[HoneyBeePF] Official Wiki
KR: μ΄ νμ΄μ§λ HoneyBeePFμ λΉμ , κΈ°μ μ λ°©ν₯μ±, κ·Έλ¦¬κ³ νμ λ°©μμ μ μνλ ν΅ν© λ¬Έμμ λλ€. νμκ³Ό μΈλΆ κΈ°μ¬μλ€μ΄ μ‘°νλ‘κ² νμ ν μ μλλ‘ λλ 곡μ κ°μ΄λλΌμΈμ λλ€.
EN: This page serves as the comprehensive documentation defining the vision, technical direction, and collaboration methods for HoneyBeePF. It is an official guideline to ensure seamless collaboration between the team and external contributors.
Project Overview
A lightweight, eBPF-based observability platform for AI workloads.
Install in seconds via Helm Chart (Kubernetes) or standalone binary (bare-metal / VM), with zero code changes required.
What We Do
HoneyBeePF attaches directly to the kernel layer using eBPF to provide two critical capabilities for organizations running LLM workloads:
FinOps β LLM Cost Visibility
Track token consumption across any model (OpenAI, Anthropic, self-hosted) in real time. Know exactly how many tokens each team, service, or request is burning β before the invoice arrives.
Security β File Access Auditing
Monitor which files LLM-powered applications access during inference and fine-tuning. Detect when sensitive or restricted files are touched, enforcing corporate data security policies without modifying application code.
Core Values
- Selective Observability: Collect only decision-driving data, not everything.
- Zero Instrumentation: No SDK, no sidecar, no code changes. eBPF does the work at the kernel level.
- Universal Deployment: Helm or binary. Works in Kubernetes clusters and traditional data centers alike.
The Team
Roles and responsibilities for the member team.
| μ΄λ¦ (Name) | ID | μν (Role) | SNS | μ£Όμ μ± μ (Responsibilities) |
|---|---|---|---|---|
| μμ€μ° | Team Leader | TBU | Roadmap & Feature Devolopment | |
| λ°λ―Όμ§ | Core Dev | TBU | CI/CD & Observability | |
| μνμ€ | Core Dev | TBU | Feature Development | |
| μ΄λͺ μΌ | Core Dev | TBU | CI/CD & Observability |
Who Needs This
Any organization running LLM workloads that canβt answer these two questions:
- βHow much is each team/service spending on LLM tokens right now?β
- βWhat restricted files did our LLM applications access in the last 24 hours?β
| Who | Why They Need It | Trigger Moment |
|---|---|---|
| ML Platform / Infra Teams | LLM API costs growing with no per-team attribution. CFO asks βwhy did our bill double?β and no one has the breakdown. | Monthly API invoice surprises |
| CISO / Security Teams | Regulators or internal audit require proof of what data LLMs touch. Current logging is application-level and incomplete. | Compliance audit or AI regulation enforcement (AI Basic Act, EU AI Act) |
| SRE / DevOps | Running multi-tenant LLM services β need per-tenant token attribution for billing and capacity planning without adding middleware overhead. | Custom observability middleware breaks on framework updates |
| Executives (CTO/CFO) | Need cost visibility and security posture for LLM adoption decisions. Canβt justify scaling AI spend without governance. | Board-level AI budget review |
| Individuals using LLM on work devices | Company policy restricts which files LLM tools can access. No way to automatically detect violations on personal/work laptops. | Employee uses ChatGPT or Copilot with access to restricted company files |
Problem Statement
Problems We Solve
| Problem | Impact | HoneyBeePF Solution |
|---|---|---|
| LLM token costs are invisible until billing per team or per project | Teams frequently overspend on unused or inefficient model calls with no attribution | Real-time per-service token tracking at the network layer |
| No visibility into which files or directory LLMs access | Sensitive data leaks go undetected. compliance violations | Kernel-level file access auditing with policy alerting |
| Existing observability tools require heavy instrumentation | Weeks of integration, code changes, sidecar overhead | Zero-instrumentation eBPF agent, deployed in minutes |
| Agent-based monitoring adds resource overhead | 5β15% CPU/memory tax from traditional agents | eBPF in-kernel processing with < 1% overhead |
Why Now
- Enterprise LLM adoption is accelerating, but cost governance lags behind.
