AI Safety for Families - Privacy-first parental controls for AI chatbots.
Aegis protects children using AI chatbots (ChatGPT, Claude, Gemini, etc.) by:
- Blocking harmful prompts (jailbreaks, inappropriate content)
- Enforcing time limits per user profile
- Logging activity for parental review
All processing is local. No cloud. No data collection.
- Tiered Classification: Fast keyword matching + ML-based analysis
- User Profiles: Different rules per child (linked to OS username)
- Two Interception Modes:
- Browser Extension (Chrome) - browser only
- MITM Proxy - all applications
- Parent Dashboard: View logs, manage rules, configure profiles
- System Tray: Quick status and controls
- Desktop Notifications: Alerts when content is blocked
Download the installer for your platform from the Releases page:
| Platform | Installer |
|---|---|
| Windows | aegis-x.x.x.msi |
| macOS | aegis-x.x.x.dmg |
| Linux | aegis-x.x.x.deb / .rpm |
Run the installer and follow the first-run setup wizard.
# Clone the repository
git clone https://github.com/your-org/aegis.git
cd aegis
# Build
cargo build --release
# Run
./target/release/aegisOnly intercepts browser traffic. Simpler setup, no certificate installation required.
The extension monitors AI chatbot sites and filters prompts before they're sent.
Supported Sites:
- ChatGPT (chatgpt.com, chat.openai.com)
- Claude (claude.ai)
- Google Gemini (gemini.google.com)
- Microsoft Copilot (copilot.microsoft.com)
- Bing Chat (bing.com/chat)
- Perplexity (perplexity.ai)
- Poe (poe.com)
Supported Browsers:
- Google Chrome
- Microsoft Edge
- Brave
- Opera
- Vivaldi
- Other Chromium-based browsers
Intercepts all application traffic (browsers, desktop apps, CLI tools).
Requires:
- CA certificate installation (for HTTPS interception)
- System proxy configuration
The setup wizard handles this automatically, but see below for manual setup.
The Aegis browser extension is included with the desktop application installer.
| Platform | Extension Path |
|---|---|
| Windows | C:\Program Files\Aegis\extension\ |
| macOS | /Applications/Aegis.app/Contents/Resources/extension/ |
| Linux | /opt/aegis/extension/ or /usr/share/aegis/extension/ |
- Open your browser (Chrome, Edge, Brave, etc.)
- Type in the address bar:
chrome://extensions- For Edge, use:
edge://extensions - For Brave, use:
brave://extensions
- For Edge, use:
- Press Enter
Note: You must type this URL manually. Browser security prevents opening
chrome://URLs from links.
- Find the "Developer mode" toggle in the top-right corner
- Turn it ON
- Click "Load unpacked" button (appears after enabling Developer mode)
- Navigate to the Aegis extension folder:
- Windows:
C:\Program Files\Aegis\extension - macOS:
/Applications/Aegis.app/Contents/Resources/extension - Linux:
/opt/aegis/extension
- Windows:
- Select the folder and click "Select Folder" (Windows) or "Open" (macOS/Linux)
- The Aegis extension icon should appear in your browser toolbar
- Click the icon to see the connection status
- Status should show "Connected" when Aegis is running
Edge also supports loading extensions from the Chrome Web Store:
- Go to
edge://extensions - Enable "Allow extensions from other stores" at the bottom
- You can then install Aegis from the Chrome Web Store (when available)
Firefox uses a different extension format. A Firefox-compatible version will be available on Firefox Add-ons (when released).
