{"id":43918162,"url":"https://github.com/xavyo/xavyo","last_synced_at":"2026-03-07T06:13:50.038Z","repository":{"id":336080115,"uuid":"1148021555","full_name":"xavyo/xavyo","owner":"xavyo","description":"The Identity Platform for the AI Agent Era. Secure humans, machines, and AI agents with a unified Rust-based platform.","archived":false,"fork":false,"pushed_at":"2026-03-01T19:15:39.000Z","size":14193,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-03-01T21:47:57.063Z","etag":null,"topics":["ai-agents","axum","iam","identity","multi-tenant","oauth2","oidc","rust","saml","scim"],"latest_commit_sha":null,"homepage":"https://xavyo.net","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xavyo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-02T13:40:19.000Z","updated_at":"2026-03-01T19:15:43.000Z","dependencies_parsed_at":"2026-02-07T23:02:11.020Z","dependency_job_id":null,"html_url":"https://github.com/xavyo/xavyo","commit_stats":null,"previous_names":["xavyo/xavyo"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/xavyo/xavyo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xavyo%2Fxavyo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xavyo%2Fxavyo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xavyo%2Fxavyo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xavyo%2Fxavyo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xavyo","download_url":"https://codeload.github.com/xavyo/xavyo/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xavyo%2Fxavyo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30208889,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T05:23:27.321Z","status":"ssl_error","status_checked_at":"2026-03-07T05:00:17.256Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","axum","iam","identity","multi-tenant","oauth2","oidc","rust","saml","scim"],"created_at":"2026-02-06T22:02:56.522Z","updated_at":"2026-03-07T06:13:50.028Z","avatar_url":"https://github.com/xavyo.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003cimg src=\"logo-xavyo.png\" alt=\"xavyo\" width=\"400\" /\u003e\n\u003c/p\u003e\n\n\u003ch3 align=\"center\"\u003eThe Identity Platform for the AI Agent Era\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n Secure your AI agents, humans, and machines with a unified identity platform.\u003cbr/\u003e\n Built in Rust for performance. Designed for the future.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/xavyo/xavyo/blob/master/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-BSL--1.1-blue.svg\" alt=\"License\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/xavyo/xavyo\"\u003e\u003cimg src=\"https://img.shields.io/badge/rust-1.75+-orange.svg\" alt=\"Rust 1.75+\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/xavyo/xavyo\"\u003e\u003cimg src=\"https://img.shields.io/badge/status-production--ready-green.svg\" alt=\"Production Ready\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://discord.gg/xavyo\"\u003e\u003cimg src=\"https://img.shields.io/badge/discord-join-7289da.svg\" alt=\"Discord\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#quick-start\"\u003eQuick Start\u003c/a\u003e •\n \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e •\n \u003ca href=\"#why-xavyo\"\u003eWhy xavyo\u003c/a\u003e •\n \u003ca href=\"#documentation\"\u003eDocs\u003c/a\u003e •\n \u003ca href=\"#contributing\"\u003eContributing\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## The Problem\n\nAI agents are proliferating across enterprises. Each agent needs:\n- **Identity** — Who is this agent? Who owns it?\n- **Credentials** — How does it authenticate to cloud services?\n- **Permissions** — What tools and data can it access?