docs: integrate CSA AAGATE and refine MCP sections in README

ramkri123 · ramkri123 · commit 6cb983332469 · 2026-01-26T06:39:47.000+01:00
diff --git a/README.md b/README.md
@@ -135,6 +135,7 @@ AegisSovereignAI is designed to be framework-agnostic, serving as a secure execu
 | **LangGraph** | **Just-in-Time Policy Enforcement:** Prevents agentic drift or PII leakage across complex, multi-step workflows. | **Automated Kill-Switch (Hardware-Triggered):** Fuses the agent session with a silicon-rooted SVID (SPIFFE Verifiable Identity Document) (Layer 2). Session inputs and outputs are verified via privacy-preserving "Batch & Purge" (Layer 3) before final delivery — proofs are generated over the complete session, not per-step. Unlike software-level policies, this cannot be bypassed if the OS is compromised. |
 | **KAgentI (Sovereign MCP Client)** | **Replay-Proof Agent & Tool Authorization:** Standard MCP implementations rely on replayable Bearer Tokens. Aegis ensures each agent invocation and subsequent MCP tool call is bound to the physical silicon, preventing token replay, impersonation, and "Shadow AI" tool discovery. | **Hardware-Rooted SVID:** Extends KAgentI's native SPIRE support by binding SVIDs to TPM-attested credentials and privacy-preserving geolocation (Layer 2). This ensures the agent identity is cryptographically bound to a specific node, protecting the complete MCP tool execution chain from the orchestrator to the data source. |
 | **Legacy Systems (via Sovereign MCP Gateway)** | **No-Rewrite Legacy Integration:** Provides a secure bridge to internal JPMC tools that do not natively support hardware attestation or the MCP protocol. | **Sovereign Proxy Pattern:** Aegis acts as a Sovereign MCP Gateway—a "Trust Wrapper" around legacy APIs. It performs the silicon-rooted handshake and residency check (Reg-K) on behalf of the legacy tool, ensuring context is only released to verified agents in verified "Green Zones." |
+| **CSA AAGATE** | **Continuous NIST AI RMF Alignment:** Provides a Kubernetes-native control plane for AI governance, operationalizing the NIST AI RMF through policy-based trusted execution. | **DID-to-Silicon Anchor:** AegisSovereignAI anchors CSA AAGATE's Decentralized Identifier (DID) based identity to the physical TPM (Layer 1). This ensures that governance decisions and agent access controls are cryptographically bound to hardware-verified platforms, preventing "Ghost Gateways" and ensuring policy enforcement is anchored in verifiable silicon. |
 
 ## Technical & Auditor Resources
 
