Open Source Endpoint Detection Response

Plano is an AI agent orchestrator and LLM gateway proxy that unifies access to multiple AI providers through a single interoperable interface. It functions as a model routing engine that decouples applications from specific vendors using semantic aliases, allowing traffic to be shifted between providers without modifying application code. The system distinguishes itself with intent-based agent routing, which directs prompts to specialized agents based on semantic analysis. It features an interceptor-based filter chain system that acts as guardrail middleware to enforce safety policies, rewrite prompts, and validate inputs before they reach a model. The project covers a broad operational surface, including automated OpenTelemetry-driven observability for tracing agentic signals, conversational state management for session affinity, and reliability tools such as automatic model fallbacks and endpoint load balancing. It also provides capabilities for converting natural language into structured backend function calls. The server can be deployed as a containerized image in Docker or Kubernetes.

This project is a comprehensive software observability suite and application performance monitoring platform designed to track runtime errors, performance bottlenecks, and system health. It functions as a centralized diagnostic service that aggregates and categorizes exceptions, providing the infrastructure necessary to visualize complex execution paths across distributed systems and microservices. The platform distinguishes itself through a high-throughput distributed event ingestion pipeline and a columnar storage analytics engine that enables rapid aggregation of large-scale performance metrics. It utilizes runtime-level instrumentation hooks to capture execution data directly from the host environment and employs symbolication-based stack trace resolution to map minified code or raw memory addresses back to original source files. Furthermore, the system includes specialized capabilities for monitoring the operational performance of AI agents and ensuring sensitive data compliance through schema-driven scrubbing of incoming event payloads. Beyond core error tracking and tracing, the platform supports a wide range of programming languages and frameworks, allowing for consistent visibility across diverse software architectures. It integrates with external services to automate incident response workflows and provides a command-line interface for managing releases, debug symbols, and project configurations. The system also features a modular, plugin-based architecture that facilitates connectivity with third-party tools for issue tracking and alerting.

Langroid is a multi-agent orchestration framework and tool integration suite designed for building complex AI applications. It serves as a multi-modal integration layer that connects diverse local and remote language models with an agentic retrieval-augmented generation system. The project distinguishes itself through a collaborative message-exchange paradigm, allowing specialized agents to delegate tasks hierarchically and coordinate via structured communication. It features an advanced state management system for conversational AI, including the ability to rewind and prune conversation history to correct errors and optimize token usage. The framework provides a broad set of capabilities for grounding model responses in factual data using vector databases, graph databases, and tabular datasets. It includes a schema-driven tool execution system that binds models to Python functions and external protocol servers, as well as a comprehensive observability suite for tracing message lineage and monitoring reasoning paths. The library provides installation guidance via import errors when optional dependencies are missing.

The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to manage high-performance, concurrent network connections and features a transport-agnostic communication layer that abstracts protocols to maintain persistent command and control. Users can extend the core functionality through a plugin system and define complex exploit logic using a domain-specific language. The framework provides robust capabilities for remote payload management, including the configuration of network settings like sleep intervals and timeout thresholds. It maintains state persistence across long-running sessions by storing discovered host information and vulnerability data in a relational database. The software is designed for cross-platform deployment, with installation support available for Linux, macOS, and Windows environments.

Parlant is an agentic workflow engine and orchestration framework designed for building conversational AI that adheres to strict behavioral guidelines. It provides a platform for managing multi-turn interactions through state-machine-based logic, allowing developers to define complex, hierarchical conversational flows that can adapt, skip, or revisit steps based on real-time user input. The framework distinguishes itself through its focus on behavioral governance and observability. It enables developers to define precise domain terminology and enforce instruction compliance through prioritized guidelines, ensuring that agents remain consistent and brand-aligned. To maintain transparency, the system includes built-in reasoning audits and decision tracing, which log internal decision paths and guideline matches to help developers troubleshoot agent behavior and refine instructions. Beyond core orchestration, the platform supports a wide range of operational capabilities, including tool execution middleware, dynamic data injection, and event-driven hooks for external integrations. It manages the full interaction lifecycle, from intent disambiguation and session context maintenance to frontend metadata attachment and response streaming. These features allow for the creation of context-aware interfaces that remain grounded in current information while providing a responsive user experience.

This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory access and instruction-set-aware disassembly to translate machine code into readable assembly. These capabilities facilitate specialized tasks such as malware reverse engineering, software vulnerability research, and the analysis of complex system crashes. The platform includes a modular plugin architecture that enables the integration of external libraries for custom analysis and automation. It also features memory-mapped symbol resolution to correlate machine addresses with source code labels, assisting in the interpretation of internal application logic.

Goose is an extensible agentic AI platform designed for autonomous task orchestration and developer-centric assistance. It provides a workflow engine that manages complex, multi-step objectives by delegating tasks to specialized subagents, all while maintaining stateful session continuity. The system is built to integrate directly into terminal and coding environments, allowing for automated file manipulation and context-aware interaction. The platform distinguishes itself through a secure, sandboxed runtime environment that enforces granular permission controls and policy-driven guardrails. By utilizing a standardized protocol-based architecture, it allows users to connect external tools, services, and third-party models as modular extensions. This framework supports the creation of reproducible automation recipes, which can be configured, shared, and executed to standardize recurring workflows across different projects. Beyond its core orchestration capabilities, the system includes comprehensive developer tooling for session management, interaction logging, and terminal-based interfaces. It supports advanced automation tasks, including browser-based testing and external service integration, through a flexible extension lifecycle that allows for dynamic toolset adjustments during active sessions.

jetson-inference is a set of libraries and tools for executing optimized deep learning models on embedded GPU hardware. Its primary purpose is to enable real-time computer vision and AI inference at the edge with low latency and high throughput. The project distinguishes itself through high-performance streaming analytics and the ability to execute concurrent AI pipelines on auto-grade silicon. It provides specialized support for multi-sensor stream processing, utilizing zero-copy data transport to load camera frames directly into GPU memory. The codebase covers a broad surface of capabilities, including real-time video analytics, object detection and tracking, and image segmentation. It also integrates hardware-accelerated decoding and TensorRT-based inference to optimize model execution on embedded platforms. The project provides a TensorRT inference wrapper and an embedded vision SDK to facilitate the deployment of neural network primitives.

Ghidra is a software reverse engineering suite designed to analyze compiled binaries and reconstruct program logic without access to original source code. It provides an interactive environment for disassembly and decompilation, utilizing a platform-independent intermediate representation to maintain consistency across diverse hardware architectures. The framework supports automated binary analysis through programmatic routines, enabling the investigation of complex code patterns and security indicators. The platform distinguishes itself through a modular architecture that allows for extensive customization. Users can define new processor instruction sets using a dedicated specification language, ensuring support for unique hardware without requiring recompilation. Collaborative analysis is facilitated by a database-backed storage system, while a headless execution mode enables the processing of large binary sets via command-line scripts. The suite includes tools for malware analysis and software vulnerability research, providing capabilities for visual navigation of control flow and the development of custom plugins. Developers can extend the core functionality by injecting specialized analysis routines or user interface components through a standardized discovery mechanism. The project provides comprehensive documentation and build tasks to support the configuration of development workspaces for those contributing to the underlying architecture.

LangChain.js is a framework for building, executing, and monitoring stateful agentic applications. It provides an orchestration engine that models workflows as directed graphs, allowing developers to connect language models, data sources, and external tools into modular, multi-step processes. The platform distinguishes itself through its focus on stateful execution and human-in-the-loop control. It manages agent lifecycles by persisting execution state across threads, enabling fault tolerance and the ability to pause workflows at designated breakpoints for manual review or modification. This architecture supports both autonomous agent orchestration and complex multi-agent systems, with built-in capabilities for streaming real-time execution updates and managing long-term memory. Beyond core orchestration, the project offers a comprehensive suite of tools for the entire application lifecycle. This includes integrated observability for tracing and evaluating agent performance, schema-enforced data serialization for reliable communication, and extensive support for deployment, security, and infrastructure management. The project provides a TypeScript-based software development kit and a command-line interface to facilitate local development, testing, and deployment of agentic workflows.