\n- **Audit Trail** — What actions did it take and why?\n\nTraditional IAM solutions weren't built for this. They focus on humans, not machines. Not agents.\n\n## The Solution\n\n**xavyo** is a unified identity platform that secures humans, machines, and AI agents with the same robust infrastructure:\n\n```\n┌─────────────────────────────────────────────────────────────────────┐\n│ xavyo │\n├─────────────────────────────────────────────────────────────────────┤\n│ Humans │ AI Agents │ Services │\n│ ───────────────── │ ───────────────── │ ───────────────── │\n│ • SSO (OIDC/SAML) │ • Agent Identity │ • Service Accounts │\n│ • MFA / Passkeys │ • Dynamic Creds │ • API Keys │\n│ • Social Login │ • Tool Permissions │ • mTLS Certificates │\n│ • Self-Service │ • Audit Logging │ • Workload Identity │\n└─────────────────────────────────────────────────────────────────────┘\n │\n ┌─────────────┴─────────────┐\n ▼ ▼\n ┌─────────────┐ ┌─────────────┐\n │ Your │ │ Cloud │\n │ Apps │ │ Services │\n └─────────────┘ └─────────────┘\n```\n\n---\n\n## Features\n\n### Authentication \u0026 SSO\n| Feature | Description |\n|---------|-------------|\n| **OAuth2/OIDC Provider** | Authorization Code + PKCE, Client Credentials, Device Code, Token Exchange, Refresh Tokens |\n| **SAML 2.0 IdP** | SP-initiated and IdP-initiated SSO with signature validation and group assertions |\n| **SAML Single Logout** | SP-initiated and IdP-initiated SLO with per-SP session tracking |\n| **OIDC RP-Initiated Logout** | End Session endpoint with `id_token_hint`, `post_logout_redirect_uri`, `client_id` |\n| **Multi-Factor Auth** | TOTP, WebAuthn/Passkeys, Recovery Codes with configurable enforcement |\n| **Social Login** | Google, Microsoft, Apple — with JWKS signature verification and nonce validation |\n| **Passwordless** | Magic links and passkey-first authentication |\n| **Session Management** | Active session tracking, revocation, concurrent session limits |\n| **Security Policies** | Configurable password, session, MFA, and lockout policies per tenant |\n\n### AI Agent Security (NHI — Non-Human Identity)\n| Feature | Description |\n|---------|-------------|\n| **Unified NHI Model** | Single identity model for agents, tools, and service accounts with type-specific extensions |\n| **Lifecycle Management** | State machine: active, inactive, suspended, deprecated, archived — with full transition audit |\n| **Dynamic Credentials** | Short-lived AWS STS, Azure, GCP credentials via OAuth2 token exchange |\n| **Tool Permissions** | Fine-grained grant/revoke of agent-to-tool and NHI-to-NHI calling permissions |\n| **User Permissions** | Control which users can use/manage/admin each NHI identity |\n| **Risk Scoring** | Per-NHI risk assessment with inactivity detection and orphan account discovery |\n| **Certifications** | Certification campaigns for periodic NHI review and attestation |\n| **SoD Rules** | Segregation of Duties enforcement for NHI identities |\n| **Agent Blueprints** | Reusable agent configuration templates — pre-define model, permissions, delegation, and lifetime |\n| **Token Vault** | Secure external OAuth token storage with AES-GCM encryption, auto-refresh, and Zeroize cleanup |\n| **MCP Discovery** | Model Context Protocol tool discovery endpoint for AI agent integration |\n| **MCP Authorization** | RFC 9728 Protected Resource Metadata + MCP Client Metadata for zero-registration auth flows |\n| **A2A Protocol** | Agent-to-Agent communication with agent card discovery and webhook delivery |\n| **Workload Identity** | Cloud-native identity federation (AWS, Azure, GCP) |\n| **PKI Certificates** | X.509 