Why AEGIS?

Decentralized infrastructure that eliminates single points of failure

Censorship Resistant

No single point of control. Content served from thousands of independent nodes worldwide ensures your data stays accessible, always.

Lightning Fast

BGP Anycast routing connects users to the nearest edge node. Rust-powered Pingora proxy delivers lt 60ms TTFB with zero-downtime upgrades.

Enterprise Security

eBPF/XDP DDoS protection at kernel level. OWASP-compliant WAF running in isolated Wasm sandboxes. Memory-safe Rust throughout.

Decentralized CDN

Content delivery without central control. Deploy static sites for free.

1

Initialize

aegis-cdn init my-site

2

Deploy

aegis-cdn deploy public/

3

IPFS Distribution

Content-addressed storage

4

Global Edge

Served from nearest node

IPFS Storage

Content stored on IPFS with content-addressed CIDs. No central server can block or censor your content.

Multi-tier CDN fallback: local cache, IPFS node, public gateways

Free Static Hosting

Deploy HTML, CSS, JS, and images without $AEGIS tokens. No subscription fees for static content.

Optional: Filecoin pinning for guaranteed long-term storage

Security by Default

Every deployment includes WAF protection and bot management. No extra configuration needed.

Route-based module pipelines for custom security rules

Terminal

# Initialize a new project

$ aegis-cdn init my-website

# Deploy to the decentralized CDN

$ aegis-cdn deploy public/

IPFS CID: QmXyz...abc123

Gateway: https://ipfs.io/ipfs/QmXyz...

Deployment complete!

Decentralized DNS

Authoritative DNS with DNSSEC, DoH/DoT support, and intelligent geo-routing

Authoritative DNS

Full authoritative DNS server built on Hickory DNS (Rust). Support for A, AAAA, CNAME, MX, TXT, NS, SOA, CAA, and SRV records.

Just point your nameservers to AEGIS and we handle the rest

DNSSEC Signing

Cryptographic signatures on all DNS responses using Ed25519. Automatic key generation, RRSIG records, and DS record export for registrars.

One-click DNSSEC enablement with automatic re-signing

Encrypted DNS

DNS over HTTPS (DoH) and DNS over TLS (DoT) support for privacy. ISPs and attackers cannot snoop on your DNS queries.

RFC 8484 compliant DoH endpoint at /dns-query

Intelligent Geo-Routing

DNS queries automatically return the IP of the nearest healthy edge node based on client location

GeoIP Resolution

MaxMind GeoLite2 database for accurate client location detection

Health-Aware Routing

Automatic failover to healthy nodes, unhealthy nodes excluded from responses

Low Latency

Haversine distance calculation returns the 3 nearest edge nodes

Full Management API

Complete REST API for DNS zone and record management with TypeScript SDK

Zone Management

Create, update, delete zones with SQLite persistence

Record CRUD

Full record management with TTL and priority support

Analytics

Query statistics, per-zone metrics, and traffic insights

Terminal - DNS Management

# Create a new DNS zone

$ aegis-cli dns create-zone --domain example.com --proxied

Zone created: example.com

Nameservers: ns1.aegis.network, ns2.aegis.network

# Add an A record

$ aegis-cli dns add-record -d example.com -n www -t A -v 192.168.1.1

# Enable DNSSEC

$ aegis-cli dns enable-dnssec --domain example.com

DNSSEC enabled!

DS Record: example.com. IN DS 12345 15 2 abc123...

Technology Stack

Memory-safe architecture designed to eliminate failure modes

The Data Plane

High-performance request processing optimized for speed and reliability

Pingora Proxy (Rust)

Multi-threaded reverse proxy with work-stealing, connection reuse, TLS 1.3 termination

DragonflyDB Cache

Multi-threaded Redis replacement with 25x throughput, Dash-table indexing

Cilium (eBPF/XDP)

Kernel-level DDoS mitigation, drops malicious packets at NIC driver (nanosecond latency)

Coraza WAF (Wasm)

OWASP CRS-compatible firewall in isolated sandbox, protects against SQLi, XSS, Layer 7 attacks

The Control Plane

Orchestration and state management with fault isolation

K3s (Lightweight K8s)

Single <100MB binary, manages River, DragonflyDB, BIRD across global fleet

FluxCD + Flagger

GitOps config sync, progressive canary deployments with auto-rollback on errors

CRDTs + NATS JetStream

Eventual consistency for distributed state, active-active replication, leaf nodes operate autonomously

Solana Blockchain

Node registry, staking, rewards, DAO governance - all on-chain with fast, low-cost transactions

Performance Benchmarks

Sub-microsecond response times. Benchmarked with Criterion.

