Autonomous Cyber Reasoning System

Find it. Prove it. Fix it.
Govern every step.

AEGIS discovers vulnerabilities across 14 languages, proves exploitability, auto-fixes 14 CWE categories, and maps findings to 12 compliance frameworks—with cryptographic provenance chains on every action. 35+ evidence formats. Sub-second delta scans.

npx @raknor/aegis scan-local ./your-project --all
Free tier: real Rust engine, first 50 findings, SARIF + HTML + JSON. Full engine on license. Nothing leaves your machine.

Pipeline

Seven governed stages, one command

Every stage runs under consequence-tier gating. Each action produces a hash-chained provenance entry. The chain is append-only and independently verifiable.

T1
Recon
AST parsing, call graph construction, cross-file dependency mapping
agent: Athena's Owl
T2
Discovery
Parallel SAST, DAST, taint analysis, fuzzing — four agents in parallel
agents: Alecto (fuzz) · Megaera (taint) · Tisiphone (SCA) · Arachne (DAST)
T1
Triage
CVSS v3.1 scoring, deduplication, CISA KEV cross-reference, EPSS enrichment
agent: Dikē
T3
Exploit Proof
Controlled PoC generation in sandboxed execution
agent: Ares
T3
Synthesis
Patch generation with semantic constraints — fix the vuln, preserve behavior
agent: Hephaestus
T2
Verification
Heuristic + dynamic test execution against patched code
agent: Athena's Shield
T4
Deployment
Human-approved production deployment with SARIF + OSCAL evidence
agent: Hermes · requires human approval

Language Support

Fourteen languages, tree-sitter AST

Not regex. Not heuristics. Full abstract syntax tree parsing via tree-sitter, with inter-procedural call graph construction and cross-file taint analysis.

JavaScript
tree-sitter · cross-file taint
TypeScript
tree-sitter · cross-file taint
C / C++
tree-sitter · CWE-120/134/170
C#
tree-sitter · namespace resolution
Python
tree-sitter · taint analysis
Java
tree-sitter · taint analysis
Go
tree-sitter · taint analysis
Rust
tree-sitter · taint analysis
HCL / Terraform
tree-sitter · IAM & cloud config
Bash
tree-sitter · command injection
PHP
tree-sitter · taint analysis
Kotlin
tree-sitter · taint analysis
Swift
tree-sitter · taint analysis

Scanning Capabilities

Six scanner types, one unified output

Every scanner produces findings in a normalized format. SARIF 2.1.0 output is standard. Cross-file taint analysis traces data flow across module boundaries. Infrastructure discovery fingerprints databases, containers, cloud providers, and CI/CD pipelines.

SAST
Static Analysis
103 CWE patterns via tree-sitter AST. Cross-file taint analysis (70+ sources, 100+ sinks). RBAC-aware taint with 5 privilege levels. Auto-fix for 14 CWEs, auto-patch for 8.
SCA
Dependency Scanning
CVE lookup across npm, NuGet, PyPI, Maven. Typosquat detection via Levenshtein distance. SBOM generation (CycloneDX + SPDX). Dependency accuracy audit.
DAST
Dynamic Analysis
Container DAST with 10 probe types. XSS, SQLi, CORS, security headers, TLS configuration, rate limit verification. New Relic NRQL correlation.
Secrets
Secret Detection
11 detection patterns for API keys, tokens, credentials. PII-in-logs detection across 5 categories. Log risk analysis.
Cloud
Multi-Cloud Security
AWS, Azure, and GCP misconfiguration scanning. IAM policy analysis (17 patterns). Infrastructure fingerprinting: 11 DB types, containers, APM, CI/CD.
Threat Intel
CISA KEV + EPSS + NVD
Cross-reference findings against CISA Known Exploited Vulnerabilities. Batch EPSS scoring. NVD CVE enrichment. NIST 800-61 incident response playbooks.
103
CWE Patterns
14
Auto-Fix CWEs
35+
Report Formats
12
Compliance Frameworks

Compliance Mapping

Twelve frameworks, unified mapping

Every finding maps to controls across all twelve frameworks simultaneously. Context-aware risk adjustment factors reachability, exposure, and compensating controls into the final score. Compliance traffic-light readiness view across all frameworks.

