apache2-licensed
Declarative secrets, every environment, any provider.
SecretSpec separates the declaration of what secrets an application needs from where they are stored, enabling portable applications that work across different secret storage backends without code changes.
Related contents:
Cloud native networking and network security.
Calico is a single platform for networking, network security, and observability for any Kubernetes distribution in the cloud, on-premises, or at the edge. Whether you're just starting with Kubernetes or operating at scale, Calico's open source, enterprise, and cloud editions provide the networking, security, and observability you need.
Related contents:
🐉 Making Rust a first-class language and ecosystem for GPU shaders 🚧
Related contents:
Multi-DBMS SQL Benchmarking Framework via JDBC.
BenchBase (formerly OLTPBench) is a Multi-DBMS SQL Benchmarking Framework via JDBC.
Related contents:
🕸 WebGL Graph Visualizations for React. WebGL-Powered Open-Source Network Graph Visualization.
a high-performance network graph visualization built in WebGL for React.
Rapidly build AI apps in Python.
Create web apps without the complexity of frontend development. Used at Google for rapid AI app development.
Mesop is a Python-based UI framework that allows you to rapidly build web apps like demos and internal apps.
Securing open-source package ecosystems by originating, validating, and augmenting build attestations.
OSS Rebuild aims to apply reproducible build concepts at low-cost and high-scale for open-source package ecosystems.
Rebuilds are derived by analyzing the published metadata and artifacts and are evaluated against the upstream package versions. When successful, build attestations are published for the upstream artifacts, verifying the integrity of the upstream artifact and eliminating many possible sources of compromise.
10x faster dynamic Protobuf parsing in Go that’s even 3x faster than generated code.
hyperpb is a highly optimized dynamic message library for Protobuf or read-only workloads. It is designed to be a drop-in replacement for dynamicpb, protobuf-go's canonical solution for working with completely dynamic messages.
Related contents:
Interactive UI Components for MCP SDK for UI over MCP. Create next-gen UI experiences!
Build rich, dynamic user interfaces for your MCP applications with SDKs that bring UI to AI interactions.
any-agent is a Python library providing a single interface to different agent frameworks.
AI powered Kubernetes Assistant.
kubectl-ai acts as an intelligent interface, translating user intent into precise Kubernetes operations, making Kubernetes management more accessible and efficient.
Communicate with an LLM provider using a single interface.
any-llm is a Python library providing a single interface to different llm providers.
Components from design to production.The UI Framework for Perfectionists by Chainlift.io.
LiftKit is a UI framework based on the golden ratio. At its core, it's a set of formulas and variables that unlock advanced visual design features like optical spacing corrections and dynamic color, powered by Material 3.
Integrate with any API. Simple, TypeSafe, Fast. Seamless Requests and Real-Time Connectivity. ⚡ Fetching and realtime data exchange framework.
Hyper Fetch is a framework that makes it easy to connect to any remote API. Using request based or real-time connection.
Hyper Fetch is unique fetching and realtime data-exchange framework meticulously crafted to prioritize simplicity and efficiency. Its typesafe design and user-friendly interface ensure a seamless integration experience, whether you're working on the browser or the server. Next-generation features streamlines architecture creation, grants access to the request lifecycle, and empowers rapid development of new components and functionalities, all while facilitating real-time data exchange.
Open Source AI coding assistant for planning, building, and fixing code. We're a superset of Roo, Cline, and our own features.
A prometheus exporter for PHP-FPM.
The exporter connects directly to PHP-FPM and exports the metrics via HTTP.
Related contents:
eBPF-based Security Observability and Runtime Enforcement.
Tetragon is a flexible Kubernetes-aware security observability and runtime enforcement tool that applies policy and filtering directly with eBPF, allowing for reduced observation overhead, tracking of any process, and real-time enforcement of policies.
Related contents:
An open-source security log auditing & RDP, VNC, SSH and databases management bastion platform.
Code and model to control the AH!
Robotic hands are often very expensive and not so expressive. More dexterous often needs cables and deported actuators in forearm i.e..
