vane 0.9.0

A flow-based reverse proxy with multi-layer routing and programmable pipelines.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

---
title: Introduction
description: The design philosophy behind Vane
icon: BookOpen
---

import { Callout } from 'fumadocs-ui/components/callout';
import { Accordion, Accordions } from 'fumadocs-ui/components/accordion';

Vane is a **programmable traffic engine** designed to solve the structural rigidity of traditional proxies. Instead of reducing network traffic to routing rules, Vane executes dynamic **Flows**, exposing the entire traffic lifecycle as a first-class primitive.

## What Vane Is Not

Before proceeding, it is crucial to understand the boundaries of Vane:

- **Vane is not a "simple" reverse proxy.** If you just need to forward port 80 to 3000, standard tools like [Nginx](https://nginx.org/) or [Caddy](https://caddyserver.com/) are likely better fits.
- **Vane does not do "magic".** It refuses to guess your intent. There are no implicit routing rules, no hidden defaults, and no "automagical" configuration generation.
- **Vane is not a monolithic black box.** It avoids bundling complex behaviors into opaque feature toggles. Instead, it delegates logic to composable plugins, ensuring the core remains minimal and predictable.

## Design Philosophy

Vane is built on three core architectural decisions. We prioritize **explicitness and isolation** over convenience.

### Flow-Based Control

Most proxies use static lists of rules that become brittle as complexity grows.

**Vane treats traffic handling as a program.** Traffic traverses a **user-defined Flow**—a programmable decision graph where you explicitly define how a connection is inspected, modified, or directed.

- We traded **declarative brevity** for **imperative clarity**.
- You define the exact sequence of logic and transformations.
- There is no ambiguity; you own the execution path.

### Strict Layer Isolation

Vane rejects the "muddy middle" where transport and application logic blend, but it does not trap you in a single layer. We enforce a **continuous but strictly bounded** upgrade model:

| Layer              | Behavior                                                              |
| ------------------ | --------------------------------------------------------------------- |
| **L4** Transport   | Start with raw speed and zero parsing                                 |
| **L4+** Carrier    | Dynamically upgrade to inspect headers (SNI, CID) without termination |
| **L7** Application | Upgrade again only when full HTTP parsing is strictly necessary       |

You pay the cost of abstraction only when you need it. A connection can start at L4 and seamlessly transition up the stack based on its behavior.

### Plugins as Primitives

Vane's core engine does not know how to rate-limit, authenticate, or even proxy traffic. It only knows how to execute plugins.

- We traded **monolithic feature sets** for **modular composability**.
- This ensures the engine remains lean while the ecosystem can grow infinitely.
- Every capability is a plugin, isolated and explicit.

## Who is Vane For?

Vane is built for infrastructure engineers and platform architects who need:

<Accordions type="single">
<Accordion title="Granular Control: Inspect, Decide, Route at Every Layer">
You need precise control over every stage of connection handling. This means intercepting a connection at the TCP handshake, inspecting the TLS SNI without terminating the connection, and dynamically deciding whether to terminate, pass through untouched, or apply conditional transformations based on runtime state. Vane gives you explicit control over each decision point in the traffic flow.
</Accordion>

<Accordion title="Dynamic Routing: Beyond Static Config Files">
	Your routing logic cannot be fully expressed in static configuration files. Instead, it depends on
	real-time external state—such as service discovery backends, feature flags, database queries, or
	custom business logic. Vane allows you to query external systems, make routing decisions
	programmatically, and update traffic behavior without restarting or reloading the proxy.
</Accordion>

<Accordion title="Protocol Agnosticism: One Control Plane for All Traffic">
You need to handle multiple protocols—HTTP/1.1, HTTP/2, HTTP/3 (QUIC), and raw TCP/TLS streams—within a single unified control plane. Rather than deploying separate proxies for different protocol layers, Vane provides a consistent programmable model that works across L4, L4+, and L7, enabling you to build one coherent traffic management layer for your entire stack.
</Accordion>
</Accordions>

If you value **transparency over magic** and **composability over convention**, Vane is designed for you.