Vigils offers a local-first control plane for AI agents, providing oversight and security for their interactions with external tools, files, and APIs. It targets developers and power users concerned about the risks of AI agent execution, ensuring that sensitive data, prompts, and audit trails remain exclusively on the user's machine, thereby enhancing control and privacy.

How It Works

Vigils employs a layered architecture built primarily in Rust, composed of specialized crates that manage distinct security functions. The system acts as an intermediary between AI agents and their target resources, enforcing four core guarantees: visibility via a tamper-evident audit ledger, granular approval for sensitive actions, robust redaction of secrets and PII before data reaches models or logs, and containment through a fail-closed sandbox runner. This approach leverages a default-deny firewall, a policy DSL, and scoped grants to meticulously control agent behavior.

Quick Start & Requirements

Pre-built installers and binaries for Windows, macOS, and Linux are available via GitHub Releases. For source builds, a recent stable Rust toolchain and Node.js 20+ are required; Linux builds necessitate GTK/WebKit development packages. A zero-setup evaluation is possible with vigil-hub demo, while integrating with Claude Code involves vigil-hub setup. Early releases are unsigned, potentially triggering OS security prompts.

• Website: https://vigils.ai
• Documentation: https://duncatzat.github.io/vigils/

Highlighted Details

• Tamper-Evident Audit Ledger: Utilizes SQLite with SHA-256 hash chaining for a verifiable record of all agent actions, searchable via FTS5.
• Default-Deny Firewall & Approval Queue: Enforces agent actions through a Rust policy DSL, pausing destructive or sensitive calls for human review with scoped grants.
• Secret & PII Redaction: Employs fingerprint rules and an optional ML ensemble to strip sensitive data before it's logged or displayed.
• Sandbox Runner: Executes tools in isolated Wasm or native environments, using Linux Landlock for filesystem isolation and clearing inherited environments.
• Desktop App & Browser Extension: Provides a Tauri-based GUI for monitoring and control, and a Chrome MV3 extension for real-time redaction on AI websites.

Maintenance & Community

The project emphasizes bilingual (English/Chinese) documentation and provides clear contribution guidelines, including code formatting and linting checks. Specific details on core maintainers, community channels (like Discord/Slack), or sponsorship are not explicitly detailed in the README.

Licensing & Compatibility

Vigils is licensed under the Apache-2.0 license. This permissive license generally allows for commercial use and integration into closed-source projects, with standard attribution and notice requirements.

Limitations & Caveats

Early releases are unsigned, requiring users to bypass OS security warnings. Building on Linux requires specific development packages. Security vulnerabilities should be reported privately via SECURITY.md, not through public issues. The project's reliance on specific OS features (like Linux Landlock) may affect cross-platform consistency in sandboxing capabilities.