From 9f79d2ce3ade3d70c309aba4a572dbda7074f900 Mon Sep 17 00:00:00 2001 From: Yash-0620 Date: Wed, 20 May 2026 13:56:50 +0530 Subject: [PATCH 1/4] Add deployment guide for Aegis Zero-Trust Sidecar This document provides a guide for deploying the Aegis Zero-Trust Sidecar alongside MCP servers, detailing architecture, security measures, and a quickstart deployment using Docker Compose. --- docs/aegis-zero-trust-sidecar.md | 45 ++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 docs/aegis-zero-trust-sidecar.md diff --git a/docs/aegis-zero-trust-sidecar.md b/docs/aegis-zero-trust-sidecar.md new file mode 100644 index 0000000000..ba60ede416 --- /dev/null +++ b/docs/aegis-zero-trust-sidecar.md @@ -0,0 +1,45 @@ +# Enterprise Production Deployment: The Aegis Zero-Trust Sidecar + +Deploying Model Context Protocol (MCP) servers in a local development environment is straightforward. However, exposing MCP servers to production networks—where autonomous agents have direct access to internal databases, APIs, and file systems—presents a massive security and compliance liability. + +To pass enterprise security audits (SOC2, HIPAA), MCP servers should **never** be exposed directly to agentic traffic. Instead, they must be shielded by a mathematically bounded IAM network layer. + +This guide outlines the recommended deployment architecture using the open-source **[Aegis MCP Sidecar](https://github.com/Yash-0620/aegis-mcp-sidecar.git)**. + +## The Architecture: "The Switzerland Moat" + +Instead of trusting the LLM's internal "safety alignment" to not drop a database or hallucinate a massive financial transaction, we deploy a Zero-Trust Proxy Container (Sidecar) directly alongside the MCP server. + +1. **Isolation:** The target MCP Server is bound exclusively to the internal Docker network. It exposes no external ports. +2. **Cryptographic Authentication:** Agents must pass an `X-Aegis-IBCT` (Invocation-Bound Capability Token) signed via Ed25519 cryptography. +3. **Mathematical Bounding:** The Sidecar intercepts the JSON-RPC payload. If the LLM hallucinates an unauthorized tool call (e.g., trying to execute a `$50,000` transaction when the limit is `$500`), the proxy mathematically drops the connection before it ever reaches the MCP server. + +## Quickstart Deployment (Docker Compose) + +The Aegis Sidecar is framework-agnostic and sits next to any standard MCP server. + +```yaml +version: '3.8' + +services: + # 1. The Vulnerable Target (Isolated) + target-mcp: + image: supabase/mcp-server:latest # Replace with any official MCP server + networks: + - aegis_secure_net + + # 2. The Shield (Publicly Exposed) + aegis-sidecar: + image: aegisprotocol/mcp-sidecar:latest + ports: + - "8080:8080" + environment: + - TARGET_MCP_URL=http://target-mcp:8000 + networks: + - aegis_secure_net + depends_on: + - target-mcp + +networks: + aegis_secure_net: + driver: bridge From 23adc32bae539f997c226f86b36919acf289b5d2 Mon Sep 17 00:00:00 2001 From: Yash-0620 Date: Wed, 20 May 2026 14:08:29 +0530 Subject: [PATCH 2/4] Clarify setup steps and improve documentation details Updated the Aegis Zero-Trust Sidecar documentation to enhance clarity and detail in the setup instructions. --- docs/aegis-zero-trust-sidecar.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/docs/aegis-zero-trust-sidecar.md b/docs/aegis-zero-trust-sidecar.md index ba60ede416..94478e2f9e 100644 --- a/docs/aegis-zero-trust-sidecar.md +++ b/docs/aegis-zero-trust-sidecar.md @@ -12,11 +12,18 @@ Instead of trusting the LLM's internal "safety alignment" to not drop a database 1. **Isolation:** The target MCP Server is bound exclusively to the internal Docker network. It exposes no external ports. 2. **Cryptographic Authentication:** Agents must pass an `X-Aegis-IBCT` (Invocation-Bound Capability Token) signed via Ed25519 cryptography. -3. **Mathematical Bounding:** The Sidecar intercepts the JSON-RPC payload. If the LLM hallucinates an unauthorized tool call (e.g., trying to execute a `$50,000` transaction when the limit is `$500`), the proxy mathematically drops the connection before it ever reaches the MCP server. +3. **Mathematical Bounding:** The Sidecar intercepts the JSON-RPC payload. If the LLM hallucinates an unauthorized tool call, the proxy mathematically drops the connection before it ever reaches the MCP server. -## Quickstart Deployment (Docker Compose) +## Quickstart Deployment -The Aegis Sidecar is framework-agnostic and sits next to any standard MCP server. +### Step 0: Mint Your Agent Identity +Before you can run the sidecar, your agent needs a cryptographic identity to authenticate with the network layer. +1. Log in to the **[Aegis Cloud Control Plane](https://aegis-cloud-console-rhi85hlw8-yashs-projects-e8e7ba12.vercel.app/)**. +2. Register a new Agent Identity and configure its mathematical boundaries (e.g., set maximum financial transaction limits or restricted database operations). +3. Copy the generated **Agent ID (API Key)**. + +### Step 1: The Sidecar Infrastructure +The Aegis Sidecar is framework-agnostic and sits next to any standard MCP server via `docker-compose.yml`. ```yaml version: '3.8' @@ -24,7 +31,7 @@ version: '3.8' services: # 1. The Vulnerable Target (Isolated) target-mcp: - image: supabase/mcp-server:latest # Replace with any official MCP server + image: supabase/mcp-server:latest # Replace with your official MCP server networks: - aegis_secure_net @@ -35,6 +42,8 @@ services: - "8080:8080" environment: - TARGET_MCP_URL=http://target-mcp:8000 + - AEGIS_CONTROL_PLANE_URL=[https://aegis-live-node.onrender.com](https://aegis-live-node.onrender.com) + - AEGIS_AGENT_ID=paste_your_generated_agent_id_here networks: - aegis_secure_net depends_on: From f1d00ba7cbcddbed2dd97b82455298dd3205ec19 Mon Sep 17 00:00:00 2001 From: Yash-0620 Date: Wed, 20 May 2026 15:34:17 +0530 Subject: [PATCH 3/4] Update Aegis MCP Sidecar link in documentation --- docs/aegis-zero-trust-sidecar.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/aegis-zero-trust-sidecar.md b/docs/aegis-zero-trust-sidecar.md index 94478e2f9e..39b0fddf60 100644 --- a/docs/aegis-zero-trust-sidecar.md +++ b/docs/aegis-zero-trust-sidecar.md @@ -4,7 +4,7 @@ Deploying Model Context Protocol (MCP) servers in a local development environmen To pass enterprise security audits (SOC2, HIPAA), MCP servers should **never** be exposed directly to agentic traffic. Instead, they must be shielded by a mathematically bounded IAM network layer. -This guide outlines the recommended deployment architecture using the open-source **[Aegis MCP Sidecar](https://github.com/Yash-0620/aegis-mcp-sidecar.git)**. +This guide outlines the recommended deployment architecture using the open-source **[Aegis MCP Sidecar](https://aegis-cloud-console.vercel.app/)**. ## The Architecture: "The Switzerland Moat" From e2d736402a2b124d77f0968167dab0f01f6ed33d Mon Sep 17 00:00:00 2001 From: Yash-0620 Date: Thu, 21 May 2026 09:05:32 +0530 Subject: [PATCH 4/4] Revise Aegis MCP Sidecar documentation Updated links and clarified the role of the Sidecar in the deployment architecture. --- docs/aegis-zero-trust-sidecar.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/aegis-zero-trust-sidecar.md b/docs/aegis-zero-trust-sidecar.md index 39b0fddf60..5c4548aa25 100644 --- a/docs/aegis-zero-trust-sidecar.md +++ b/docs/aegis-zero-trust-sidecar.md @@ -4,26 +4,27 @@ Deploying Model Context Protocol (MCP) servers in a local development environmen To pass enterprise security audits (SOC2, HIPAA), MCP servers should **never** be exposed directly to agentic traffic. Instead, they must be shielded by a mathematically bounded IAM network layer. -This guide outlines the recommended deployment architecture using the open-source **[Aegis MCP Sidecar](https://aegis-cloud-console.vercel.app/)**. +This guide outlines the recommended deployment architecture using the open-source **[Aegis MCP Sidecar](https://github.com/Yash-0620/aegis-mcp-sidecar.git)**. ## The Architecture: "The Switzerland Moat" -Instead of trusting the LLM's internal "safety alignment" to not drop a database or hallucinate a massive financial transaction, we deploy a Zero-Trust Proxy Container (Sidecar) directly alongside the MCP server. +Instead of trusting the LLM's internal "safety alignment" to not drop a database or hallucinate a massive financial transaction, we deploy a Zero-Trust Proxy Container (Sidecar) directly alongside the target MCP server. 1. **Isolation:** The target MCP Server is bound exclusively to the internal Docker network. It exposes no external ports. 2. **Cryptographic Authentication:** Agents must pass an `X-Aegis-IBCT` (Invocation-Bound Capability Token) signed via Ed25519 cryptography. 3. **Mathematical Bounding:** The Sidecar intercepts the JSON-RPC payload. If the LLM hallucinates an unauthorized tool call, the proxy mathematically drops the connection before it ever reaches the MCP server. +4. **Cloud SIEM Telemetry:** When a threat is blocked at the network edge, the Sidecar asynchronously forwards the payload to the Aegis Cloud Control plane, updating the CISO's dashboard in real-time. ## Quickstart Deployment ### Step 0: Mint Your Agent Identity Before you can run the sidecar, your agent needs a cryptographic identity to authenticate with the network layer. -1. Log in to the **[Aegis Cloud Control Plane](https://aegis-cloud-console-rhi85hlw8-yashs-projects-e8e7ba12.vercel.app/)**. +1. Log in to the **[Aegis Cloud Control Plane](https://aegis-cloud-console.vercel.app/)**. 2. Register a new Agent Identity and configure its mathematical boundaries (e.g., set maximum financial transaction limits or restricted database operations). 3. Copy the generated **Agent ID (API Key)**. ### Step 1: The Sidecar Infrastructure -The Aegis Sidecar is framework-agnostic and sits next to any standard MCP server via `docker-compose.yml`. +The Aegis Sidecar is framework-agnostic and acts as a pure, stateless proxy. You do not need to manage any database credentials. ```yaml version: '3.8'