sentinel-proxy 0.2.3

A security-first reverse proxy built on Pingora with sleepable ops at the edge
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

<div align="center">

<h1 align="center">
  <img src=".github/static/sentinel-mascot.png" alt="sentinel mascot" width="96" />
  <br>
  Sentinel
</h1>

<p align="center">
  <em>A security-first reverse proxy built to guard the free web.</em><br>
  <em>Sleepable ops at the edge.</em>
</p>

<p align="center">
  <a href="https://www.rust-lang.org/">
    <img alt="Rust" src="https://img.shields.io/badge/Rust-stable-000000?logo=rust&logoColor=white&style=for-the-badge">
  </a>
  <a href="https://github.com/cloudflare/pingora">
    <img alt="Pingora" src="https://img.shields.io/badge/Built%20on-Pingora-f5a97f?style=for-the-badge">
  </a>
  <a href="LICENSE">
    <img alt="License" src="https://img.shields.io/badge/License-Apache--2.0-c6a0f6?style=for-the-badge">
  </a>
</p>

<p align="center">
  <a href="https://sentinel.raskell.io/docs">Documentation</a><a href="https://github.com/raskell-io/sentinel/discussions">Discussions</a><a href="MANIFESTO.md">Manifesto</a><a href="CONTRIBUTING.md">Contributing</a>
</p>

</div>

---

Sentinel is a high-performance reverse proxy built on [Cloudflare Pingora](https://github.com/cloudflare/pingora). It provides explicit limits, predictable behavior, and production-grade defaults for environments where operators need to sleep.

## Quick Start

```bash
# Install
curl -fsSL https://getsentinel.raskell.io | sh

# Or via Cargo
cargo install sentinel-proxy

# Run
sentinel --config sentinel.kdl
```

## Features

| Feature | Description |
|---------|-------------|
| **KDL Configuration** | Human-readable config with hot reload |
| **Agent System** | Extend via external processes (WAF, auth, rate limiting) |
| **Service Types** | Optimized handling for APIs, static files, web apps |
| **Observability** | Prometheus metrics, structured logging, distributed tracing |
| **TLS** | Modern cipher suites, automatic certificate handling |
| **Load Balancing** | Round-robin, least connections, consistent hashing |

## Why Sentinel

Modern proxies accumulate hidden behavior, unbounded complexity, and operational risk that surfaces under stress.

Sentinel takes a different approach:

- **Bounded resources** — Memory limits, queue depths, deterministic timeouts
- **Explicit failure modes** — Fail-open or fail-closed, never ambiguous
- **External extensibility** — Security logic lives in agents, not the core
- **Observable by default** — Every decision is logged and metered

The goal is infrastructure that is **correct, calm, and trustworthy**.

## Design Principles

- **Sleepable operations** — No unbounded resources. No surprise behavior.
- **Security-first** — Every limit and decision is explicit in configuration.
- **Small, stable core** — Innovation lives outside the dataplane, behind contracts.
- **Production correctness** — Features ship only when bounded, observed, and tested.

See [`MANIFESTO.md`](MANIFESTO.md) for the full philosophy.

## Community

- 💬 [Discussions](https://github.com/raskell-io/sentinel/discussions) — Questions, ideas, show & tell
- 🐛 [Issues](https://github.com/raskell-io/sentinel/issues) — Bug reports and feature requests
- 📖 [Documentation](https://sentinel.raskell.io/docs) — Guides, reference, and examples

Contributions welcome. See [`CONTRIBUTING.md`](CONTRIBUTING.md).

## License

Apache 2.0 — See [LICENSE](LICENSE).