NIST SP 800-53 Rev 5
Full catalog with FedRAMP baselines
ISO/IEC 27001:2022
Annex A controls with SOC 2 bridge
SOC 2 Type II
Trust Services Criteria mapping
FedRAMP
ConMon automation · POA&M · OSCAL
OWASP Top 10
2021 + API Security 2023
PCI-DSS v4.0
Cardholder data environment controls
HIPAA
Security Rule technical safeguards
SEC / FINRA
Reg SCI · Reg S-P · Rule 3110 · Rule 4370
CMMC 2.0 / NIST 800-171
DoD CUI protection · 110 requirements · Levels 1–3
FedRAMP 20x
Automated ConMon · POA&M tracking · OSCAL SSP/AR
DoD SRG
IL2–IL5 impact level controls
EU DORA (Regulation 2022/2554)
Mandatory since Jan 2025 · 5 pillars: ICT risk, incident management, resilience testing, third-party risk, information sharing
EU AI Act (Regulation 2024/1689)
Arts 9–17 conformity assessment · Risk management · Technical documentation · High-risk AI system compliance

Licensing

One engine, key-gated

The same Rust binary ships everywhere. The license key determines what unlocks. No separate free vs. paid engine—the free experience is the real engine with a 50-finding cap.

Community
Free
Real AST scan. First 50 findings. SARIF + HTML + JSON. Compliance traffic-light preview.
Pro
Licensed
Unlimited findings. Auto-fix + patches. Taint analysis. Tech debt. STRIDE. WAF rules. DAST. Env divergence.
Premium
Licensed
Pro + M&A due diligence. White-label branding. FedRAMP ConMon packages. Governed transform engine.
Enterprise
Licensed
Full stack. OSCAL, DORA, ISO 27001, NIST CSF 2.0, VEX, SBOM, scoring, evidence bundles, IAM analysis, IR playbooks, infra discovery.

Cryptographic Trust

Every action hash-chained

Not just a scan report. A verifiable evidence chain. Every pipeline action produces a hash-chained provenance entry with algorithm-agile cryptography. SLSA-compatible export.

Algorithm-Agile
PQC-Ready Cryptography
SHA-256 default. SHAKE-256 (PQC) via config switch. Mixed-algorithm chains supported during migration.
Governance
Consequence Tier Gating
T1–T4 gating with PASS / HOLD / DENY / ESCALATE. Every agent action checked against tier authorization.
Observability
13-Channel Diagnostics
Zero-overhead tracing via Node.js diagnostics_channel. Pipeline, stage, wave, gate, and provenance spans.
Integrity
HMAC-Signed Intent Capsules
Mandate tracking with drift detection. If an agent deviates from its approved scope, the capsule detects it.
Provenance
Append-Only Hash Chain — SLSA v1 Compatible
Every pipeline action—scan, triage, exploit proof, patch, deployment—produces a hash-chained entry. The chain is independently verifiable. 35+ evidence formats over the same provenance chain: SARIF, OSCAL (SSP/AR/POA&M), DORA, NIST CSF 2.0, ISO 27001, VEX, CycloneDX + SPDX SBOM, scoring, compliance map, evidence bundles, trend analysis, and more.

How It Works

From install to evidence

0
Install
npx @raknor/aegis — platform-detected native binary. No runtime dependencies.
1
Scan
Full scan or delta: --changed-only for pre-commit (<1s), --since origin/main for CI. 14 languages, cross-file taint tracing.
2
Triage
Findings scored (CVSS 3.1), deduplicated, enriched with CISA KEV + EPSS + NVD data. Context-aware risk adjustment. Posture scoring across 6 domains.
3
Fix
Auto-fix for 14 CWEs, auto-patch for 8. Governed transform engine with validation gates (type check, test suite, no-new-findings). Decision records with provenance.
4
Evidence
35+ formats: SARIF, OSCAL (SSP/AR/POA&M), DORA, NIST CSF 2.0, ISO 27001, VEX, CycloneDX + SPDX SBOM, scoring, compliance map, trend analysis, evidence bundles, and more. CI gating via --fail-on critical.

Sample Output

Real scan, real reports

Scanned OpenClaw — 375K+ star open source project. 4.1M lines of code across 17K files. Completed in 107 seconds.
4.1M
Lines of code
3,681
Findings
48
Taint flows
9/9
Frameworks scored
GRC Summary
Governance, risk, and compliance overview with framework readiness indicators.
HTML
Gap Analysis
Per-framework compliance gaps with specific remediation guidance.
HTML
Taint Flows
48 source-to-sink data flow traces across the codebase.
HTML
Architecture Explorer
C4-style diagram with 82K-node call graph and bounded contexts.
HTML
Container Audit
Dockerfile analysis across 7 production services.
HTML
SARIF Report
Machine-readable findings for CI/CD integration and IDE overlays.
JSON

The engine is live

Start scanning now with the free Community tier—real Rust engine, first 50 findings, SARIF + HTML + JSON output, compliance traffic-light preview. Nothing leaves your machine.

Request a Demo
Community (free — real engine, 50 findings):
npx @raknor/aegis scan-local ./your-project --all

Licensed (unlimited findings + auto-fix + compliance):
npx @raknor/aegis scan-local ./your-project --all --key $AEGIS_KEY

CI delta scan with merge gate:
npx @raknor/aegis scan-local . --since origin/main --fail-on critical