Skip to content

mdtazizulislam/zonforge-platform

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

657 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ZonForge Sentinel

Website Platform Status GitHub

Official source code for ZonForge Sentinel — AI-Native Security Operations Platform for threat detection, investigation, risk scoring, and security automation.

Website: zonforge.com · Documentation: zonforge.com/features · Pricing: zonforge.com/pricing

ZonForge Sentinel is a monorepo-based cybersecurity platform for event ingestion, analytics, risk scoring, alerting, and AI-assisted SOC workflows.

Positioning: Production-Oriented Platform Under Active Development — structured for real deployment patterns, with proof-backed local validation and ongoing hardening across optional services and production paths.

Overview

This repository contains the core backend services, AI services, shared platform packages, dashboard applications, collectors, and infrastructure definitions used to run ZonForge Sentinel in local and deployment environments.

The current verified local developer path focuses on a required service subset that can be started and validated end-to-end on Windows PowerShell. Not every service, integration, or deployment surface is fully validated yet; see docs/ROADMAP.md and docs/VERIFICATION_INDEX.md for current scope.

Why ZonForge

  • Monorepo consistency for services, shared contracts, and tooling.
  • Explicit service boundaries across ingestion, detection, correlation, risk, and alert pipelines.
  • AI modules integrated as first-class services instead of ad-hoc scripts.
  • Verification-first local workflow with documented health checks and proof artifacts.

Core Capabilities

  • Event ingestion and normalization pipeline.
  • Detection and threat intelligence enrichment.
  • Correlation and risk scoring engines.
  • Alerting and AI-assisted triage/investigation services.
  • API gateway and web dashboard for platform access and operations.

Architecture

The required local path is composed of:

  1. Shared packages (packages/*) for config, types, logging, auth, schema, and DB access.
  2. Core runtime services (apps/*) for ingestion through alert lifecycle.
  3. AI services (apps/*) for behavioral analytics, triage, and SOC assistance.
  4. UI (apps/web-dashboard) for operational visibility.

See docs/ARCHITECTURE.md for the full architecture summary and request/data flow.

Architecture diagram assets:

Repository Structure

zonforge-platform/
	apps/                 # Microservices and apps
	collectors/           # External source collectors
	packages/             # Shared libraries and contracts
	infra/                # IaC, monitoring, deployment assets
	security/             # Security hardening, policies, rules
	docs/                 # Architecture, local dev, demo, troubleshooting
	scripts/              # Developer helper scripts
	proof/runs/           # Execution and verification reports

Services and Ports

Verified required local path:

Service Package Port Status in verified path
API Gateway @zonforge/api-gateway 3000 Required
Ingestion Service @zonforge/ingestion-service 3001 Required
Normalization Worker @zonforge/normalization-worker 3002 Required
Detection Engine @zonforge/detection-engine 3003 Required
Threat Intel Service @zonforge/threat-intel-service 3005 Required
Correlation Engine @zonforge/correlation-engine 3006 Required
Risk Scoring Engine @zonforge/risk-scoring-engine 3007 Required
Alert Service @zonforge/alert-service 3008 Required
AI SOC Analyst @zonforge/ai-soc-analyst 3015 Required
Behavioral AI @zonforge/behavioral-ai 3020 Required
Alert Triage AI @zonforge/alert-triage-ai 3021 Required
Security Assistant @zonforge/security-assistant 3022 Required
Web Dashboard @zonforge/web-dashboard 5173 Required UI

Full map: docs/SERVICE_MAP.md

Quick Start

Prerequisites:

  • Node.js 20+
  • npm 10+
  • Docker Desktop (for PostgreSQL, Redis, ClickHouse)
npm install
npm run infra:up
npm run build:required
npm run dev:required

Windows helper scripts:

./scripts/demo-start-required.ps1
./scripts/demo-health-check.ps1

Detailed setup: DEVELOPMENT.md · docs/LOCAL_DEVELOPMENT.md

Demo

Demo guide and walkthrough: docs/DEMO.md

Demo assets:

Visual Demo

Dashboard local surface (real capture):

ZonForge Dashboard Home

Gateway health and API visibility (real capture):

ZonForge Dashboard Health

Service runtime proof (real capture from live runtime output):

ZonForge Services Running

Required-path health proof (real capture from live health command output):

ZonForge Health Check Proof

AI module readiness proof (real capture from running AI service endpoint):

ZonForge AI Module Proof

Health Verification

Required health endpoints can be validated with:

./scripts/demo-health-check.ps1

Reference verification output and reports:

Example API Flow

Demo payloads and sample responses:

Example ingestion request (demo sample):

curl -X POST "http://localhost:3001/v1/events/ingest" \
	-H "Content-Type: application/json" \
	-d @docs/demo/api/ingest-event-request.json

Documentation Index

Full index: docs/README.md

Topic Document
Development DEVELOPMENT.md
Architecture docs/ARCHITECTURE.md
Local setup docs/LOCAL_DEVELOPMENT.md
Demo docs/DEMO.md
Troubleshooting docs/TROUBLESHOOTING.md
Service map docs/SERVICE_MAP.md
Verification docs/VERIFICATION_INDEX.md
Security docs/SECURITY.md · SECURITY.md
Roadmap docs/ROADMAP.md

Release Management

Release notes category mapping for GitHub Releases:

Governance and Contributing

Security Notes

  • Do not commit .env.local or production secrets.
  • Use dedicated local-only credentials for development infrastructure.
  • Treat all demo/sample payloads as synthetic unless explicitly marked as real captures.
  • Review docs/SECURITY.md before external deployment.

Security disclosure and response process:

Roadmap

Near-term and medium-term priorities are tracked in docs/ROADMAP.md.

Current repository status:

  • Required local platform path is verified and documented.
  • Optional services remain intentionally outside minimum local success criteria until individually validated.

Maintenance references:

About

Production-oriented cybersecurity platform for event ingestion, detection, risk scoring, alerting, and AI-assisted SOC workflows. Under active development.

Topics

Resources

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors