125 个仓库
Mechanisms for enforcing granular access policies on sensitive data and credentials.
Distinguishing note: Focuses on the access control policy enforcement rather than the storage itself.
Explore 125 awesome GitHub repositories matching security & cryptography · Sensitive Data Access Controls. Refine with filters or upvote what's useful.
这是一个由社区策划的开源软件目录,专为在私有服务器环境和家庭实验室中部署而设计。它作为发现主流云服务独立自托管替代方案的综合资源,使用户能够保持对数字基础设施的完全数据所有权和控制权。 该目录通过层级分类法构建,将庞大的应用程序集合组织成逻辑类别,范围从媒体管理和数据分析到私有通信和团队生产力工具。它通过协作同行评审流程脱颖而出,社区成员验证每个提交的质量和相关性,以确保目录保持准确和可靠。 该项目涵盖了广泛的能力领域,包括基础设施自动化、基于容器的服务部署和声明式配置管理。这些工具协助用户维护可复现的服务器环境,并管理私有硬件上的复杂服务依赖。 该目录作为版本控制仓库进行维护,确保所有更新和社区驱动的变更都是可追踪且透明的。
Enables the sharing of private data through encrypted, self-destructing links that expire after a specific time or single use.
React 是一个用于构建用户界面的 JavaScript 库,采用组件化架构和单向数据流。
Blocks high-entropy values from being passed to client components by registering them with a lifetime.
ECC 是一个 LLM 智能体编排框架和跨平台 AI 工具套件,旨在协调多模型工作流。它提供了一个用于管理专业智能体角色、可复用技能和结构化规划的系统,以在不同的 AI 驱动代码编辑器中执行复杂的软件开发任务。 该项目作为模型上下文协议(Model Context Protocol)管理器脱颖而出,提供了一个配置层来集成外部服务器并审计工具执行。它进一步实现了一个智能体安全沙箱,限制敏感文件访问并扫描密钥泄露,以保护自主工作流。 该框架涵盖了广泛的能力领域,包括带有测试驱动开发护栏的 AI 编码工作流自动化、通过智能路由实现模型成本优化以及状态隔离的内存管理。它还包括用于强制执行特定语言编码标准和管理跨各种集成开发环境的智能体行为的工具。 该系统通过命令行界面进行管理,该界面处理工具安装、配置修复和工具预设的部署。
Blocks agents from reading sensitive files like environment variables to protect security credentials.
gstack is an AI agent framework and development workflow system designed to automate the software development lifecycle. It coordinates specialized AI personas to manage tasks across product design, engineering management, and quality assurance, transforming product intent into technical specifications and final releases. The project is distinguished by its deep integration of headless browser automation and semantic code memory. It utilizes a persistent Chromium daemon for web scraping and visual auditing, and implements a searchable knowledge base that logs architectural decisions and repos
Enforces access policies to block credentials and PII from being sent to external APIs.
This project is a comprehensive Java backend engineering guide and technical reference focused on high-concurrency design, distributed systems, and microservices architecture. It provides detailed strategies for decomposing monolithic applications, managing service discovery, and implementing the architectural patterns required for scalable backend environments. The repository distinguishes itself through an extensive collection of big data algorithmic references and database scaling strategies. It covers memory-efficient techniques for analyzing massive datasets, such as Top-K element extrac
Protects sensitive information and service access through granular identity and access management frameworks.
Vault is a centralized secrets management platform designed to secure, store, and control access to sensitive credentials such as API keys, passwords, certificates, and encryption keys. At its core, the system employs a barrier-based cryptographic sealing mechanism that requires an unseal process to decrypt internal storage, ensuring that sensitive data remains protected. It provides identity-based access control to manage granular permissions across distributed infrastructure, effectively centralizing security policies and authentication for both human and machine workloads. What distinguish
Enforces granular access controls on sensitive data through programmatic and command-line interfaces.
Headroom is an AI gateway proxy and token optimizer designed to reduce the cost and latency of large language model interactions. It functions as an intermediary that intercepts traffic between clients and providers to apply context compression, request routing, and format translation. The system differentiates itself through a Model Context Protocol server implementation that delivers compression and retrieval tools to compatible AI hosts. It employs a content-aware compression pipeline and tiered importance scoring to trim redundant data from logs and tool outputs while preserving essential
Prevents the storage of API keys and ensures sensitive content passes through the proxy without modification.
Picoclaw is a lightweight framework designed for the deployment and orchestration of autonomous software agents. It functions as a cross-platform runtime that packages the entire system into a single self-contained binary, enabling native execution across diverse hardware architectures including RISC-V, ARM64, and x86_64. The platform is specifically optimized for resource-constrained environments, ensuring minimal startup times and a low memory footprint. The system distinguishes itself through intelligent task orchestration, which routes incoming requests to specific inference models based
Protects sensitive credentials by isolating them in separate configuration files to prevent accidental exposure.
This project is a distributed, document-oriented database system designed to store information in flexible, hierarchical structures. It supports horizontal scaling through automated sharding and maintains high availability across global clusters using a multi-node replication protocol. By executing multi-document operations as atomic units, the system ensures data integrity and consistency across distributed environments. The platform distinguishes itself by integrating advanced vector-based indexing, which enables semantic similarity searches alongside traditional geospatial and lexical quer
Protects sensitive information with granular access policies, encryption, and auditing.