certificate issuance for agent mTLS authentication |\n\n### Identity Governance \u0026 Administration (IGA)\n| Feature | Description |\n|---------|-------------|\n| **Roles \u0026 Entitlements** | RBAC with application-scoped entitlements and role-entitlement mappings |\n| **Role Inducements** | Automatic role grants — when a parent role is assigned, induced roles are automatically granted |\n| **Role Inheritance** | Hierarchical role structures with inheritance blocks |\n| **Role Mining** | Analytics-driven role discovery from existing access patterns |\n| **Access Requests** | Self-service request catalog with configurable approval workflows and escalation |\n| **Segregation of Duties** | SoD rule enforcement with exemptions and violation detection |\n| **Access Certifications** | Periodic review campaigns with micro-certification support |\n| **GDPR Compliance** | Data protection classification on entitlements, GDPR compliance reports, per-user data protection summaries |\n| **Lifecycle Workflows** | Joiner/mover/leaver automation with birthright policies and state machines |\n| **Risk Assessment** | Multi-factor risk scoring with alerts, thresholds, and peer group analysis |\n| **Outlier Detection** | Statistical detection of anomalous access patterns |\n| **Power of Attorney** | Delegated administration with time-bounded authority |\n| **Identity Archetypes** | Template-based identity provisioning (Employee, Contractor, etc.) |\n| **Personas** | Multiple persona management per identity |\n| **Meta-Roles \u0026 Parametric Roles** | Dynamic role generation and parameter-driven role assignment |\n| **Bulk Actions** | Batch operations for mass assignment, revocation, and lifecycle transitions |\n| **Object Templates** | Reusable templates for governance objects |\n| **Policy Simulation** | What-if analysis for access changes before applying them |\n\n### Provisioning \u0026 Connectors\n| Feature | Description |\n|---------|-------------|\n| **Connector Framework** | Pluggable architecture for target system integration |\n| **Built-in Connectors** | LDAP, Active Directory, REST APIs, Databases, Microsoft Entra ID |\n| **SCIM 2.0 Server** | Inbound provisioning from Azure AD, Okta, Google Workspace |\n| **SCIM 2.0 Client** | Outbound provisioning to SCIM-compliant targets |\n| **Reconciliation** | Scheduled reconciliation with conflict detection and resolution |\n| **Provisioning Jobs** | Job tracking with dead-letter queue and retry logic |\n| **Import/Export** | Bulk CSV import and declarative YAML export for users, groups, applications |\n\n### Enterprise Features\n| Feature | Description |\n|---------|-------------|\n| **Multi-Tenant** | Full tenant isolation with PostgreSQL Row-Level Security on every table |\n| **Tenant Settings** | Per-tenant configuration for branding, session policies, and features |\n| **User Invitations** | Email-based invitation flow with role preservation |\n| **API Keys** | Scoped API keys with usage statistics and introspection |\n| **Webhooks** | Event-driven notifications with circuit breaker, DLQ, and retry |\n| **SIEM Integration** | Structured audit events for security monitoring |\n| **Audit Logging** | Comprehensive audit trail for all operations |\n| **Correlation Engine** | Cross-system identity correlation and matching |\n| **Token Delegation** | OAuth2 token exchange (RFC 8693) with `may_act` constraints, actor chain depth limits, and resource validation (RFC 8707) |\n| **Cedar Policies** | Fine-grained authorization via AWS Cedar policy language (feature-gated `cedar`). Deny-overrides, defense-in-depth with native policies |\n| **Ext-AuthZ Gateway** | External