DEVELOPER GUIDE

Documentation

Aegis skill library & Themis orchestration

Learn how to discover skills, invoke them individually, use them with Themis for multi-agent analysis, and troubleshoot common issues. All skills are versioned, tagged, and documented.

01

What is Aegis?

Aegis is a skill marketplace and compilation system. Each skill is authored in SKILL.md — a single markdown bundle containing metadata, multiple phases, and guidance text. The compiler generates three artifacts:

  • System Prompt — Ready to paste into ChatGPT, Claude, or your LLM
  • OpenAI Action Schema — For ChatGPT custom actions and function calling
  • MCP Manifest — For Model Context Protocol servers

Skills can be invoked individually through the Aegis API, or chained together through Themis for multi-phase reasoning.

02

Discovering Skills

Browse the Marketplace

Go to the Skills page to browse all available skills. Click any skill to see its full documentation, phases, and installation instructions.

Skill Properties

Each skill has:

  • Name & Version — Unique identifier and semantic version
  • Description — One-line summary of what it does
  • Tags — Keywords: network, endpoint, lateral-movement, detection, etc.
  • Frameworks — mitre-attack, mitre-engage, mitre-atlas, etc.
  • Phases — Usually 3-5 distinct reasoning phases
  • Health Score — 0-100 rating based on phase coverage and freshness
03

Invoking Skills

GET /api/skills

Retrieve all available skills:

curl https://aegis-skills.vercel.app/api/skills

GET /api/[skill]/manifest

Fetch the full manifest for a skill, including phases and input/output schema:

curl https://aegis-skills.vercel.app/api/mitre-attack/manifest

POST /api/[skill]/invoke

Execute a skill with your input:

curl -X POST https://aegis-skills.vercel.app/api/mitre-attack/invoke \ -H "Content-Type: application/json" \ -d '{"input": "Lateral movement techniques in enterprise networks"}'

GET /api/[skill]/phase/[phaseId]

Fetch raw phase content (used internally by Themis):

curl https://aegis-skills.vercel.app/api/mitre-attack/phase/reconnaissance
04

Multi-Agent Analysis with Themis

Themis orchestrates skills for complex threat analysis. Instead of invoking a single skill, submit a task and Themis decomposes it into sub-tasks, invokes multiple skills in parallel, validates outputs, and synthesises a findings report.

Submit a Task

curl -X POST https://aegis-skills.vercel.app/api/themis \ -H "Content-Type: application/json" \ -d '{ "task": "Assess attack surface for a hybrid cloud environment", "context": { "environments": ["enterprise", "cloud"], "attackSurfaceTags": ["network", "lateral-movement"] } }'

The response includes the findings report, skills invoked, guardrail verdicts, token usage, and a thread ID for session continuity.

For full details on Themis architecture, see the Themis page.

05

Standards-Based Security Audit

The Audit API runs a structured compliance audit against one or more security standards. Supported standards: CIS L1/L2, NIST CSF, ISO 27001, SOC 2, PCI-DSS, HIPAA, IEC 62443, NIST 800-53.

POST /api/audit

Submit a configuration, policy document, or architecture description for audit:

curl -X POST https://aegis-skills.vercel.app/api/audit \ -H "Content-Type: application/json" \ -d '{ "input": "<config or policy text>", "inputType": "config", "standards": ["cis-l1", "nist-csf"] }'

Request fields:

  • input — the configuration or policy text to audit (required)
  • inputType — one of: config, policy, architecture, description (optional, defaults to description)
  • standards — array of standard slugs to apply (optional, auto-detected from input if omitted)

The response includes executiveSummary, findings (per control), summary (severity counts), standardsApplied, skillTrace, and durationMs.

06

Troubleshooting

Q: Skill returns 404

The skill name does not exist or is misspelled. Call GET /api/skills to see all available skill names.

Q: Invoke returns 400 (Bad Request)

Your input does not match the skill schema. Fetch the manifest with GET /api/[skill]/manifest to see required fields and types.

Q: Invoke times out (>30s)

The skill took longer than expected. This is normal for LLM-based skills. Timeout limits vary — see your deployment documentation.

Q: Themis returns a sanitized error

Themis hides internal details for security. Your input may violate guardrails, or a skill invocation may have failed. Check that your task and context are valid.

Q: How do I use the system prompt?

Click on a skill to view its page. The system prompt is available in an InstallTabs section. Copy it and paste into your LLM interface, or use it to build a custom agent.

Q: What is the health score?

A 0-100 rating based on phase coverage, tag completeness, framework linkage, and freshness. Higher scores indicate more developed and well-maintained skills.

07

Security & Privacy

Aegis and Themis follow strict security principles:

  • All LLM provider SDKs run server-side only. No API keys are exposed to the client.
  • Logs contain only metadata (hashes, token counts, durations) — never task or response content.
  • Client errors are sanitized through a fixed error handler — no stack traces, internal paths, or model names reach the client.
  • Findings and task content are never persisted to disk, database, or external storage — only in-memory during execution.
  • All skill phase content is validated against content integrity patterns (script injection, eval, data URIs) before reaching agents.
08

Next Steps

Ready to use Aegis? Start with the Skills marketplace. For advanced orchestration, explore the Themis documentation. For complete technical details, see TECHNICAL.md in the repository.