React-admin is a framework for building data-driven administrative interfaces that connect to REST or GraphQL backends. It provides a comprehensive suite of tools for managing the full lifecycle of administrative applications, including resource-oriented routing, declarative form scaffolding, and context-driven state management. By utilizing a modular adapter-based architecture, the framework abstracts backend communication, allowing developers to build consistent CRUD interfaces that handle data fetching, authentication, and synchronization automatically. The project distinguishes itself thr
Limits user permissions to specific data entries by matching record attributes against defined access rules.
fhevm is a full-stack blockchain framework designed to integrate Fully Homomorphic Encryption into smart contracts. It provides a platform for developing confidential smart contracts that can process encrypted data and execute private on-chain computations without decrypting the underlying information. The framework utilizes a coprocessor system to offload resource-intensive encrypted operations to an asynchronous service, improving blockchain performance and scalability. It incorporates a secure key management service based on multi-party computation and a zero-knowledge proof verifier to en
Provides a system for specifying encrypted data requirements and managing access control logic within smart contracts.
AgentMemory is a persistent knowledge store and memory server designed to provide AI coding agents with long-term memory. It functions as a knowledge graph engine and vector database store that saves and recalls project context, architectural decisions, and patterns across different sessions. The system distinguishes itself by using a tiered-memory consolidation pipeline that compresses raw observations into episodic, semantic, and procedural layers to optimize token usage. It employs a hybrid retrieval strategy combining keyword matching, vector embeddings, and graph traversal to surface rel
Strips API keys and secrets from captured observations before storage to ensure privacy.
Vector is a high-performance observability data pipeline designed to collect, transform, and route logs, metrics, and traces across distributed infrastructure. It functions as a modular engine that decouples data ingestion from processing and transmission, utilizing a component-based architecture to connect diverse sources to multiple destinations. The project distinguishes itself through a focus on reliability and flow control. It implements backpressure-aware data movement to prevent data loss during traffic spikes and utilizes disk-backed event buffering to ensure durability during network
Automatically detects and masks sensitive information like PII from data streams during processing.
The Model Context Protocol SDK is a framework for building clients and servers that connect AI models to external data, tools, and resources using a standardized communication protocol. It provides the foundational libraries and interfaces necessary to establish reliable, transport-agnostic connections between AI agents and external systems, enabling seamless information retrieval and task automation. The SDK distinguishes itself through a robust capability negotiation handshake that ensures compatibility between connected parties before exchanging messages. It supports a pluggable transport
Implements authorization mechanisms to restrict access to sensitive tools and data.
Claude Code Templates is a comprehensive framework for orchestrating specialized AI agents and automating development workflows within local environments. It provides a structured system for defining, configuring, and deploying AI personas that handle specific technical tasks, ranging from backend architecture and frontend implementation to security auditing and infrastructure management. The project distinguishes itself through a configuration-driven approach that allows teams to standardize development environments and share reusable agent definitions across projects. It includes a robust C
Prevents accidental inclusion of sensitive files like private keys and environment variables in version control.
Excelize is a library for reading and writing spreadsheet files in the Office Open XML format. It provides a comprehensive suite of tools for programmatically creating, modifying, and analyzing workbooks, worksheets, and cell data, ensuring compatibility across various office software suites through structured XML serialization. The library distinguishes itself with a built-in formula calculation engine that evaluates complex mathematical and logical expressions directly against workbook data. It also features a memory-mapped streaming architecture, which allows for the efficient processing o
Protects sensitive spreadsheet data by applying encryption to the workbook file to restrict unauthorized access.
Claude Code is a command-line interface and multi-agent orchestration framework designed for autonomous software engineering. It enables AI agents to perform codebase modifications, debugging, and Git workflow management while coordinating multiple specialized agents to decompose and execute complex engineering tasks in parallel. The system distinguishes itself through a high degree of isolation and safety, utilizing Git worktrees to create independent working directories for concurrent agents and implementing a tiered permission system that combines user rules, project policies, and OS-level
Removes authorization tokens and cookies from error payloads to prevent credential leakage during telemetry export.
Niri is a Wayland compositor and tiling window manager designed for Linux systems. It functions as a display server that organizes application windows into a scrollable, column-based layout, providing a structured environment for managing graphical sessions, input routing, and hardware output. The project distinguishes itself through a declarative configuration engine that enables live-reloading of settings, allowing users to modify window rules, input bindings, and visual appearance without restarting the session. It features a physics-based animation system that uses spring-based curves to
Protects private information by replacing specific windows with solid black rectangles during screen captures.
rrweb is a DOM session recording library and serialization framework used to record and replay web sessions. It converts the state of a web page into a serializable JSON data structure and tracks mutations to reconstruct user interactions within a replay engine. The system distinguishes itself by using a sandboxed iframe for reconstruction to isolate replayed content, preventing script execution and form submissions. It ensures visual consistency through CSS inline-style flattening and provides sensitive data masking to prevent private information from being captured. The project covers a br
Prevents specific HTML elements or text from being recorded using CSS classes or field detection.
Maccy is a lightweight clipboard manager for macOS that captures and stores text and images copied to the system clipboard. It provides a searchable interface for retrieving historical content, allowing users to access previously copied items through a keyboard-driven workflow. The application distinguishes itself by prioritizing privacy and performance through automated filtering and local data management. It employs pattern matching to identify and exclude sensitive information, such as passwords, from being saved. All history is maintained in a local database, with an in-memory index that
Automatically filters and excludes passwords or private information from being saved in the clipboard history.