authorization service for API gateway integration |\n\n### OIDC Federation\n| Feature | Description |\n|---------|-------------|\n| **Identity Providers** | Configure external OIDC identity providers for federated login |\n| **Attribute Mapping** | Map external claims to internal user attributes |\n| **JIT Provisioning** | Just-in-time user creation from federated logins |\n| **JWKS Verification** | Full signature verification of ID tokens via JWKS |\n\n### CLI (`xavyo`)\n| Feature | Description |\n|---------|-------------|\n| **31 Commands** | Full API coverage — agents, users, groups, governance, NHI, connectors, and more |\n| **Setup Wizard** | Interactive onboarding: signup, email verification, tenant creation |\n| **Multi-Tenant Switching** | `tenant switch` to change context between organizations |\n| **Declarative Config** | `apply` and `export` for GitOps workflows |\n| **Watch Mode** | `watch` a YAML config file and auto-apply changes |\n| **Templates** | Pre-configured templates for quick setup |\n| **JSON Output** | `--json` flag on all commands for scripting and CI pipelines |\n| **Shell Completions** | Bash, Zsh, Fish, PowerShell via `completions` command |\n| **Doctor** | Connection and configuration diagnostics |\n\n---\n\n## Quick Start\n\n### Docker (recommended)\n\nGet running in **2 minutes** — no Rust toolchain needed:\n\n```bash\n# 1. Clone\ngit clone https://github.com/xavyo/xavyo.git \u0026\u0026 cd xavyo\n\n# 2. Generate JWT keys\nbash docker/generate-keys.sh\n\n# 3. Start everything\ndocker compose -f docker/docker-compose.yml up -d\n\n# 4. Verify\ncurl http://localhost:8080/readyz\n```\n\n**That's it!** API running at `http://localhost:8080`\n\n### Without Docker (from source)\n\n```bash\n# 1. Clone\ngit clone https://github.com/xavyo/xavyo.git \u0026\u0026 cd xavyo\n\n# 2. Generate JWT keys\nbash docker/generate-keys.sh\n\n# 3. Start PostgreSQL\ndocker compose -f docker/docker-compose.yml up -d postgres\n\n# 4. Setup environment \u0026 run\ncp .env.example .env\ncargo run -p idp-api\n```\n\nSwagger UI: `http://localhost:8080/docs/`\n\n### Using the CLI\n\n```bash\n# Install the CLI\ncargo install --path apps/xavyo-cli\n\n# Interactive setup (signup, verify email, create tenant)\nxavyo setup\n\n# Or step by step:\nxavyo signup # Create an account\nxavyo verify status # Check email verification\nxavyo verify resend # Resend verification email\nxavyo login # Authenticate via device code flow\nxavyo init \"My Organization\" # Create a tenant\n\n# Check setup status\nxavyo setup --check\n```\n\n### Test it works\n\n```bash\ncurl -X POST http://localhost:8080/auth/login \\\n -H \"Content-Type: application/json\" \\\n -H \"X-Tenant-Id: 00000000-0000-0000-0000-000000000001\" \\\n -d '{\"email\":\"admin@test.xavyo.com\",\"password\":\"Test123!\"}'\n```\n\n---\n\n## Why xavyo?\n\n| | xavyo | Traditional IAM | DIY |\n|---|:---:|:---:|:---:|\n| **AI Agent Identity** | Native | Bolt-on | Build it |\n| **NHI Lifecycle Management** | Built-in | N/A | Complex |\n| **Dynamic Cloud Credentials** | Built-in | Separate tool | Complex |\n| **IGA (Governance)** | Full suite | Separate product | Enormous effort |\n| **Multi-Tenant by Design** | RLS isolation | Varies | Hard |\n| **SAML + OIDC + Social** | All built-in | Usually one | Build each |\n| **Open Source** | BSL 1.1 | Proprietary | Yes |\n| **Performance** | Rust/Axum | JVM overhead | Varies |\n| **Self-Hosted** | Full control | Limited | Yes |\n\n### Built for Scale\n\n- **Rust** — Memory-safe, no GC pauses, predictable latency\n- **Axum** — Async-first HTTP framework with Tower middleware\n- **PostgreSQL RLS** — Tenant isolation enforced at the database level\n- **32 crates** — Modular architecture, each crate independently testable\n- **198 SQL migrations** — Battle-tested, production-grade schema\n- **665K lines of Rust** — Comprehensive implementation, not a prototype\n- **7,400+ tests** — 5,576 unit/integration + 1,907 functional tests across 14 batches\n\n---\n\n## API Surface\n\nxavyo exposes a comprehensive REST API with full OpenAPI/Swagger documentation.