Expand description
Agent protocol for Sentinel proxy
This crate defines the protocol for communication between the proxy dataplane and external processing agents (WAF, auth, rate limiting, custom logic).
The protocol is inspired by SPOE (Stream Processing Offload Engine) and Envoy’s ext_proc, designed for bounded, predictable behavior with strong failure isolation.
§Architecture
AgentClient: Client for sending events to agents from the proxyAgentServer: Server for implementing agent handlersAgentHandler: Trait for implementing agent logicAgentResponse: Response from agent with decision and mutations
§Transports
Two transport options are supported:
§Unix Domain Sockets (Default)
Messages are length-prefixed JSON:
- 4-byte big-endian length prefix
- JSON payload (max 10MB)
§gRPC
Binary protocol using Protocol Buffers over HTTP/2:
- Better performance for high-throughput scenarios
- Native support for TLS/mTLS
- Language-agnostic (agents can be written in any language with gRPC support)
§Example: Client Usage (Unix Socket)
ⓘ
use sentinel_agent_protocol::{AgentClient, EventType, RequestHeadersEvent};
let mut client = AgentClient::unix_socket("my-agent", "/tmp/agent.sock", timeout).await?;
let response = client.send_event(EventType::RequestHeaders, &event).await?;§Example: Client Usage (gRPC)
ⓘ
use sentinel_agent_protocol::{AgentClient, EventType, RequestHeadersEvent};
let mut client = AgentClient::grpc("my-agent", "http://localhost:50051", timeout).await?;
let response = client.send_event(EventType::RequestHeaders, &event).await?;§Example: Server Implementation
ⓘ
use sentinel_agent_protocol::{AgentServer, AgentHandler, AgentResponse};
struct MyAgent;
#[async_trait]
impl AgentHandler for MyAgent {
async fn on_request_headers(&self, event: RequestHeadersEvent) -> AgentResponse {
// Implement your logic here
AgentResponse::default_allow()
}
}
let server = AgentServer::new("my-agent", "/tmp/agent.sock", Box::new(MyAgent));
server.run().await?;Modules§
- grpc
- gRPC protocol definitions generated from proto/agent.proto
Structs§
- Agent
Client - Agent client for communicating with external agents
- Agent
Request - Agent request message
- Agent
Response - Agent response message
- Agent
Server - Agent server for testing and reference implementations
- Audit
Metadata - Audit metadata from agent
- Denylist
Agent - Reference implementation: Denylist agent
- Echo
Agent - Reference implementation: Echo agent (for testing)
- Grpc
Agent Handler - Internal handler that implements the gRPC AgentProcessor trait
- Grpc
Agent Server - gRPC agent server for implementing external agents
- Request
Body Chunk Event - Request body chunk event
- Request
Complete Event - Request complete event (for logging/audit)
- Request
Headers Event - Request headers event
- Request
Metadata - Request metadata sent to agents
- Response
Body Chunk Event - Response body chunk event
- Response
Headers Event - Response headers event
Enums§
- Agent
Protocol Error - Agent protocol errors
- Decision
- Agent decision
- Event
Type - Agent event type
- Header
Op - Header modification operation
Constants§
- MAX_
MESSAGE_ SIZE - Maximum message size (10MB)
- PROTOCOL_
VERSION - Agent protocol version
Traits§
- Agent
Handler - Trait for implementing agent logic