Local-first proxy that keeps API keys out of AI agent context. Your agent sends requests to localhost — Aegis injects real credentials on the outbound HTTPS request. The agent never sees the raw key.
Encrypted vault, domain allowlists, full audit trail, per-agent scoping, YAML policy engine, and native MCP server for Claude Desktop, Cursor, VS Code, Windsurf, and Cline.
No SDK. No cloud. No code changes. Open source (Apache 2.0).
