Open code, operated with rigor
Open infrastructure for builders who ship to production.
Projects created inside the Guara Cloud ecosystem to solve real platform problems: edge security, runtime signals, public evidence, and technical documentation that separates proven behavior from work still evolving.
Public code Verifiable artifacts White papers and proof matrices
A Rust-based Traefik WAF delivered as a WASM plugin, with a pure detection engine, signed audit relay, Kubernetes packaging, and published benchmarks.
- License
- MIT OR Apache-2.0
- White paper
- Available
- Inspects headers, URLs, query strings, and capped request bodies with libinjection, literal signatures, structural checks, and per-IP reputation.
- Separates inline detection from audit fan-out, keeping the request path lean and SIEM or webhook delivery out of the edge path.
- Publishes a threat model, release verification guide, Helm OCI, Kustomize, and benchmark methodology with explicit limits.
A Rust and eBPF signal plane for observability, profiling, runtime security, and diagnostics across Linux and Kubernetes.
- License
- Apache-2.0
- White paper
- Planned
- Runs as a node-local agent and turns workload observations into versioned signal envelopes.
- Keeps sources, processors, generators, and sinks statically registered to reduce runtime magic.
- Documents proof boundaries: synthetic fixtures, Docker smoke, Kubernetes validation, and privileged evidence are not treated as interchangeable.
Why this lives here
Open source as engineering proof.
Guara Cloud remains a commercial platform, but parts of our research and infrastructure deserve to be born in public. These projects help operators review code, reproduce claims, test integrations, and follow the technical evolution without relying on marketing.