explaingit

zipgod24/aetherflow

Analysis updated 2026-05-18

0GoAudience · ops devopsComplexity · 5/5Setup · hard

TLDR

A multi-agent platform where separate AI agents, connected through a message queue, investigate and respond to security incidents step by step.

Mindmap

mindmap
  root((AetherFlow))
    What it does
      Analyzes security incidents
      Chains specialized agents
      Automates response actions
    Tech stack
      Go
      RabbitMQ
      Postgres
      OpenTelemetry
    Use cases
      Incident response automation
      Threat investigation
      Security demos
    Audience
      Security engineers
      Platform engineers
    Agents
      Retriever
      Reasoner
      Validator
      Executor

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Automate the triage of a suspicious domain or IP by chaining evidence gathering, analysis, and validation agents.

USE CASE 2

Demo an event driven multi-agent architecture for security operations without writing custom orchestration code.

USE CASE 3

Swap between a local model and a hosted OpenAI or Anthropic model to compare incident analysis quality.

USE CASE 4

Trace an entire incident response pipeline end to end using a single OpenTelemetry trace.

What is it built with?

GoRabbitMQPostgrespgvectorOpenTelemetryDocker

How does it compare?

zipgod24/aetherflowaasheeshlikepanner/vasealexzielenski/controller-runtime
Stars00
LanguageGoGoGo
Last pushed2022-04-20
MaintenanceDormant
Setup difficultyhardmoderatehard
Complexity5/54/54/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires Docker, Docker Compose, Go 1.22+, and about 6 GB free space for the local Ollama model.

In plain English

AetherFlow is a platform for handling security incidents using a team of AI agents that talk to each other through message queues instead of calling each other directly. When something suspicious happens, like a computer making strange DNS lookups, the system passes that incident through a chain of specialized agents that each do one job: gather evidence, analyze it, check the analysis for mistakes, and then take action. The project is built with Go and uses RabbitMQ, a message broker, to move events between agents. This means agents never call each other in a fragile chain. If one agent crashes mid task, the system can pick up where it left off. A Retriever agent searches a database for relevant information using both semantic similarity and keyword matching, and can also look up domain names directly. A Reasoner agent sends the gathered evidence to a language model and asks for a structured judgment. A Validator agent then checks that judgment for errors, made up citations, or signs of prompt injection before anything is allowed to happen. Finally an Executor agent carries out the response, such as blocking a firewall rule or paging an on call person, using mock adapters that could be swapped for real ones. Services in the system find each other automatically through DNS records rather than hardcoded addresses, so new copies of a service can join without extra configuration. Every step, from a database query to a language model call, is tracked using OpenTelemetry so the whole incident can be viewed as one trace in a tool called Jaeger. The language model piece is flexible. Ollama runs locally by default with no setup required, but the web interface lets a user paste in an OpenAI or Anthropic API key and immediately switch to a hosted model without restarting anything. Getting started requires Docker, Docker Compose, and Go 1.22 or newer. After cloning the repository, a single make command starts all the services, and a second command loads example security data. A built in demo incident walks through the entire pipeline from ingestion to a mock firewall action, which can be watched live through the web dashboard.

Copy-paste prompts

Prompt 1
Help me stand up AetherFlow locally with Docker Compose and run the built in suspicious domain demo.
Prompt 2
Explain how AetherFlow's Retriever, Reasoner, Validator, and Executor agents pass work to each other through RabbitMQ.
Prompt 3
Show me how to connect AetherFlow to a hosted OpenAI or Anthropic model instead of the default local Ollama model.
Prompt 4
Walk me through adding a new type of security incident to AetherFlow's agent pipeline.
Prompt 5
Help me understand how AetherFlow's Validator agent checks for prompt injection and made up citations.

Frequently asked questions

What is aetherflow?

A multi-agent platform where separate AI agents, connected through a message queue, investigate and respond to security incidents step by step.

What language is aetherflow written in?

Mainly Go. The stack also includes Go, RabbitMQ, Postgres.

How hard is aetherflow to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is aetherflow for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.