This is the central coordination repository for the Archodex project.
Issue tracking, discussions, and project roadmap live here. For the actual implementation code, see the component repositories below.
Archodex provides operational intelligence about resource access patterns in your infrastructure. Using eBPF to observe network traffic, it reveals which services depend on which secrets, databases, and APIs - even across encrypted connections - so you can make changes safely.
Archodex enables you to see:
- Resources: What gets accessed (databases, secrets, APIs, etc)
- Principals: Who access them (services, users, CI/CD workflows)
- Events: What happens (reads, writes, creates, deletes)
- Relationships: How everything connects across environments
This data aggregates into a graph that answers critical questions: Which services will break if I rotate this secret? What shares this database? Who triggered this access?
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Agent (eBPF) │─────▶│ Backend (API) │◀─────│ Dashboard (UI) │
│ Observes │ │ Aggregates │ │ Visualizes │
└─────────────────┘ └─────────────────┘ └─────────────────┘
↓ ↓ ↓
Network Traffic Graph Database Interactive Map
- eBPF Agent observes network traffic at the kernel level (no code changes required)
- Ruleset Engine filters and extracts relevant resource accesses based on configurable rules
- Agent Output logs observations locally by default, or reports to backend when given a license key
- Backend API aggregates observations into a graph database
- Dashboard visualizes relationships, dependencies, and access patterns
- eBPF-based observation: Kernel-level efficiency with minimal overhead
- Ruleset-driven intelligence: Customizable rules define what to observe. Contribute rulesets for your services!
- Encrypted traffic visibility: Observes HTTPS/TLS traffic via eBPF without decryption
- Multi-environment support: Works in CI/CD, Kubernetes, cloud, and on-premises
- Graph visualization: See relationships and dependencies, not just lists
- Log-only mode: Keep all data local when security demands it
- Principal chain tracking: Understand causality: who triggered what and why
By default the Archodex Agent doesn't send data anywhere. Observations are logged locally unless you provide a license key. You can run it completely firewalled off from network access.
When connected, your data is protected. Observations are encrypted in transit using TLS 1.3 and stored encrypted at rest. For Archodex.com accounts, your data is stored in an isolated database in a locality of your choice.
Secret values are never transmitted or stored. The agent cryptographically hashes observed secret values using account-specific salts. This allows Archodex to correlate secret usage across workloads without ever knowing the actual values.
Full control when you need it. Self-host the entire stack to control exactly where your data lives and how it's accessed.
For complete details, see the Data Confidentiality section of the Getting Started guide.
Choose how you want to explore Archodex:
- Playground: See what insights look like without installing anything
- Docs: Learn more about Archodex and how to get started
- Sign Up: Create an account and follow the instructions in the Archodex Dashboard
- Self-Host: Full control over your infrastructure and data
Use the Archodex Agent to observe many kinds of workloads:
- Test Locally: Run the agent and see observations in logs (no account needed)
- Kubernetes: Install our Helm chart to observe all workloads in a Cluster, or add the agent to individual Pods
- CI/CD: Observe secrets used in your GitHub Actions (and compatible) CI/CD workflows
Use the Archodex Agent to report secrets hardcoded in your source code to relate them to values observed in secret stores and used by workloads:
- Source Code: Run the Archodex Agent to report secrets discovered by GitHub Secret Scanning
- Overview: Overview of Archodex
- Getting Started: Installation and first steps
- Dashboard: How to use the Archodex dashboard
- Rulesets Guide: Understanding and creating rulesets
Archodex is built by a small team and we're building in the open. We're just starting to grow our community and would love your help making platform engineering safer for everyone.
We're setting up our community spaces and would love to hear from you:
- GitHub Discussions: Start a discussion
- GitHub Issues: Report bugs or request features
- Matrix Chat: Drop by and say hello
Your early contributions will help shape Archodex. Whether this is your first open source contribution or your hundredth, there's a place for you here.
- ⭐ Star this repo: Help us gain visibility
- Add a Ruleset: Know a service that needs observability? Contribute a community ruleset!
- Improve Documentation: Fix typos, clarify explanations, add examples
- Share Feedback: Tell us what works, what doesn't, and what you need in Discussions
See our Contributing Guide for details.
The Archodex project consists of focused repositories for each component:
- archodex ← You are here - Central coordination, issues, discussions
- archodex-agent: eBPF-based observability agent (Rust + eBPF C)
- archodex-backend: API server and graph aggregation (Rust)
- archodex-frontend: Interactive dashboard (React + TypeScript)
- archodex-rules: Observation rulesets (contribute yours!)
- archodex-helm-charts: Kubernetes deployment configurations
- archodex-www: Website and documentation source
- Documentation: archodex.com/docs
- Community: GitHub Discussions
- Chat: Matrix Room
- Email: support@archodex.com
Archodex is Fair Source software licensed under the Fair Core License – MIT (FCL-1.0-MIT) 1.
This means:
You can use Archodex for your company, self-host it, inspect and modify the code, and contribute improvements
You cannot build a competing product or bypass license key enforcement
For complete details about Fair Source, our patents, and what this means for you, see our Licensing page.
Footnotes
-
The eBPF code under the
/src/bpfdirectory of the Archodex Agent is licensed under the GNU General Public License v2.0 (GPL-2.0). ↩