Status¶

What's real today, what's WIP, what's not yet started — at the per-capability level. We keep this page deliberately blunt because honesty about pre-alpha status is the only way to build trust at this stage.

Release status¶

v0.1.1 — pre-alpha. First public, taggable release. Production-stable backends, KMIP, MCP, and the auto-response loop are designed and roadmapped, not shipped.

Status	What it means
Shipped	Code is on `main`, tested, in v0.1.1
MVP	Functionally complete but lacks the polish / edge cases of a production-ready feature
WIP	Active work in flight, target landing in the next 1-2 releases
:material-blueprint:{ .grey } Designed	Architecture is settled, no code yet
Opportunity	Identified gap, design pending

Per-capability snapshot¶

Crypto operations¶

Capability	Status	Detail
`create` / `get` / `activate` / `revoke` / `destroy`	Shipped	Full lifecycle, REST + CLI
`sign` / `verify`	Shipped	RSA-PSS-SHA-256, ECDSA-SHA-256 via AWS KMS
`encrypt` / `decrypt` with EncryptionContext AAD	Shipped	AES-256, AWS KMS-backed
`wrap` / `unwrap` (KMIP-style envelope)	Shipped	Symmetric KEK
`rotate(policy)`	Shipped	Manual policy; auto-scheduler in v0.2.0
`compromise(reason)`	Shipped	One-way, severity=Critical audit

Identity & authorization¶

Capability	Status	Detail
`Principal.Human` / `Principal.Agent` ADT	Shipped	Sealed trait, total case analysis
Dev-mode `X-Aegis-User` header	Shipped	Workstation only
JWT bearer auth (HS256)	Shipped	Configurable secret
OIDC / JWKS verification	WIP	v0.2.0
Agent-token issuance endpoint	:material-blueprint: Designed	v0.2.0
Policy engine (rules richer than allow/deny per principal)	:material-blueprint: Designed	v0.3.0

Audit & observability¶

Capability	Status	Detail
Append-only audit log	Shipped	`AuditingKeyService` decorator
Audit fan-out to stdout	Shipped	Default sink
Audit fan-out: Kafka / S3 / Webhook / Postgres	:material-blueprint: Designed	SPI in place, adapters in v0.2.0
Agent-aware audit fields populated end-to-end	MVP	Algebra carries them; HTTP layer doesn't yet populate `source.ip`
Prometheus `/metrics`	Shipped	Per-op counters, latency histograms, errors-by-code
OpenTelemetry tracing (auto-configured SDK)	Shipped	`kms.<op>` spans with attributes
OpenAPI 3.1 spec + Swagger UI	Shipped	At `/docs/`

Anomaly detection & response¶

Capability	Status	Detail
`BaselineDetector` — 5 detectors	Shipped	Scope, rate-spike, op-histogram, time-of-day, source-IP
`AgentRecommendation` events	Shipped	Emitted on detection
Risk scorer	WIP	v0.2.0 (PR W2)
Auto-responder (allow/deny/revoke/rotate)	WIP	v0.2.0 (PR W3)
LLM advisor	:material-blueprint: Designed	v0.4.0 (PR W4)

Persistence¶

Capability	Status	Detail
In-memory event journal	Shipped	Default for dev
Postgres event journal	Shipped	Doobie + bootstrap migration
MySQL / SQLite	:material-blueprint: Designed	v0.3.0

Crypto adapters (RootOfTrust)¶

Capability	Status	Detail
AWS KMS	Shipped	Full sign/verify/encrypt/decrypt/wrap/unwrap
GCP KMS	:material-blueprint: Designed	v0.2.0
Azure Key Vault	:material-blueprint: Designed	v0.2.0
HashiCorp Vault Transit	:material-blueprint: Designed	v0.2.0
PKCS#11 / HSM	:material-blueprint: Designed	v0.4.0

Wire planes¶

Capability	Status	Detail
REST `/v1/keys/*`	Shipped	Full surface, OpenAPI documented
KMIP server (TCP + TLS)	:material-blueprint: Designed	Skeleton in `aegis-kmip`; v0.2.0 lands the wire
MCP server (LLM tool surface)	:material-blueprint: Designed	Skeleton in `aegis-mcp-server`; v0.2.0
Agent-AI plane	MVP	Detector ships; auto-response in v0.2.0

Distribution & deployment¶

Capability	Status	Detail
Docker image (GHCR)	Shipped	`ghcr.io/sharma-bhaskar/aegis-server:0.1.1`
CLI universal tarball	Shipped	Attached to GitHub Release
Library jars on Maven Central	WIP	Workflow ready, blocked on Sonatype + GPG setup
Helm chart	:material-blueprint: Designed	v0.3.0
docker-compose for self-host	Shipped	`deploy/docker/docker-compose.yml`

Compliance & operational maturity¶

Capability	Status	Detail
SOC 2 Type 1	WIP	Audit in progress
SOC 2 Type 2	:material-blueprint: Designed	Targeted late 2026
Penetration test report	:material-blueprint: Designed	Targeted before v1.0
Production deployments	Opportunity	0 today; design partners welcome

What this means for you¶

You're evaluating whether to deploy Aegis to production? Don't, yet. Wait for v0.5+ at the earliest, ideally v1.0.
You're evaluating whether to be a design partner? This is exactly the right time. The product can absorb feedback before the architecture calcifies.
You're contributing code? The library tier is stable enough to build on; the server tier is where most of the v0.2.0 work happens.

See the Developer Guide for setup, or jump to the Roadmap for what lands when.