AegisX is a modern, extensible cryptography framework built for Python 3.13 and beyond. Designed with modularity, security, and developer ergonomics in mind, AegisX provides a powerful foundation for building secure applications, protocols, and systems. Whether you’re implementing custom encryption schemes, managing keys, or integrating with existing crypto libraries, AegisX offers a clean, pluggable architecture that adapts to your needs — without sacrificing clarity or control.
At its core, AegisX introduces a unified abstraction layer for cryptographic operations, allowing developers to write secure code without needing to worry about where key material resides — whether it’s on disk, in memory, stored remotely, or managed by a hardware security module (HSM). This flexible architecture enables seamless integration across diverse environments. AegisX also aims to empower developers with rich, extensible support for widely used protocols such as JOSE, OAuth 2.x/OpenID Connect, and PKIX, making it easier to implement secure authentication, authorization, and identity management workflows with confidence and clarity.
The AegisX codebase is organized for clarity and modularity. The core
functionality of the framework resides in ./src/main, housing the primary
interfaces and logic that power AegisX. Extension packages — including
support for higher-level protocols and additional features — are located
in ./src/ext, while pluggable cryptographic backend implementations live
in ./src/backends, allowing for flexible integration with various
crypto providers.
To set up a local development environment for all components, run the following command in the terminal of your choice:
make
AegisX follows a structured three-phase release process for all components:
-
Alpha
All extensions and backend packages begin in the Alpha stage. Features are considered experimental and may change significantly. Alpha packages are suitable for exploration and early feedback but not recommended for production use. -
Beta
To reach Beta, a package must achieve 100% test coverage. This phase indicates increased stability and readiness for broader testing and integration, though some refinements may still occur.Prior to promotion to Beta, a feature freeze must be declared over the given package.
-
General Availability (GA)
GA status signifies that a package is production-ready. To qualify, it must include:- Security hardening tests
- Fully documented public classes and methods
- Autogenerated documentation using Sphinx
- Compliance with the project's coding standards (see below)
- For extensions that implement a protocol, it must demonstrate compatibility with at least two other Python libraries that implement the same protocol.
Prior to promotion to GA, a code freeze must be declared over the given package.
AegisX adheres to Semantic Versioning to ensure clarity
and predictability in its release cycle. Each version is expressed as
MAJOR.MINOR.PATCH, where breaking changes increment the major version,
new features that maintain backward compatibility increment the minor
version, and bug fixes or minor improvements increment the patch version.
This versioning scheme applies to the core framework as well as all officially maintained extensions and backends, allowing developers to confidently manage dependencies and track changes over time.
The aegisx.ext.cve package provides curated dependency pinning to exclude
known CVEs from the AegisX dependency tree. These pins are not applied to other
packages in the framework to preserve backward compatibility and give
implementers the flexibility to enforce their own security policies.
For high-security environments, it is strongly recommended to install the
aegisx.ext.cve package to ensure that all dependencies meet stricter
vulnerability constraints.
The only exemption to this rule are CVEs in aegisx or one of its
packages. In such a case a patch is submitted and all dependants
must pin the new version.