grapsus-proxy 0.5.12

A security-first reverse proxy built on Pingora with sleepable ops at the edge
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

[package]
name = "grapsus-proxy"
version.workspace = true
edition.workspace = true
authors.workspace = true
license.workspace = true
repository.workspace = true
homepage.workspace = true
rust-version.workspace = true
description = "A security-first reverse proxy built on Pingora with sleepable ops at the edge"
keywords = ["proxy", "reverse-proxy", "http", "security", "pingora"]
categories = ["network-programming", "web-programming::http-server"]
readme = "../../README.md"

[lib]
name = "grapsus_proxy"
path = "src/lib.rs"

[[bin]]
name = "grapsus"
path = "src/main.rs"

[dependencies]
# Pingora core
pingora = { workspace = true }
pingora-core = { workspace = true }
pingora-http = { workspace = true }
pingora-proxy = { workspace = true }
pingora-load-balancing = { workspace = true }
pingora-timeout = { workspace = true }
pingora-limits = { workspace = true }
pingora-cache = { workspace = true }
pingora-memory-cache = { workspace = true }

# Local crates
grapsus-config = { path = "../config", version = "0.5.12", features = ["validation"] }
grapsus-common = { path = "../common", version = "0.5.12" }
grapsus-agent-protocol = { path = "../agent-protocol", version = "0.5.12" }

# Async runtime
tokio = { workspace = true }
async-trait = { workspace = true }

# Serialization
serde = { workspace = true }
serde_json = { workspace = true }

# Logging and tracing
tracing = { workspace = true }
tracing-subscriber = { workspace = true }
prometheus = { workspace = true }

# Error handling
thiserror = { workspace = true }
anyhow = { workspace = true }

# HTTP
http = { workspace = true }
bytes = { workspace = true }

# TLS
rustls = { workspace = true }
rustls-pemfile = { workspace = true }
webpki-roots = "1.0"

# X.509 certificate parsing for OCSP
x509-parser = "0.18"
sha2 = "0.10"
url = "2.5"

# HMAC for cookie signing (sticky sessions)
hmac = "0.12"

# Utilities
uuid = { workspace = true }
chrono = { workspace = true }
dashmap = { workspace = true }
parking_lot = { workspace = true }
arc-swap = { workspace = true }
base64 = { workspace = true }
regex = "1.10"
urlencoding = "2.1"
once_cell = "1.20"

# GeoIP filtering
maxminddb = "0.27"
ip2location = "0.6"

# Schema validation
jsonschema = "0.44"
serde_yaml = "0.9"

# Static file serving
mime_guess = "2.0"
http-body-util = "0.1"
httpdate = "1.0"
html-escape = "0.2"

# Compression
flate2 = "1.1"
brotli = "8.0"

# Archive extraction (for bundle command)
tar = "0.4"

# TOML parsing (for bundle-versions.lock)
toml = "1.0"

# Temporary files (for bundle downloads)
tempfile = "3.25"

# CLI
clap = { version = "4.5", features = ["derive", "env"] }

# System
nix = { version = "0.31", features = ["signal"] }
libc = "0.2"
signal-hook = "0.4"
num_cpus = "1.16"

# Memory allocator
tikv-jemallocator = { workspace = true }

# Random number generation
rand = "0.10"

# Token counting for inference
tiktoken-rs = { version = "0.9", optional = true }

# Hex encoding
hex = "0.4"

# Distributed rate limiting
redis = { version = "1.0", features = ["tokio-comp", "connection-manager"], optional = true }
async-memcached = { version = "0.6", optional = true }

# OpenTelemetry for distributed tracing
opentelemetry = { version = "0.31", optional = true }
opentelemetry_sdk = { version = "0.31", features = ["rt-tokio"], optional = true }
opentelemetry-otlp = { version = "0.31", features = ["grpc-tonic"], optional = true }
opentelemetry-semantic-conventions = { version = "0.31", optional = true }

# Hashing
xxhash-rust = { version = "0.8", features = ["xxh3"] }
murmur3 = "0.5"

# File watching for hot reload
notify = "8.2"

# Networking
tokio-util = { version = "0.7", features = ["codec"] }
futures = "0.3"

# gRPC health checking
tonic = { workspace = true }
tonic-health = "0.14"

# HTTP client for shadow traffic and service discovery
reqwest = { version = "0.13", default-features = false, features = ["rustls", "json", "query"] }

# ACME automatic certificate management (Let's Encrypt)
instant-acme = "0.8"

# Certificate generation for ACME
rcgen = "0.14"

# DNS resolution for DNS-01 challenge propagation checking
hickory-resolver = "0.25"

[features]
default = []

# Distributed rate limiting backends
distributed-rate-limit = ["redis", "async-memcached"]
distributed-rate-limit-redis = ["redis"]
distributed-rate-limit-memcached = ["async-memcached"]

# OpenTelemetry distributed tracing
opentelemetry = ["dep:opentelemetry", "dep:opentelemetry_sdk", "dep:opentelemetry-otlp", "dep:opentelemetry-semantic-conventions"]

# Kubernetes service discovery
kubernetes = []

# Token counting for LLM inference routing
tiktoken = ["tiktoken-rs"]

# Future: Feature gating for geo, compression, schema-validation
# Requires adding #[cfg(feature = "...")] throughout the codebase

[dev-dependencies]
criterion = { workspace = true }
proptest = { workspace = true }
insta = { workspace = true }
tempfile = "3.25"
reqwest = { version = "0.13", default-features = false, features = ["rustls"] }
tokio-tungstenite = "0.28"
futures-util = "0.3"
tokio-rustls = "0.26"
rcgen = "0.14"
wiremock = "0.6"