga status to view live governance state. Run aga audit --format html to generate a compliance report. Upload the evidence bundle to the browser verifier.
Open VerifierDeploy Enforcement
Three deployment modes. Standalone: aga proxy (no infrastructure). Kubernetes: helm install with admission webhook. Service mesh: Envoy ext_authz gRPC sidecar.
View ArchitectureReview Trust and Scope
Understand exactly what evidence bundles prove and what they do not. Written like a threat model, not marketing.
View Trust ModelRequest the Diligence Pack
Architecture documentation, NIST submissions, integration assessment materials, and deployment playbooks.
Contact UsKnown Limitations
- 1.Network routing. Enforcement requires the governed agent to route through the AGA proxy or Envoy sidecar. Direct tool access outside the proxy is not governed.
- 2.Identity binding. Self-signed X.509 identity binding via SPIFFE. No external PKI or certificate authority.
- 3.Time anchoring. System clock is primary. Roughtime IETF protocol available for timestamp corroboration.
For the full trust model, see the Trust and Scope page.
Integration Options
The CLI is the primary interface. These packages provide language-specific integration.
Ready to Go Deeper?
Get the full diligence pack with architecture documentation, NIST submissions, and integration assessment materials.