// INTRODUCING
AI-assisted network telemetry for MSPs and in-house IT.
A single Go binary on the LAN. Cloudflare at the edge. Zero inbound ports. Raw telemetry never leaves your network.
// SECURE BY DESIGN
Your logs stay on your network. We get the answers.
0
Inbound ports
Cloudflare Tunnel — outbound-only. No VPN, no port forwards, no attack surface.
1
Binary
Single Go binary, CGO_ENABLED=0, pure-Go SQLite. No native dependencies. Ships as one Docker container.
~11 KB/s
Upstream per 10 sites
Only compact insights leave: fired alerts, metric rollups, device state changes. Never raw syslog.
AES-256
Credential encryption
Device credentials encrypted at rest with AES-256-GCM. Control plane runs entirely on Cloudflare Workers.
// THE PROBLEM
Network operators are drowning in logs and starved for answers.
01 — TOO EXPENSIVE
Enterprise tools are priced for Fortune 500 — not the long tail of MSPs running 10–500 sites.
02 — TOO OPERATIONAL
Open source works but demands a full-time engineer just to run the monitoring stack.
03 — TOO SILOED
Syslog, SNMP, flow, DHCP, config diffs, and SSH sessions live in separate dashboards. No tool tells the whole story.
04 — TOO LEAKY
Every SaaS competitor ships raw telemetry to their cloud — a data-sovereignty non-starter for regulated MSP customers.
// ARCHITECTURE
A probe on the LAN. A control plane at the edge. Nothing raw leaves.
Customer LAN
Go probe (Docker)
├ SNMP + traps
├ sFlow / NetFlow
├ DHCP snooping
├ LLDP topology
└ SSH config backup
→ SQLite + FTS5 (local)
Egress — outbound only
Cloudflare Tunnel
├ no raw logs shipped
├ compact insights only
└ ~11 KB/sec / 10 sites
data-sovereign by default
LanPulse control plane
Cloudflare Workers
├ Analytics Engine (ts)
├ Durable Objects (state)
├ Correlation engine
└ LLM narrative pipeline
→ operator console
// AI PIPELINE
Six models, one investigation.
// 01 TEMPLATE MINING
Drain-style streaming
Learns per-device event templates from live syslog. Flags new-template emergence as an anomaly signal.
// 02 CANONICAL EMBEDDINGS
~20 canonical types
Collapses tens of thousands of raw templates into link-flap, auth-fail, resource-exhaustion, and friends. Cross-vendor search.
// 03 ANOMALY DETECTION
Rolling baselines
Per template / host / program. Drives the Anomaly Feed. Distinct from brittle threshold alerts.
// 04 ROOT-CAUSE GRAPH
Topology propagation
Upstream/downstream scoring over the live LLDP topology. Ranks candidate root causes against observed effects.
// 05 DEVICE FINGERPRINTING
DHCP + OUI + flow
Classifies every endpoint — printer, IoT, rogue laptop — using Option 82, MAC OUI, and traffic-pattern features.
// 06 INCIDENT NARRATIVE
LLM RCA synthesis
Assembles evidence into a ranked narrative. Two-tier render: template first, LLM streams behind it.
// THE PROBE
Ten services, one Docker container.
Open source. Apache 2.0.
Syslog Receiver
RFC 3164 + 5424, UDP + TCP
SNMP Poller
Interface counters, traps, rate computation
sFlow / NetFlow
v5/v9 + sFlow v5, per-flow analytics
DHCP Relay
Option 82 parsing, Fingerbank classification
Network Discovery
ARP, ICMP, mDNS, SSDP, LLDP
SSH Config Backup
Multi-vendor, diff engine, unsaved-config alerting
Packet Capture
AF_PACKET, BPF filter, live decode stream
SSH Jump Box
Session recording, R2 archival
WAN Health
Ping, DNS, speed test, jitter/loss tracking
Topology
LLDP + wireless client edge mapping
56,000 lines of Go · CGO_ENABLED=0 · Pure-Go SQLite
linux/amd64, arm64, arm
// EARLY ACCESS
Request a design-partner slot.
We're onboarding 3–5 MSPs for hands-on prototype testing. You'll get a probe, a direct line to the founder, and a product shaped by your network.
Request Early Access →