Self-hosted · Agent-based · Licensed

Monitor what others
can't see.

Deploy lightweight agents behind firewalls, NATs, and VPCs. Every check runs from inside your network. Multi-tenant isolation, RBAC, and audit trails included.

Request Early Access View Pricing
towerguard — service overview 3 regions · 8 services
ServiceStatusLatency
payments-api up9ms
auth-service up11ms
postgres-primary up5ms
redis-cache up36ms
worker-queue up48ms
vault-secrets down
cdn-origin up14ms
smtp-relay up4ms

Inside your perimeter

Agents run behind firewalls and NATs, checking services that external tools can't reach. No VPN tunnels, no inbound ports, no attack surface.

Isolated by design

Each tenant sees only their own monitors, agents, and incidents. RBAC with three roles, every action audited with user ID, IP, and timestamp.

Self-hosted, self-owned

Your infrastructure, your database, your data. No telemetry, no phone-home. Ed25519-signed license keys with offline validation.

Capabilities

Built for teams that need to monitor internal infrastructure without exposing it to third parties.

Nine check types

HTTP, TCP, Ping, DNS, TLS certificate expiry, Docker containers, databases, system metrics, and service processes.

PASS  payments-api       12ms
PASS  postgres:5432       2ms
PASS  redis:6379          1ms
FAIL  vault:8200         timeout
PASS  tls:api.internal   expiry 83d

Multi-channel alerts

Configurable failure threshold. Alert via Discord, Slack, Email, Telegram, PagerDuty, or webhooks.

#1042 vault:8200         OPEN
 failure detected       09:41:03
 slack alert sent       09:41:04
 acknowledged           09:42:18
 resolved  TTR 3m48s  09:44:51

Zero-config agents

Single Go binary. Pass the hub URL and an API key. Monitor configs are pushed over WebSocket — no config files, no restarts.

$ ./towerguard-agent \
    --hub https://hub.acme.internal \
    --key tg_a8f29c...
connected receiving 14 monitors

Multi-tenant RBAC

Complete data isolation between tenants. Three roles: super admin, tenant admin, viewer. Every role change is audited.

tenants:
  acme-corp      3 users   12 monitors
  globex-inc     5 users    8 monitors
  initech        2 users    6 monitors
isolation: strict  cross-tenant queries: 0

Complete audit trail

Every login, monitor change, role assignment, and incident action. Timestamped with user IDs and IP addresses. CSV export.

login    admin@acme.com  10.0.1.4   09:30
create   monitor/pg-primary       09:31
update   role → tenant_admin      09:32
delete   monitor/old-cache        09:35
logout   admin@acme.com           10:15

Licensed deployment

Ed25519-signed keys control tenant limits, agent counts, and feature access. Offline validation. Seven-day grace period on expiry.

license:
  plan       Enterprise
  tenants    2 / 10
  agents     4 / unlimited
  expires    2027-02-25  365d left
  features   rbac, audit, multi_tenancy, fleet

One command to deploy

Single Go binary backed by PostgreSQL. No Kafka, no Redis, no Elasticsearch. Runs anywhere Docker runs.

terminal
$ docker compose up -d towerguard
 Hub started on :8080
 License validated — Enterprise features active
 Dashboard ready

$ ./towerguard-agent --hub https://hub.internal --key tg_...
 Connected — receiving 14 monitors

Pricing

No per-host fees. No surprise bills. One license, flat rate.

Starter

$252/mo

  • 50 monitors
  • 5 agents
  • All check types
  • All alert channels
Get Started

Professional

$634/mo

  • 200 monitors
  • 25 agents
  • RBAC & audit log
  • Status pages
Get Started

Enterprise

Recommended

$1,260/mo

  • Unlimited monitors & agents
  • SSO (OIDC) & multi-tenancy
  • Fleet management
  • Priority support
Get Started

Early access: 50% off for our first 5 design partners.

Request access

We'll set you up with a design partner license within 24 hours.