The canonical design and build conventions for the PharosVPN platform. Every subproject defers to this repo.
- DESIGN.md — the platform architecture. Single source of truth.
- BUILD.md — global build conventions all repos follow.
- cloud-sync.md — the client cloud-sync UX contract (login, sync, controller status, map) every caravel client implements.
- threat-model.md — what PharosVPN protects, what it doesn't, and what each party sees/yields if compromised (honest about current gaps).
- STATUS.md — what's implemented / experimental / planned, and what's been live-proven. Pre-alpha.
proto/— shared gRPC/protobuf contracts (added as the wire protocol lands).
If code and DESIGN.md disagree, the document is wrong — fix it in the same PR.
PharosVPN is a self-hostable, open-source, dual-protocol (AmneziaWG + XRay/REALITY)
VPN fleet platform. A private controller (coxswain) drives a fleet of dumb public
VPN nodes (node) over outbound mTLS, exposes end-users through an optional
relay (relay), and serves them a mobile client (caravel). One codebase, two
postures — personal and enterprise.
| Repo | Role |
|---|---|
coxswain |
Controller / management plane + admin UI |
node |
VPN node agent |
relay |
Control-plane relay |
caravel |
Mobile client |
Apache-2.0. Contributions under the DCO (git commit -s). No CLA.