Gitleaks is a security scanning engine designed to identify hardcoded credentials, API keys, and other sensitive information within version control systems and local file structures. It functions as a static analysis tool that automates the detection of secrets, helping to prevent the accidental exposure of sensitive data during the development lifecycle. The tool distinguishes itself through its ability to perform deep forensic analysis of git history, allowing users to audit entire project timelines or enforce security gates within continuous integration pipelines. It supports complex detection logic through composite rules and provides mechanisms for baseline management, which enables teams to ignore existing findings and focus exclusively on new security risks. By offering pre-commit hook integration and exit-code-based orchestration, it allows for the enforcement of security policies directly within developer workflows and automated build environments. Beyond core scanning, the project provides a broad set of utilities for managing security findings, including support for decoding obfuscated strings, inspecting compressed archives, and filtering results through allowlisting or path exclusions. It facilitates compliance and reporting by exporting structured data, which can be integrated into external dashboards or tracking systems. The tool is built to handle various input sources, including direct file system traversal and standard input streams, ensuring compatibility with diverse development and deployment environments.

OpenEDR is an endpoint detection and response platform designed to collect telemetry and monitor system activity to identify security breaches. It functions as a host-based intrusion detection system and telemetry collector, gathering detailed data on process, network, and file activity. The system includes a dockerized security stack that bundles search, logging, and visualization tools into containers for analyzing endpoint telemetry. It features a security event visualizer that maps process lineage and indexes logs to facilitate root-cause analysis of attacks. The platform provides capabilities for monitoring system API calls, file and registry access, and network traffic. It incorporates security breach detection and alerting through customizable telemetry filtering rules and policy configurations. To maintain system integrity, it employs a dedicated self-protection provider to prevent unauthorized modifications to monitoring agents and configurations.

Glances is a cross-platform system monitoring tool designed to track real-time resource usage and hardware health metrics across diverse computing environments. It functions as a command-line utility that provides a unified view of system performance, identifying bottlenecks and maintaining infrastructure stability through a consistent abstraction layer that translates kernel calls into actionable data. The project distinguishes itself through its distributed capabilities, offering a web-based interface that enables remote access to live performance metrics from any device without requiring direct terminal access. It also operates as a telemetry data exporter, utilizing an export-driven pipeline to stream collected statistics to external databases and monitoring tools for long-term historical analysis. The system supports a modular architecture that allows for extensible data collection through independent scripts. It facilitates remote monitoring by maintaining persistent network connections between lightweight data providers and centralized management interfaces.

Deepeval is a framework for testing and evaluating large language model applications. It provides a suite of tools for executing automated regression tests, validating model output quality against defined standards, and tracing the execution of complex agent workflows. By integrating these capabilities into development pipelines, the platform ensures consistent performance and reliability throughout the software lifecycle. The platform distinguishes itself through its focus on programmatic validation and observability. It utilizes secondary language models to score output quality and employs assertion-driven checks to verify performance thresholds. Beyond standard evaluation, it includes specialized utilities for generating synthetic test data to simulate edge cases and performing security red teaming to identify potential vulnerabilities before deployment. The system covers a broad range of operational needs, including the management of structured evaluation datasets and the instrumentation of multi-step agent interactions for debugging. It supports automated quality gates that can block deployments based on performance metrics, facilitating continuous integration and deployment workflows for intelligent systems.

Netdata is a distributed observability platform designed for real-time infrastructure monitoring and performance tracking. It functions as a high-frequency agent that collects system, container, and application metrics with per-second precision, providing both local visualization and centralized aggregation across complex, multi-cloud environments. The platform distinguishes itself through edge-based intelligence, utilizing local machine learning models to automatically detect performance anomalies without requiring manual configuration or external query engines. Its architecture prioritizes local-first data persistence and secure metadata-only synchronization, ensuring that granular observability data remains on the host while essential system information is routed to a cloud-connected management plane. This hierarchical approach allows for horizontal scaling through parent-child node relationships, enabling unified monitoring and alerting across distributed infrastructure. Beyond core collection and analysis, the system supports automated troubleshooting through natural language querying and intelligent metric correlation. It features a modular data acquisition engine that employs thread-per-core execution for low-latency performance, alongside isolated external processes for heterogeneous application support. The platform includes automated service discovery, diverse deployment options, and built-in diagnostic utilities to maintain visibility and connectivity across large-scale clusters. Installation is supported through various methods including package managers, automated scripts, source compilation, and containerized orchestration.

