Inspiration

What it does

How we built it

Challenges we ran into

Accomplishments that we're proud of

What we learned

What's next for Aegis

Aegis — Agents That See Patterns, Never People

Inspiration

Every AI agent platform has the same flaw: your data flows raw into an LLM you don't control.

GDPR fines exceeded €4.5B in 2023. HIPAA violations cost US healthcare $145M+ annually. Yet every "intelligent automation" tool treats sensitive data as an acceptable LLM input.

We asked: why does powerful AI require surrendering privacy? It doesn't.

What It Does

Describe any agent in plain English → Aegis generates, deploys, and runs it — without ever exposing raw sensitive data to any LLM.

Example: Audit my patient records for billing anomalies, email me a summary every Monday."*

What happens under the hood:

• PII stripped locally before any LLM call (Microsoft Presidio)
• Multi-step workflow runs — search → analyze → alert — with anonymized data at every node
• Results re-identified locally, after all LLM reasoning is done
• Dashboard shows cryptographic proof: "47 PII items stripped. 0 transmitted."
• ZK proof anchored on Midnight Network — on-chain, verifiable, no trust required

The Privacy Guarantee

Let $D$ = raw data, $\phi$ = PII stripper, $\tau$ = token map, $\psi$ = re-identifier:

$$\phi(D) = D_{\text{anon}}, \qquad \text{LLM receives only } D_{\text{anon}}$$

$$\text{Output} = \psi!\left(\text{LLM}(D_{\text{anon}}),\ \tau\right)$$

Token map $\tau$ never leaves local context. Integrity across all $n$ workflow nodes:

$$h_1 = h_2 = \cdots = h_n \quad \text{where} \quad h_i = \text{SHA-256}(\text{sorted}(\tau))$$

Audit log is hash-chained — tamper-proof by construction.

How We Built It

Stack at a glance:

User prompt → LLM Router → AgentConfig JSON ↓ Presidio strips PII → token_map (local) ↓ Workflow Executor (DAG, node by node) ↓ Re-identify locally → result ↓ Dashboard + Midnight ZK proof

Key decisions:

• WorkflowState is immutable per node — token map travels with every step, never dropped
• React Flow = view layer only; WorkflowJSON schema is the single source of truth
• LLM router: Groq free tier → BYOK (OpenAI / Anthropic / Gemini) → Ollama local — zero lock-in
• API keys encrypted in localStorage — never touch our database

Challenges

• Token map survival — if it dies after node 1, node 2 gets raw PII silently. Had to make it a first-class citizen of workflow state with hash-proof at every boundary.
• LLM JSON reliability — models hallucinate markdown fences, drop fields. Built a validation + retry loop with strict schema enforcement.
• React Flow schema drift— early builds saved React Flow's internal state directly; backend couldn't parse it. Fixed by defining WorkflowJSON schema first, serializing before save.
• Demo scope— 5-node graph with conditionals confused judges. Cut to 3 nodes, led with the privacy badge and hash proof. Simplicity won.

What We Learned

• Privacy in AI is an 'architecture problem', not a policy one. The guarantee must be structural.
• Cryptographic evidence beats compliance claims every time.
• Immutable workflow state isn't academic — it caught a live data leak bug mid-hackathon.

Built With

Languages:Python 3.11, TypeScript

Backend: FastAPI, SQLModel, SQLite, httpx, Uvicorn

Frontend:Next.js 14, React Flow, Tailwind CSS

Privacy: Microsoft Presidio + spaCy, SHA-256 hash chaining, localStorage key encryption

Blockchain: Midnight Network (ZK proof, Compact smart contract, testnet)

LLM / AI: Groq API (Llama3-70b), Ollama (Mistral), OpenAI / Anthropic / Gemini (BYOK)

APIs: Brave Search (free tier), DuckDuckGo HTML fallback, Resend (email)

What's next for Aegis

What's Next for Aegis

• Full ZK proving pipeline— move from commitment anchoring to live proof generation with a local proof daemon and Lace wallet signing
• Audio input node — Whisper (local) for voice-driven agents like Clinical Scribe, no third-party API touching the audio
• More nodes — Vector Search, PDF Extractor, Google Sheets, Loop
• Vertical templates — one-click agent workflows for Medical, Legal, and Finance with privacy rules pre-baked
• On-chain agent registry — each deployed agent gets its own private Midnight contract address; the user owns it, not the platform
• Aegis SDK — let other developers embed privacy-preserving workflows into their own products

Built With

• compact-smart-contract
• duckduckgo-html-fallback
• httpx
• languages:python-3.11
• localstorage-key-encryption-blockchain:-midnight-network-(zk-proof
• ollama-(mistral)
• openai-/-anthropic-/-gemini-(byok)-apis:-brave-search-(free-tier)
• react-flow
• render
• sha-256-hash-chaining
• sqlite
• sqlmodel
• tailwind-css-privacy:-microsoft-presidio-+-spacy
• testnet)-llm-/-ai:-groq-api-(llama3-70b)
• typescript-backend:-fastapi
• uvicorn-frontend:next.js-14
• vercel