Tutorial

Configure AIEGES Security

AIEGES (AI-Enhanced Gateway & Endpoint Security) gives you layered control over AI tool calls. This tutorial walks through Gateway policy authoring and Sentinel tier escalation from start to finish.

Part 1: Sentinel Protection Tiers

Shield Mode

--tier shield

Minimal monitoring. Sentinel observes but does not block any operations. Best for development environments where you need full freedom but want visibility.

# Start Sentinel in Shield mode
aieges-sentinel --tier shield

# What it does:
#  - Logs all MCP tool calls
#  - Records filesystem access patterns
#  - Does NOT block any operations
#  - Generates daily summary reports

Developer Mode

--tier developer

Balanced protection. Sentinel blocks known-dangerous patterns (e.g., writing to system directories, exfiltration attempts) while allowing normal development workflows.

# Start Sentinel in Developer mode
aieges-sentinel --tier developer

# What it does:
#  - Everything in Shield, plus:
#  - Blocks writes to /etc, /usr, /System
#  - Blocks outbound connections to unknown hosts
#  - Prompts for approval on sensitive operations
#  - Real-time alerts via desktop notifications

Sentinel Mode

--tier sentinel

Maximum lockdown. Every filesystem write, network connection, and process spawn requires explicit approval. Intended for production or high-security environments.

# Start Sentinel in Sentinel mode
aieges-sentinel --tier sentinel

# What it does:
#  - Everything in Developer, plus:
#  - ALL writes require explicit approval
#  - ALL outbound network blocked by default
#  - Process sandboxing with seccomp/AppArmor
#  - Immutable audit log (append-only)
#  - Automated threat scoring (147+ patterns)

Part 2: Gateway Policy Rules

The Smart Gateway inspects every MCP request in real time. Policies are defined in gateway.toml and evaluated in order — first match wins.

Policy Anatomy

[[policies]]
name    = "human-readable-name"    # Required
match   = "tools/call"             # MCP method to intercept
action  = "allow" | "deny" | "audit"
when    = { tool_name = "pattern*", ... }
log     = true                     # Write to audit trail

Example: Block Dangerous Filesystem Writes

[[policies]]
name   = "block-system-writes"
match  = "tools/call"
action = "deny"
when   = { tool_name = "filesystem_write", path = "/etc/*" }

[[policies]]
name   = "block-system-writes-usr"
match  = "tools/call"
action = "deny"
when   = { tool_name = "filesystem_write", path = "/usr/*" }

Example: Audit All Memory Operations

[[policies]]
name   = "audit-memory-ops"
match  = "tools/call"
action = "audit"
when   = { tool_name = "memory_*" }
log    = true

Example: Route by Prefix

The Gateway supports routing prefixes to segment MCP traffic:

# Route memory operations to MNEMON
[[routes]]
prefix   = "memory_*"
upstream = "http://mnemon:8080"

# Route planning operations to the planner
[[routes]]
prefix   = "plan_*"
upstream = "http://planner:8081"

# Route hybrid operations through both
[[routes]]
prefix   = "hybrid_*"
upstream = ["http://mnemon:8080", "http://planner:8081"]

Part 3: Putting It Together

A recommended progression for teams adopting AIEGES:

Start with Shield mode and the Gateway in audit-only mode. Observe traffic patterns for a week.
Review audit logs. Write targeted deny policies for any dangerous patterns you discover.
Escalate Sentinel to Developer mode. Enable real-time alerts.
Refine policies based on developer feedback. Add allow exceptions for legitimate workflows.
For production deployments, escalate to Sentinel mode with immutable audit logs.

Next Steps

Smart Gateway Deep-Dive — MCP intercept layer architecture and latency specs.
MNEMON Engine — three-tier memory with dual-graph architecture.
AIEGES Wiki — community documentation and reference.