I’ve been heads-down building Cerbi, a logging governance layer for teams that are tired of discovering logging problems after production data is already on fire.
Cerbi isn’t a new log platform. It doesn’t replace Serilog, NLog, OpenTelemetry, or your existing sinks. It sits next to your logger and answers a very specific question:
“Are we logging the right things, the right way, without leaking data or creating chaos?”
What Cerbi Is (and isn’t)
Cerbi is a governance and enforcement layer for structured logging.
It gives you:
- Compile-time validation (Roslyn analyzers)
- Runtime validation (non-blocking, tag-and-score)
- Centralized governance rules (JSON, versioned, deployable)
- Per-tenant deployment (your infra, your data, your control)
It does not:
- Proxy or ingest your logs
- Phone home from the hot path
- Charge per GB
- Require replacing your existing logging stack
If your logs already go to queues, files, or sinks, Cerbi stays out of the way.
What’s working today
This isn’t a roadmap post — this is what exists and runs:
CerbiStream
- Structured logging with built-in governance hooks
- Async logging with backpressure handling
- File fallback (including encrypted rotation)
- Zero network dependency in the hot path
Governance Analyzer (compile-time)
- Enforces required fields, forbidden fields, enums, encryption rules
- Works in IDE + CI
- Same JSON schema used everywhere (no drift)
Runtime Governance
- Mirrors analyzer rules at runtime
- Never drops logs
- Redacts sensitive values and tags violations instead
- Supports
Relax()scopes (explicit, auditable rule bypass)
CerbiShield (Dashboard + APIs)
- JSON governance profiles with versioning
- RBAC, audit logs, and deployment history
- Per-tenant deployment (Azure Container Apps right now)
- Governance rules deploy to GitHub, filesystem, pipelines, etc.
Everything runs in the customer’s tenant. The only thing hosted centrally (later) is optional scoring and analytics.
Why I built this
Every enterprise team I’ve worked with eventually hits the same problems:
- Logging standards exist… somewhere
- Nobody enforces them consistently
- PII sneaks into logs anyway
- Cleanup happens after incidents
- Governance lives in Confluence instead of code
Cerbi treats logging rules like code:
- Defined once
- Versioned
- Validated early
- Enforced continuously
No policy theater.
Current status
- Core runtime + analyzers: stable
- Dashboard + APIs: feature-complete for Phase 1
- Marketplace prep: in progress
- Multi-language logger plugins (Node / Python / Java / Go): next
CerbiStream and the analyzers are free. CerbiShield (the governance control plane) is the licensed piece.
If this sounds useful
I’m actively looking for:
- Teams who care about logging quality and compliance
- People who want to try governance without ripping out their stack
- Feedback from folks who’ve been burned by log sprawl before
Docs and repos are public, and I’m sharing progress openly as this hardens.
Logging shouldn’t be exciting — but broken logging is always exciting in the worst possible way. Cerbi is about making the boring parts correct, predictable, and enforced.
More updates soon.
Top comments (0)