- AI security regulations (Korea AI Basic Act, EU AI Act) are creating compliance requirements around data access transparency.
- Traditional APM tools (Datadog, New Relic) were built for HTTP microservices, not LLM-specific cost and security patterns.
Competitive Analysis
HoneyBeePF vs Other Tools in the Market
Competitors include Helicone, LangSmith, Datadog LLM Observability, and similar platforms.
| HoneyBeePF | Other Tools | |
|---|---|---|
| Install method | helm install or single binary drop onto node |
SDK wrapper, proxy setup, or agent install with config |
| Time to first insight | < 3 minutes | ~2 hours (code changes + config required) |
| Code changes required | None | Yes β ranging from 1-line URL swap to full SDK instrumentation |
| Collection layer | Kernel (eBPF) | Application layer (SDK, proxy, or agent) |
| Resource overhead | < 1% CPU/memory | 1β15% depending on tool (agent overhead, proxy latency, SDK weight) |
| File access auditing | Yes (kernel-level) | No or partial |
| Token cost tracking | Yes | Yes |
| Self-hosted option | Yes (fully) | Varies β some open-source, some cloud-only |
| Pricing model | TBU | $15β39/seat or /host/month + usage-based overages |
| Node-level injection | Direct binary drop, no restart needed | Not supported or requires agent install + restart |
Our Differentiators
- Fastest install in the market: Single binary copy to node or one
helm installcommand. No application restarts, no code changes at all β not even a base URL swap. Closest competitor (Helicone) still requires a code-level change per service. - Lightest footprint: eBPF runs inside the kernel β no sidecar container, no proxy hop, no SDK overhead. Under 1% resource impact vs 5β15% for traditional agents.
- Direct node injection: Drop the binary onto any Linux node and it starts collecting immediately. No orchestration dependency, no configuration files, no service mesh required. This is uniquely powerful for bare-metal AI data centers where Kubernetes isnβt present.
- Security as a first-class feature: File access auditing at the kernel level is something no competitor offers. This isnβt an add-on β itβs architecturally impossible to replicate at the application layer with the same coverage.
Use cases
Note: The scenarios below are illustrative examples based on common patterns in the target market. Specific savings figures are projected estimates, not measured case studies.
Use case 1: API Usage
- Company: Spending $40K/month on OpenAI + Anthropic APIs
- Pain: CEO asked βwhy did our API bill double last quarter?β β has no per-team or per-feature breakdown
- Current workaround: Manually tagging API calls with team labels
- Needs: Drop-in solution that shows token usage by service/team without affecting the code or system
Day 0: Install HoneyBeePF on staging cluster
β No application changes, no dev team involvement needed
β Grafana dashboard shows token flow within 3 minutes
β Discovers API usage per team or project
β Presents cost breakdown to CEO
Use case 2: Security/Compliance
- Company: Financial services firm, employee using personal LLM for enterprise assets
- Pain: Regulators require audit trail of what data the LLM accesses.
- Current workaround: Manual detection or no automatic detection
- Needs: Continuous file access monitoring that satisfies
Day 0: Install HoneyBeePF on personal labtop
β No application changes, no dev team involvement needed
β Grafana dashboard shows token flow within 3 minutes
β file access logs start flowing to security database within minutes
Day 1+: Alert fires β LLM service accessed a restricted directory or files
β incident response team investigates which team or project or pod accessed
β policy violation caught before data left the network
| This is a space where knowledge is not merely consumed, but respected, sovereign, and connectedβshared together with cloud industry professionals (Bros).|
| μ§μμ΄ μλΉλμ§ μκ³ μ‘΄μ€Β·μ£ΌκΆλ³΄μ₯Β·μ°κ²°λλ 곡κ°μΌλ‘ ν΄λΌμ°λ νμ μ λ¬Έκ°(Bro)μ ν¨κ» 곡μ νκ³ μμ΅λλ€. |