{"id":49730645,"url":"https://github.com/writer/cerebro","last_synced_at":"2026-07-03T02:01:55.844Z","repository":{"id":342363429,"uuid":"1173694394","full_name":"writer/cerebro","owner":"writer","description":"Compliance superpowers for coding agents.","archived":false,"fork":false,"pushed_at":"2026-06-28T19:24:04.000Z","size":103412,"stargazers_count":11,"open_issues_count":69,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-28T19:24:42.204Z","etag":null,"topics":["ai-agents","aws","cloud-security","coding-agents","compliance","compliance-automation","devsecops","gcp","go","grc","iam","kubernetes","mcp","policy-as-code","security","security-automation"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/writer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-03-05T16:42:32.000Z","updated_at":"2026-06-28T19:18:07.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/writer/cerebro","commit_stats":null,"previous_names":["writer/cerebro"],"tags_count":668,"template":false,"template_full_name":null,"purl":"pkg:github/writer/cerebro","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/writer%2Fcerebro","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/writer%2Fcerebro/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/writer%2Fcerebro/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/writer%2Fcerebro/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/writer","download_url":"https://codeload.github.com/writer/cerebro/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/writer%2Fcerebro/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35069183,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-03T02:00:05.635Z","response_time":110,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","aws","cloud-security","coding-agents","compliance","compliance-automation","devsecops","gcp","go","grc","iam","kubernetes","mcp","policy-as-code","security","security-automation"],"created_at":"2026-05-09T06:14:58.854Z","updated_at":"2026-07-03T02:01:55.823Z","avatar_url":"https://github.com/writer.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cerebro\n\n**Operations data platform for cloud, SaaS, identity, workflow, finding, compliance, and graph signals.**\n\n[![Go Version](https://img.shields.io/badge/Go-1.26+-00ADD8?style=flat\u0026logo=go)](https://go.dev/)\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)\n\nCerebro ingests operational and security signals, turns them into source runtime events, claims, findings, reports, workflow events, compliance evidence, and graph context, then exposes that substrate through a Go CLI, JSON HTTP, Connect RPC, SDK helpers, and MCP.\n\n## Start Here\n\n```bash\ngit clone https://github.com/writer/cerebro.git\ncd cerebro\n\nmake doctor\nmake serve-dev\n```\n\nBy default, the local server listens on `:8080`.\n\n```bash\ncurl -sS http://127.0.0.1:8080/health\ncurl -sS http://127.0.0.1:8080/sources\n```\n\nRun focused tests while iterating, then use CI-parity validation before broad PRs:\n\n```bash\nmake test\nmake verify\n```\n\nFor a durable local stack with NATS JetStream, Postgres, Neo4j, and the local bearer key `local-dev-key`:\n\n```bash\ndocker compose up --build\n```\n\n## What Is In This Repo\n\n- A Go bootstrap service built around `net/http`, Connect RPC, and `cmd/cerebro`.\n- Built-in source integrations for cloud, SaaS, identity, endpoint, vulnerability, compliance, and workflow signals.\n- Source runtime sync, append-log replay, claim/finding/report workflows, compliance control coverage, and optional graph projection, query, and action tooling.\n- Optional MCP, graph-agent, and device-authenticated telemetry surfaces.\n- Policy and FindingRule YAML DSL catalogs, generated detection catalogs, SDK helpers, OpenAPI/Connect contracts, release artifacts, and local validation tooling.