- Ensure Aegis desktop app is running (check system tray)
- The extension connects to
http://127.0.0.1:48765 - Restart the browser if the connection doesn't establish
- Verify you're on a supported AI chatbot site
- Check that filtering is enabled in the Aegis dashboard
- Ensure the user profile has filtering rules configured
- Make sure Developer mode is enabled (toggle in top-right)
If the extension folder is empty or missing files:
- Reinstall Aegis and ensure the "Browser Extension" feature is selected
- Required files:
manifest.json,popup.html,popup.css,overlay.css,dist/content.js,dist/background.js,dist/popup.js,icons/
On Windows, if you can't access C:\Program Files\Aegis\extension:
- Copy the extension folder to your Documents folder
- Load the extension from the copied location
The Aegis CA certificate is located at:
- Windows:
%APPDATA%\aegis\Aegis\data\ca\aegis-ca.crt - macOS:
~/Library/Application Support/com.aegis.Aegis/data/ca/aegis-ca.crt - Linux:
~/.local/share/aegis/Aegis/data/ca/aegis-ca.crt
Option 1: Machine Store (all users, requires admin)
# Run PowerShell as Administrator
certutil -addstore Root "%APPDATA%\aegis\Aegis\data\ca\aegis-ca.crt"Option 2: User Store (current user only)
certutil -addstore -user Root "%APPDATA%\aegis\Aegis\data\ca\aegis-ca.crt"Option 3: GUI Method
- Double-click the
aegis-ca.crtfile - Click "Install Certificate..."
- Select "Local Machine" (all users) or "Current User"
- Select "Place all certificates in the following store"
- Click "Browse" and select "Trusted Root Certification Authorities"
- Click "Next" then "Finish"
Command Line:
# Machine store (requires admin)
certutil -delstore Root "Aegis Root CA"
# User store
certutil -delstore -user Root "Aegis Root CA"GUI Method:
- Press
Win+R, typecertmgr.msc, press Enter - Navigate to "Trusted Root Certification Authorities" > "Certificates"
- Find "Aegis Root CA", right-click and delete
Option 1: System Keychain (all users, requires admin password)
sudo security add-trusted-cert -d -r trustRoot \
-k /Library/Keychains/System.keychain \
~/Library/Application\ Support/com.aegis.Aegis/data/ca/aegis-ca.crtOption 2: User Keychain (current user only)
security add-trusted-cert -r trustRoot \
-k ~/Library/Keychains/login.keychain-db \
~/Library/Application\ Support/com.aegis.Aegis/data/ca/aegis-ca.crtGUI Method:
- Double-click the
aegis-ca.crtfile (opens Keychain Access) - Add to "System" keychain (all users) or "login" keychain (current user)
- Find the certificate, double-click it
- Expand "Trust" section
- Set "When using this certificate" to "Always Trust"
- Close and enter your password
Command Line:
# System keychain (requires admin)
sudo security delete-certificate -c "Aegis Root CA" /Library/Keychains/System.keychain
# User keychain
security delete-certificate -c "Aegis Root CA" ~/Library/Keychains/login.keychain-dbGUI Method:
- Open "Keychain Access" (Applications > Utilities)
- Search for "Aegis Root CA"
- Right-click and delete
Debian/Ubuntu:
sudo cp ~/.local/share/aegis/Aegis/data/ca/aegis-ca.crt \
/usr/local/share/ca-certificates/aegis-ca.crt
sudo update-ca-certificatesFedora/RHEL/CentOS:
sudo cp ~/.local/share/aegis/Aegis/data/ca/aegis-ca.crt \
/etc/pki/ca-trust/source/anchors/aegis-ca.crt
sudo update-ca-trust extractArch Linux:
sudo cp ~/.local/share/aegis/Aegis/data/ca/aegis-ca.crt \
/etc/ca-certificates/trust-source/anchors/aegis-ca.crt
sudo trust extract-compatDebian/Ubuntu:
sudo rm /usr/local/share/ca-certificates/aegis-ca.crt
sudo update-ca-certificates --freshFedora/RHEL/CentOS:
sudo rm /etc/pki/ca-trust/source/anchors/aegis-ca.crt
sudo update-ca-trust extractArch Linux:
sudo rm /etc/ca-certificates/trust-source/anchors/aegis-ca.crt
sudo trust extract-compatFirefox uses its own certificate store. To add the CA:
- Open Firefox Settings > Privacy & Security
- Scroll to "Certificates" and click "View Certificates..."
- Go to "Authorities" tab
- Click "Import..." and select
aegis-ca.crt - Check "Trust this CA to identify websites"
- Click OK
To remove: Find "Aegis Root CA" in the list and click "Delete or Distrust..."