Aim of this project is to be able to explore humanoid hand possibilities on a real robot (and Reachy2 is the perfect candidate for that !) with moderate cost. => Wrist interface is designed for Reachy2's wrist (Orbita 3D), but it can be easily adapted to other robot's wrist...
pgactive is a PostgreSQL replication extension for creating an active-active database.
EulerHS: full-fledged framework for creating web backends.
EulerHS is a free monadic framework for easy building concurrent backend and console applications in Haskell. This framework provides you with the most important subsystems already integrated, such as SQL DBs, logging, KV DBs and other.
Chainlit is an open-source Python package to build production ready Conversational AI.
Related contents:
An open-source, code-first Python or Java toolkit for building, evaluating, and deploying sophisticated AI agents with flexibility and control.
Agent Development Kit (ADK) is a flexible and modular framework for developing and deploying AI agents. While optimized for Gemini and the Google ecosystem, ADK is model-agnostic, deployment-agnostic, and is built for compatibility with other frameworks. ADK was designed to make agent development feel more like software development, to make it easier for developers to create, deploy, and orchestrate agentic architectures that range from simple tasks to complex workflows.
Kuvasz (pronounce as [ˈkuvɒs]) is an open-source uptime and SSL monitoring service, built in Kotlin.
Kuvasz [ˈkuvɒs], an open-source, self-hosted uptime & SSL monitoring service, designed to help you keep track of your websites and services. It provides a modern, user-friendly interface, a powerful REST API, and supports multiple notification channels like email, Slack, Telegram, and PagerDuty.
Orchestrate AI Coding Agents. Kanban board to manage your AI coding agents.
AI coding agents are increasingly writing the world's code and human engineers now spend the majority of their time planning, reviewing, and orchestrating tasks. Vibe Kanban streamlines this process.
Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source) .
SlimToolkit allows developers to inspect, optimize and debug their containers using its xray, lint, build, debug, run, images, merge, registry, vulnerability (and other) commands. It simplifies and improves your developer experience building, customizing and using containers. It makes your containers better, smaller and more secure while providing advanced visibility and improved usability working with the original and minified containers.
Otter is designed to provide an excellent developer experience while maintaining blazing-fast performance. It aims to address the shortcomings of its predecessors and incorporates design principles from high-performance libraries in other languages (such as Caffeine).
Related contents:
Build Real-Time Knowledge Graphs for AI Agents.
Graphiti is a Python framework for building temporally-aware knowledge graphs designed for AI agents. It enables real-time incremental updates to knowledge graphs without batch recomputation, making it suitable for dynamic environments where relationships and information evolve over time.
PostgreSQL replication with DDL changes.
pgstream is an open source CDC command-line tool and library that offers Postgres replication support with DDL changes to any provided target.
Related contents:
An open platform that extends upstream Kubernetes to Edge.
OpenYurt is the intelligent edge computing platform which aims to extend the Cloud Native ecosystem to edge computing and IoT scenarios. By making non-intrusive enhancements, it empowers customer to manage large scale edge computing workloads in different architecture (e.g., ARM and X86) in a native Kubernetes manner.
Related contents:
ProxyAuth secures backend APIs through a fast authentication gateway. It encrypts tokens using ChaCha20 + HMAC-SHA256, with config-defined secrets. It features built-in rate limiting (on proxy and auth routes) and uses Argon2 with auto-generated salts for secure password hashing. The service is extremely fast, handling 100,000+ requests per second under load.
Related contents:
Generate Terraform moved blocks automatically for painless refactoring. Generate moved blocks and state move commands automatically for Terraform, OpenTofu, and Terragrunt. tfautomv is designed for refactoring scenarios where you want to restructure your Terraform code without changing the actual infrastructure. Understanding this distinction is crucial for successful usage.
tfautomv (a.k.a Terraform auto-move) is a refactoring helper. With it, making structural changes to your Terraform codebase becomes much easier.
When you move a resource in your code, Terraform loses track of the resource's state. The next time you run Terraform, it will plan to delete the resource it has memory of and create the "new" resource it found in your refactored code.
tfautomv inspects the output of terraform plan, detects such creation/deletion pairs and writes a moved block so that Terraform now knows no deletion or creation is required.
