A security-first reverse proxy built to guard the free web.
Zentinel
A security-first reverse proxy built to guard the free web.
Sleepable ops at the edge.
Documentation โข Playground โข Benchmarks โข Discussions โข Contributing
Zentinel is a high-performance reverse proxy built on Cloudflare Pingora. It provides explicit limits, predictable behavior, and production-grade defaults for environments where operators need to sleep.
Performance: Lowest p99 latency in benchmarks against Envoy, HAProxy, Nginx, and Caddy. 1M-request soak tests with 99.95% success rate and zero memory leaks. Pure Rust WAF engine processes clean traffic at 912K req/s โ 30x faster than the C++ ModSecurity reference.
Status
Production-ready core (proxy, routing, TLS, caching, load balancing). Agents are individually versioned โ WAF, Auth, and AI Gateway are stable; others are beta or alpha. See zentinelproxy.io/agents for per-agent status.
Request Flow
โโโโโโโโโโ โโโโโโโโโโโโ
โ Client โ โ Upstream โ
โโโโโโฌโโโโ โโโโโโโฒโโโโโ
โ โ
โผ โ
โโโโโโโโโโโโ Zentinel (core, single binary) โโโโโโโโโโโคโโโโโ
โ โ โ
โ Listener โโถ Routing โโถ Filter chain โโถ Forward โโโโโ โ
โ TLS, H2 priority rate-limit, LB, โ
โ + LRU cache, hooks retries โ
โ โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโชโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ UDS / gRPC (v2 agent protocol)
โผ
โโโโโโโโ External agents (separate processes) โโโโโโโโ
โ WAF ยท Auth ยท Rate-limit ยท โฆ โ
โ crash-isolated, any language โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Response retraces the filter chain back to the Client. Access logs and metrics emit at completion.
The dataplane runs as a single binary. Security and policy logic that is parsing-heavy or operationally risky lives in external agents behind UDS or gRPC, so a buggy agent cannot take the proxy down with it. See the Manifesto for the reasoning, and crates/proxy/docs/architecture.md for the per-phase details.
Quick Start
# Install (binary only)
curl -fsSL https://get.zentinelproxy.io | sh
Install and start as a systemd service (Linux, root or sudo)
curl -fsSL https://get.zentinelproxy.io | sh -s -- --enable-service
Or via Cargo
cargo install zentinel-proxy
Or via Docker
docker run -v $(pwd)/zentinel.kdl:/etc/zentinel/zentinel.kdl \
ghcr.io/zentinelproxy/zentinel --config /etc/zentinel/zentinel.kdl
On systemd hosts the install script also drops /etc/systemd/system/zentinel.service, a sysusers snippet, and a starter config at /etc/zentinel/zentinel.kdl. Service enable and start are opt-in via --enable-service. See crates/proxy/docs/deployment.md.
Save this as zentinel.kdl โ it proxies localhost:8080 to a backend on port 8081:
system {
worker-threads 0 // auto-detect CPU cores
}
listeners { listener "http" { address "0.0.0.0:8080" protocol "http" } }
routes { route "default" { matches { path-prefix "/" } upstream "backend" } }
upstreams { upstream "backend" { target "127.0.0.1:8081" } }
# Run
zentinel --config zentinel.kdl
Validate config without starting
zentinel test --config zentinel.kdl
Proxying to an HTTPS backend? Add a tls block to the upstream:
upstreams {
upstream "backend" {
target "api.example.com:443"
tls {
sni "api.example.com"
}
}
}
Without the tls block, Zentinel connects with plaintext HTTP regardless of the port.
More examples: config/examples/ covers API gateways, load balancing, WebSocket, caching, inference routing, and more. Or use the config builder to generate a config interactively.
Features
| Feature | Description | |---------|-------------| | Service Types | Web, API, Static, Builtin, and Inference (LLM/AI) | | Load Balancing | 14 algorithms: round-robin, weighted, least connections, Maglev, Peak EWMA, and more | | Security | TLS/mTLS, rate limiting, GeoIP filtering, WAF, zip bomb protection | | Agent Protocol | External agents for WAF, auth, and custom logic โ crash-isolated, any language | | HTTP Caching | Pingora-based response caching with stampede prevention and LRU eviction (memory, disk, or hybrid backends) | | WebSocket Proxying | RFC 6455 compliant with per-frame agent inspection and session affinity | | Observability | Prometheus metrics, structured logging, OpenTelemetry tracing | | Hot Reload | Zero-downtime config updates via SIGHUP with validation and atomic swap (routes, upstreams, agents; listener changes require a restart) |
See the full feature breakdown at zentinelproxy.io/features.