CAI is a framework for building autonomous security agents and an orchestration system for coordinating multiple specialized agents. It functions as an agentic workflow engine and an autonomous cyber-defense tool that maps language model reasoning to security kill chain functions for threat detection and mitigation. The system distinguishes itself through multi-agent coordination patterns, such as swarms and hierarchies, and the use of stateful conversation handoffs. It implements multi-layer input and output guardrails to block prompt injections and validate commands before they reach the system. The platform covers capabilities for deterministic agent chaining, parallel execution, and reasoning-loop execution. It includes mechanisms for human-in-the-loop intervention, telemetry-based operation tracing for debugging, and the integration of external security scanners via standardized tool transport.

LeakCanary is a diagnostic tool designed to identify memory leaks by monitoring object lifecycles and analyzing heap snapshots. It automatically detects objects that fail to be garbage collected after their expected lifespan, providing developers with actionable insights to prevent performance degradation and application crashes. The project distinguishes itself by offloading memory-intensive heap parsing to a separate background process, which minimizes performance impact on the main application during runtime. It includes sophisticated deobfuscation capabilities that map obfuscated stack traces back to original source code, and it supports granular control through reference filtering and custom inspection logic to suppress known false positives. Beyond core detection, the tool offers comprehensive configuration options for managing analysis thresholds, build-specific behaviors, and environment-specific monitoring. It provides both deep heap analysis for development environments and lightweight instance tracking for production builds, ensuring memory health can be monitored across the entire application lifecycle.

This project provides a comprehensive framework for building, training, and managing autonomous agents. It enables the construction of systems that utilize language models to plan, manage memory, and execute multi-step tasks through iterative reasoning loops and tool-based actions. The framework distinguishes itself by offering specialized capabilities for interacting with graphical user interfaces and legacy software, allowing agents to perceive visual elements and perform actions like a human user. It supports complex, cross-application workflows through graph-based orchestration and provides robust mechanisms for skill evolution, where agents can iteratively refine or generate new operational capabilities based on execution feedback. Beyond core development, the project includes an extensive suite of tools for model training and optimization, including multi-stage fine-tuning, reinforcement learning, and multimodal alignment. It also features integrated observability tools for monitoring agent execution, managing persistent context, and ensuring security through sandboxed environments and risk-aware execution controls. The repository serves as both a functional development framework and an educational resource, offering structured guides and methodologies for implementing intelligent agent systems.

SigNoz is a full-stack observability platform designed to collect, store, and visualize metrics, logs, and distributed traces in a unified environment. It leverages OpenTelemetry-based data collection to ingest telemetry from diverse sources using vendor-neutral protocols, ensuring interoperability across complex microservices architectures. The platform utilizes a high-performance columnar storage engine to enable rapid aggregation and filtering, providing a centralized backend for monitoring application health and performance. What distinguishes the platform is its focus on automated instrumentation and semantic correlation. It allows users to capture telemetry data across various programming languages and frameworks without manual code changes, often requiring only simple environment variable updates. Once ingested, the system automatically links logs, metrics, and traces through shared identifiers, enabling seamless navigation between different telemetry types during root cause analysis. The frontend further supports this by using virtualized rendering to efficiently display complex distributed traces containing millions of spans. The platform provides a comprehensive suite of tools for infrastructure monitoring, application performance tracking, and log management. Users can define complex alert conditions and manage monitoring configurations as version-controlled resources, ensuring consistency across deployment environments. Additionally, the system includes specialized support for monitoring large language model applications and provides visual query pipelines that translate user-defined filters into optimized database queries for real-time dashboard generation. The entire observability stack can be deployed using container orchestration tools, with built-in utilities for verifying service status and managing data retention.