I’ve been experimenting with a small open source project called AngelLab. The idea is to build a modular host monitoring system for Linux where detection logic runs in separate worker processes ("Angels") supervised by a central daemon ("Lab").
Each Angel watches a different subsystem (filesystem integrity, outbound connections, process execution, memory growth patterns, etc.) and emits structured events that the Lab aggregates and exposes through a CLI, Prometheus metrics, or log pipelines.
The goal is to make it easy to extend host monitoring by adding new workers without modifying the core daemon.
It's still very early and experimental, so I'm mostly interested in feedback on the architecture.