# go

Open-source platform for managing AI coding agents as teammates

Multica is an open-source managed agents platform that lets you assign coding tasks to AI agents like Claude Code and Codex as if they were team members. It provides a unified dashboard for task assignment, execution monitoring, and skill reuse across local and cloud compute environments. With multi-workspace support, team-level isolation, and reusable skill compounding, Multica turns autonomous coding agents into organized, trackable development resources.

Instant isolated dev environments powered by Nix

Devbox is an open-source command-line tool that creates instant, reproducible development environments using Nix packages without requiring you to learn Nix. Define your project dependencies in a simple devbox.json file and get isolated shells with access to over 400,000 package versions. It eliminates dependency conflicts between projects and ensures every team member works in an identical environment, with support for devcontainers, Docker, and cloud deployment.

Modular AI prompt framework for everyday tasks

Fabric is an open-source framework that organizes AI prompts into reusable patterns for solving everyday tasks like summarizing content, explaining code, extracting insights from videos, and generating social media posts. Written in Go with support for 20+ AI providers including OpenAI, Claude, Gemini, and Ollama, it runs from the command line and can serve as a REST API. With 40,000+ GitHub stars, Fabric bridges the gap between AI capabilities and practical workflow automation.

Open-source real-time voice, video, and AI agent infrastructure

LiveKit is an open-source WebRTC infrastructure platform for building real-time voice, video, and data applications. It powers ChatGPT Advanced Voice Mode and serves as the foundation for AI agent voice interactions. LiveKit provides server-side SDKs for Go, Python, Node.js, and Rust alongside client SDKs for every major platform. The Agents framework lets developers build voice-enabled AI assistants with speech-to-text, LLM processing, and text-to-speech pipelines in Python or Node.js.

Open-source identity management with built-in multi-tenancy

ZITADEL is an open-source identity and access management platform that handles authentication, authorization, and user management for B2B and B2C applications. It supports OIDC, SAML, OAuth 2.0, Passkeys, MFA, and passwordless login out of the box. Built with multi-tenancy as a core feature, ZITADEL lets you manage multiple organizations with delegated admin access, custom branding, and isolated identity stores—all from a single deployment.

Fine-grained authorization engine by Okta

OpenFGA is an open-source authorization engine inspired by Google Zanzibar, built and maintained by Okta (Auth0). It provides relationship-based access control with a flexible modeling language, sub-millisecond permission checks, and SDKs for major languages. OpenFGA is used by companies including Grafana Labs, Canonical, and Docker for fine-grained access control in multi-tenant applications.

Google Zanzibar-inspired authorization database

SpiceDB is an open-source authorization database inspired by Google's Zanzibar system, providing relationship-based access control (ReBAC) at scale. It defines permissions through a schema language that models relationships between users, resources, and roles, then evaluates authorization checks in single-digit milliseconds. Used by companies like Netflix and GitHub, SpiceDB handles millions of permission checks per second.

Open-source zero-trust networking with WireGuard

NetBird is an open-source zero-trust networking platform that creates encrypted WireGuard overlay networks between devices without opening ports or configuring firewalls. It provides peer-to-peer connectivity with NAT traversal, access control policies, DNS management, and a web dashboard for team management. NetBird replaces traditional VPNs with a simpler, more secure mesh networking approach for self-hosted infrastructure and remote teams.

OpenAI API management gateway for 100+ LLM providers

One API is a self-hosted LLM API gateway that provides a unified OpenAI-compatible interface for managing multiple model providers including OpenAI, Azure, Anthropic, Google, and dozens of Chinese providers. It handles load balancing, quota management, rate limiting, token tracking, and channel-based routing through a web dashboard. Widely adopted in the Chinese developer ecosystem with over 18,000 GitHub stars.

Run GitHub Actions locally for fast feedback

Act is an open-source tool that runs GitHub Actions workflows locally using Docker containers that match GitHub's execution environment. It provides instant feedback on workflow changes without pushing to a repository, supports matrix builds, secret management, and artifact handling. Act can also replace Makefiles by using workflow files as task definitions, making it useful for both CI/CD development and local task automation across development teams.

Google's application kernel for container sandboxing and security

gVisor is Google's open-source container runtime sandbox that provides an additional layer of isolation between containerized applications and the host kernel. It implements a user-space application kernel that intercepts system calls, preventing container escapes and limiting the attack surface. Used in Google Cloud Run, GKE Sandbox, and other Google Cloud services. Over 18,000 GitHub stars.

Cross-machine dotfile manager with template support and encryption

Chezmoi manages dotfiles across multiple machines with template support for machine-specific configuration, secret encryption, and integration with password managers. It handles the complexity of maintaining consistent development environments across work laptops, personal machines, and servers. Over 15,000 GitHub stars with support for 1Password, Bitwarden, LastPass, and gpg encryption.

