aicoolies logo
Pangolin logo

Pangolin

Identity-aware VPN and reverse proxy for zero-trust remote access

Share
api-usage-based
Visit Website →

Identity-based remote access platform built on WireGuard that combines reverse proxy and VPN capabilities. Pangolin supports clientless browser access for web apps and client-based private-resource access across macOS, iOS, Windows, Linux, and Android, with zero-trust rules, peer-to-peer tunnels, automatic SSL, SSO/OIDC options, and cloud or self-hosted deployment.

We have a review for this tool

A detailed review by the aicoolies team — click to read

Pangolin is an identity-based remote access platform built around WireGuard that combines reverse proxy and VPN capabilities in one stack. It lets teams expose specific web applications through browser-based access and reach private resources such as SSH, databases, RDP, or network ranges through client-based access. The product is positioned as zero-trust remote access: users authenticate through identity-aware rules and receive access to defined resources rather than blanket network reachability.

Current public materials describe Pangolin version 1.19.2 with platform support across macOS, iOS, Windows, Linux, and Android, plus peer-to-peer tunnels and clientless browser access across on-prem, cloud, and edge environments. The docs describe cloud and self-host deployment paths, while the homepage and repository show roughly 21K+ GitHub stars. License handling should be described carefully: GitHub reports NOASSERTION and the raw license text includes commercial-license language, so it is safer not to frame Pangolin as simply AGPL-only.

Current pricing has moved to a clearer Cloud/Self-Hosted selector with Basic Free, Team at $4 per user per month, Business at $9 per user per month, and Enterprise custom pricing. Pangolin is best for teams that want a managed or self-hosted alternative to combining separate VPN, tunnel, and reverse-proxy systems, especially when browser access, private-resource access, SSO/OIDC, device approvals, audit logging, and enterprise support need to live under one administrative model.

Pricing

Basic Free; Team $4/user/mo; Business $9/user/mo; Enterprise custom; cloud and self-hosted deployment options

Platforms

macOS, iOS, Windows, Linux, Android; cloud and self-hosted; Docker/DigitalOcean-style deployment paths

Categories

Tags

Use Cases

Alternatives

Blacksmith logo

Blacksmith

Run GitHub Actions on faster bare-metal runners with lower Ubuntu per-minute pricing

Blacksmith is a drop-in replacement for GitHub-hosted runners that executes Actions on bare-metal gaming CPUs and source-shaped cache infrastructure. Migration requires a one-line YAML change. Features include colocated warm caches, persistent Docker layer caching on NVMe, CI observability with log search, and Firecracker microVM isolation. SOC 2 Type 2 certified, with Ubuntu x64 pricing at $0.004/min and 3,000 free minutes/month.

api-usage-based
Teleport Beams logo

Teleport Beams

Trusted runtime environments for AI agents in production infrastructure

Teleport Beams provides cryptographically verified, policy-gated access for AI agents to interact with production infrastructure including servers, Kubernetes clusters, and databases. Launched at KubeCon EU 2026, Beams extends Teleport's zero-trust access platform with agent-specific runtime controls, audit trails, and policy enforcement to ensure AI agents operate within defined boundaries when deployed in production environments.

open-sourceOpen Source
RustFS logo

RustFS

High-performance S3-compatible object storage built in Rust

RustFS is an open-source distributed object storage system built entirely in Rust, offering 2.3x faster performance than MinIO for small object payloads. It provides full S3 API compatibility, enabling seamless migration from MinIO, Ceph, and AWS S3 with existing SDKs and CLI tools. Released under Apache 2.0 license, it avoids MinIO's restrictive AGPL terms. Features include distributed architecture, erasure coding, WORM compliance, encryption via RustyVault, and a web management console.

open-sourceOpen Source
Lightpanda logo

Lightpanda

Zig-built headless browser engineered for AI agent workloads

Open-source headless browser written in Zig for AI agents, crawling, and automation. Lightpanda omits graphical rendering, keeps DOM and JavaScript execution, exposes CDP for Puppeteer/Playwright/chromedp, and adds Agent, PandaScript, and MCP workflows. Current public benchmarks claim about 9x faster execution and 16x less memory than Chrome.

paid

Related Tools

KubeAI

Kubernetes operator for serving AI inference workloads

KubeAI is an Apache-2.0 Kubernetes operator for deploying and scaling AI inference workloads, including LLMs, embeddings, reranking, and speech-to-text. It gives platform teams OpenAI-compatible endpoints, model proxy/controller primitives, model caching, scale-from-zero behavior, and cluster-native resource management for self-hosted inference on Kubernetes.

open-sourceOpen Source
Agent Governance Toolkit logo

Agent Governance Toolkit

Microsoft’s public-preview runtime governance toolkit for policy, identity, sandboxing, audit, and MCP security around AI agents.

Agent Governance Toolkit is Microsoft’s MIT-licensed public-preview toolkit for governing AI agent runtimes. It adds policy enforcement, zero-trust identity, execution sandboxing, audit, reliability, and MCP security-gateway patterns around tool calls and autonomous actions, helping platform teams move beyond prompt-only guardrails while preserving architecture review requirements.

open-sourceOpen SourceTelemetry

CLIProxyAPI

Self-hosted proxy API for routing AI CLI accounts into OpenAI-compatible endpoints

CLIProxyAPI is an open-source Go proxy server that wraps Gemini CLI, Claude Code, OpenAI Codex, Grok Build, and related CLI account flows behind OpenAI/Gemini/Claude-compatible API endpoints. Use it carefully: it can touch OAuth sessions, auth files, logs, and provider account policies, so production use needs credential and ToS review.

open-sourceOpen SourceTelemetry
Baz logo

Baz

Telemetry-aware AI code reviewer that checks how pull requests may affect real services.

Baz is an AI code-review platform focused on production-aware pull requests. Instead of only reading the diff, Baz connects code changes to application telemetry so reviewers can understand what endpoints, services, and runtime behavior may be affected. That makes it a useful complement to existing AI PR bots when the question is not just whether a change looks correct, but whether it could break a live system.

freemiumTelemetry
rampart

Rampart

Microsoft’s pytest-native red teaming framework for turning AI agent safety findings into CI tests.

RAMPART is an open-source Microsoft framework for safety and security testing of agentic AI applications. It brings red-team findings into a pytest-native workflow so teams can turn prompt injection, unsafe tool use, and behavioral boundary failures into repeatable regression tests. The strongest aicoolies angle is developer workflow: RAMPART makes agent safety part of CI/CD instead of a one-off security review.

open-sourceOpen Source
Statewright logo

Statewright

State-machine guardrails for controlling which tools AI coding agents can use at each phase.

Statewright is a guardrail layer for AI coding agents that uses explicit state machines to control what an agent can do at each stage of a workflow. Instead of relying only on prompt instructions, teams can model phases such as plan, implement, test, and review, then constrain tool access for clients like Claude Code, Codex, Cursor, opencode, and related MCP workflows.

open-sourceOpen Source

Used in Stacks

Comparisons