Use Cases
- Reverse Proxy โ TLS termination, static file serving, compression, and security headers for web applications
- API Gateway โ Versioned routing, JWT/API key auth, per-client rate limiting, and JSON error responses
- Load Balancer โ Weighted traffic distribution, health checks, circuit breakers, and blue-green/canary deployments
- Inference Gateway โ Token-based rate limiting, model routing with glob patterns (
gpt-4,claude-), prompt injection detection, and PII filtering for OpenAI, Anthropic, and generic LLM providers - WebSocket Gateway โ Persistent connection proxying with frame inspection, message rate limiting, and session affinity
- Security Gateway โ WAF, GeoIP filtering, mTLS, and composable agent pipelines for custom security logic
config/examples/
Why Zentinel
Modern proxies accumulate hidden behavior, unbounded complexity, and operational risk that surfaces under stress. Zentinel takes a different approach:
- Bounded resources โ Memory limits, queue depths, deterministic timeouts. No surprise behavior.
- Explicit failure modes โ Fail-open or fail-closed per route, never ambiguous.
- External extensibility โ Security logic lives in agents, not the core. Small, stable dataplane.
- Observable by default โ Every decision is logged and metered. Features ship only when bounded, observed, and tested.
MANIFESTO.md for the full philosophy.
Agents
Zentinel's security and extensibility lives in agents โ external processes that hook into every request phase. Agents are crash-isolated from the proxy, independently deployable, and can be written in any language.
Agent SDKs: Rust ยท Go ยท Python ยท TypeScript ยท Elixir ยท Kotlin ยท Haskell
| Agent | Description | |-------|-------------| | WAF | Pure Rust WAF โ 200+ detection rules, ML-powered anomaly scoring, zero C dependencies | | AI Gateway | Prompt injection detection, jailbreak prevention, PII filtering for LLM APIs | | Policy | Multi-engine policy evaluation (Rego/OPA and Cedar) โ written in Haskell | | Auth | JWT, OIDC, SAML, mTLS, API keys with Cedar-based fine-grained authorization | | Chaos | Latency injection, error simulation, connection resets with safety guardrails | | Lua | Sandboxed Lua scripting with VM pooling, hot-reload, and resource limits | | ZentinelSec | Pure Rust ModSecurity โ OWASP CRS-compatible SecLang parser, zero C dependencies | | WebSocket Inspector | Content filtering, JSON/MessagePack validation, and rate limiting for WebSocket frames | | MQTT Gateway | IoT protocol security with topic ACLs, auth, and payload inspection |
Browse all 25+ agents at zentinelproxy.io/agents.
Crates
Each crate has its own docs/ directory with detailed documentation.
| Crate | Description | |-------|-------------| | zentinel-proxy | Core reverse proxy built on Pingora | | zentinel-config | KDL configuration parsing and validation | | zentinel-agent-protocol | Agent communication protocol (v2) | | zentinel-common | Shared types, errors, and utilities | | wasm-runtime | WASM agent runtime using Wasmtime | | playground-wasm | Browser bindings for the config playground | | sim | WASM-compatible configuration simulator | | stack | All-in-one process manager for proxy and agents |
Control Plane
zentinel-control-plane โ Fleet management for Zentinel proxies, built with Elixir/Phoenix. Centralized configuration, rolling deploys, and real-time observability across your Zentinel instances.
Contributing
See CONTRIBUTING.md for guidelines.
Using Claude Code? See .claude/CLAUDE.md for project context, architecture, and coding rules.
Community
- ๐ Documentation โ Guides, reference, and examples
- ๐ฎ Playground โ Try the routing engine in your browser (WASM)
- ๐ Benchmarks โ Performance, soak testing, and Envoy comparison
- ๐ฌ Discussions โ Questions, ideas, show & tell
- ๐ Issues โ Bug reports and feature requests
License
Apache 2.0 โ See LICENSE.