\n\n| Domain | Endpoints | Description |\n|--------|-----------|-------------|\n| **Authentication** | `/auth/*` | Login, logout, register, MFA, password reset, email verification |\n| **OAuth2/OIDC** | `/oauth/*` | Authorize, token, userinfo, JWKS, discovery, end session, introspect |\n| **SAML 2.0** | `/saml/*` | SSO, SLO, metadata, certificate management, SP configuration |\n| **Users \u0026 Groups** | `/users/*`, `/groups/*` | CRUD, role assignments, group memberships, password management |\n| **Sessions** | `/sessions/*` | Active session listing, revocation, concurrent limits |\n| **NHI (Non-Human)** | `/nhi/*` | Unified CRUD, lifecycle, permissions, risk, certifications, blueprints, token vault |\n| **Governance** | `/governance/*` | Roles, entitlements, access requests, SoD, certifications, GDPR |\n| **Connectors** | `/connectors/*` | Configuration, reconciliation, provisioning jobs, DLQ |\n| **SCIM 2.0** | `/scim/*` | Users, groups, service provider config, schemas |\n| **Webhooks** | `/webhooks/*` | Subscriptions, DLQ, circuit breaker |\n| **Social Login** | `/social/*` | Google, Microsoft, Apple federation |\n| **OIDC Federation** | `/federation/*` | External IdP configuration and metadata |\n| **Tenants** | `/tenants/*` | Multi-tenant management, settings, invitations |\n| **Import** | `/import/*` | Bulk CSV import with validation |\n| **API Keys** | `/api-keys/*` | Scoped key management, usage stats, introspection |\n| **Authorization** | `/authorization/*` | Policy evaluation, Cedar policies, external authz |\n| **MCP Auth** | `/.well-known/oauth-protected-resource`, `/.well-known/mcp-client-metadata` | RFC 9728 resource metadata + MCP client discovery |\n| **Audit** | `/audit/*` | Event log querying |\n| **Security Policies** | `/policies/*` | Password, session, MFA, lockout configuration |\n| **Operations** | `/operations/*` | Provisioning operation tracking |\n\n---\n\n## Documentation\n\n| Resource | Description |\n|----------|-------------|\n| **[llms.txt](llms.txt)** | LLM-friendly navigation index for all 32 crates |\n| **[llms-full.txt](llms-full.txt)** | Complete documentation (~15,500 words) |\n| **[Architecture](docs/ARCHITECTURE.md)** | System architecture overview |\n| **[Crate Index](docs/crates/index.md)** | All crates organized by layer |\n| **[Dependency Graph](docs/crates/dependency-graph.md)** | Visual dependency relationships |\n| **[API Reference](http://localhost:8080/docs/)** | Swagger UI (when running) |\n\nEach crate has a standardized `CRATE.md` file at its root (e.g., [`crates/xavyo-core/CRATE.md`](crates/xavyo-core/CRATE.md)).\n\n---\n\n## Architecture\n\n```\nxavyo/\n├── apps/\n│ ├── idp-api/ # Main API service (Axum)\n│ ├── gateway/ # API Gateway\n│ ├── ext-authz/ # External Authorization service\n│ └── xavyo-cli/ # CLI tool (31 commands)\n│\n├── crates/ # 32 Rust crates\n│ ├── Core\n│ │ ├── xavyo-core/ # Shared types (TenantId, UserId, errors)\n│ │ ├── xavyo-auth/ # JWT, passwords, MFA, passkeys\n│ │ ├── xavyo-db/ # PostgreSQL + 198 migrations\n│ │ ├── xavyo-tenant/ # Multi-tenant middleware\n│ │ └── xavyo-events/ # Kafka event bus\n│ │\n│ ├── API Layer\n│ │ ├── xavyo-api-auth/ # Authentication endpoints\n│ │ ├── xavyo-api-oauth/ # OAuth2/OIDC provider\n│ │ ├── xavyo-api-saml/ # SAML 2.0 IdP + SLO\n│ │ ├── xavyo-api-social/ # Social login (Google, MS, Apple)\n│ │ ├── xavyo-api-users/ # User \u0026 group management\n│ │ ├── xavyo-api-scim/ # SCIM 2.0 server\n│ │ ├── xavyo-api-governance/ # IGA engine (40+ endpoints)\n│ │ ├── xavyo-api-nhi/ # Non-Human Identity API\n│ │ ├── xavyo-api-connectors/ # Connector \u0026 job management\n│ │ ├── xavyo-api-import/ # Bulk import\n│ │ ├── xavyo-api-tenants/ # Tenant \u0026 API key management\n│ │ ├── xavyo-api-authorization/# Policy evaluation\n│ │ └── xavyo-api-oidc-federation/ # External IdP federation\n│ │\n│ ├── Services\n│ │ ├── xavyo-governance/ # Governance business logic\n│ │ ├── xavyo-authorization/ # Authorization engine + Cedar policies\n│ │ ├── xavyo-nhi/ # NHI domain logic\n│ │ ├── xavyo-provisioning/ # Provisioning orchestration\n│ │ ├── xavyo-webhooks/ # Webhook delivery + DLQ\n│ │ ├── xavyo-siem/ # SIEM integration\n│ │ ├── xavyo-secrets/ # Secret management\n│ │ └── xavyo-scim-client/ # Outbound SCIM client\n│ │\n│ └── Connectors\n│ ├── xavyo-connector/ # Connector trait framework\n│ ├── xavyo-connector-ldap/ # LDAP/AD connector\n│ ├── xavyo-connector-entra/ # Microsoft Entra ID connector\n│ ├── xavyo-connector-rest/ # Generic REST connector\n│ ├── xavyo-connector-database/ # Database connector\n│ └── xavyo-ext-authz/ # External authorization\n│\n├── docker/ # Docker \u0026 development environment\n├── tests/functional/ # 1,907 functional tests (14 batches)\n└── specs/ # Feature specifications\n```\n\n**32 crates** | **198 SQL migrations** | **1,739 source files** | **665K lines of Rust**\n\n---\n\n## Contributing\n\nWe'd love your help making xavyo better!\n\n### Good First Issues\n\nLook for issues tagged [`good first issue`](https://github.com/xavyo/xavyo/labels/good%20first%20issue).\n\n### How to Contribute\n\n1. **Fork** the repository\n2. **Create** a feature branch (`git checkout -b feat/amazing-feature`)\n3. **Code** — follow `cargo fmt` and `cargo clippy`\n4. **Test** — run `cargo test --workspace`\n5. **Commit** — use [conventional commits](https://conventionalcommits.org) (`feat:`, `fix:`, `docs:`)\n6. **Push** and open a **Pull Request**\n\n### Development Setup\n\n```bash\n# Build everything\ncargo build --workspace\n\n# Run tests\ncargo test --workspace\n\n# Lint\ncargo clippy --workspace -- -D warnings\n\n# Format\ncargo fmt --all\n```\n\n---\n\n## Roadmap\n\n- [ ] **Kubernetes Operator** — Deploy xavyo on K8s with CRDs\n- [ ] **Agent SDK** — Python, TypeScript, Go SDKs for agents\n- [ ] **Policy Engine** — OPA/Rego integration for fine-grained policies\n- [ ] **Terraform Provider** — Infrastructure as Code support\n- [ ] **Web Console** — Admin UI (SvelteKit, in development)\n\nHave ideas? [Open a discussion](https://github.com/xavyo/xavyo/discussions)!\n\n---\n\n## License\n\n**Business Source License 1.1 (BSL 1.1)**\n\n- **Self-hosted deployment** — permitted\n- **Internal use** — permitted\n- **Modifications** — permitted\n- **Hosted service** — requires commercial license\n- **Converts to Apache 2.0** on 2030-02-01\n\nSee [LICENSE](LICENSE) for full terms.\n\n### Commercial Licensing\n\nNeed to run xavyo as a hosted service? Contact us:\n\npascal@heartbit.ai\n\n---\n\n\u003cp align=\"center\"\u003e\n \u003csub\u003eBuilt with care by \u003ca href=\"https://heartbit.ai\"\u003eHeartbit Inc.\u003c/a\u003e\u003c/sub\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxavyo%2Fxavyo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxavyo%2Fxavyo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxavyo%2Fxavyo/lists"}