aegis
End-to-end AI-native coding, ticket to deploy.
An end-to-end AI-native coding plugin that orchestrates the full SDLC with Claude agents — work-item pickup, spec, plan, implementation, quality gates, PR, CI, deploy. Risk-tiered autonomy (T1–T4) and audit-grade artifacts at every step. Ships from its own repo. Commands carry the `sk-` prefix — AEGIS's sidekick, the protective shield's working hand.
Greek αἰγίς · the shield of Zeus and Athena.
to operate "under the aegis of" is to work under sponsorship and protection.
↳ AEGIS the plugin · a Claude Code pack that runs your SDLC under that shield — every change spec-driven, sealed, governed by risk tier, and audited end-to-end.
git clone codecommit::us-east-2://magellan@aegis ~/aegis && claude --plugin-dir ~/aegis 57-second overview — from ad-hoc commits to a sealed, hashed audit trail.
/aegis:sk-init T2 Onboard a repo: wraps /init, layers manifest, constitution, sandbox profiles, ADR-0001.
/aegis:sk-pickup T3 End-to-end work pickup: sharpen → tier → plan → implement → quality gates → PR. The main loop.
/aegis:sk-plan T2 Re-plan when scope shifts mid-execution; preserves spec versions, derives a new plan.
/aegis:sk-validate T1 Run quality gates (tests, scans, schema conformance) on the active artifact bundle.
/aegis:sk-promote T3 Promote merged PRs through deploy environments — auto for lower envs, gated for prod.
/aegis:sk-audit T1 Audit a repo's Claude Code setup against best practices. Advisory only — never modifies files.
/aegis:sk-status T1 Report where the active pickup, PR, or run ID sits in the pipeline.
/aegis:sk-adr-new T2 Manually create an Architecture Decision Record outside the auto-flow.
sk-action-logger Post-execution Append every tool action to the audit trail with timestamp + sha256.
auditsk-force-push-protected Pre-execution Block force-push to protected branches.
safetysk-hard-reset-protected Pre-execution Block git reset --hard against protected refs.
safetysk-rmrf-data-dirs Pre-execution Block rm -rf against data directories.
safetysk-destructive-sql Pre-execution Block DROP / TRUNCATE against production schemas.
safetysk-drop-column-migration Pre-execution Flag schema migrations that drop columns; require explicit approval.
safetysk-prod-cred-modification Pre-execution Block writes to production credential stores.
safetysk-vulnerable-dep-install Pre-execution Block install of dependencies with known CVEs.
safetysk-force-delete-cloud Pre-execution Block --force destroy of cloud resources.
safetysk-mandatory-pack-removal Pre-execution Block uninstall of mandatory plugin packs.
safetysk-ci-gate-disable Pre-execution Block edits that disable required CI gates.
safetysk-constitution-removal Pre-execution Block deletion of the AEGIS constitution file.
safetysk-branch-naming Pre-execution Enforce branch-name conventions tied to work-item IDs.
validationsk-conventional-commits Pre-execution Reject commits that don't match Conventional Commits.
validationsk-claude-md-line-count Pre-write Enforce the CLAUDE.md soft line-count budget.
validationsk-spec-schema-conformance Pre-write Validate spec.md against the AEGIS schema before sealing.
validationsk-init-agent sonnet Owns /sk-init: scans repo, drafts constitution, sandbox profiles, and ADR-0001.
sk-spec-agent sonnet Owns spec.md authoring and Sharpen Pattern interrogation.
sk-impl-agent sonnet Implements within sandbox profile constraints.
sk-reviewer-agent haiku Pre-check gate for HITL triggers; advisory verdicts (pass/ambiguous/block).
sk-quality-agent sonnet Runs and interprets test/scan output for evidence bundles.
sk-pipeline-agent sonnet CI/deploy orchestration across environments.
sk-triage-agent haiku Lightweight triage on incoming work items.
sk-adr-agent sonnet ADR draft + three-criteria check.
git clone codecommit::us-east-2://magellan@aegis ~/aegis && claude --plugin-dir ~/aegis