1.5μs

WAF Analysis

66x faster than 100μs target

65ns

Route Matching

Pre-compiled regex patterns

23ns

CRDT Increment

Distributed state sync

103ns

Cache Key Gen

DragonflyDB operations

Sprint 25 Benchmark Results

Criterion benchmarks on Apple M-series, compiled with --release

Operation	Time	Target	Status
WAF Clean Request	1.51 μs	<100 μs	66x FASTER
WAF SQLi Detection	2.44 μs	<100 μs	41x FASTER
Compiled Route Match (Regex)	65 ns	<1 μs	15x FASTER
Compiled Route Match (Exact)	18 ns	<1 μs	55x FASTER
CRDT Increment	23 ns	<1 μs	43x FASTER
CRDT Merge	46 ns	<1 μs	21x FASTER
Cache Key Generation	103 ns	<1 μs	9x FASTER
Cache-Control Parse	269 ns	<1 μs	3x FASTER

All targets exceeded. Benchmarks run on every PR via GitHub Actions CI.

View Benchmark Code →

Pre-compiled Regex

Route patterns compiled once at load, cached with Arc<Regex>. 1,770x faster than runtime compilation.

Lock-Free CRDTs

Conflict-free replicated data types enable sub-microsecond distributed state operations.

Rust + Wasm

Memory-safe code with zero-cost abstractions. WAF runs in isolated Wasm sandbox with fuel limits.

$AEGIS Economy

Sustainable tokenomics powering the decentralized edge

Service Consumers

Developers & Enterprises

Pay $AEGIS for CDN, DDoS protection, edge compute

DAO Treasury

Smart Contract Vault

Distributes rewards, funds development, governance-controlled

Node Operators

Hardware Contributors

Earn rewards for uptime, performance, and staking $AEGIS

Service Consumers pay fees → Treasury distributes → Node Operators earn rewards → Ecosystem grows

1B

Total Supply

Fixed supply, deflationary mechanics

100

Min Stake

AEGIS tokens required to run a node

7d

Cooldown

Unstaking period for security

Smart Contracts on Solana Devnet

$AEGIS Token

SPL Token Program

9uVLmgqJz3nYcCxHVSAJA8bi6412LEZ5uGM5yguvKHRq

Node Registry

On-chain node registration

4JRL443DxceXsgqqxmBt4tD8TecBBo9Xr5kTLNRupiG6

Staking

Security bonds & rewards

EpkFmmfbR8HVDyJ1EZoWjM9WFuVDt4kXmVTvgkzxvr1N

Rewards

Performance-based distribution

8nr66XQcjr11HhMP9NU6d8j5iwX3yo59VDawQSmPWgnK

DAO Governance

Proposals, voting, treasury

9zQDZPNyDqVxevUAwaWTGGvCGwLSpfvkMn6aDKx7x6hz

All contracts deployed and verified on Solana Devnet. Click any address to view on Solana Explorer.

Development Roadmap

Building the future of decentralized edge infrastructure

Phase 1: Foundation

✓ COMPLETE

Sprints 1-6 | 100% Complete

5 Smart Contracts Deployed

600+ Tests Passing

HTTP/HTTPS Proxy with Caching

CLI Tool Integration

Phase 2: Security & State

✓ COMPLETE + FINAL POLISH

Sprints 7-13.5 | 100% Complete (8 of 8) | Protocol & State Integrity

eBPF/XDP DDoS Protection (TCP+UDP)

WAF with Body Inspection

Bot Management (Wasm)

IP Spoofing Protection (X-Forwarded-For)

P2P Threat Intel + Persistent Blocklist

CRDTs + NATS (Auto-Cleanup)

Verifiable Analytics

Phase 3: Edge Compute & Governance

✓ COMPLETE

Sprints 13-19.5 | 100% Complete | Edge Functions + DAO + DDoS Dashboard

Wasm Edge Functions Runtime

Route-based Module Dispatch

IPFS/Filecoin CDN Integration

DAO Governance Contracts

DAO SDK, CLI & dApp

DDoS Protection Dashboard

Phase 4: Advanced Security & Launch

92% COMPLETE

Sprints 19-30 | Cloudflare Parity + Mainnet

TLS Fingerprinting (JA3/JA4)

JavaScript Challenges (Turnstile-like)

Behavioral Analysis & Trust Scoring

Enhanced WAF (OWASP CRS + ML)

API Security Suite (JWT/OAuth)

Security Audit & Hardening

Performance Benchmarking

Mainnet Launch & TGE

Join the Decentralized
Edge Revolution

Help build the future of internet infrastructure. Run a node, earn rewards, and be part of the community-owned network.

View on GitHub Read Documentation

Unstoppable Edge.Community-Owned CDN.