v0.2.0Stable
Pure Rust WAF with 285 detection rules, anomaly scoring, API security, schema validation, bot protection, and n-gram based payload analysis.
Cargo
Agent Registry
Extend Sentinel with agents for authentication, WAF, AI security, scripting, and more. Browse official and community-built plugins.
Official Agents
Official Agents
Maintained by the Sentinel Core Team
v0.2.0Stable
Pattern-based security for AI APIs: prompt injection detection, jailbreak prevention, PII detection, and schema validation for LLM traffic.
Cargo
v0.2.0Stable
Authentication and authorization agent supporting JWT, OIDC, API keys, Basic auth, SAML SSO, mTLS, Cedar policies, and token exchange.
Cargo
v0.2.0Stable
Controlled fault injection for resilience testing: latency, errors, timeouts, and more with flexible targeting and safety controls.
Cargo
v0.2.0Stable
Embed custom Lua scripts for flexible request/response processing and header manipulation.
Cargo
v0.2.0Stable
Pure Rust ModSecurity-compatible WAF with full OWASP CRS support - no C dependencies required.
Cargo
v0.2.0Stable
Security analysis for WebSocket frames: content filtering, schema validation, and attack detection for real-time connections.
Cargo
v0.2.0Stable
IoT protocol security for MQTT: topic-based ACLs, client authentication, payload inspection, rate limiting, and QoS enforcement.
Cargo
v0.2.0Stable
Comprehensive bot detection with multi-signal analysis, known bot verification, and behavioral tracking.
Cargo
v0.2.0Stable
Advanced request and response transformation with URL rewriting, header manipulation, and JSON body transforms.
Cargo
v0.2.0Stable
Structured audit logging agent with PII redaction, multiple formats (JSON, CEF, LEEF), and compliance templates for SOC2, HIPAA, PCI, and GDPR.
Cargo
v0.2.0Stable
Comprehensive security controls for gRPC services: method authorization, rate limiting, metadata inspection, and reflection control.
Cargo
v0.2.0Stable
GraphQL-specific security controls including query depth limiting, complexity analysis, introspection control, and field-level authorization.
Cargo
v0.2.0Stable
IP threat intelligence with AbuseIPDB integration, file-based blocklists, and Tor exit node detection.
Cargo
v0.2.0Stable
Malware scanning agent using ClamAV daemon for file upload protection
v0.2.0Stable
SOAP-specific security controls including envelope validation, WS-Security verification, operation control, and XXE prevention.
Cargo
v0.2.0Stable
SPIFFE/SPIRE workload identity authentication agent for zero-trust service-to-service communication.
Cargo
v0.2.0Stable
Full OWASP Core Rule Set (CRS) support via libmodsecurity with 800+ detection rules.
Cargo
v0.2.0Stable
Block requests based on IP addresses, CIDR ranges, or custom patterns with real-time updates.
Cargo
v0.2.0Stable
API lifecycle management agent with RFC 8594 Sunset headers, usage tracking, automatic redirects, and migration support for graceful API deprecation.
Cargo
v0.2.0Stable
A mock server agent that intercepts requests and returns configurable stub responses with support for templating, latency simulation, and fault injection.
Cargo
v0.2.0Stable
Write custom request/response processing logic in JavaScript using the QuickJS engine.
Cargo
v0.2.0Stable
Execute custom Wasm modules for high-performance request/response processing in any language.
Cargo
v0.1.0Beta
Multi-language policy evaluation agent supporting Cedar and Rego/OPA for fine-grained authorization decisions.
v0.2.4Beta
PII protection agent with reversible tokenization, format-preserving encryption, and pattern-based masking for JSON, XML, and form data.
Cargo
v0.2.0Deprecated
Token bucket rate limiting with configurable windows and limits per route, IP, or custom keys.
Cargo
Community Agents
Community Agents
Built and maintained by the community
Submit Your Agent
Built something useful? Share it with the community and get it listed here.
Get ListedWhy Agents?
Sentinel's core philosophy is simple: the dataplane should be boring. Stable, bounded, predictable. No 3 AM wake-ups. No memory explosions. No cascading failures from a misbehaving script.
