Moudaxx/AEGIS-OS

# AEGIS OS™ — 安全 AI Agent 平台 # AEGIS OS v4.0 ### 安全 Agent 与机器人执行平台 [](https://github.com/Moudaxx/aegis-os/actions) [](https://www.rust-lang.org/) [](LICENSE) []() []() AEGIS OS 是一个安全优先的 AI agent 执行平台。它在每个 agent 周围强制执行 **12 层安全防护** —— 从 WASM 沙箱到运行时风险评分。 ``` cargo run -- serve # Start HTTP server on :8401 cargo run -- run --name my-agent --provider groq cargo run -- red-team # 16/16 attacks blocked ``` ## 架构 — 12 层安全防护 ``` ┌──────────────────────────────────────────────┐ │ 1. CLI / API Gateway / MCP Server / A2A │ │ 2. AI Inference (NIM+Claude+Gemini+Groq+OAI)│ │ 3. Policy Engine + Guardrails (5 rules) │ │ 4. Input Sanitization (21 patterns) │ │ 5. Skill Vetting Pipeline │ │ 6. API Gateway + Rate Limiting (11 routes) │ │ 7. Tool Router (15 tools + Kali) │ │ 8. MCP Client/Server + A2A Gateway │ │ 9. WASM Sandbox + Filesystem Jail │ │ 10. State Integrity Monitor + Drift Detection│ │ 11. Credential Vault + Capability Tokens │ │ 12. Runtime Risk Scoring (4D) + Audit + SIEM │ └──────────────────────────────────────────────┘ ``` ## AI 后端 | 提供商 | 模型 | 状态 | |----------|-------|--------| | **NVIDIA NIM** | meta/llama-3.1-8b-instruct | ✅ | | **Groq** | llama-3.3-70b-versatile | ✅ | | **OpenAI** | gpt-4o-mini | ✅ | | **Google Gemini** | gemini-2.5-flash-lite | ✅ | | **Anthropic Claude** | claude-haiku-4-5 | ✅ | ## HTTP API (真实服务器) 启动服务器： ``` cargo run -- serve # Starts on :8401 cargo run -- serve --port 8080 # Custom port ``` ### 端点 | 方法 | 路径 | 认证 | 描述 | |--------|------|------|-------------| | GET | /health | No | 健康检查 | | GET | /version | No | 版本信息 | | GET | /metrics | No | Prometheus 指标 | | POST | /mcp/tools/list | No | 列出 MCP 工具 | | POST | /mcp/tools/call | Yes | 执行 MCP 工具 | | POST | /api/v1/agents/run | Yes | 启动 agent | | POST | /api/v1/agents/stop | Yes | 停止 agent | | GET | /api/v1/agents | No | 列出 agent | | POST | /api/v1/inference | Yes | AI 推理 | | POST | /api/v1/redteam | Yes | Red Team 扫描 | | GET | /api/v1/audit | No | 审计日志 | ### 示例 ``` # 健康 curl http://localhost:8401/health # 启动 agent curl -X POST http://localhost:8401/api/v1/agents/run \ -H "Content-Type: application/json" \ -d '{"name":"my-agent","provider":"groq","auth_token":"aegis-secret-token"}' # Red Team 扫描 curl -X POST http://localhost:8401/api/v1/redteam \ -H "Content-Type: application/json" \ -d '{"auth_token":"aegis-secret-token"}' # Prometheus 指标 curl http://localhost:8401/metrics ``` ## 快速开始 ### 前置条件 - Rust 1.85+ - 至少一个 API 密钥（Groq 免费且快速） ### 设置 ``` git clone https://github.com/Moudaxx/aegis-os.git cd aegis-os cp .env.example .env # Add your API keys cargo build ``` ### 运行 ``` # 完整 12 层 agent 执行 cargo run -- run --name my-agent --provider groq # HTTP 服务器模式 cargo run -- serve # Red Team 安全扫描 cargo run -- red-team # 版本信息 cargo run -- version ``` ### Docker ``` docker compose up -d # AEGIS + Prometheus + Grafana open http://localhost:3000 # Grafana dashboard open http://localhost:9090 # Prometheus ``` ## AI 安全框架 AEGIS OS 直接映射到公认的 AI 安全标准： ``` AEGIS Module → AI Security Domain ════════════════════════════════════════════════ 12-Layer Architecture → Secure AI Systems Design Credential Isolation + RBAC → Zero Trust for AI Agents Red Team + MCP-Kali → AI Red Teaming Audit Logger + SIEM → AI Governance & Compliance MCP Security + Allowlist → LLM Tool Security Input Sanitization → Prompt Injection Defense RAG Security Guard → RAG Poisoning Protection Privacy Filter → AI Output Privacy Extraction Detector → Model Extraction Defense Skill Vetting → AI Supply Chain Security ``` **标准：** NIST AI RMF ✅ | OWASP LLM Top 10 (10/10) ✅ | MAESTRO ✅ | Stanford AIUC-1 ✅ 请参阅 [AI-SECURITY-FRAMEWORK.md](AI-SECURITY-FRAMEWORK.md) 查看完整映射。 ## 安全测试结果 ``` Integration Tests: 75/75 (100%) Red Team Tests: 16/16 (100%) ✅ Prompt Injection — InputSanitizer (21 patterns) ✅ Path Traversal — FilesystemJail (13 blocked patterns) ✅ Data Exfiltration — NetworkEgress (exact match + blocklist) ✅ Credential Theft — CredentialVault (revoke + TTL) ✅ Privilege Escalation — CapabilityTokens (wildcards) ✅ Skill Tampering — SkillVetter (static + deps + sandbox) ✅ Sandbox Escape — WasmSandbox (wasmtime) ✅ State Tampering — StateMonitor (SHA256 + drift) ✅ Network Escape — NetworkEgress (port allowlist) ✅ Denial of Service — ApiGateway (rate limiting) ``` ## 项目结构 ``` aegis-os/ ├── src/ │ ├── main.rs # Entry point — 12 layers │ ├── server/mod.rs # HTTP server (Axum) — 11 endpoints │ ├── cli/mod.rs # CLI — 9 commands │ ├── orchestrator/mod.rs # Agent lifecycle │ ├── inference/mod.rs # 5 AI backends │ ├── isolation/mod.rs # WASM + FS jail + network egress │ ├── credentials/mod.rs # Capability tokens + vault │ ├── sanitization/mod.rs # Input sanitization │ ├── skill_vetting/mod.rs # Skill vetting pipeline │ ├── tool_router/mod.rs # Tool router (15 tools) │ ├── guardrails/mod.rs # Policy engine (5 rules) │ ├── mcp/mod.rs # MCP client + server │ ├── a2a/mod.rs # A2A gateway │ ├── state/mod.rs # State integrity monitor │ ├── risk/mod.rs # Runtime risk scoring │ ├── audit/mod.rs # Audit logger + SIEM │ ├── gateway/mod.rs # API gateway │ ├── redteam/mod.rs # Red team engine │ ├── database/mod.rs # Oracle DB connector │ ├── ros2/mod.rs # ROS2 gatekeeper │ └── telemetry/mod.rs # Prometheus metrics ├── tests/ │ └── security_integration.rs # 75 tests ├── Dockerfile ├── docker-compose.yml ├── .github/workflows/ci.yml └── aegis.toml # Configuration ``` ## 环境变量 | 变量 | 来源 | 必需 | |----------|--------|----------| | `NVIDIA_NIM_API_KEY` | build.nvidia.com | 可选 | | `GROQ_API_KEY` | console.groq.com | 推荐（免费） | | `OPENAI_API_KEY` | platform.openai.com | 可选 | | `GOOGLE_AI_API_KEY` | aistudio.google.com | 可选 | | `ANTHROPIC_API_KEY` | console.anthropic.com | 可选 | ## 路线图 | 阶段 | 状态 | |-------|--------| | MVP — 12 层 + 5 个 AI 后端 | ✅ 已完成 | | HTTP Server — 真实 API | ✅ 已完成 | | Docker + Prometheus + Grafana | ✅ 已完成 | | CI/CD — GitHub Actions | ✅ 已完成 | | Multi-agent runtime | 计划中 | | TLS/mTLS | 计划中 | | RBAC | 计划中 | | Kubernetes Helm chart | 计划中 | | SaaS — AEGIS Cloud | 计划中 | ## 贡献 请参阅 [CONTRIBUTING.md](CONTRIBUTING.md) ## 安全 请参阅 [SECURITY.md](SECURITY.md) ## 许可证 MIT — 请参阅 [LICENSE](LICENSE)

⛊ AEGIS OS — 因为 AI agent 也值得拥有安全。

标签：A2A协议, AI代理, AI安全平台, API网关, CISA项目, Claude, CVE检测, DLL 劫持, DNS 反向解析, Gemini, LLM推理, MCP协议, NVIDIA NIM, OpenAI, RBAC, Rust, WASM, XML 请求, 内存规避, 可视化界面, 后端服务, 大语言模型, 子域枚举, 安全开发, 安全执行环境, 审计日志, 异常检测, 操作系统, 机器人安全, 沙箱技术, 端侧安全, 策略引擎, 网络安全挑战, 网络攻防, 网络流量审计, 脚本检测, 自定义请求头, 请求拦截, 输入清洗, 通知系统, 零信任架构, 风险评分