back to home

OpenNHP / opennhp

A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world.

13,756 stars
2,498 forks
4 issues
Go

AI Architecture Analysis

This repository is indexed by RepoMind. By analyzing OpenNHP/opennhp in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.

Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.

Embed this Badge

Showcase RepoMind's analysis directly in your repository's README.

[![Analyzed by RepoMind](https://img.shields.io/badge/Analyzed%20by-RepoMind-4F46E5?style=for-the-badge)](https://repomind-ai.vercel.app/repo/OpenNHP/opennhp)
Preview:Analyzed by RepoMind

Repository Summary (README)

Preview

en zh-cn de ja fr es

OpenNHP Logo

OpenNHP: Open Source Zero Trust Security Toolkit

Build Status Version License codecov Ask DeepWiki

OpenNHP is a lightweight, cryptography-powered, open-source toolkit implementing Zero Trust security for infrastructure, applications, and data. It features two core protocols:

  • Network-infrastructure Hiding Protocol (NHP): Conceals server ports, IP addresses, and domain names to protect applications and infrastructure from unauthorized access.
  • Data-object Hiding Protocol (DHP): Ensures data security and privacy via encryption and confidential computing, making data "usable but not visible."

Website · Documentation · Live Demo · Discord


Architecture

OpenNHP follows a modular design with three core components, inspired by the NIST Zero Trust Architecture:

OpenNHP architecture

ComponentRole
NHP-AgentClient that sends encrypted knock requests to gain access
NHP-ServerAuthenticates and authorizes requests; decoupled from protected resources
NHP-ACAccess controller that manages firewall rules on the protected server

For protocol details, deployment models, and cryptographic design, see the documentation.


Repository Structure

opennhp/
├── nhp/              # Core protocol library (Go module)
│   ├── core/         # Packet handling, cryptography, Noise Protocol, device management
│   ├── common/       # Shared types and message definitions
│   ├── utils/        # Utility functions
│   ├── plugins/      # Plugin handler interfaces
│   ├── log/          # Logging infrastructure
│   └── etcd/         # Distributed configuration support
└── endpoints/        # Daemon implementations (Go module, depends on nhp)
    ├── agent/        # NHP-Agent daemon
    ├── server/        # NHP-Server daemon
    ├── ac/           # NHP-AC (access controller) daemon
    ├── db/           # NHP-DB (data object backend for DHP)
    ├── kgc/          # Key Generation Center (IBC)
    └── relay/        # TCP relay

Quick Start

Prerequisites

  • Go 1.25.6+
  • make
  • Docker and Docker Compose (for the full-stack demo)

Build

# Build all components
make

# Build individual daemons
make agentd    # NHP-Agent
make serverd   # NHP-Server
make acd       # NHP-AC
make db        # NHP-DB
make kgc       # Key Generation Center

Test

cd nhp && go test ./...
cd endpoints && go test ./...

Run with Docker

cd docker && docker-compose up --build

Follow the Quick Start tutorial to simulate the full authentication workflow in a Docker environment.


Contributing

We welcome contributions! Please read CONTRIBUTING.md before submitting pull requests.

Note: All commits must be signed with a verified GPG or SSH key.

git commit -S -m "your message"

Sponsors

<a href="https://layerv.ai"> <img src="docs/images/layerv_logo.png" width="80" alt="LayerV.ai"> <br> <img src="docs/images/layerv_text.svg" width="120" alt="LayerV.ai"> </a>

License

Released under the Apache 2.0 License.

Contact