sentinel-proxy
| Crates.io | sentinel-proxy |
| lib.rs | sentinel-proxy |
| version | 0.4.2 |
| created_at | 2025-12-25 07:50:18.322547+00 |
| updated_at | 2026-01-21 20:01:24.963637+00 |
| description | A security-first reverse proxy built on Pingora with sleepable ops at the edge |
| homepage | https://github.com/raskell-io/sentinel |
| repository | https://github.com/raskell-io/sentinel |
| max_upload_size | |
| id | 2004323 |
| size | 2,291,731 |
Raffael Schneider (raffaelschneider)
documentation
README
Sentinel
A security-first reverse proxy built to guard the free web.
Sleepable ops at the edge.
Sentinel is a high-performance reverse proxy built on Cloudflare Pingora. It provides explicit limits, predictable behavior, and production-grade defaults for environments where operators need to sleep.
Quick Start
# Install
curl -fsSL https://getsentinel.raskell.io | sh
# Or via Cargo
cargo install sentinel-proxy
# Run
sentinel --config sentinel.kdl
Features
| Feature | Description |
|---|---|
| KDL Configuration | Human-readable config with hot reload |
| Service Types | Web, API, Static, Builtin, and Inference (LLM/AI) |
| Load Balancing | 14+ algorithms: round-robin, consistent hashing, Maglev, P2C, adaptive, and more |
| ACME | Automatic TLS certificates via Let's Encrypt with auto-renewal |
| Agent Protocol | External agents for WAF, auth, and custom logic with connection pooling |
| Observability | Prometheus metrics, structured logging, distributed tracing |
Inference Gateway
First-class support for LLM/AI workloads: token-based rate limiting, usage budgets, model-based routing with glob patterns (gpt-4*, claude-*), and guardrails for prompt injection and PII detection. Supports OpenAI, Anthropic, and generic providers out of the box.
Why Sentinel
Modern proxies accumulate hidden behavior, unbounded complexity, and operational risk that surfaces under stress.
Sentinel takes a different approach:
- Bounded resources — Memory limits, queue depths, deterministic timeouts
- Explicit failure modes — Fail-open or fail-closed, never ambiguous
- External extensibility — Security logic lives in agents, not the core
- Observable by default — Every decision is logged and metered
The goal is infrastructure that is correct, calm, and trustworthy.
Design Principles
- Sleepable operations — No unbounded resources. No surprise behavior.
- Security-first — Every limit and decision is explicit in configuration.
- Small, stable core — Innovation lives outside the dataplane, behind contracts.
- Production correctness — Features ship only when bounded, observed, and tested.
See MANIFESTO.md for the full philosophy.
Crates
Each crate has its own docs/ directory with detailed documentation.
| Crate | Description |
|---|---|
sentinel-proxy |
Core reverse proxy built on Pingora |
sentinel-config |
KDL configuration parsing and validation |
sentinel-agent-protocol |
Agent protocol v1 (legacy) and v2 (current) |
sentinel-common |
Shared types, errors, and utilities |
wasm-runtime |
WASM agent runtime using Wasmtime |
playground-wasm |
Browser bindings for the config playground |
sim |
WASM-compatible configuration simulator |
stack |
All-in-one process manager for proxy and agents |
Contributing
See CONTRIBUTING.md for guidelines.
Using Claude Code? See .claude/CLAUDE.md for project context, architecture, and coding rules.
Community
- 📖 Documentation — Guides, reference, and examples
- 💬 Discussions — Questions, ideas, show & tell
- 🐛 Issues — Bug reports and feature requests
License
Apache 2.0 — See LICENSE.