Security-first reverse proxy
built to guard the free web
A high-performance, security-focused reverse proxy built on Cloudflare's Pingora framework. Sleepable ops at the edge with extensible agent architecture.
Built for Security, Designed for Scale
Enterprise-grade security features with developer-friendly extensibility
Security First
Built from the ground up with security as the primary concern. WAF capabilities, rate limiting, and threat detection built-in.
Blazingly Fast
Powered by Pingora's async Rust runtime. Handle millions of requests with minimal latency and memory footprint.
Edge Native
Sleepable operations at the edge. Deploy globally with intelligent traffic management and automatic failover.
Extensible Agents
Plugin architecture with first-class agent support. Extend functionality with custom logic without forking the core.
Observable
Built-in metrics, tracing, and logging. OpenTelemetry integration for comprehensive visibility into your traffic.
Zero Config TLS
Automatic certificate management with ACME. Let's Encrypt integration out of the box with certificate rotation.
Why Sentinel?
Operating a reverse proxy in production is harder than it should be.
Most operational incidents don't stem from performance limitations. They come from the hidden complexity that accumulates over time: memory growth from unbounded queues, unexpected timeout interactions, concealed retry mechanisms, and security features that degrade under load. These issues surface precisely when troubleshooting is most difficult.
Sentinel takes a different approach. Every significant behavior requires explicit configuration with front-end validation and runtime visibility. There are no silent defaults or hidden policy layers that change how your traffic flows. When something goes wrong, you can reason about it.
Bounded by Design
Hard constraints on memory and queues. Consistent timeout behavior. Regulated backpressure. Nothing grows unbounded, so nothing surprises you at 3am.
Minimal Core
Complex and policy-heavy functionality lives in external agents that can be updated, rate-limited, or disabled independently—without touching the proxy itself.
Transparent Security
Reasonable limits, clear decision-making, and measured responses. Security you can understand and explain, not an opaque black box.
Sentinel is built for long-running production systems managed by humans on shared infrastructure. It prioritizes predictability and reasoning over feature breadth or maximum flexibility.
Ready to guard your infrastructure?
Get started with Sentinel in minutes. Read the docs or explore the agent registry.