But the real world demands more than routing packets. You need WAF rules, authentication flows, rate limiting, bot detection, content filtering, ML-based threat scoring, custom business logic—the list grows with every new attack vector and compliance requirement.
Agents are where innovation lives. By moving complex logic to external processes behind a stable contract, we get the best of both worlds: a rock-solid dataplane that never crashes, and unlimited extensibility for security policies. A broken agent cannot crash Sentinel. It gets circuit-broken, falls back to a safe default, and life goes on.
We believe the future of reverse proxies lies in custom policy enforcement through external processing. Not embedded scripting runtimes. Not monolithic rule engines. But modular, isolated, language-agnostic agents that anyone can build, deploy, and evolve independently.
This is how we keep the internet safe: by enabling everyone—from solo developers to enterprise security teams—to implement their own policies without compromising the stability of the underlying infrastructure. Your WAF rules, your auth logic, your rate limits, your threat models. Sentinel just makes sure the traffic flows reliably while your agents make the decisions.
IsolationAgent crashes don't crash Sentinel
BoundedHard timeouts and circuit breakers everywhere
ExtensibleBuild agents in any language you want
ModularDeploy and upgrade agents independently
How Agents Work
Agents are external processes that extend Sentinel's capabilities. They communicate via Unix domain sockets (for local agents) or gRPC (for remote/distributed agents), using the protocol defined in the agent-protocol crate. This allows you to implement custom security logic in any language.
Architecture
Process IsolationEach agent runs as a separate OS process with its own memory space, providing security boundaries and crash isolation
Unix Socket & gRPCTwo transport options: Unix domain sockets for local agents (4-byte length prefix + JSON), or gRPC for remote/distributed agents
Connection PoolingSentinel maintains persistent connections to agents, eliminating connection overhead per request
Language AgnosticWrite agents in Rust, Go, Python, TypeScript, or any language that can read/write Unix sockets
Request Lifecycle
Event HooksSubscribe to
request_headers, request_body, response_headers, and response_body eventsDecision TypesReturn
Allow, Deny, Redirect, or Challenge decisions with optional modificationsHeader ManipulationAdd, modify, or remove request/response headers. Inject correlation IDs, auth tokens, or security headers
Audit MetadataAttach structured tags and metadata to requests for logging, metrics, and downstream processing
Failure Handling
Fail-Open ModeConfigure agents to allow traffic when unavailable, ensuring availability over strict enforcement
Timeout ControlPer-agent timeout configuration (default 100ms) prevents slow agents from blocking the request path
Auto-ReconnectSentinel automatically reconnects to agents after crashes with exponential backoff
Health MetricsPrometheus metrics for agent latency, error rates, and connection status via
/metrics endpointProtocol Documentation
Quick Install
Get started with the most popular agents in one command
WAF
SecurityOWASP-compatible web application firewall with SQL injection, XSS, and path traversal protection.
cargo install sentinel-agent-wafRate Limiter
TrafficToken bucket rate limiting with configurable limits per IP, user, or custom key.
cargo install sentinel-agent-ratelimitDenylist
SecurityBlock requests by IP address, CIDR range, path pattern, or User-Agent.
cargo install sentinel-agent-denylistAudit Logger
ObservabilityStructured audit logging for compliance, debugging, and security analysis.
cargo install sentinel-agent-audit-loggerIP Reputation
SecurityBlock malicious IPs using threat intelligence feeds and reputation scoring.
cargo install sentinel-agent-ip-reputationChaos Engineering
TestingControlled fault injection for resilience testing in staging environments.
cargo install sentinel-agent-chaosMissing an agent?
Can't find the agent you need? You have options:
Create Your Own Agent
Extend Sentinel with custom security logic, authentication, rate limiting, or any HTTP processing you need. Use one of our official SDKs or implement the protocol directly.
Official SDKs
Choose the SDK for your preferred language. Each provides a simple, idiomatic API for building agents.
Rust SDKsentinel-agent-sdk
Native performance with zero-cost abstractions. Uses the same protocol crate as Sentinel itself.
