Open Source · AGPL 3.0

The orchestrator for autonomous AI agents

AEGIS manages the full lifecycle of AI agents — from manifest deployment through iterative execution, secure tool access, workflow coordination, and multi-agent swarms. Agents run in isolated containers, tools are proxied through a signed security layer, and every execution is observed, scored, and learned from.

Quick Start

bash
# 1. Install the AEGIS binary
curl -fsSL https://github.com/100monkeys-ai/aegis-orchestrator/releases/latest/download/aegis-linux-x86_64.tar.gz \
  | tar -xz -C /usr/local/bin

# 2. Clone the repo for Docker Compose and demo agents
git clone https://github.com/100monkeys-ai/aegis-orchestrator.git && cd aegis-orchestrator

# 3. Start backing services (Postgres, SeaweedFS, Temporal)
docker compose -f docker/docker-compose.dev.yml up -d

# 4. Configure your LLM provider and start the daemon
export OPENAI_API_KEY="sk-..."
aegis daemon --config aegis-config.yaml

# 5. Deploy the hello-world agent and run it
aegis agent deploy ./demo-agents/hello-world/agent.yaml
aegis execute --agent hello-world \
  --input '{"task": "Write a Python function that returns the Fibonacci sequence up to n."}' \
  --watch

# Output:
# [Iteration 1] Tool call: fs.write /workspace/solution.py
# [Iteration 1] Tool call: cmd.run python /workspace/test_solution.py
# [Iteration 1] Validation: score=0.92 confidence=0.88 → Success
# [Execution ...] Completed in 1 iteration (12.4s)

Need more detail? Full Getting Started guide →

What AEGIS provides

100monkeys Execution Loop

Agents run in a supervised generate → validate → refine cycle. Up to 10 iterations per execution with gradient-scored validation (0.0–1.0), not binary pass/fail.

Docker & Firecracker Runtimes

Docker containers for local development. Firecracker micro-VMs for production — kernel-level isolation with sub-second cold starts and no shared kernel attack surface.

Secure Tool Access (SMCP)

All MCP tool calls are proxied through the orchestrator with Ed25519-signed envelopes. Agents never hold credentials. Cedar-based policy rules enforced per call.

Declarative Agent Manifests

Define agents as Kubernetes-style YAML: apiVersion, kind, metadata, spec. Set model, runtime, security policy, resource limits, and tool capabilities in one file.

Workflow FSMs

Compose agents into durable finite state machines with a shared Blackboard context. States can be agent executions, system commands, or human approval gates.

Multi-Agent Swarms

A parent agent can spawn child executions, pass messages between agents, and coordinate on shared resources using TTL-backed locks. Security context ceiling enforced at spawn.