10 repository-uri
Security mechanisms for restricting incoming traffic via firewalls and IP allowlisting.
Distinguishing note: Focuses on perimeter security and traffic filtering rather than internal application-level authorization.
Explore 10 awesome GitHub repositories matching security & cryptography · Network Access Controls. Refine with filters or upvote what's useful.
Marker is a comprehensive document processing platform designed to automate the conversion, extraction, and structuring of data from complex files. It functions as an orchestration engine that chains modular processing steps into versioned, reusable pipelines, allowing organizations to standardize document handling and automate repetitive business tasks at scale. The platform distinguishes itself through its support for secure, private infrastructure deployment, enabling users to run containerized services within their own environments to maintain strict data privacy. It features specialized
The platform controls incoming traffic to private deployments using firewalls and IP allowlisting to ensure that only trusted clients can communicate with the service.
Deepagents is an LLM agent orchestration platform and stateful application server designed for deploying and managing AI agents built with computational graphs. It provides a containerized runtime environment that handles agent execution, state persistence, and the versioning of AI assistants. The platform distinguishes itself through deep integration with the Model Context Protocol, allowing agents to function as servers that expose tools and capabilities to external clients. It features a sophisticated observability suite for capturing execution traces, performing LLM-based evaluations agai
Secures communication with external resources using static NAT gateway IP allowlisting.
Fail2ban is an intrusion prevention system that monitors system log files to detect malicious activity and automatically enforce security policies. By parsing log data in real time, the tool identifies patterns of unauthorized access or repeated authentication failures and responds by dynamically updating network access control lists to restrict offending sources. The software functions as a firewall automation tool that maintains stateful tracking of suspicious behavior across various network services. It utilizes a regex-driven pattern matching engine to identify specific attack signatures,
Manages temporary firewall bans for malicious hosts to protect the network perimeter and maintain system integrity.
LangChain.js is a framework for building, executing, and monitoring stateful agentic applications. It provides an orchestration engine that models workflows as directed graphs, allowing developers to connect language models, data sources, and external tools into modular, multi-step processes. The platform distinguishes itself through its focus on stateful execution and human-in-the-loop control. It manages agent lifecycles by persisting execution state across threads, enabling fault tolerance and the ability to pause workflows at designated breakpoints for manual review or modification. This
Provides static IP addresses for outbound traffic to facilitate secure firewall allowlisting.
Unstructured is an enterprise-grade data orchestration engine designed to transform raw, unstructured files into structured, machine-readable formats. It functions as a comprehensive platform for document ingestion, partitioning, and enrichment, specifically engineered to prepare complex data for retrieval-augmented generation and agentic AI workflows. The platform distinguishes itself through its sophisticated document processing strategies, which combine rule-based extraction with vision-language models to handle diverse file layouts, tables, and images. It provides a modular architecture t
Restricts network traffic using IP allowlisting and firewalls to secure data ingestion.
The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It
Controls access to virtual servers using cryptographic key pairs and virtual firewalls to restrict network traffic.
CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl
Prevents access from known malicious IP addresses by consuming real-time threat intelligence.
Maestro is a declarative mobile and web UI automation framework designed for end-to-end testing. It operates by querying the native accessibility tree of an application, allowing for black-box testing without requiring source code instrumentation or platform-specific dependencies. The framework distinguishes itself through a unified command syntax that abstracts interactions across Android, iOS, and web environments. It features a dynamic synchronization engine that automatically pauses test execution to account for non-deterministic animations and network-dependent content loading, ensuring
Restricts incoming network traffic to specific static IP addresses used by the testing infrastructure.
Zeebe este un motor de workflow cloud-native și o mașină de stare distribuită concepută pentru orchestrarea proceselor de business folosind standardele BPMN și DMN. Operează ca un runtime de workflow gRPC de înaltă performanță care execută procese de business complexe printr-o arhitectură de event-streaming partiționată. Sistemul funcționează, de asemenea, ca un orchestrator pentru agenți de tip LLM, coordonând raționamentul AI și utilizarea instrumentelor în cadrul proceselor de business deterministe. Motorul se distinge prin rețeaua de brokeri peer-to-peer și un model de replicare a datelor bazat pe consens care asigură disponibilitate ridicată și toleranță la erori. Utilizează un cluster de brokeri partiționat pentru a obține scalabilitate orizontală și utilizează backpressure adaptiv pentru a regla fluxul de comenzi primite și a preveni supraîncărcarea sistemului. Platforma acoperă o suprafață largă de capabilități operaționale, inclusiv monitorizarea execuției în timp real cu hărți termice de performanță, luarea deciziilor de business automate prin tabele de decizie și execuția distribuită a sarcinilor printr-un model de job worker bazat pe polling. Oferă, de asemenea, instrumente pentru izolarea resurselor multi-tenant, controlul accesului bazat pe identitate și integrarea API-urilor web externe și a funcțiilor serverless. Sistemul poate fi implementat în diverse medii, inclusiv Kubernetes și Docker, și este gestionat printr-o combinație de interfață în linie de comandă și API REST programatic.
Provides perimeter security through IP allowlisting to control network connectivity to the clusters.
This project is a Terraform Kubernetes provisioner and K3s cluster deployer designed to automate the installation and configuration of lightweight container orchestration on Hetzner Cloud infrastructure. It functions as a Hetzner Cloud infrastructure module, using declarative configuration to manage the full lifecycle of virtual machines, private networks, and load balancers. The orchestrator focuses on high availability by deploying redundant control planes and worker nodes across multiple physical data centers to ensure service continuity. It incorporates a cloud network security manager to
Implements perimeter firewall rules to restrict incoming traffic and protect the internal cluster environment.