Developer Resources

Evaluate the Platform

Run the enforcement lifecycle in 90 seconds.
Seal a policy, govern tool calls, verify evidence offline.

Platform metrics last verified: March 28, 2026

Try It

The CLI is the primary interface, with no infrastructure required beyond the binary itself.

CLI Quickstart

# Generate keys and initialize chain
aga init --standalone

# Validate system health
aga doctor

# Seal a governance policy for an MCP agent
aga seal --file agent.bin --model-name research-agent \
  --tool-policy-file policy.json -o sealed-artifact.json

# Start the enforcement proxy
aga proxy --upstream localhost:3000 --artifact sealed-artifact.json

# Export and verify evidence offline
aga export -o evidence.json
aga verify --bundle evidence.json

9-Phase Demo

Seal a policy, start the enforcement proxy, route 7 tool calls (3 permitted, 3 denied, 1 drift), export the evidence bundle, and verify offline. Full enforcement lifecycle in under 90 seconds.

Independent Verifier

Verify any evidence bundle in your browser. Zero AGA imports. Client-side only. Standard SHA-256, BLAKE2b-256, and Ed25519.

Open Verifier

What Enforcement Looks Like

Without AGA

Agent receives prompt-injected instruction

→ Executes unauthorized API call

→ Writes partial log entry

→ No enforcement, no proof, no detection

With AGA

Agent receives prompt-injected instruction

→ Proxy intercepts tool call

→ Policy violation: tool not in sealed allowlist

→ Call blocked (HTTP 403)

→ Signed DENY receipt generated

→ Receipt appended to continuity chain

→ Evidence bundle verifies: PASS

The agent cannot forge the receipt. It does not hold the signing keys.

What's Built

34,000+ lines of Go across classical and post-quantum implementations. 92% test coverage. Zero stubs.

CLI

13 commands: init, seal, deploy, verify, export, audit, status, gate, rotate, policy, proxy, doctor, version.

Enforcement

HTTP reverse proxy blocks denied MCP tool calls. Envoy ext_authz gRPC server denies at the network layer. Kubernetes admission webhook with failurePolicy: Fail prevents unsealed pods from running.

Policy Profiles

12 profiles: minimal, scada-100ms, scada-strict, drone-250ms, drone-contested, dod-autonomous-drone, ai-agent-mcp, ai-agent-enterprise, ai-agent-strict, financial-services, healthcare-hipaa, eu-ai-act-high-risk.

Cryptographic Primitives

Ed25519 and ML-DSA-65 (FIPS 204) signatures with hybrid composite mode. SHA-256 and BLAKE2b-256 hashing. RFC 8785 JCS canonicalization. Merkle trees with inclusion proofs. 45 cross-language test vectors.

Evidence

Continuity chain with hash-linked signed receipts. Offline evidence bundles with Merkle inclusion proofs. HTML audit reports via aga audit --format html.

Health Check

aga doctor runs an 18-point diagnostic validating keys, policy state, chain integrity, proxy connectivity, and enforcement readiness. One command, full stack validation.

Sample output from aga doctor health check

$ aga doctor
[PASS] Key pair exists (portal.key, portal.pub)
[PASS] Key algorithm: Ed25519
[PASS] Public key readable (32 bytes)
[PASS] Policy artifact exists
[PASS] Policy artifact signature valid
[PASS] Policy effective period active
[PASS] Agent identity hash present
[PASS] Enforcement mode: mandatory
[PASS] Chain store initialized
[PASS] Chain integrity: 0 broken links
[PASS] Receipt signature algorithm: Ed25519-SHA256-JCS
[PASS] Merkle tree depth: 4 (16 leaves)
[PASS] Proxy listener: localhost:8080
[PASS] Upstream reachable: localhost:3000
[PASS] ext_authz gRPC: disabled (standalone mode)
[PASS] Admission webhook: disabled (standalone mode)
[PASS] Evidence export: ready
[PASS] Offline verification: ready

18/18 checks passed. System healthy.

How This Compares

Logging

Records events after execution

Mutable by design; entries can be altered or deleted without detection

Monitoring

Detects anomalies during execution

Reactive by nature; damage occurs before a response can be triggered

Guardrails

Shapes model behavior via training and prompts

Probabilistic control at the model layer; effective for typical inputs but bypassable by adversarial prompts

Cryptographic Enforcement

Blocks unauthorized actions before execution and generates signed proof

Requires routing through the enforcement boundary

Evaluation Path

Five steps from first run to diligence pack.

Step 01

Run the Demo

Run the 9-phase demo above. 7 tool calls, 7 receipts, offline verification. Full enforcement lifecycle in 90 seconds.

Start here

Step 02

Inspect the Chain

Run aga status to view live governance state. Run aga audit --format html to generate a compliance report. Upload the evidence bundle to the browser verifier.

Open Verifier

Step 03

Deploy Enforcement

Three deployment modes. Standalone: aga proxy (no infrastructure). Kubernetes: helm install with admission webhook. Service mesh: Envoy ext_authz gRPC sidecar.

View Architecture

Step 04

Review Trust and Scope

Understand exactly what evidence bundles prove and what they do not. Written like a threat model, not marketing.

View Trust Model

Step 05

Request the Diligence Pack

Architecture documentation, NIST submissions, integration assessment materials, and deployment playbooks.

Known Limitations

1.Network routing. Enforcement requires the governed agent to route through the AGA proxy or Envoy sidecar. Direct tool access outside the proxy is not governed.
2.Identity binding. Raw Ed25519 or ML-DSA-65 key pairs. No PKI or certificate authority integration.
3.Time anchoring. Timestamps are system clock. No external timestamp authority.

For the full trust model, see the Trust and Scope page.