Go SDKsentinel-agent-sdk
Idiomatic Go with goroutine-per-connection model. Simple, fast, and production-ready.
Kotlin SDKsentinel-agent-sdk
Coroutine-based async agents with excellent Java interop. Ideal for JVM environments.
Python SDKsentinel-agent-sdk
Async-first design with asyncio. Fluent Decision builder and typed configuration support.
TypeScript SDK@sentinel-proxy/agent-sdk
Full type safety with TypeScript. Works with Node.js, Deno, and Bun runtimes.
Elixir SDKsentinel_agent_sdk
Fault-tolerant agents with OTP supervision. Perfect for distributed, resilient systems.
Haskell SDKsentinel-agent-protocol
Type-safe agents with ReaderT pattern and unliftio. GHC2021 with full protocol v2 support.
Quick Start
1
Install an SDKChoose your preferred language and install the SDK using your package manager
2
Implement your agentCreate an agent class that handles
on_request and returns a decision (allow, block, redirect)3
Configure SentinelAdd your agent to the Sentinel config with a Unix socket path and attach it to routes via filters
4
Run and testStart your agent, reload Sentinel, and verify your logic with test requests
Example: Block Admin Paths
use sentinel_agent_sdk::{Agent, Decision, Request};
struct MyAgent;
impl Agent for MyAgent {
async fn on_request(&self, req: &Request) -> Decision {
if req.path().starts_with("/admin") {
Decision::deny()
.with_body("Access denied")
.with_tag("blocked")
} else {
Decision::allow()
}
}
}package main
import "github.com/raskell-io/sentinel-agent-go-sdk/agent"
type MyAgent struct{}
func (a *MyAgent) OnRequest(req *agent.Request) *agent.Decision {
if strings.HasPrefix(req.Path(), "/admin") {
return agent.Deny().
WithBody("Access denied").
WithTag("blocked")
}
return agent.Allow()
}import io.raskell.sentinel.agent.*
class MyAgent : Agent {
override val name = "my-agent"
override suspend fun onRequest(request: Request): Decision {
return if (request.path.startsWith("/admin")) {
Decision.deny()
.withBody("Access denied")
.withTag("blocked")
} else {
Decision.allow()
}
}
}from sentinel_agent_sdk import Agent, Decision, Request
class MyAgent(Agent):
@property
def name(self) -> str:
return "my-agent"
async def on_request(self, request: Request) -> Decision:
if request.path_starts_with("/admin"):
return Decision.deny().with_body("Access denied").with_tag("blocked")
return Decision.allow()import { Agent, Decision, Request } from '@sentinel-proxy/agent-sdk';
class MyAgent extends Agent {
name = 'my-agent';
async onRequest(request: Request): Promise<Decision> {
if (request.path.startsWith('/admin')) {
return Decision.deny()
.withBody('Access denied')
.withTag('blocked');
}
return Decision.allow();
}
}defmodule MyAgent do
use SentinelAgentSdk.Agent
@impl true
def name, do: "my-agent"
@impl true
def on_request(request) do
if String.starts_with?(request.path, "/admin") do
Decision.deny()
|> Decision.with_body("Access denied")
|> Decision.with_tag("blocked")
else
Decision.allow()
end
end
endimport Sentinel.Agent.Protocol
import Data.Text qualified as T
instance AgentHandler IO where
capabilities = pure $ defaultCapabilities "my-agent"
onRequestHeaders event =
if "/admin" `T.isPrefixOf` reqHdrUri event
then pure $ block 403 "Access denied"
`withAudit` AuditMetadata ["blocked"] [] Nothing [] mempty
else pure allow
main :: IO ()
main = runAgent defaultConfig idSentinel Configuration
Configure Sentinel to connect to your agent:
agents {
agent "my-agent" type="custom" {
unix-socket path="/tmp/my-agent.sock"
events "request_headers"
timeout-ms 100
failure-mode "open"
}
}
filters {
filter "my-filter" {
type "agent"
agent "my-agent"
}
}
routes {
route "api" {
matches { path-prefix "/api/" }
upstream "backend"
filters "my-filter"
}
}