Blog
Engineering notes from the Sentinel project
Sentinel Upgrades to Pingora 0.7: Dropping the Fork, Gaining New Capabilities
Cloudflare's Pingora 0.7 ships connection-level filtering, extensible TLS context, and the security fixes we were carrying in a fork. Sentinel now runs on upstream Pingora with zero patches — here's what changed and what it unlocks.
Sentinel 26.02: Every Binary Signed, Every Dependency Listed
Release 26.02 adds supply chain security to every Sentinel release — cosign signatures, SLSA provenance, and SBOMs in CycloneDX and SPDX formats. Here's what we built, why it matters, and how to verify your deployment in 30 seconds.
Benchmarking Sentinel Against the Established Proxies
We put Sentinel head-to-head with Envoy, HAProxy, nginx, and Caddy — then used the results to find and fix the per-request allocations that were costing us CPU. Three rounds of optimization later, Sentinel matches or beats every proxy we tested on tail latency.