HN Showcase
Back to browse
GitHub Repository

AngelLab is a modular host-security and anomaly-detection daemon

3 starsGo

AngelLab – modular Linux host monitoring with autonomous agents

by NacreousDawn596·Mar 8, 2026·1 point·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidBig BrainNiche Gem

inotify + sliding-window anomaly detection, but early-stage and competing against established tools.

Strengths
  • Clever worker-supervisor architecture avoids monolithic daemon bloat and eases extension
  • Adaptive network baseline learning reduces false positives vs static rules
  • Live TUI, Prometheus export, and structured JSON logging make integration straightforward
Weaknesses
  • Still experimental with minimal real-world testing; unclear production readiness
  • Narrow audience (Linux infrastructure specialists) limits network effects
Category
Security
Target Audience

Linux system administrators and security engineers

Similar To

osquery · Wazuh · auditd

Post Description

Hi HN,

I’ve been experimenting with a small open source project called AngelLab. The idea is to build a modular host monitoring system for Linux where detection logic runs in separate worker processes ("Angels") supervised by a central daemon ("Lab").

Each Angel watches a different subsystem (filesystem integrity, outbound connections, process execution, memory growth patterns, etc.) and emits structured events that the Lab aggregates and exposes through a CLI, Prometheus metrics, or log pipelines.

The goal is to make it easy to extend host monitoring by adding new workers without modifying the core daemon.

It's still very early and experimental, so I'm mostly interested in feedback on the architecture.

Repo: https://github.com/NacreousDawn596/angellab

Similar Projects

AI/MLMid

OmniClaw – An autonomous AI swarm that runs natively on Termux

Kernel-level AI agents on Android, but half-baked security model and unclear differentiation.

Bold BetShip It
anon89745
113mo ago