Aegis Guard Gateway is a real-time Model Context Protocol interceptor that classifies every tool call against 21 pre-mapped EU AI Act rules — deterministically, before the request executes, with a tamper-evident audit trail signed for every jurisdiction your DPO cares about.
# Before Aegis Guard — opaque, unaudited, non-compliant @mcp.tool() async def screen_candidates(payload: dict) -> dict: return hiring_pipeline.evaluate(payload) # ───────────────────────────────────────────────────────────────────── # After — one import, one decorator. Full EU AI Act Article 6 coverage. from aegis_guard import compliance_gate @mcp.tool() @compliance_gate # ← intercepts, classifies, blocks, and signs — in < 2ms async def screen_candidates(payload: dict) -> dict: return hiring_pipeline.evaluate(payload) # Every call now produces a signed AuditRecord: # { # "risk_tier": "HIGH_RISK", "article": "Article 6 + Annex III §4", # "iso_controls": ["A.6.1.2", "A.9.2"], "is_blocked": true, # "hmac_sha256": "a3f8…c91d", "confidence": 0.95 # }
The EU AI Act came into force in August 2024. Full enforcement for high-risk systems begins in 2026. Every automated decision touching employment, credit, healthcare access, or biometric data is now a regulated event — whether your legal team knows the tool exists or not.
Subliminal manipulation, social scoring, real-time biometric surveillance in public spaces — Article 5 prohibited uses are absolute bans with fines up to €35M or 7% of global turnover. Without interception at the protocol layer, your agents may already be crossing these lines.
CV screening, credit scoring, student assessment, law enforcement analytics — eight Annex III categories require full documentation of AI decision logic. A log file is not an audit trail. A JSONL record without cryptographic integrity proof is inadmissible evidence of compliance.
The EU AI Office is building tool-call-level inspection capability. MCP and agent frameworks are specifically in scope. "We didn't know the tool existed" is not a viable defence when your model context protocol server is actively running high-risk classification pipelines.
Enterprise certification programmes increasingly require ISO/IEC 42001 conformance. Annex A mandates explicit control mappings for AI risk (A.6.1), governance (A.9.2), and operational monitoring (A.10.1). Manual mapping exercises become instantly stale when your agent fleet evolves weekly.
Rather than auditing outputs after the fact, Aegis Guard intercepts every JSON-RPC tool call at the Model Context Protocol transport seam — before execution — classifying the intent, blocking prohibited operations, and writing a cryptographically signed audit record in a single atomic operation. Your compliance posture is enforced, not reported.
Prevent, not detect. Hard blocks on PROHIBITED-tier operations execute before the downstream tool function runs. No clean-up logic. No post-hoc remediation.
Evidence-grade audit records. Every evaluation produces an HMAC-SHA256 signed record suitable for regulatory submission, e-discovery, and DPO review cycles.
Continuous, automatic ISO 42001 mapping. Annex A control IDs are injected into every audit record without configuration — your AI Management System documentation stays current by default.
Aegis Guard inserts itself at the Model Context Protocol transport seam using a single @compliance_gate decorator. Every tools/call JSON-RPC request is intercepted before Python execution begins. Tool name, all key paths, all nested values, and semantic conjunctions are extracted as structured signal vectors.
Existing agent implementations require no modification to business logic. One import and one decorator instruments an entire MCP server in under five minutes. The interceptor is deployed in your environment — no traffic leaves your perimeter.
tools/callClaude Desktop / OpenAI / custom agent sends JSON-RPC request to your MCP server.
{"method": "tools/call", "params": {...}}Payload is extracted before the decorated tool function is invoked. Execution is suspended pending classification.
_extract_all_text(payload) → signalsAll rules evaluated in-process. PROHIBITED tier triggers an immediate block before any downstream I/O occurs.
_run_all_rules(tool_name, payload)HMAC-SHA256 record appended to append-only JSONL log. Optionally forwarded to SIEM via HTTPS webhook.
AuditRecord.from_compliance_result()Unlike probabilistic LLM-based classifiers, Aegis Guard uses a fully deterministic, explainable scoring model with four independent signal dimensions. Each dimension has a fixed maximum contribution weight, making every classification decision independently auditable and reproducible from the raw payload alone.
The engine evaluates all 21 EU AI Act rules simultaneously. Every rule match returns a ScoreBreakdown object logging each dimension's contribution, the pre-clamp total, and whether an exception pattern reduced the score — giving your legal team a mathematically verifiable explanation for every compliance decision.
Every compliance evaluation — whether it results in a block, a flag, or a clean pass — generates an AuditRecord sealed with HMAC-SHA256 using a 32-byte minimum secret. The hash covers the canonical serialisation of the full record, making any post-hoc tampering immediately detectable.
Each record auto-tags the ISO/IEC 42001:2023 Annex A controls that the flagged behaviour violates. Control IDs follow the standard's hierarchical format (A.6.1.2, A.9.2, A.10.1) and are written directly into the record — giving your AI Management System documentation live, continuously-updated evidence of control monitoring.
Written into every AuditRecord at evaluation time
AI risk assessment. Mandatory risk evaluation for high-impact AI operations
Human oversight. Controls for human review of AI-generated decisions
Operational monitoring. Continuous surveillance of AI system behaviour
Roles and responsibilities. Accountability chain for AI system outcomes
Every enterprise has a different risk tolerance. A financial institution subject to FCA scrutiny may need stricter detection than a research lab operating under academic exemptions. Aegis Guard's operator threshold system lets your CISO dial sensitivity per EU AI Act tier without touching a single rule definition.
Three environment variables — AEGIS_THRESHOLD_PROHIBITED, AEGIS_THRESHOLD_HIGH_RISK, and AEGIS_THRESHOLD_TRANSPARENCY — override the engine's per-rule confidence floor at runtime. Lower values increase recall (catch more borderline operations). Higher values reduce noise for trusted internal tooling. Production environments enforce a safety invariant: thresholds cannot be inverted, and observe-only mode for PROHIBITED operations is hard-blocked.
PROHIBITED < TRANSPARENCY raises a hard ValidationError — inverted thresholds are rejected at startup.
AEGIS_ENV=production with block_prohibited_risk=false is rejected — observe-only mode cannot be silently enabled in production.
Every rule shipped with Aegis Guard is pre-mapped to its governing Article, risk tier, and ISO 42001 Annex A controls. Your compliance team does not write detection logic. They configure thresholds and review evidence.
Your procurement cycle, your legal review cycle, and your engineering integration cycle all need to complete before the relevant enforcement date. Aegis Guard is designed to compress the integration timeline to days, not quarters.
An Aegis Guard Architecture Review is a structured 90-minute session with our compliance engineering team. We map your current MCP server topology against EU AI Act Articles 5 and 6, identify the highest-priority integration points, and deliver a written risk assessment and deployment plan your General Counsel can sign off on.
Available for on-premise, VPC, and air-gapped deployments. NDA-protected review. · Privacy Policy · Security Overview