The deterministic
security buffer
for modern applications.
Tracehound isolates your application from runtime anomalies. It provides a frozen, crash-proof runtime that enforces security policies with zero variance.
How Tracehound Works
Every request flows through a deterministic pipeline. No decisions. No variance. Just security.
Why Tracehound?
Your WAF blocks threats. We quarantine and preserve the evidence so you can analyze, comply, and prove what happened.
Threat Quarantine
When your WAF flags a threat, we capture and isolate it. Your app stays clean. The evidence stays intact.
Immutable Audit Chain
Every quarantined request is SHA-256 signed and Merkle-chained. Tamper-proof records for SOC2, HIPAA, and incident response.
Decision-Free by Design
We never guess. External detectors decide what's a threat — we just quarantine what they flag. Zero false positive risk.
Cold Storage Export
Evidence flows to S3, R2, or GCS automatically. Retention policies you define. No manual archiving.
SIEM Integration
Push events to Splunk, Elastic, or Datadog. Your SOC sees threats in real-time without polling.
Bounded Memory
Priority-based eviction ensures critical evidence survives. No memory leaks. No OOM crashes. Ever.
More than a library.
A complete security platform.
Tracehound is the foundation. Five products working together to protect your runtime.
Tracehound
The CoreSecurity buffer & quarantine. Catches threats, preserves evidence.
Argos
The ObserverRuntime behavioral observer. Detects anomalies before users notice.
Muninn
The MemoryThreat metadata archive. Patterns, correlations, research data.
Huginn
The ScoutExternal threat intel integration. IP reputation, MITRE mapping.
Talos
The EnforcerPolicy-driven response. Block, throttle, challenge — on command.
Get started in 60 seconds
Three lines of code. That's all it takes to start quarantining threats.
import { createAgent, createQuarantine } from '@tracehound/core' // Initialize with defaults const quarantine = createQuarantine({ maxCount: 1000 }) const agent = createAgent({ quarantine }) // In your middleware app.use((req, res, next) => { const result = agent.intercept(createScent(req)) if (result.status === 'quarantined') { return res.status(403).json({ error: 'Blocked' }) } next() })
Meet Argos,
your runtime watchdog.
Know when your app starts misbehaving — before your users do. Event loop lag, memory spikes, unexpected slowdowns. Argos catches the drift.
Simple per-service pricing.
No request counting. No surprise bills. One price per logical service.
Community
Developer / POC
- Single instance (local state)
- Core protections (Rate Limit, Agent)
- In-memory state only
- Non-commercial or Revenue < $5k/mo
- Cold Storage
- Notification API
- Support
Best for: Developers, Hobbyists, POC
Pro
Growing SaaS
- Single instance
- Notification API (SIEM, SOC, webhooks)
- Async Codec (streaming compression)
- Evidence Export (S3, R2, GCS)
- Retention & Eviction Policies
- Email Support (24h SLA)
- Commercial License
Best for: Growing SaaS, Bootstrapped Startups
Enterprise
Cluster / High Scale
- Multi-Instance (Redis coordination)
- Distributed state
- SIEM Integration (Splunk, Elastic, Datadog)
- Compliance Reports (SOC2, HIPAA)
- Priority Support / Slack
- SLA Guarantee
- Argos included
Best for: Scale-up, Fintech, High-Traffic E-commerce
Argos Runtime Observer
Event loop monitoring, runtime behavior analysis, anomaly detection.
Works standalone or as Tracehound add-on.
Ready to secure your runtime?
Start with the free Community tier.
Upgrade when you're ready to go to production.
No credit card required. Community tier is free forever for non-commercial use.