Testing WASM-powered AI agents.
This Blueprint demonstrates how to run AI agents directly in the browser using WebAssembly (WASM) through Pyodide and the OpenAI Agents Python SDK. Experience the power of Python-based AI agents without external dependencies – agent code runs directly in your web browser.
Related contents:
Lightweight exceptions for Rust.
Lithium provides a custom exception mechanism as an alternative to Rust panics. Compared to Rust panics, this mechanism is allocation-free, avoids indirections and RTTI, and is hence faster, if less applicable.
Related contents:
The workflow engine for Kubernetes.
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows is implemented as a Kubernetes CRD (Custom Resource Definition).
Related contents:
The Open Source Next-Gen Platform for Zero Trust Resource Access.
A next-gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA/BeyondCorp architecture, API/AI gateway, a PaaS, an infrastructure for MCP & A2A architectures or even as an ngrok-alternative and a homelab infrastructure.
An open-source implementation of the AlphaEvolve system described in the Google DeepMind paper "AlphaEvolve: A coding agent for scientific and algorithmic discovery" (2025).
Sirius is a GPU-native SQL engine. It plugs into existing databases such as DuckDB via the standard Substrait query format, requiring no query rewrites or major system changes. Sirius currently supports DuckDB and Doris (coming soon), other systems marked with * are on our roadmap.
Kingfisher is a blazingly fast secret‑scanning and validation tool built in Rust. It combines Intel’s hardware‑accelerated Hyperscan regex engine with language‑aware parsing via Tree‑Sitter, and ships with hundreds of built‑in rules to detect, validate, and triage secrets before they ever reach production.
Related contents:
p2p that just works. Iroh is a library for building on direct connections between devices, putting more control in the hands of your users.
Iroh gives you an API for dialing by public key. You say “connect to that phone”, iroh will find & maintain the fastest connection for you, regardless of where it is.
Build Container Images In Kubernetes.
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster.
kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile completely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster.
Improve your AI infrastructure - AI memory engine. Memory for AI Agents in 5 lines of code.
Build dynamic memory for Agents and replace RAG using scalable, modular ECL (Extract, Cognify, Load) pipelines.
This crate provides routines for searching strings for matches of a regular expression (aka “regex”). The regex syntax supported by this crate is similar to other regex engines, but it lacks several features that are not known how to implement efficiently. This includes, but is not limited to, look-around and backreferences. In exchange, all regex searches in this crate have worst case O(m * n) time complexity, where m is proportional to the size of the regex and n is proportional to the size of the string being searched.
Related contents:
Autumn is an open-source pricing & billing platform.
The most simple and flexible way to setup payments
Open-source infra above Stripe that manages permissions, usage limits and payment flows. Setup your pricing plans in minutes and never touch billing again.
The Open-Source Serverless Platform.
Easily deploy and scale AI agents, real-time applications, game servers, and complex backends on a frictionless platform that runs anywhere.
Rivet is a developer-focused serverless infrastructure platform that unifies stateless functions, stateful actors, and containerized workloads. It provides simple primitives to build your backend without managing servers. Leverage Rivet Actors to create resilient, long-lived services that maintain in-memory state between requests.
Open source real-time translation app for Android that runs locally.
RTranslator is an (almost) open-source, free, and offline real-time translation app for Android.
Connect to someone who has the app, connect Bluetooth headphones, put the phone in your pocket and you can have a conversation as if the other person spoke your language.
Powerful CPU+GPU Programming. Mojo is a pythonic language for blazing-fast CPU+GPU execution without CUDA. Optionally use it with MAX for insanely fast AI inference.
Related contents:
simplify and secure MCP servers. ToolHive makes deploying MCP servers easy, secure and fun.
Run any Model Context Protocol (MCP) server — securely, instantly, anywhere.
ToolHive is the easiest way to discover, deploy, and manage MCP servers. Launch any MCP server in a locked-down container with a single command. No manual setup, no security headaches, no runtime hassles.
