Installing the command-line executable
Assuming you have Rust/Cargo installed , run this command in a terminal:
cargo install aegis-seal-gatewayIt will make the aegis-seal-gateway command available in your PATH if you've allowed the PATH to be modified when installing Rust . cargo uninstall aegis-seal-gateway uninstalls.
Back to the crate overview .
Readme
aegis-seal-gateway
Standalone SEAL tooling gateway.
Features
Workflow-first macro tools (ToolWorkflow
SEAL envelope verification for invocation endpoint
Control-plane CRUD for API specs, workflows, and ephemeral CLI tools
API Explorer with JSONPath response slicing
Ephemeral CLI invocation in Docker with semantic gating
SQLite-first persistence for standalone deployment
API
POST / v1/ specsGET / v1/ specsGET / v1/ specs/ { id} DELETE / v1/ specs/ { id} POST / v1/ workflowsGET / v1/ workflowsGET / v1/ workflows/ { id} PUT / v1/ workflows/ { id} DELETE / v1/ workflows/ { id} POST / v1/ cli- toolsGET / v1/ cli- toolsDELETE / v1/ cli- tools/ { name} POST / v1/ seal/ sessionsPOST / v1/ security- contextsGET / v1/ security- contextsGET / v1/ security- contexts/ { name} GET / v1/ toolsPOST / v1/ explorerPOST / v1/ invokeGET /
Configuration
The gateway uses a Kubernetes-style YAML manifest:
File name: seal- gateway- config. yaml
API version: seal. 100monkeys. ai/ v1
Kind: SealGatewayConfig
Discovery order:
SEAL_GATEWAY_CONFIG_PATH ./seal-gateway-config.yaml ~/.aegis/seal-gateway-config.yaml /etc/aegis/seal-gateway-config.yaml ProgramData\\Aegis\\seal- gateway- config. yaml
Environment variables are supported as runtime overrides (same names as before).
YAML Example
apiVersion : seal.100monkeys.ai/v1
kind : SealGatewayConfig
metadata :
name : aegis-seal-gateway
version : " 1.0.0" spec :
network :
bind_addr : " 0.0.0.0:8089" grpc_bind_addr : " 0.0.0.0:50055" database :
url : " sqlite://gateway.db" auth :
disabled : false
operator_jwks_uri : " https://auth.example.com/realms/aegis/protocol/openid-connect/certs" jwks_cache_ttl_secs : 300
operator_jwt_issuer : " aegis-keycloak" operator_jwt_audience : " aegis-seal-gateway" seal_jwt_public_key_pem : " " seal_jwt_issuer : " aegis-orchestrator" seal_jwt_audience : " aegis-agents" credentials :
openbao_addr : null
openbao_token : null
openbao_kv_mount : " secret" keycloak_token_exchange_url : null
keycloak_client_id : null
keycloak_client_secret : null
cli :
semantic_judge_url : null
nfs_server_host : " 127.0.0.1" nfs_port : 2049
nfs_mount_port : 20048
ui :
enabled : true
Environment Overrides
SEAL_GATEWAY_BIND 0. 0 . 0. 0 : 8089 SEAL_GATEWAY_GRPC_BIND 0. 0 . 0. 0 : 50055 SEAL_GATEWAY_DB sqlite: // gateway.db SEAL_GATEWAY_OPERATOR_JWKS_URI SEAL_GATEWAY_JWKS_CACHE_TTL_SECS SEAL_GATEWAY_OPERATOR_JWT_ISSUER aegis-keycloak SEAL_GATEWAY_OPERATOR_JWT_AUDIENCE aegis-seal-gateway SEAL_GATEWAY_SEAL_JWT_PUBLIC_KEY_PEM SEAL_GATEWAY_SEAL_JWT_ISSUER aegis-orchestrator SEAL_GATEWAY_SEAL_JWT_AUDIENCE aegis-agents SEAL_GATEWAY_AUTH_DISABLED false SEAL_GATEWAY_OPENBAO_ADDR SystemJit StaticRef SEAL_GATEWAY_OPENBAO_TOKEN SystemJit StaticRef SEAL_GATEWAY_OPENBAO_KV_MOUNT secret SEAL_GATEWAY_KEYCLOAK_TOKEN_EXCHANGE_URL HumanDelegated SEAL_GATEWAY_KEYCLOAK_CLIENT_ID HumanDelegated SEAL_GATEWAY_KEYCLOAK_CLIENT_SECRET HumanDelegated SEAL_GATEWAY_SEMANTIC_JUDGE_URL require_semantic_judge= true SEAL_GATEWAY_UI_ENABLED true false SEAL_GATEWAY_NFS_HOST 127. 0 . 0. 1 SEAL_GATEWAY_NFS_PORT 2049 SEAL_GATEWAY_NFS_MOUNT_PORT 20048 SEAL_GATEWAY_CONFIG_PATH
Run
cargo run
The binary serves:
HTTP control/invocation API on SEAL_GATEWAY_BIND
gRPC ToolWorkflowService GatewayInvocationService SEAL_GATEWAY_GRPC_BIND
License
AGPL-3.0. See LICENSE for details.