Aegis proxy listens on 127.0.0.1:8766 by default.
PowerShell:
# Enable proxy
$regPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Set-ItemProperty -Path $regPath -Name ProxyEnable -Value 1
Set-ItemProperty -Path $regPath -Name ProxyServer -Value "127.0.0.1:8766"
Set-ItemProperty -Path $regPath -Name ProxyOverride -Value "<local>"GUI Method:
- Open Settings > Network & Internet > Proxy
- Under "Manual proxy setup", turn on "Use a proxy server"
- Address:
127.0.0.1 - Port:
8766 - Check "Don't use the proxy server for local addresses"
- Click Save
PowerShell:
$regPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Set-ItemProperty -Path $regPath -Name ProxyEnable -Value 0GUI Method:
- Open Settings > Network & Internet > Proxy
- Turn off "Use a proxy server"
# Find your network service (usually "Wi-Fi" or "Ethernet")
networksetup -listallnetworkservices
# Enable HTTP proxy
networksetup -setwebproxy "Wi-Fi" 127.0.0.1 8766
networksetup -setwebproxystate "Wi-Fi" on
# Enable HTTPS proxy
networksetup -setsecurewebproxy "Wi-Fi" 127.0.0.1 8766
networksetup -setsecurewebproxystate "Wi-Fi" onGUI Method:
- Open System Preferences > Network
- Select your network (Wi-Fi or Ethernet)
- Click "Advanced..." > "Proxies" tab
- Check "Web Proxy (HTTP)" and "Secure Web Proxy (HTTPS)"
- Set server to
127.0.0.1and port to8766 - Click OK, then Apply
networksetup -setwebproxystate "Wi-Fi" off
networksetup -setsecurewebproxystate "Wi-Fi" offGUI Method:
- Open System Preferences > Network
- Select your network
- Click "Advanced..." > "Proxies" tab
- Uncheck "Web Proxy (HTTP)" and "Secure Web Proxy (HTTPS)"
- Click OK, then Apply
gsettings set org.gnome.system.proxy mode 'manual'
gsettings set org.gnome.system.proxy.http host '127.0.0.1'
gsettings set org.gnome.system.proxy.http port 8766
gsettings set org.gnome.system.proxy.https host '127.0.0.1'
gsettings set org.gnome.system.proxy.https port 8766GUI Method (GNOME):
- Open Settings > Network > Network Proxy
- Select "Manual"
- Set HTTP and HTTPS Proxy to
127.0.0.1port8766
- Open System Settings > Network Settings > Proxy
- Select "Use manually specified proxy configuration"
- Set HTTP and HTTPS proxy to
127.0.0.1:8766
Add to ~/.bashrc or /etc/environment:
export http_proxy="http://127.0.0.1:8766"
export https_proxy="http://127.0.0.1:8766"
export HTTP_PROXY="http://127.0.0.1:8766"
export HTTPS_PROXY="http://127.0.0.1:8766"
export no_proxy="localhost,127.0.0.1"gsettings set org.gnome.system.proxy mode 'none'Remove or comment out the proxy lines from ~/.bashrc or /etc/environment.
- Ensure the CA certificate is installed in the correct store
- Restart your browser after installing the certificate
- Firefox requires separate certificate installation (see above)
- Verify Aegis is running (check system tray)
- Ensure proxy is configured to
127.0.0.1:8766 - Some applications ignore system proxy settings and need manual configuration
- Check that the database path is writable
- Logs are stored in
%APPDATA%\aegis\aegis\data\aegis.db(Windows) or equivalent
See CLAUDE.md for development workflow.
# Build
cargo build
# Run tests
cargo test
# Lint
cargo clippy -- -D warnings
# Format
cargo fmt
# Run in debug mode (shows console)
cargo run -- --debug --no-trayaegis-core - Classification, rules, profiles, auth
aegis-proxy - MITM proxy, TLS, interception
aegis-server - HTTP API for extension
aegis-storage - SQLite persistence
aegis-ui - Parent dashboard (Dioxus)
aegis-tray - System tray
aegis-app - Main binary
MIT