EnrichMCP is a Python framework that helps AI agents understand and navigate your data. Built on MCP (Model Context Protocol), it adds a semantic layer that turns your data model into typed, discoverable tools - like an ORM for AI.
Standardized Serverless ML Inference Platform on Kubernetes. Highly scalable and standards based Model Inference Platform on Kubernetes for Trusted AI.
KServe provides a Kubernetes Custom Resource Definition for serving predictive and generative machine learning (ML) models. It aims to solve production model serving use cases by providing high abstraction interfaces for Tensorflow, XGBoost, ScikitLearn, PyTorch, Huggingface Transformer/LLM models using standardized data plane protocols.
Push docker images directly to remote servers without an external registry.
Unregistry is a lightweight container image registry that stores and serves images directly from your Docker daemon's storage.
The included docker pussh command (extra 's' for SSH) lets you push images straight to remote Docker servers over SSH. It transfers only the missing layers, making it fast and efficient.
An open source framework for building AI-powered apps with familiar code-centric patterns. Genkit makes it easy to develop, integrate, and test AI features with observability and evaluations. Genkit works with various models and platforms.
Genkit is an open-source framework for building full-stack AI-powered applications, built and used in production by Google's Firebase. It provides SDKs for multiple programming languages with varying levels of stability
ombined language, editor, and infrastructure to make it easy to build backends and CLIs.
Dark is a new way of building serverless backends. Just code your backend, with no infra, framework or deployment nightmares. Build APIs, CRUD apps, internal tools and bots - whatever your backend needs.
Related contents:
open-source LLM infrastructure.
TensorZero is an open-source stack for industrial-grade LLM applications. It unifies an LLM gateway, observability, optimization, evaluation, and experimentation.
The AI Shell. AI enabled pair programmer for Claude, GPT, O Series, Grok, Deepseek, Gemini and 300+ models.
A comprehensive coding agent that integrates AI capabilities with your development environment.
Keep your code spotless.
Spotless can format <A ntlr | c | c# | c++ | css | flow | graphql | groovy | html | java | javascript | json | jsx | kotlin | less | license headers | markdown | objective-c | protobuf | python | scala | scss | shell | sql | typeScript | vue | yaml | anything> using <gradle | maven | sbt | anything>.
<DT> <A HREF="https://github.com/steipete/agent-rules" ADD_DATE="1750075227" PRIVATE="" TAGS="prompt-engineering,ai-agent,claude,cursor,open-source,foss,mit-licensed">Agent Rules</A><DD>Rules and Knowledge to work better with agents such as Claude Code or Cursor.A collection of reusable rules and knowledge documents for AI coding assistants like Claude Code and Cursor.
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management.
OWASP Nettacker project was created to automate information gathering, vulnerability scanning and in general to aid penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports(in HTML/TXT/JSON/CSV format) for applications and networks, including discovering open ports, services, bugs, vulnerabilities, misconfigurations, default credentials, subdomains, etc. Nettacker can be run as a command-line utility (including running as a Docker container), API, Web GUI mode or as Maltego transforms.
Open Source, Distributed, Big Data Enterprise Search Engine.
Datafari is an open source enterprise search solution enriched with AI. It is the perfect product for anyone who needs to search and analyze its corporate data and documents, both within the content and the metadata. Plus, with its genAI modules, it allows to easily leverage mistral, openai, or local LLMs for your company data.
AudioMuse AI: Leverages Essentia for deep audio analysis and AI-powered clustering to create smart, tempo and mood-based playlists within Jellyfin API.
AudioMuse-AI is a Dockerized environment that brings smart playlist generation to Jellyfin using deep audio analysis via Essentia with TensorFlow. All you need is in a container that you can deploy locally or on your Kubernetes cluster (tested on K3S). In this repo, you also have a /deployment/deployment.yaml example that you need to configure following the configuration parameter chapter.
Development environments for coding agents. Enable multiple agents to work safely and independently with your preferred stack.
Container Use lets each of your coding agents have their own containerized environment. Go from babysitting one agent at a time to enabling multiple agents to work safely and independently with your preferred stack.