Modular open-source identity infrastructure with Kratos, Hydra, and Keto

Ory provides a suite of modular open-source identity components: Kratos for user management and authentication, Hydra for OAuth2 and OIDC, Oathkeeper for API gateway authorization, and Keto for fine-grained permission management. Used by OpenAI and other major organizations. API-first design with Go-based microservices that deploy independently or together as Ory Network cloud.

Lightweight Kubernetes distribution for edge, IoT, and development

k3s is a CNCF Sandbox lightweight Kubernetes distribution packaged as a single binary under 100MB. Created by Rancher Labs and now maintained by SUSE, it strips non-essential components and bundles containerd, Flannel, CoreDNS, and Traefik into a minimal but fully conformant K8s distribution. Ideal for edge computing, IoT, ARM devices, and local development environments.

Leading open-source service mesh for Kubernetes microservices

Istio is the most widely adopted open-source service mesh for Kubernetes, providing traffic management, security, and observability for microservice architectures. It uses Envoy proxy sidecars to intercept and manage service-to-service communication with mutual TLS, fine-grained traffic routing, circuit breaking, and distributed tracing. CNCF Graduated project used in production by Google, IBM, and Salesforce.

Backend development framework with built-in infrastructure automation

Encore is a backend development framework for TypeScript and Go that automates infrastructure provisioning from application code. Developers define APIs, databases, cron jobs, and pub/sub topics using framework primitives, and Encore generates the necessary cloud infrastructure on AWS or GCP. Includes local development tooling with service catalog, tracing, and automatic API documentation.

Kubernetes ChatOps bot for Slack, Teams, and Discord

Botkube is a Kubernetes ChatOps platform that brings cluster management into Slack, Microsoft Teams, and Discord. It provides real-time alerts for cluster events, enables kubectl command execution from chat, and supports automated workflows triggered by Kubernetes resource changes. Features plugin architecture for extensibility and RBAC-based access control for team collaboration.

Zero-friction single-binary Kubernetes distribution by Mirantis

k0s is a lightweight, CNCF-certified Kubernetes distribution packaged as a single binary with zero host dependencies. Backed by Mirantis, it simplifies cluster deployment by bundling all required components into one executable that works on any Linux system. Supports x86-64, ARM64, and ARMv7 architectures with automatic upgrades and a built-in control plane load balancer.

eBPF-based networking, security, and observability for Kubernetes

Cilium is a CNCF Graduated project that provides networking, security, and observability for Kubernetes using eBPF technology. It replaces kube-proxy with efficient eBPF-based load balancing, enforces L3-L7 network policies using identity-based security, and includes Hubble for network flow observability and Tetragon for runtime security enforcement. Adopted by Google GKE, AWS EKS Anywhere, and Azure AKS.

Autonomous Kubernetes and GPU infrastructure optimization

ScaleOps provides autonomous real-time management of Kubernetes and GPU infrastructure, reducing cloud costs by up to 80 percent without manual configuration. Backed by 130 million in Series C funding at an 800 million dollar valuation, it serves enterprises including Adobe, Wiz, DocuSign, and Salesforce. The platform continuously rightsizes pods, optimizes replicas, manages nodes, and allocates GPUs based on live workload demand rather than static configurations.

Google's official Agent Development Kit for building AI agents in Go

adk-go is Google's official Agent Development Kit for the Go programming language, providing the tools and abstractions needed to build production AI agents. It supports tool calling, multi-turn conversations, structured outputs, and integration with Google's Gemini models. With 7,300 GitHub stars and Apache 2.0 license, it brings first-class AI agent development capabilities to the Go ecosystem.

Google's vulnerability scanner using the OSV database

OSV-Scanner is Google's official open-source vulnerability scanner that checks your project's dependencies against the OSV.dev database — the largest open vulnerability database covering all major ecosystems. Written in Go, it supports lockfiles from npm, pip, Maven, Cargo, Go modules, and more, providing actionable remediation guidance and CI/CD integration for automated security scanning.

Go implementation of the Model Context Protocol SDK

mcp-go is a Go implementation of the Model Context Protocol, providing both server and client SDKs for building MCP integrations in Go. It supports stdio and SSE transports, resource management, tool registration, and prompt templates. Designed for Go developers building MCP servers for DevOps tools, CLI applications, and backend services. Over 8,000 GitHub stars.

Kubernetes-native cloud infrastructure control plane

Crossplane is a CNCF Graduated open-source project that extends Kubernetes to manage cloud infrastructure through declarative APIs. Platform teams compose custom infrastructure abstractions as Compositions and publish them as self-service APIs. It provisions resources across AWS, Azure, GCP, and 200+ providers directly from kubectl. Used by 450+ organizations with 11,000+ GitHub stars.