A Privit Aegis

Authorized security testing workspace

Privit Aegis Workspace

A local web console and CLI workflow for passive discovery, security posture review, localized reports, AI-assisted remediation prompts, and AIGate push readiness.

Workflow

From approved scope to publishable report

The workspace verifies scope, maps the target passively, reviews security posture, localizes evidence, and keeps AIGate for git and CI quality checks.

Aegis workflow diagram

Detection coverage

Passive checks that explain themselves

01

Scope guard

Validates authorization, loopback safety, discovery depth, page limits, and denied paths.

02

Site discovery

Inventories routes, forms, auth-like pages, sitemap entries, redirects, and blocked URLs without submitting forms.

03

Browser posture

Reviews CSP, HSTS, Referrer-Policy, nosniff, frame controls, isolation headers, CORS, and Permissions-Policy.

04

API and identity

Looks for OpenAPI, GraphQL, OIDC, JWKS, versioned APIs, auth/session endpoints, and public account data signals.

Review recommended 0 critical
Pass criteria Redacted evidence

Reports

Readable reports for developers and reviewers

Reports include the target, scan mode, discovery map, findings, pass criteria, recommended fixes, and redaction policy in the selected language.

AI

AI assists, deterministic checks decide

Codex, Gemini, Claude, local AI, and API providers can be configured for readiness checks and remediation prompts. Scan findings stay based on response metadata and passive evidence.

Run locally

Start the web console

npm run setup
npm run web

Open http://127.0.0.1:4317, confirm the authorized target, run Start, and open the localized report.