\n\n## Choose A Path\n\n| Goal | Start here |\n| --- | --- |\n| Get the shortest runnable path | [Quick reference](docs/start/quick-reference.md) |\n| Walk through a local end-to-end flow | [Getting started](docs/start/getting-started.md) |\n| Understand runtime shape and stores | [Architecture](docs/reference/architecture.md) |\n| Configure auth, tenancy, stores, MCP, or device auth | [Configuration variables](docs/reference/config-env-vars.md) and [.env.example](.env.example) |\n| Host or operate Cerebro | [Hosting](docs/operations/hosting.md), [cloud deployment](docs/operations/cloud-deployment.md), [deployment examples](docs/operations/deployment-examples.md), and [operations runbook](docs/operations/operations-runbook.md) |\n| Explore JSON HTTP or Connect APIs | [API reference](docs/reference/api-reference.md), `api/openapi.yaml`, and `proto/cerebro/v1/bootstrap.proto` |\n| Use the CLI | [CLI reference](docs/reference/cli.md) |\n| Browse built-in integrations | [Source catalog](docs/reference/sources.md) |\n| Use SDK helpers | [Python SDK](sdk/python/README.md), [TypeScript SDK](sdk/typescript/README.md), and `sources/sdk` |\n| Persist and sync source runtimes | [Source runtime guide](docs/domains/source-runtime-guide.md) |\n| Work on graph behavior | [Graph operations](docs/domains/graph-operations.md) |\n| Design persona-specific graph views | [Persona view lenses](docs/domains/persona-view-lenses.md) |\n| Integrate MCP clients | [MCP native Droid setup](docs/domains/mcp-droid-setup.md) |\n| Integrate endpoint telemetry | [Endpoint security platform integration](docs/domains/endpoint-security-platform-integration.md) |\n| Author policies, control mappings, or finding rules | [Policies](docs/domains/policies.md), [compliance controls](docs/domains/compliance-controls.md), `policies/`, `internal/findingdsl`, and `internal/findings` |\n| Contribute code or docs | [Development](docs/engineering/development.md), [non-goals](docs/engineering/non-goals.md), and the Makefile |\n\n## Optional Docs Site\n\nThe Markdown docs work directly on GitHub. To browse them as a local site:\n\n```bash\npython3 -m pip install mkdocs\nmkdocs serve\n```\n\nThe site entry point is [docs/index.md](docs/index.md), and `mkdocs.yml` defines the navigation.\n\n## Runtime Boundaries\n\nThis public repository is authoritative for runtime behavior, CLI/API contracts, source catalogs, configuration semantics, and release artifacts. Environment-specific deployment details, stack configuration, account wiring, hostnames, and rollout procedures intentionally live outside this public repo.\n\nThe handoff to deployment repositories is the release payload: container images plus `cerebro-runtime-contract.json`. Treat that contract as the bridge between public runtime releases and environment-specific promotion/deploy automation.\n\nVolatile details should stay in their source-of-truth files and be linked from here: configuration variables in `docs/reference/config-env-vars.md`, API shape in `api/openapi.yaml`, source capabilities in `sources/*/catalog.yaml`, and release/deploy handoff data in `cerebro-runtime-contract.json`.\n\nSee [Non-goals](docs/engineering/non-goals.md) before changing storage shape, Source CDK boundaries, graph/Cypher behavior, findings workflow contracts, action/runtime response semantics, platform/security namespace boundaries, or public product language.\n\n## Common Commands\n\n```bash\nmake build          # compile ./bin/cerebro\nmake serve-dev      # run the local server with acknowledged dev-mode opt-out\nmake test           # go test ./...\nmake check          # build, tests, lint, proto lint, structural checks, arch tests\nmake verify         # CI-parity local verification\nmake readme-check   # README and docs drift checks\nmake docs-drift-check\nmake oss-audit      # public repository hygiene scan\n```\n\nTop-level commands are `serve`, `version`, `source`, `source-runtime`, `finding-rule`, `graph`, `orchestrator`, `vulndb`, `closeout`, and `deploy`.\n\nFor policy or compliance-control work, run `make finding-dsl-check`, `make policy-rule-check`, `make detection-catalog-check`, and `make control-index-check` as applicable. Control extension packs are documented in [Compliance controls](docs/domains/compliance-controls.md) and use `--init-extension`, `--extension`, `--profile`, `--output`, and `--write` workflows.\n\n## Stack\n\n| Component | Technology |\n| --- | --- |\n| Language | Go 1.26+ (`go1.26.4` toolchain) |\n| HTTP server | Go `net/http` `ServeMux` |\n| RPC | Connect |\n| CLI | Standard Go CLI under `cmd/cerebro` |\n| Append log | NATS JetStream |\n| State store | Postgres |\n| Graph store | Neo4j/Aura |\n| Validation | `go test`, `golangci-lint`, Buf, Spectral, catalog checks, policy-rule checks, control-index checks, README drift checks, OSS audit, custom structural linters, arch tests |\n\n## License\n\nApache 2.0; see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwriter%2Fcerebro","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwriter%2Fcerebro","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwriter%2Fcerebro/lists"}