https://github.com/zoobz-io/aegis
Service mesh for Go microservices — mTLS everywhere, zero configuration
https://github.com/zoobz-io/aegis
go golang grpc microservices mtls service-mesh zoobzio
Last synced: about 2 months ago
JSON representation
Service mesh for Go microservices — mTLS everywhere, zero configuration
- Host: GitHub
- URL: https://github.com/zoobz-io/aegis
- Owner: zoobz-io
- License: mit
- Created: 2026-02-03T20:30:44.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2026-05-06T15:50:45.000Z (about 2 months ago)
- Last Synced: 2026-05-06T16:45:20.069Z (about 2 months ago)
- Topics: go, golang, grpc, microservices, mtls, service-mesh, zoobzio
- Language: Go
- Homepage: https://aegis.zoobz.io
- Size: 145 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
README
# aegis
[](https://github.com/zoobz-io/aegis/actions/workflows/ci.yml)
[](https://codecov.io/gh/zoobz-io/aegis)
[](https://goreportcard.com/report/github.com/zoobz-io/aegis)
[](https://github.com/zoobz-io/aegis/security/code-scanning)
[](https://pkg.go.dev/github.com/zoobz-io/aegis)
[](LICENSE)
[](go.mod)
[](https://github.com/zoobz-io/aegis/releases)
Service mesh for Go microservices — mTLS everywhere, zero configuration. Nodes discover each other, authenticate via certificates, and call domain services without managing PKI infrastructure.
## Zero-Trust by Default
```go
node, _ := aegis.NewNodeBuilder().
WithID("api-1").
WithName("API Server").
WithAddress("localhost:8443").
WithServices(aegis.ServiceInfo{Name: "identity", Version: "v1"}).
WithCertDir("./certs").
Build()
node.StartServer()
// Certificates generated automatically. All connections use mTLS.
// Other nodes can now discover this service and call it securely.
```
## Install
```bash
go get github.com/zoobz-io/aegis
```
Requires Go 1.24+.
## Quick Start
A provider node exposes a service. A consumer node discovers and calls it.
```go
package main
import (
"context"
"log"
"github.com/zoobz-io/aegis"
identity "github.com/zoobz-io/aegis/proto/identity"
"google.golang.org/grpc"
)
func main() {
// Provider: morpheus serves identity
morpheus, _ := aegis.NewNodeBuilder().
WithID("morpheus-1").
WithName("Morpheus").
WithAddress("localhost:8443").
WithServices(aegis.ServiceInfo{Name: "identity", Version: "v1"}).
WithServiceRegistration(func(s *grpc.Server) {
identity.RegisterIdentityServiceServer(s, &myIdentityServer{})
}).
WithCertDir("./certs").
Build()
morpheus.StartServer()
defer morpheus.Shutdown()
// Consumer: vicky calls identity service
vicky, _ := aegis.NewNodeBuilder().
WithID("vicky-1").
WithName("Vicky").
WithAddress("localhost:9443").
WithCertDir("./certs").
Build()
pool := aegis.NewServiceClientPool(vicky)
defer pool.Close()
client := aegis.NewServiceClient(pool, "identity", "v1", identity.NewIdentityServiceClient)
// Get a connection (round-robin across providers)
ctx := context.Background()
identityClient, _ := client.Get(ctx)
resp, _ := identityClient.ValidateSession(ctx, &identity.ValidateSessionRequest{
Token: "user-session-token",
})
log.Printf("Session valid: %v, user: %s", resp.Valid, resp.UserId)
}
```
## Capabilities
| Capability | Description | Docs |
|------------|-------------|------|
| Node identity | Build nodes with ID, name, type, address | [node_builder.go](node_builder.go) |
| Automatic mTLS | Certificates generated on first run, loaded thereafter | [tls.go](tls.go) |
| Service registry | Declare services, discover providers across mesh | [service.go](service.go) |
| Topology sync | Nodes share topology; version-based merge | [topology.go](topology.go) |
| Health checks | Extensible health checker interface | [health.go](health.go) |
| Service client | Connection pooling, round-robin load balancing | [client.go](client.go) |
| Caller identity | Extract calling node from mTLS context | [context.go](context.go) |
## Why aegis?
- **Automatic mTLS** — Nodes generate and exchange certificates on startup. No PKI infrastructure to manage.
- **Service discovery built-in** — Declare services, query providers, topology syncs across the mesh.
- **One import** — Node, peer connections, health checks, and gRPC server in a single package.
- **Caller identity on every request** — `CallerFromContext(ctx)` extracts the calling node from mTLS certificates.
- **Round-robin client pooling** — Service clients load-balance across providers automatically.
## The Ecosystem
aegis is the transport layer. Domain services build on top:
| Package | Role |
|---------|------|
| [capitan](https://github.com/zoobz-io/capitan) | Event coordination within a process |
| [herald](https://github.com/zoobz-io/herald) | Bridge capitan events to message brokers (future: aegis provider) |
| [morpheus](https://github.com/zoobz-io/morpheus) | Identity service — implements `IdentityService` |
| [vicky](https://github.com/zoobz-io/vicky) | Storage service — consumes identity via mesh |
## Documentation
**Learn**
- [Overview](docs/1.learn/1.overview.md) — What aegis is and why
- [Quickstart](docs/1.learn/2.quickstart.md) — Build your first mesh
- [Concepts](docs/1.learn/3.concepts.md) — Nodes, peers, topology, services
- [Architecture](docs/1.learn/4.architecture.md) — How it works internally
**Guides**
- [Testing](docs/2.guides/1.testing.md) — Testing code that uses aegis
- [Troubleshooting](docs/2.guides/2.troubleshooting.md) — Common errors and solutions
- [Services](docs/2.guides/3.services.md) — Defining and consuming services
- [Certificates](docs/2.guides/4.certificates.md) — Certificate management
**Reference**
- [API](docs/3.reference/1.api.md) — Function signatures
- [Types](docs/3.reference/2.types.md) — Type definitions
- [pkg.go.dev](https://pkg.go.dev/github.com/zoobz-io/aegis) — Generated documentation
## Contributing
Contributions welcome — see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
## License
MIT License — see [LICENSE](LICENSE).